9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
447s
max time network
451s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (13).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
640	triage - Copy (13).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2036	firefox.exe
Token: SeDebugPrivilege	2036	firefox.exe
Token: SeDebugPrivilege	2036	firefox.exe
Token: SeDebugPrivilege	2036	firefox.exe
Token: SeDebugPrivilege	2036	firefox.exe
Token: SeDebugPrivilege	2036	firefox.exe
Token: SeDebugPrivilege	2036	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
640	triage - Copy (13).exe
2036	firefox.exe
2036	firefox.exe
2036	firefox.exe
2036	firefox.exe
640	triage - Copy (13).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
640	triage - Copy (13).exe
2036	firefox.exe
2036	firefox.exe
2036	firefox.exe
640	triage - Copy (13).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2036	firefox.exe
2036	firefox.exe
2036	firefox.exe
2036	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2896 wrote to memory of 2036	2896	firefox.exe	92
PID 2036 wrote to memory of 3228	2036	firefox.exe	93
PID 2036 wrote to memory of 3228	2036	firefox.exe	93
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 1364	2036	firefox.exe	95
PID 2036 wrote to memory of 3696	2036	firefox.exe	97
PID 2036 wrote to memory of 3696	2036	firefox.exe	97
PID 2036 wrote to memory of 3696	2036	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (13).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (13).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.0.1747440649\1498528621" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59f4cdd6-5b89-4a24-abbe-b7327715fcfe} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 1952 1ceec5d5b58 gpu
    3⤵
    PID:3228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.1.1669829245\1896296968" -parentBuildID 20221007134813 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b9d1bbf-0273-4781-a944-295ef5561cd2} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 2348 1cedfe70158 socket
    3⤵
    - Checks processor information in registry
    PID:1364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.2.2030935579\573973983" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3116 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4eda1ba-f147-4ca9-b96d-bbc0dd0e0c48} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 3092 1cef06f8e58 tab
    3⤵
    PID:3696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.3.344308038\895324003" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {083fe4e0-5290-49cd-a25e-bda3d2855da9} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 3476 1ceeeed7558 tab
    3⤵
    PID:3512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.4.1701527148\1974916637" -childID 3 -isForBrowser -prefsHandle 4288 -prefMapHandle 4260 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e36f02a-8105-425d-b1c6-ce97396c422f} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 4376 1cef2294e58 tab
    3⤵
    PID:4340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.5.234715971\689325667" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5072 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {478e93bf-18ef-4bd0-8e6a-475db67b30c5} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 5080 1cef27a5c58 tab
    3⤵
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.6.2077966077\546971132" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1180a905-3db8-444e-9185-f9b78debbcf8} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 5212 1cef27a6b58 tab
    3⤵
    PID:2076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.7.412051325\226096771" -childID 6 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0fd208a-f418-4142-89b2-5ab466aed9c0} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 5496 1cef2df8258 tab
    3⤵
    PID:4152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.8.1130349366\1050765690" -parentBuildID 20221007134813 -prefsHandle 5836 -prefMapHandle 5800 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b050af86-113e-4665-8c64-5b26d21cb44b} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 5864 1cef3ce1258 rdd
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.9.577157416\1562339779" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5844 -prefMapHandle 5820 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d38567b6-04b3-4d3c-a30b-19c4a5c3d6f2} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 5964 1cef3ce1b58 utility
    3⤵
    PID:5552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.10.2001483561\1119221593" -childID 7 -isForBrowser -prefsHandle 3168 -prefMapHandle 3124 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4fe5b46-942a-4ba0-83e8-07b23d184970} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 5724 1ceefbed558 tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.11.37416456\706678003" -childID 8 -isForBrowser -prefsHandle 6356 -prefMapHandle 4448 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3826dff-758d-4f9c-a978-9d7cbfa449ac} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 4456 1cef4378458 tab
    3⤵
    PID:5304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.12.1491438043\1100076721" -childID 9 -isForBrowser -prefsHandle 2828 -prefMapHandle 6364 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7613e30d-d7e3-4979-9869-7f123eaef206} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 2856 1cef4378758 tab
    3⤵
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.13.545977316\1527120631" -childID 10 -isForBrowser -prefsHandle 5576 -prefMapHandle 5560 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {702579d4-fa0a-471c-a83f-b28e439baaed} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 5548 1cef36ce858 tab
    3⤵
    PID:5784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.14.1680214165\341480722" -childID 11 -isForBrowser -prefsHandle 6304 -prefMapHandle 6320 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3b96a57-1b04-46d2-a4db-948abd260ca7} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 3168 1ceeefe1858 tab
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.15.632894107\2005623631" -childID 12 -isForBrowser -prefsHandle 4812 -prefMapHandle 4816 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a5545c-b9d7-4353-8106-de6a8ea5a612} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 4548 1cef36cee58 tab
    3⤵
    PID:4304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2036.16.139711160\2058491607" -childID 13 -isForBrowser -prefsHandle 4468 -prefMapHandle 4364 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d8f0189-b73b-4ad3-a627-131e1b84b5bb} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" 6432 1ceef173d58 tab
    3⤵
    PID:444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\14815

Filesize
9KB

MD5
f5a6d20f4fe10085c35cfb5fdd1014dd

SHA1
324479629069aa8dc6106961d4983c903cb673fc

SHA256
a031b96884a4dd5c5c5f8265f015a91c9c5b9766564a05bceb4c57bee684095d

SHA512
730394cc8741a05601f8ac44064c2235dee075f299e4366acd58a2f2449eb198639a66415f36f083a3af6f2c91db3384b20d88eb790ee26ab268d59496b2508f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\25070

Filesize
10KB

MD5
fa693754a1dc92110d997544c0ea9995

SHA1
0f379286ae78854ea19b58c901611fd21ed53c3a

SHA256
49bdd85d99a92728aa160e2df34c6242d53e1f362b502fba278eabba3d582aff

SHA512
8708693efbc364243be5a093cbe80293977bdec3b3f681c17f8613907354d224b894f2c73406227cd5b2939dbacb39cd1e4734a117649a9970d657643e539f00

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\5657

Filesize
8KB

MD5
a00e8561ae025d0fdfb289a88d659d85

SHA1
4f46d3f49602d036659acd3bb93abbfb6790781d

SHA256
70b9df0743b4574ad4151ce237e8b2ee6b81aa2174c8d1046e32838637bb75a2

SHA512
19584d3bfa611d71dba607fb1749a9853e33d1f6d0863c0accfb4852604e8b0d034f1f345549f3b60cb780fd24261bc30bc860cf6b8a1365c61115df52206811

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\7274

Filesize
9KB

MD5
fbb1773595e4e3400194b296d510e274

SHA1
b3b8a4aff1a1912d351e5e968be9bb593bd1bcf1

SHA256
fac4f66dfdd3c92e70093ded966b41598ffb38614a5e667c5c8a3a7479f9f4c0

SHA512
0ca786bee68289548ff419d75c3e9a5a078ce6d81765e5ce823da209367e2630088b5d208537629f5e78eb70333d98a55956a3e1ae1f560d5cdfadb627a448d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
328116fcd7fe02cbbb28232ca72d95ed

SHA1
21cc8fa3a925c06c35965c68acbb0440ae4c8c56

SHA256
ed2306346c6aade399bc0d4c8eb2cbd741d2d29b01149d10a04cfc0c92e2259c

SHA512
0cbaeb43f92b645b3d7f09abdf35457dc43f90b5ef06337dc5d38d457a83a8dbcd56899b822ed2797f23d45bd459854c5cedbdb622969252e19e8705072ea739

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
f726b8cc0bbbaead24bdfbd441782562

SHA1
5c4392bc2e41c84f57a1febcd451bab4f0642300

SHA256
b0b611f2660ae1acc4620d696ad681e42dd616f7414dee85334b18e0fcd23e55

SHA512
978c9caf812e2f2b43f5ff2383fb6811fd57d6c7d3dd9c662b19650538822d8f96ad02de452301ee9447414fc16ae7db4725636da7522476eac7dd69ae6f8164

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
1995337d8f765f6d16aad94457961910

SHA1
9873689c9c09e04f7b53186d260d8d34f772a650

SHA256
777ee9e160bfcf9a1f9299e82409a262b309773e5387ce6a82a672aaa2863449

SHA512
b7a08cd219f151e2c9cb3459d33bc295fa1a129949c443cd2667c4f6a12e964fad2948bda834d9d94092652fe55379d097fa190a1aa74c8b83a386096022de82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
76077c7b19217caa3fa40ec4debecbba

SHA1
e443d0e761820773dc84641ae8e57c588e369f8e

SHA256
a55ef7156cd8edef2419280822261e568049f9cdfd41d754abcdfc1480ecda52

SHA512
152d4e2b1b51ac9233cc3a8fddaa848dd5e9297a96a7866fd9678a4ebf817c3738aaa4e858c1073d74e60f7ca5a656643027a721c9c9db6142e4d8faef47dea1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\6d8e40b9-d4af-417e-833f-d63f917890d7

Filesize
746B

MD5
c45afd6209046577714f602ee520721e

SHA1
34783216d242dde856cff737595b92031a34de7e

SHA256
e9f007e9095fc1a6f66b0ff13336fa647b656d2362bdfb23ef06a5193434c0c6

SHA512
2cfb462b6de08c94ebbab699f92736bcd178ca55178547d2a9450c9fcc4a3010988f8d9eeaf1ddfa85e408711d04d6dc691f2b1852f666e29b1c01e5a5d9a8a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\bf147aa1-1879-40f1-869e-7f35536aaa9f

Filesize
12KB

MD5
3141b14a677190c88890eda95df7bef8

SHA1
cfe82de9446dfbd32744c2f6e2317f31f64e16a3

SHA256
6763afccc9c3b3810270156c43a4f7ae01f68f9b33330e3305898b1949f96e8f

SHA512
2b27788af5c9d74711c027b7c8aee6252b7761629e9064d05d901d4efdc7651181ee3ee21106a25459899f2fb152f50de4e62f2fba6aa52274eaf01b48f09da0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
4b0da3a51a117f0ae17bb9212e854521

SHA1
e015c0ae9f3178d8b8eddd68907b5f6c31d0104c

SHA256
227f577e8c0ae8f426c6a2714e0a71326d3115f0423427e9f47510521f21b9a4

SHA512
c75124e358a501782e7222ef9ddf1ea56a57413394339802e977f4eae5b9020c4db152f689c32884f341e8f1c27f535a317f971669c90903d9a302f35a4b7c36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\places.sqlite

Filesize
5.0MB

MD5
12573113d43b9ca6cbfb8e62e01b9776

SHA1
9f18292ee0686608123dc4aae5dafd1e65b99f1c

SHA256
fedccc70bffcd02960ba5ca3a3a9cff776d7ac79995b600776109f020d926ff4

SHA512
1a86f670c5c6207ecfbf113a20f95946cc457df3ba423d9cf8ca374d5ec92af49a192040bcafa25a973456453004b258ee327154af4c0727a8e2103f4f130ebf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
f3c37da559a10bd28666f326aeae7348

SHA1
2a883de0106529ddef9859052c3e9deb69d9aa2f

SHA256
02ff2ef7647de9d0fe7d002dd9272b446d5aec97902768eac3fabd30fbc34f69

SHA512
2d047f3af783de9d1dfcb5e4d97d7f9a766c680d9a4c86777bc74a51eda87ff8d73f639b0888a3472896c57b75f1be14ddfdb4bf9b93170a25f41130daa032e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
7KB

MD5
640c4af4b39103d84af7147fa3bb6631

SHA1
82d6c612c61cd9810a017ec3aa681a72933d2a85

SHA256
f8b5e45d52d2210dee9860b9deeccfd7cb1e882600b2f562f6eb9546b69e14ef

SHA512
93b9f8b1247d6f5930d54a77e6f3038e6ecf5f190189178e512ea709a9b9923ceef77d75258c7160bbe8efe25714f014a04a4512ec8567d07bcefea577175e8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
8b61438705daaca1f9976341f874bdd3

SHA1
3abb431fe291ef2d8c308b87cafe4438a127a560

SHA256
502ce900dfd8d19e58c0dbc128d09ec3ee0e25b354e2ce6007b55a4f93a52896

SHA512
0443fbecbcd90f1f3ffd6ab81e1d80a6f54f9f165bc70222b53de9e7a4fa88f22081589122533de09a35b58f140cf955b99ab08db48a4da9c66d2345a0327c93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
7KB

MD5
eb4c2cee2878a7e5f531bd23e1a2b9e9

SHA1
ff697215b1a4e51b255fbf789c940cb8592e0563

SHA256
fffa72c9aba3a02e748f94d1888eab33bf9742e55754e2e4ccdbddf91e45377b

SHA512
109034cb5d19c001066cfc6e4446da39db9830459e3e5d4c10533e4506b30c102d40bbf38027fb02c428639a68e78dc9aaf5e96b04805bfb9958163120f9d952

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
7KB

MD5
1f176cbf3dd45b5eeefa3e2df4cc1a2b

SHA1
1984899adafc7f78b54de1a14ceb2f6711354096

SHA256
47e19659cf37a17e700a74fdce1867b56070e5daede9c41c7451ebc2eea5ec48

SHA512
4de94302ca5962a357edce7dac335338e53020e688c2880d5f328b9ccfdcf48c826c75968bd2b5a4e75770e03ff6ac03830231d7a11372c4942fbab97cc49639

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
7ec4d96c48b02f950a89fc8259584824

SHA1
9b728472dd9012ede153343c76d22fe192adacc6

SHA256
95941779340ee4f7b3df87258ccc31133600c7f419d86fe5af2778c53d8c2ed2

SHA512
f79d779512e8e04496939e381b2ba2e8c54a99ff68ba6cae0679c9f64a927bc89ae081245488f729610a2f16870d89f787b4eeaf968f64385287dc97b44fba7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
7KB

MD5
d461ef9d872504b05e9d3d1bc8200277

SHA1
62d011b9bc834a00ff45b2e9068ed41b17e90ee5

SHA256
c277382d48c597accfbe9f2eca3f7736a280ca7f19a370a8456f3730b26f64d2

SHA512
ef6e56213e1fe42d107a20bcc22ff3331a5cd6b31cec66ccebc9376a8e84a7f18d9b9cdbd6820501f1a5c03d1189d86c83a89fac3e4286107c61e837291e66cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
95d146d9792da2b0559793ea833d7854

SHA1
0c60a847d377950a1fd1c1fd0f36430c6a67a607

SHA256
6fa2ccad47a561074f7db1236f9e41e35be218ad1d6db493c3499b1f4706a1a1

SHA512
193d1082b3ccac395979aba954f700ceae04046af4de4363feceb4b54dde6b287ffd1cc06d18e10a5de5daebaa4c0e94130bdfdca7bb247bbf4b5e95572f334d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
1c6537ad7040bcfa65ac00e88447cfa9

SHA1
df6f5ef1e7b6907a8858919535348735e3166b45

SHA256
74194be553a5cf0987b19279295f95fecfacac3aaf7e14a8d09a0b57ffc8218b

SHA512
874235a81cc1d6bd27f686e1039a5683e77ef9919a76e0e939aed51f70534533130ff268a2b714840d0b1f5a6fc9eecba2a87b7250824752a60821ffa64e2a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
eb5a6a67904450d3711f1d5a1d185336

SHA1
e6a73251986108dc30643e291ae0bb88b6f49447

SHA256
806f8c8efa0c1bae181a32372b22f2ad76a4e6201635eddd9d33f4178c5a1a51

SHA512
c476e594062e5c77d3b2f7975879dd8be60513549c9885d76a721c85f294d400a6524133fa8339a00c2b5b75d9bf3796cf1ec43ec08c20b1afe5a00049509171

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
2a4c7046f5856501b5609b2b1b2292b1

SHA1
f47aa5c5f5ba41bb127670576f9cf4a4b1609a83

SHA256
f3ad4be16d096e7dde92738919e5a2cfa94de9613865d19b4c29551a981cfca9

SHA512
a99402bb3b16b1e724ed47697fabbf318d6d34dd4aae47f1d55347074880a18a899f8e77388ff523b2c018c1ba04cb521baac5d20f4f41a7887af47a26706081

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
454f44aefe4bffdafd917e8574204f8e

SHA1
c03bf980a70f22b963362a66590acae685f347ab

SHA256
46d607bc4f7b3813c6126f1a73e4746ecbe025117fd6a6b879376c16c7150830

SHA512
b564dbf7d4f4889fcd90333e134e8d58cf85789e3e7ce0375f3ae794e6783cd1ae958156e2241cf76db4f5d618e8f7d29c80759a3ad2a793abe64c8a4e3578d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
6b9c750878c74863bb24ee938ce497d8

SHA1
71c725c5165a5057e675da1e1137b29e32ffec1d

SHA256
69e34dffeaf8e71f762922509895d47b785bc0e9601116d88fdd1e6f710dad07

SHA512
2da6861067d474d7c814d0b838a199e1a47b7d01286748c1f24210178c2b0d246fd6f4cd7616c59563e3a6a2e011fc65b4f2710c85980e6ecd3716fc44b05749

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
da7a5e92d4d9e5a92d8756aba1e86474

SHA1
eec22b7eb5f8741ca75ea04de4ce2384da2f3d24

SHA256
0713addbc8a6a48f3b051b708ef57033416a7880fc2663c8e036bb98e563b104

SHA512
274e8fe7684022c6711d4ae23ae16ca30559e3f96d384c3d271bc9db12622c3a5cc540485e7588ee62b322c5349874dcc235a0bde000b2bcc36bf816a57ceac7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
77cdf7d154a975aec0bad95ed1d15428

SHA1
8391cce174453eefc02e0f8bf8fa6c51fd47ca3f

SHA256
d3b44ba6b7324ac687d1bcfe8a00edfaca55b66ccf800b91458aae05155473bf

SHA512
b72714045ad599e3ba6a729dfe80d449ebfd9dbad5c9b625033f68cdfe588c070180e80606124be326f99f5ba397b871c528ee7a8ba170d1ea509cb2f0a9c1a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\targeting.snapshot.json

Filesize
3KB

MD5
dcdcd9b62461f01ae33a518dd9f2dd23

SHA1
ca9abd17c40bcd7ccbd701be8ad3ef2312c68f64

SHA256
5277f6c113ec5a21b874b906d0da0f0994696029c98f70b6372ba35aaa118b2d

SHA512
611c0a8006eeed5b8374a6931b530a8befebbb9023314b549147b80428e0b926b5453e25e3752612acf660d8fb902843051965b352f8719c6f59cc064f77249b

Download Submit