Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-1703_x64 -
resource
win10-20240214-en -
resource tags
arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system -
submitted
19/02/2024, 16:38
General
-
Target
Prax.dll
-
Size
6.4MB
-
MD5
965cba6a51a8f221a584c6592f6d364a
-
SHA1
7add8e3f2ba9c497413510ce8d96ace4943296b8
-
SHA256
db2f15859bf603ae865e77425d78331c310d2165a6a1164b10c21b7a50107938
-
SHA512
7fc89464e9019a04a1c18a6a124dd1110dafbaa40ae6cdb2d8f44d7bf6267499ef6de0a2166a99d38e73358c0bbd3f6b013cd462a4d693af2fa3a5dbdfaaa010
-
SSDEEP
196608:JSUqoiFcd9yP0v6ydkNMLlIKWsFefGVlC18Hj:0roiFc6svhaN2IKVeOVY1wj
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ rundll32.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion rundll32.exe -
resource yara_rule behavioral1/memory/3564-3-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-8-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-9-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-10-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-11-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-12-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-13-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-14-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-15-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida behavioral1/memory/3564-17-0x00007FFE52B10000-0x00007FFE53B53000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3564 rundll32.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\rescache\_merged\1601268389\3877292338.pri taskmgr.exe File created C:\Windows\rescache\_merged\4183903823\810424605.pri taskmgr.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 312 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 312 taskmgr.exe Token: SeSystemProfilePrivilege 312 taskmgr.exe Token: SeCreateGlobalPrivilege 312 taskmgr.exe Token: SeDebugPrivilege 2388 firefox.exe Token: SeDebugPrivilege 2388 firefox.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 2388 firefox.exe 312 taskmgr.exe 2388 firefox.exe 2388 firefox.exe 2388 firefox.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 2388 firefox.exe 312 taskmgr.exe 2388 firefox.exe 2388 firefox.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe 312 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2388 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 4284 wrote to memory of 2388 4284 firefox.exe 76 PID 2388 wrote to memory of 4252 2388 firefox.exe 77 PID 2388 wrote to memory of 4252 2388 firefox.exe 77 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 3332 2388 firefox.exe 78 PID 2388 wrote to memory of 2356 2388 firefox.exe 79 PID 2388 wrote to memory of 2356 2388 firefox.exe 79 PID 2388 wrote to memory of 2356 2388 firefox.exe 79 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Prax.dll,#11⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3564
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:312
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.0.1415688184\1603889656" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d689fc-07de-4420-867b-31f7ea9ee3b9} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 1796 1f327207e58 gpu3⤵PID:4252
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.1.562153261\234014821" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15eb79c2-3859-4172-8576-55444ec2bea9} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 2152 1f313a72558 socket3⤵
- Checks processor information in registry
PID:3332
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.2.570056800\930864232" -childID 1 -isForBrowser -prefsHandle 2696 -prefMapHandle 2868 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a38b96f-6b44-436e-b224-b850c72583f2} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 2688 1f32a193e58 tab3⤵PID:2356
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.3.57019162\694508604" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a9f6236-a994-48a6-b834-d866b2800123} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 3524 1f313a61358 tab3⤵PID:3732
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.4.100240832\242935350" -childID 3 -isForBrowser -prefsHandle 4128 -prefMapHandle 4140 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86f98ad0-0645-4059-90e0-388a2131c801} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 4404 1f32c1dc258 tab3⤵PID:3680
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.5.1315376048\1466961751" -childID 4 -isForBrowser -prefsHandle 4796 -prefMapHandle 4792 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {746f0329-eaca-46f9-8bb8-1dfd105f8255} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 4808 1f32c118a58 tab3⤵PID:1904
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.7.17653065\441361606" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2b771e3-8500-4c21-9342-961158afe695} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5144 1f32d368d58 tab3⤵PID:4508
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.6.1243117856\1465245686" -childID 5 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80c5e5ec-6a32-4559-bcbf-ab69c1d50a5d} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 4944 1f32c5f4758 tab3⤵PID:4332
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.8.916423895\1542053744" -childID 7 -isForBrowser -prefsHandle 4848 -prefMapHandle 4976 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3610b6fd-c2c1-4807-97c4-8a9b5521907d} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 4796 1f327827258 tab3⤵PID:872
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\0CAEF7F888B762E2BA192BCD450FFE1DFD4D8CA9
Filesize57KB
MD5a5db28a9df447f36e3aad3aad32cffae
SHA1a5193906f2f745c077b59c9c76070bc02e2e04e7
SHA256c020e40c1355b00d0bc760d4bba001d92c53e54b099f268fe4daab9495038dda
SHA512c7766da58556ac0ae7afae4047c460bbffd175840ba83d0469bb8040c2de06ed433506b2b62bcd200cebb2fbff3eb203952528e035ea09cf00697e17e579b727
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5a9e633ffc15b8f0bb7916f6943e49d88
SHA12a460b0bd08a9276c0df489573f7e978db7c7790
SHA2569a9a5e73efb8f2ff14eb25fadc22cde433fa4ab83dc122da7471fff09e0ebe66
SHA512b22adc3b0042a49dd927737d311a0edf83e49e6c39454c4863bb1884215c93e524e4c9152ed68250b226beda4b4c48970b64f68876d120a0cd9b569045adb65f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\pending_pings\2aee7cc3-643f-40d4-8ba3-bca967c3d9ce
Filesize10KB
MD500b6865a7930c448cb6058a7a64358bf
SHA1737a8e68dc78b729bf6e1a34a7f3f398fb416a5f
SHA256ed1674c3a65bb0f7902bbe0fcd00b1d09014e84f0de44497b3fff90ef84c7e6d
SHA512ef123bf0c75eaacc03097f8d69c7542e33844823e686b5e684958a1057e5b6c9faad04ee4bbc3ef92fd4356380a9d8a717ee2ecb06c98cc07f6d32e750cbb4c3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\pending_pings\3b0a42bf-3545-4806-b967-e71a3ba52e8c
Filesize746B
MD5e80e3ab95f0f03adff2836bbe2547ad0
SHA101103835c789c83adac0aab2edf1da19c1ff138e
SHA256f1fd1012eb357c05e2d1532b4f8b488790e68f78138631264e70ea186310b363
SHA5126ac6a1339463c9f6787aed5e17422f5cb595582337db63ea7769116fcc4b7d022299097e03cb3688a48a177c0b350ba76b49e7253cb04fa19ce7787faaa72f62
-
Filesize
6KB
MD5c2506e022acb825f36d7662c12aa8307
SHA14e11f34930f1db66392384571eb229be0df91f0d
SHA2565316a149f9dc4fedc7bd7e002ed54f364c3d8808435fb7d5678f31e196c4fce9
SHA512522046f518494d16692f12941c17bd2e58469b15db23c2f075c6cbf38a80809e343402f60ed7532ad530b071c71e6340bfb0ffcd626966d74e6b7d7665d37bf2
-
Filesize
6KB
MD5d86b92268a6303562443ea4fb01f2f69
SHA1c2bbaa07400bd19ffcddfdb958df2d87b0a90d8c
SHA256f8ac4336be0f02dacdedec8d9a360fbddab6ebf52103a1791ead3a8610f01bd5
SHA512b9d42b64d8542eaed4e370d792bb1fa3a9d538673a106864828fd466087ae36ec3748952f506dace9d57a6814cd29daf02356eb020e363a97f94b5044b3140e8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD559d5366928e0dd76dd909be6cf98b900
SHA15db434d5798dbd2c9e40c26b8ca327b9cca17310
SHA25650d2416b47b2db48bf2ea9143b5fcd3ef2859ea8205d8216fc38dfdeb62e2e85
SHA5128a14ae42c31e8a11aed65133ee6cc4da2068e7222aa4a0a719b47832a645861d5cc55c7d9ea4688498b1aab28a23714d8a14b8ff66f92d01e8a6889be89c8c2a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5baa955491605a1f60f32ea03a118ffa2
SHA16aec53508f21ddaad762e09117a94a40cd4b04a8
SHA256445bed2e104fe2e64f9013d439a175734a851683cc9a3d81bf4105d960e53430
SHA512a9aa851443e16694824a18cfcd8fca9072d934fa0f0dec17bd22da44064fd91f7172ce312fa0f9d190e9baa6bded9b79a7b499499f3ee045e88889f37ccdf6ce
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD56ad9a3b4ce231d5f3d9dc604f2783095
SHA196ea8742cdddb1f4545dfbac27d36d198f860b88
SHA25616e31d7b3bee2360d7341d02eb134c01cbc459c385d4673b02483608508599c8
SHA512eb502515ba5339be8ca6b1d174cd17e9877481ab88354cf3e0d9b9b23b25f1399d3b3a93334d073e94768f77402acb89d1f60e78a9a58d53f1fc64c7d6bb385d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore.jsonlz4
Filesize4KB
MD55f36a7dfceb05b58922085e350cde987
SHA1bb9c9fc5db1397f45b6ac058ea32cf7f6f5eec32
SHA2566f0804ad0e0dd672cd33258398a7721dbd97c911516e09b688de404b06333b18
SHA51253a5d4b9335037753e643708b12e26f9ae122fcdf95c0bb85af5ac0f360d3ba56ecd12c5197cc12204a8c2f1964c1695b007be6dae13b12f01e3f5a21be6520c