Overview
overview
7Static
static
3tesseract-...27.exe
windows7-x64
7tesseract-...27.exe
windows10-2004-x64
7$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3ambiguous_...1.html
windows7-x64
1ambiguous_...1.html
windows10-2004-x64
1ambiguous_words.exe
windows7-x64
1ambiguous_words.exe
windows10-2004-x64
1classifier...1.html
windows7-x64
1classifier...1.html
windows10-2004-x64
1classifier_tester.exe
windows7-x64
1classifier_tester.exe
windows10-2004-x64
1cntraining.1.html
windows7-x64
1cntraining.1.html
windows10-2004-x64
1cntraining.exe
windows7-x64
1cntraining.exe
windows10-2004-x64
1combine_la...1.html
windows7-x64
1combine_la...1.html
windows10-2004-x64
1combine_la...el.exe
windows7-x64
1combine_la...el.exe
windows10-2004-x64
1combine_te...1.html
windows7-x64
1combine_te...1.html
windows10-2004-x64
1Analysis
-
max time kernel
142s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 18:47
Static task
static1
Behavioral task
behavioral1
Sample
tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
ambiguous_words.1.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
ambiguous_words.1.html
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
ambiguous_words.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
ambiguous_words.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral19
Sample
classifier_tester.1.html
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
classifier_tester.1.html
Resource
win10v2004-20240221-en
Behavioral task
behavioral21
Sample
classifier_tester.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
classifier_tester.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral23
Sample
cntraining.1.html
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
cntraining.1.html
Resource
win10v2004-20240221-en
Behavioral task
behavioral25
Sample
cntraining.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
cntraining.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral27
Sample
combine_lang_model.1.html
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
combine_lang_model.1.html
Resource
win10v2004-20240221-en
Behavioral task
behavioral29
Sample
combine_lang_model.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
combine_lang_model.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral31
Sample
combine_tessdata.1.html
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
combine_tessdata.1.html
Resource
win10v2004-20240221-en
General
-
Target
tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe
-
Size
42.0MB
-
MD5
e3e83d9e59dc66f9328940640910a731
-
SHA1
aff9d47058b4b172c65db8f8d0d486a3e297a916
-
SHA256
459b0cb9830f52ace1106ac9a2d636423de893fe301743891e0a2879fb8cd8a7
-
SHA512
8c46106ffa2caf8ef03cea51b871c1b3cf756d2a3c9f2a34c3a0959abb8708fda7378dcd432c84104294c2e96ecbc3278a547a0ba0a21ff9e8b1cbc2c76705da
-
SSDEEP
786432:WtHoZOx0E52L17X274NtKP8ih/WahlNel6wBcImhSZ4+S/buMdMPDTbU0k0vJhHZ:WtDx0k2L1WMKP59WelNeltcdd+SDDWh7
Malware Config
Signatures
-
Loads dropped DLL 5 IoCs
pid Process 1620 tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe 1620 tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe 1620 tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe 1620 tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe 1620 tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeDebugPrivilege 4984 firefox.exe Token: SeDebugPrivilege 4984 firefox.exe Token: SeDebugPrivilege 1620 taskmgr.exe Token: SeSystemProfilePrivilege 1620 taskmgr.exe Token: SeCreateGlobalPrivilege 1620 taskmgr.exe Token: 33 1620 taskmgr.exe Token: SeIncBasePriorityPrivilege 1620 taskmgr.exe Token: SeDebugPrivilege 4984 firefox.exe Token: SeDebugPrivilege 4984 firefox.exe Token: SeDebugPrivilege 4984 firefox.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 4984 firefox.exe 4984 firefox.exe 4984 firefox.exe 4984 firefox.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 4984 firefox.exe 4984 firefox.exe 4984 firefox.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe 1620 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4984 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4920 wrote to memory of 4984 4920 firefox.exe 96 PID 4984 wrote to memory of 4304 4984 firefox.exe 97 PID 4984 wrote to memory of 4304 4984 firefox.exe 97 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 4080 4984 firefox.exe 98 PID 4984 wrote to memory of 1844 4984 firefox.exe 99 PID 4984 wrote to memory of 1844 4984 firefox.exe 99 PID 4984 wrote to memory of 1844 4984 firefox.exe 99 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe"C:\Users\Admin\AppData\Local\Temp\tesseract-ocr-w64-setup-v5.0.0-alpha.20201127.exe"1⤵
- Loads dropped DLL
PID:1620
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4984.0.1241203281\1197857695" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1816 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87029e8d-9af7-4c2f-b090-774578167ec0} 4984 "\\.\pipe\gecko-crash-server-pipe.4984" 1948 284d24cfb58 gpu3⤵PID:4304
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4984.1.1216710473\46501566" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05b04deb-843b-4517-b0f1-1bb3171b1a77} 4984 "\\.\pipe\gecko-crash-server-pipe.4984" 2348 284c5c6fe58 socket3⤵PID:4080
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4984.2.1699232332\1577311126" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8586419b-d0b6-413e-aaf6-a7d76dba2577} 4984 "\\.\pipe\gecko-crash-server-pipe.4984" 3016 284d245e958 tab3⤵PID:1844
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4984.3.1946018537\648175936" -childID 2 -isForBrowser -prefsHandle 1084 -prefMapHandle 1080 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d3e2b79-b462-4b68-b650-bff313eabf55} 4984 "\\.\pipe\gecko-crash-server-pipe.4984" 3556 284d4d67958 tab3⤵PID:4692
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4984.4.482049353\561087020" -childID 3 -isForBrowser -prefsHandle 4648 -prefMapHandle 4644 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1804735-e15d-45e7-ac9b-1bcdf682b381} 4984 "\\.\pipe\gecko-crash-server-pipe.4984" 4660 284d83ea158 tab3⤵PID:1496
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4984.7.2063774858\1454383888" -childID 6 -isForBrowser -prefsHandle 5452 -prefMapHandle 5456 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9d2535d-9391-417b-8416-c34deac58d67} 4984 "\\.\pipe\gecko-crash-server-pipe.4984" 5444 284d89ea758 tab3⤵PID:3960
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4984.6.339772548\1501645817" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87e3ff3d-ed7d-404c-abc8-11807088fbce} 4984 "\\.\pipe\gecko-crash-server-pipe.4984" 5236 284d89e9b58 tab3⤵PID:1408
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4984.5.1528498224\553417276" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5108 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b04cf661-dc2b-4ba6-9de7-6eebd164a5e6} 4984 "\\.\pipe\gecko-crash-server-pipe.4984" 5104 284d6cc4758 tab3⤵PID:864
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1620
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:3060
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4068
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵PID:1692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5bc11f58aa5fb1a877d5a236eecf105a2
SHA18a9fe378027ef83659872f80d75d90d65b44cf5e
SHA2569a70dd9e812fb61f11c4bc9335461cd44f3076fb70c898aa42858047c2b1a93b
SHA5122f1fdfd9ba5761e48b39850122f20adbb5ad3d3a5827fd2048d5679f1f298dc7859794c090fd44f254da065fcb41efabe5b4110a01dbbf9b591a843c355bda72
-
Filesize
10KB
MD518e0d3949bd0d1a9f45dbee66ab2ebcf
SHA1cb32adac5ffbd82dd550989bd7fe990f71cf9b99
SHA256372dc5534980d79d4e20147fd8d7bb20e76d91cad3d086cc1ed7bd03bd581a78
SHA512c41b35df327933f4ba9218b326dead3724049676df5cda0a0f7f57b28b92a7efde3832af262a96d545db5e1f7e01a1191f1b68b395c592d64fdbcae80273ae45
-
Filesize
26KB
MD5ebf5c733481e2f6ddaa04fab99553616
SHA17a979fa5609dd29315089c8640fabf3ca01be51d
SHA2563b7ae06666fb4277974766409349d0f14d4358e15a20c6c078a29c6021b4a779
SHA51237a61a13ca08bcd0c7bf84c0d1ec4c4d7320b57d60fa702a1c06f8e2a5a8a9c16b4b6756147357713ffafe26dea9ed42f45e5279c4999121a5589f1069760d8c
-
Filesize
6KB
MD5468810235cebba9d311137e11ff0fa49
SHA172b1173f1ca6f3d1733e5487b04a89f7e7adf385
SHA25648e8fe27774165eee31fc04266c80b553bc80799c103ba7a0e378d68dd023172
SHA512deb5ffbf92e9668af544a88d329434fe271c8663517ec2d20609f015d447b254d17b44f3259db6d7d8b4fd9c22a645f0e1b4842dac1434eff892dbab28cdac76
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
12KB
MD587cdd064d650b3cf72f8a103bd73bace
SHA1f8ea12681f5a5bb97ad9b525ef12e88fda832f8a
SHA256a29754f0b21fbb92265f1fb924b3423a330704bbf56796da67aeca876dbd3326
SHA5126ef757c6e8ad737a3755d0e387c60b596b2261ae10d02b293c1da2c1732901079a00d7f8a5fdb203f8cf984b2d8dfcaac99a43fb8ac011eaab85b56270223a88
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD54f13bc9627be2228072d2d8fd43074d5
SHA1d249f7e2850d3dc5d1ade760e5fa11b51e580543
SHA2568a4af4adaa62713644ae9090c725c0870e7f6558d36e9c878c2a17dc0825bb21
SHA512873396407ec4cb235ba0dc2583c043076127a765f043c0f35817f05be08f33b2ba619e356f7d7ce39e7b132eff2f2093118269abb169ce6afcf52e32775eaedd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\datareporting\glean\pending_pings\10d27390-eeb4-4712-b67c-d969ba40d036
Filesize746B
MD5358666c28fac730fe2f1abd5bdda394f
SHA160b2c765807b33e8a218f2621cfd2a9d8a1bbba6
SHA256e95073ee04126888616ababc1976956085728d051dd3fcbd1f18cfbe8c48b435
SHA51221ebe377bcb6b1635a8955f33b66c8de1a5d42693b4111faaf7faea51c2c68511e8982d6d8a7dcc8c4ec8932461e1786e8da9edd0c0887732fad3e3df3d442d9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\datareporting\glean\pending_pings\a47f2e61-2dac-40be-b55b-060425ea82b1
Filesize11KB
MD5b21b8bb8effe5ab23928c8d734af5086
SHA16413f52e5c812cf4205c3ab1e59a8f02f471b1c2
SHA2567abc3ec51dedd30409df2918362e3dff04fe1f3a374c081374613f03054d46af
SHA5127c52facd4f46511cdc9965babadb62b44ceaacde963d77da126d930879978f9e34c002e5b0eed6794c9e224d8307cabb5d1e99103ae5cf8d2ce1fe71e19ef7a1
-
Filesize
6KB
MD59487681c2a3c013e5c2a5a20d6c3af56
SHA1b3ade0a5ef01e129c308e0ee3a70458a4328d1da
SHA2560bf7754645a2023789f6ca46a7a55bbeedb643fd1241184efab80c202853e143
SHA5122ace93b6cebefb6039d1c6562af473fda674a9e20b6bb66ce40ad729a21a02b2e2f622fcc86108761a58e4b35b35fca8a72598179e98a178aef86719b5427fd5
-
Filesize
6KB
MD575583a7d9010e71bfe8d12ab5ce0230a
SHA1208eb04bfdd3ecafd478d7735368758610f641b9
SHA2564a8b8a31d11e3f8e2d4a8709478895cc1b373376ae5b297c55ceedbaccc4d5bf
SHA51294f1c56bd5903a3f120bf6d926966bd8a4853cd3e14ebe1a5b2fa52ee0715f8b6ab213b66a3b3f5351ee377205aca4d70e8ec01137102f689e7c4694c54e05c7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r67w6m5l.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD51f5aa7c9ba69ef03283612f8346625a9
SHA164f05ee5fba80f6effee806c3a76524318cb3eba
SHA256bfeaf981c45f3a8270ad996375884d1a268067790a96441525fbc126ebf4fdcf
SHA512750a0368a6d1b2adce195b0635f62e4f364c0caf1d8d5c9d1f8f22608304f79b77f03a5813ab1a4102a3e5d62e531634de9c8d2612ecdd6ad5e2007d3838f975