9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
184s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (17).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4460	triage - Copy (17).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3152	firefox.exe
Token: SeDebugPrivilege	3152	firefox.exe
Token: SeDebugPrivilege	3152	firefox.exe
Token: SeDebugPrivilege	3152	firefox.exe
Token: SeDebugPrivilege	3152	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4460	triage - Copy (17).exe
3152	firefox.exe
3152	firefox.exe
3152	firefox.exe
3152	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
4460	triage - Copy (17).exe
3152	firefox.exe
3152	firefox.exe
3152	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3152	firefox.exe
3152	firefox.exe
3152	firefox.exe
3152	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 1820 wrote to memory of 3152	1820	firefox.exe	96
PID 3152 wrote to memory of 2680	3152	firefox.exe	97
PID 3152 wrote to memory of 2680	3152	firefox.exe	97
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 1908	3152	firefox.exe	98
PID 3152 wrote to memory of 3508	3152	firefox.exe	99
PID 3152 wrote to memory of 3508	3152	firefox.exe	99
PID 3152 wrote to memory of 3508	3152	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (17).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (17).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.0.982693735\2106327860" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {434906a9-fa22-45ec-8641-054279d48192} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 2012 23540d14a58 gpu
    3⤵
    PID:2680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.1.327277335\1974764510" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f98b4010-1132-4e6f-920e-f40c6ce3fd5b} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 2412 23533472b58 socket
    3⤵
    PID:1908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.2.1062384514\1094046197" -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3256 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74b60a7f-854b-484e-b89d-85a53109e98c} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 2988 23543df5f58 tab
    3⤵
    PID:3508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.3.679064049\1800982057" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f4983d2-ecaa-4192-8cea-b1bd5de2a1db} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 3432 2353346a258 tab
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.4.449810985\2024519173" -childID 3 -isForBrowser -prefsHandle 4392 -prefMapHandle 4388 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db8b5379-a554-4344-a9e9-9c6188af8c55} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 4236 23544ffdb58 tab
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.5.878323479\1378226839" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5168 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3bb405a-ea64-4074-a312-ed5c15430978} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 5180 2353342fc58 tab
    3⤵
    PID:2424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.6.559944015\290578831" -childID 5 -isForBrowser -prefsHandle 5316 -prefMapHandle 5320 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81daea32-bece-476b-b84c-4935df365e3c} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 5308 235458ebb58 tab
    3⤵
    PID:2532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.7.1988761616\1713168110" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9cd5887-770c-4805-8a51-4bedac2c29ab} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 5496 235460f8758 tab
    3⤵
    PID:2876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.8.1333258175\409020592" -parentBuildID 20221007134813 -prefsHandle 6036 -prefMapHandle 6040 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {424fb8dd-0460-44b3-a72d-2e98ffd5f35f} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 4900 23547763f58 rdd
    3⤵
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.9.1819722403\1621743630" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 1468 -prefMapHandle 1416 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {686299f0-1406-4149-ba4c-6daa5f9bf218} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 5548 23540d16e58 utility
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.10.1544086805\207538928" -childID 7 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51f17c57-e12f-46ad-88eb-b366dcd748fc} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 6120 235474d2958 tab
    3⤵
    PID:5736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.11.1856344080\1070625204" -childID 8 -isForBrowser -prefsHandle 10132 -prefMapHandle 10136 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {facb81de-028c-4fed-892c-4e4cbdd43345} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 10120 23547741a58 tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.12.566270262\1010706337" -childID 9 -isForBrowser -prefsHandle 9984 -prefMapHandle 9980 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c304d4c-a72c-4dc1-96f9-07d6ca9457b5} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 9992 2354789c858 tab
    3⤵
    PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3152.13.41196348\634870975" -childID 10 -isForBrowser -prefsHandle 5652 -prefMapHandle 5676 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f5dc6c8-33f0-41cc-a0d9-d0b21590b27b} 3152 "\\.\pipe\gecko-crash-server-pipe.3152" 5624 235485dd958 tab
    3⤵
    PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\11565

Filesize
8KB

MD5
b6834b9993355da31ae927e2641a970b

SHA1
b8689dad33e90408e3d9b6581dbc00203e4f4a15

SHA256
49accbc7c4a4ab0361c3960845f4cbb6032fe9441222e12a8f57326d6e50b7d1

SHA512
111c12166e727eb51e78b3f6e9064e78dbde982a733ddefbaf0a4a799bb506a0bd4486efae2b4ab27c1fd1696c74fac8fb8e6c57bdeb59d71a3f36831ce19401

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\1224

Filesize
10KB

MD5
ec6854cb856150573cf5c81b8cb7d742

SHA1
17104062699fa1ed9e3ed237ae1e6c3cd3241fcb

SHA256
78c598fb477b06076ca045996cbcf7020c46028fcd6b5b1aa72aa81f8aab234d

SHA512
ccd6c74f94b040015febdf5af6a8114b70c33051fda6e5dc7844053047761de74dbb15837310ae004bb6e1102db8f4bc9e3bba443b27caa20482bf4430d9e4f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\14142

Filesize
8KB

MD5
c959ac4eea11ddd0904af7ca895889bf

SHA1
d3450fa4e67146d9fc39010b0965b7a84f7ea94e

SHA256
43e0709a65516ad4e2f43842e0444f2b7ea04a5e25bdcf41f15da2994e758323

SHA512
16272af2ede0446dce470d98dddedec829967e630165c24e35321bb87f16f405b8d78a941bc08f204af2e4b10272f63603e618838727356c0ede5d20ff5e712e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\22469

Filesize
9KB

MD5
3215e271eacf23a7c9f7dd84dfda1eda

SHA1
7f251472331f8ac046880667103ef88694a3dc49

SHA256
d9b54c623e32c8e688007984c8e29a2e62199a2c7a82cd4f14a6553061f2c078

SHA512
81c3d55d210ffc7525e611823b164b3b894eb834566b96d85054c6e4a130673b79ba198cea95c52d313c01ff972310b6dd47270683ed1ee9c4d9e695b9d0af56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\23165

Filesize
8KB

MD5
b6b4b723bb769eed9c8dc38d620d7da1

SHA1
09c90318cbc6078a95bfa1c7bf38201630cc4920

SHA256
8ac5ec600a0f8b9ee080d6775484cc8fb7553326cc5450d6441521aa7db0f26b

SHA512
9bfe596623c318d664172df3bdb33c569810486aead2ccc6cf282bb89cf42e33be2ce527d2d87d8fd589907bd0043a7e958c3f2e7275d9e5374a0e8674acdff1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\24917

Filesize
9KB

MD5
de9162c09a446ad6f7ed9dbd28fc7fa9

SHA1
5e34ffef950f0fb2a031620f5b7e96e2fa86051d

SHA256
e873a6cfb469409392f019c47b5d7f7353dcb4ee6305b70d16fd2dbb8aeb0ab9

SHA512
12a832de302437742ee47ac6d53fcfe9b7a1028e16aede0a3778644b7fbb9d18e0e41a0910e142ebdccf2c81350ccf0fc5fb0e105515eb7e096517fc8670ff11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\5839

Filesize
8KB

MD5
e5d9035c02964c427e1b81e84241aa6e

SHA1
410887c63fbac84b8624f6b9b6a2dd2e4476761c

SHA256
869855c72b2b834c473907945508a95264d7eb3a6654eac8f68f98ee48d1909e

SHA512
c54fd4376fa1e4bbb4208f4cca565161de2d54418643c18785da2029316557fe30a6c7af7aa3e0efaf6cc4fbfeea5c7ba0ad0d16e797810040f9ba8e94b67ca1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\6504

Filesize
8KB

MD5
5174a8f65d7b43a2a00e8c26b124df34

SHA1
7d44a3594edff1aa7183f047ad26cfb1ce5a993a

SHA256
7d4c887ec58c9df9e0fe396ec5d120a9fdb57c5198ef83087407f36c47076c95

SHA512
3a49ed4d3869694cab3164c6b8610e119a4f88da6af4ba4e7a56b3f767b6268a7f3f8c31015aaff17d335b23d177cd7a47ccea904d1fc33dd39db9ddb5ec966f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\766

Filesize
8KB

MD5
f197f7829bcf59ac85e809c208e63e0a

SHA1
89a8d957698f96ab7672bfd9bea50e9aab92eab2

SHA256
13f9ae0a2413bccdc15dbc8aa89dbf468e80935dae6ec6143fe44b0dc74e061a

SHA512
c7b56a2b3024ff9581e656018641190931a6b606046873f5f0e737c534337c0ca237262f7e28a61f359ab692931d8bbaa63e4a608c5ec14c4e4c8427dcbeffb9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
1dbc499e20570ed22d1e2e069d268c19

SHA1
ff7011d1df3bb981f5c54d160344b75dc0c06caf

SHA256
5ee80b8babf8df2b34c0282925b2153413ff22afb038efe6494ed62a2d2b14a8

SHA512
6249ef457b0940bb3d5b7fd16041ddbd350af945cd50c9c114b872480f07fc4dce6be7d27d107fac80a91edc5d9ad12f217a741e973559750648cb4b63a43b16

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
5db72864d14480214ce7400434b5325e

SHA1
4c1608521af5511a6a7e5280e52761a7681b8b1c

SHA256
51bc0791c722a64110e4766a71a5090c491e969a924a76e00aa16fd146cb83fc

SHA512
5c99ecf61c06d9f7c62804a37c6e56d9caff4c2dd231d5608b1f0c5cd8cd384528810d541d4f39ebaa5ae150041f3a488e8884b1f6675d518019a2ffad25e6cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\9bc3ef14-cb64-4a52-a34c-cd0d6fc67053

Filesize
746B

MD5
79c489f357691927db9ea530e19c8027

SHA1
0fdea27be6a63c8ec50f2b57b4db08ed947519e0

SHA256
1379b158b897f424f3993dec09ca2b96e1504708e89398afd5d38130e4aad7af

SHA512
44faeaa3670747a20ee9742fd9e53c4bcec369eaadc48478c84c869b37594bddda36474b2ca358341ee78f09a15580ad74d34ea359fa734d4b3d27e809b2c345

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\ab9d6d39-2108-4a93-8cbb-9143b6b73d85

Filesize
11KB

MD5
0568cc37d3deb8bcbc3fc0e8bf6964dc

SHA1
3782e609787aef3ff99edade9d4f4739a88c53ff

SHA256
13db33c3608820c08bb7aa0aa27df76cd819c5a56561fbaba6c0e65be51e7c37

SHA512
a2ab0146a6f318c59db423d46396bc1f5d81b73e435779ed756d89f204fc0edb0784842d086f1e30e2e7ffd2e38e629f885a61b3b94edc5061ba82a67a7198d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
cbda501fe709c9563a02e8e23be0f79e

SHA1
c5ffc803835cd8475a41ce3f5ab2c0726855004a

SHA256
ef2f3b3b976da85436fd93ebb154094c3709da3a80f1356490f1821bbb27ccb2

SHA512
ae219240ea5b9fea4e171f056a557516dffb95ac7da53c85a4cca2817e4b24d86d2830f1b6579efc7e9369104883a795c34587b1a1aeabb633c0b7a386daa99c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
ed0679f2b0ba6575939363f418ffe408

SHA1
3cc0067e5c1ccd557444e6155eec5b0095d121d2

SHA256
5a374de74058a80c29641bbb9cd8019107814a35037d5056d0f2f07682093cfb

SHA512
2cc1910ecf4f751d78520f814b48690e82bfabc8912f5f7979e74bbf6c321c39d0c72e7568be722db323eb0590b8b4a18d53249c6f16668b4cb9073a65fda5c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs.js

Filesize
6KB

MD5
31654efc513d81fde2050d17da29dca6

SHA1
b5f0553c4bad8bdf93e5f084773960e562fc5a45

SHA256
0436468424ef6dd0db4de9dbea3e19b2e115443121229ab6c1100111c09c15a3

SHA512
e42618b705360d9c174d36b987939d1987946d46028a520620197afb16e485046952998cbe134590648723e0ff869907e0c679a7fe8f21fbb1a83cbb9e646f93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
755246add0f6a67c945cc36febd2132d

SHA1
cf8fd83d17bce38fab47519ccc710283c2f2183f

SHA256
8a0596fec7e46dca59a410cae52cb4e97fa4c36712f98538e92d004904375215

SHA512
db0fda188a8ffa36712b7ea4525b24ca5d731b62db2f891f798badc7907a4664842b9d83069e75c9889cedddcd947c923f2660a64c66ed9f688fe1fdc1820c26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9402708171d9ea01fbd20d1f8fbbe8d9

SHA1
f173adfd47306767de2468140818da940a4d18a9

SHA256
aa3d705d563921c155d42ef94f23e24eee0e50dfaf25b2943b7905171d82b9e8

SHA512
2f5c35d9c9a6b8c575f6df8cec05097004732f09504bf9e9bcf0f2a5a99a774a77e86b1b98d9f106d668427c850ee8ff8d65a37e1fef53b1636b50f736c32609

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
2a5fa3b1fbfc479a4816c5c0a9089ca0

SHA1
1ed8c63ae79acc820fc0c83d0f789f1b62468f8e

SHA256
cc391122ef469db83eb9bff84acc82c67c2faf37c533fd21d780670b8d9139ee

SHA512
3a1140970b322ff16b5c327982aa21cf93987d15770c4ced494b8edbaa1950c448249285f1350def47488df174eb9335eef3e3e302ab861809f7dd55ec578799

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
5835e9c937e82665a094daaad2ff17e8

SHA1
78631b714a151aa82e0ca559819f0f50f2a4f872

SHA256
f3c93ff06050b2cdfaa78c94563c61d2c07f266479e15ae01580c71bce61536d

SHA512
e58589b71096ca717bf0e0f50236e2545080f831a79ac3ae958946393951cc97fa32d8408eb9faca016be0eea6575e50652376902501e91ce9519288e596da14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
eb9745778c5cc55f6f105e3d60e03a7e

SHA1
1ac60886809447e97465cca58f1e21757aff18dd

SHA256
1090b40ea680ab60cfe954073dad5cde9404aa2509b29098c4a3a5fe4e0e95a4

SHA512
ac02db9fbd19af41cf5c4b9c2a9a57b7aadb6d6147817bc6aed2dca5eebdff695c8815e91ba47ed6080fc1e39b05236d16601df418952866a33df824aad86e45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
b5e2c972ee8f7251fe80b6bb119c5aa1

SHA1
72052e785a267a1c91e423bd36dc4f1fd1dc3e44

SHA256
2131f91b236ef4491f3725d3fcb9eb3e0e2b8cf086de75265d62624e4b5285a2

SHA512
0802ee1b842334d7bd6ab42d65a34f31965e286adc2e1084c09d09ae9f004d9cee13af732f2403fb6ba7150d466cb0775db84c27bbb396238372f56c7a719f79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
086300611f6ab89eb845019a6773270c

SHA1
103574692306b8f1c0380a3f6069112968b1e0c2

SHA256
11f7bcfda90ace082dfed48272be040cbbfaeca056e5417d48302e847a502954

SHA512
b1271f3c2f1a9c96595bc5a25dd22b4b3cbbbcee3ef01232c218dc32c85c85b2eb0623d575c820153af5c4646b634b69f80af69abc9581c96d81b92664460bf8

Download Submit