Analysis
-
max time kernel
2690s -
max time network
2617s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/04/2024, 12:36
Behavioral task
behavioral1
Sample
Prax.dll
Resource
win7-20231129-en
General
-
Target
Prax.dll
-
Size
8.2MB
-
MD5
8c68a4a14bf7b18597377a7318813a53
-
SHA1
74a47ddfaf89718076eee1c4a3c362a6bb799e09
-
SHA256
7fe21d2e184759989b487be1c0583d586f398d1060228a4384e2aa5a224ba0c0
-
SHA512
c7b37190648b3a50fb679c8a7459952f6cdbfa081189c5d91df106d727f3c8f4c8ffed1479e2f064ec603d240d9b03f1fdb69ab2f0f68963a0b3b02058830645
-
SSDEEP
196608:mLKcsvdVNkdtxGhUKUw5Azp8QdUTvHFqvPs6yoNlgLdt450zK09K:mONjyxxKUWAzWIU7HF20v93454Kd
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ rundll32.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion rundll32.exe -
resource yara_rule behavioral2/memory/988-0-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-2-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-3-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-4-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-5-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-6-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-7-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-8-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-9-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida behavioral2/memory/988-10-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 551 raw.githubusercontent.com 552 raw.githubusercontent.com 553 raw.githubusercontent.com 554 raw.githubusercontent.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 988 rundll32.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeManageVolumePrivilege 652 svchost.exe Token: SeDebugPrivilege 1420 firefox.exe Token: SeDebugPrivilege 1420 firefox.exe Token: SeDebugPrivilege 1420 firefox.exe Token: SeDebugPrivilege 1420 firefox.exe Token: SeDebugPrivilege 1420 firefox.exe Token: SeDebugPrivilege 1420 firefox.exe Token: SeDebugPrivilege 1420 firefox.exe -
Suspicious use of FindShellTrayWindow 12 IoCs
pid Process 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe -
Suspicious use of SendNotifyMessage 11 IoCs
pid Process 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe 1420 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1420 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 3896 wrote to memory of 1420 3896 firefox.exe 116 PID 1420 wrote to memory of 908 1420 firefox.exe 117 PID 1420 wrote to memory of 908 1420 firefox.exe 117 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1288 1420 firefox.exe 118 PID 1420 wrote to memory of 1084 1420 firefox.exe 119 PID 1420 wrote to memory of 1084 1420 firefox.exe 119 PID 1420 wrote to memory of 1084 1420 firefox.exe 119 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Prax.dll,#11⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:988
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:1512
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:652
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3896 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.0.2087620537\1929954534" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc8cd7e0-4931-4bd8-9aa9-12e0766fb069} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 1804 247606d3b58 gpu3⤵PID:908
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.1.1801495566\1532379803" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb0706c7-4d0e-4099-8bec-f2a09d2be7f3} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 2364 24753f72e58 socket3⤵PID:1288
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.2.1471974561\494109113" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba17b85-6798-4f22-9c51-7a59e3055b30} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 3192 24764794758 tab3⤵PID:1084
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.3.61728300\112355256" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85e48adb-6141-4cbe-ada2-19d151349eb4} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 3596 2476322b558 tab3⤵PID:4256
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.4.434649572\2002566963" -childID 3 -isForBrowser -prefsHandle 4564 -prefMapHandle 4560 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98b79545-fee0-4776-b45e-88f5f62ca4d4} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 4588 24766703858 tab3⤵PID:3044
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.5.746786794\286248377" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6416add-d401-4ecf-bf37-c8c44e8411fb} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5004 24764e92158 tab3⤵PID:1216
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.6.127743329\2121751179" -childID 5 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e0cc41a-8b53-4c7a-9dca-050b828b0919} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5140 24766d28158 tab3⤵PID:112
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.7.1085423963\1423450674" -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 5344 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f1710a5-250a-4eb7-84d0-56bf9da13a6d} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5332 24766d27b58 tab3⤵PID:4444
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.8.2024641948\225702700" -childID 7 -isForBrowser -prefsHandle 5888 -prefMapHandle 5932 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {837da488-dbd2-4661-bf6e-d916a8c9afac} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5944 24768b76658 tab3⤵PID:2556
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.9.2021872792\851183040" -childID 8 -isForBrowser -prefsHandle 6052 -prefMapHandle 6056 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edccd996-98f0-473b-9619-5a352c6f26f0} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5092 24766dd1b58 tab3⤵PID:2564
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.10.596743461\932037144" -childID 9 -isForBrowser -prefsHandle 2768 -prefMapHandle 3540 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd1c5831-2079-455f-ab9c-a73a881f67d0} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 4824 24763241858 tab3⤵PID:1872
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.11.276562840\1756273672" -childID 10 -isForBrowser -prefsHandle 5000 -prefMapHandle 5092 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7602b687-f76f-4436-8727-65e7e0ff1c21} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5168 2476323fa58 tab3⤵PID:3852
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD50fa2b96010b79c990c242d194f40a98f
SHA17fbe03693f22b30191e5509de6f6a04c9cf4fe7a
SHA256b900491e56b9f5e387e900eb25448787b7217bcb6676d827c413cfdff42ac94f
SHA512caddc11e4fb3943327d960e098c67d6d05417eafa5d6bc34a283a0b7dd320d454398dabbe3da2742b42ab71f8336bd15ccb6cde53b3ce26a631153e05d3846a3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\entries\113033F239D4B40B35BDF0AA58BF8A9E3199B8C5
Filesize60KB
MD5ca3dd1595790b1b1dbfb21b977a0f330
SHA1fef33656abc996e8907318e1a81971e597fd60f1
SHA2562fd515180667169729513d72b4b96727fedf517694e44762a521c6f37596d247
SHA5121c1ce4aff49b58e6f52a242265a5c55ce6dc2dd181c68a0b8562e32182658ad6e7452dc7695b423808bd54cf1853c7b47dc5feb44a166b7f2263405f9efa6c4c
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize13KB
MD55271b2d56584f955d6560854ef245b8b
SHA1786240afeb9deb56b7f2dddb5cd73aaf642646f1
SHA256bac3a622339d1774fd551343c7dc99c2bcbbe01d5f60d3eb8bdc5b38f0c96246
SHA5125669a0d5352f669d238ce358da34e70d7ace9e5f2dc2ae276d562ef6725b0c84fb6f5466a74eed957dfac42b011c5460e30babbdc73313e56dc4693fa8433c3b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\SiteSecurityServiceState.txt
Filesize706B
MD5b77c18a7c228330f37a0de0909efe56f
SHA159796d365d863da1a16b6e0c6c69709cf94a7219
SHA2568fc376106fafe15ab6a3acc3a1071835072133f9c2bd746594fad2c9669dd43b
SHA5126678c848bfc90eddd522421e9118b184685ac1c7129deee03edd8414702550fa9112c5ba70a2abfe1c49ad9fd11b476ce0a570bc7993c43d6870f0250ca0c75b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\bookmarkbackups\bookmarks-2024-04-09_11_Bkue46DMJqtnj4X9ytypXw==.jsonlz4
Filesize944B
MD5eed3c81e7a7d7f861edc6c6b72da3e9d
SHA125e1e59c34894004b1bb333a410810b0d8911441
SHA2569fb48ba9c291e61e8b5ec2a5fac312f010c4b026d9f7014fc1c0401a0e2d42c1
SHA51247c87aa176411ea921e0a3ca6360626cd6f37ff49486fc915098244506c957e0cabcc874fd5dcb19f93cbd234088e0050d7f95345fc6a41986f2bc497d3bd61f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\broadcast-listeners.json
Filesize204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD52e1dea09cccaacec208ea6bfcd8c61ca
SHA1d5288a91fada32c032255f7b8407a9a91e948996
SHA25699e66404a6edef8f7ba49a05dc04151bae3f00be6c2168f10bfbb4ce40c32dfe
SHA512446f796d11957e735611ecead4ff2dcef04e2432c62f9c9a921b22700dd1ba36f377f5cb0ed4f82d944b987509f9653ad4f0bc7601c58a1344a287c9b3694dca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\27e39e88-6857-4d66-8110-a30a44761c67
Filesize746B
MD57e998abe912abd75195a2ff5b1c16f08
SHA1b83f684e1860210e1146042ba9e2ea95721adf51
SHA25629b99fc6c4251d4cf23c46ba2754b4cc493e20b243b5f213f2e32975b914c9ce
SHA5128f35683725ace09f00861e57019522c99a433dd3c3fecdd471050070d01c92988a29da84cbc38b1c4c4c1569ae9e93558d2ef8e3a764a5619420701e82834fa5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\a0a7d4f7-15f9-4e5a-8620-0483ff45b18b
Filesize11KB
MD5b49962c0e11c463353f22b20c95ef1d0
SHA1e3f1ce5dad7871e43af7c4a10dc2e8ae5a7c70bc
SHA2562c869367189a0b237362c1f06e68ff6a61f41dff0e954247b80c7f8ef842524d
SHA5127c74288a216c4574544c456fd174f28db520347380f83e564d2f170fa6513c8f3d3008b177e8f0a31b431f3ec3b29007534191da1b832337c4e047ae55c5ce8a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\f4cc8c7b-c6c1-4325-98b7-f2b989cfaa57
Filesize856B
MD572e55d48e7c4a99a21c739bcf1b040d2
SHA1ebca54b83064a323c4b3304ee576e95be95b85c7
SHA256ec56ace77d20212afaccf3524742b21e3ec7490ff0b511c4234f0357a6b66456
SHA51216c21d8e90dd97b144de8103e8b3c0b0221b73e835e741df185e8dd4a347eb702ae7ea4e7b43f03b2cd476b9ba110aeda8d7d63c41d0b0dc982a3e82688b110a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\fe820729-a651-4828-8567-9baa6f1dc25a
Filesize1KB
MD580752ca7558ad3bc0dc9321319ca1dc8
SHA1b0cb7b42a71b33563168e3a36779de570bf34ac8
SHA256bd654fc886946ea466238e98eef07454bb87163d3070719d7c62b7e3861e38b3
SHA51275311dede9a88c02afa49686f9c823deb52f2be02ef84c8d95b5257d6da69eb2510d53b0eeaca3a33a256497a74e79efadeae3752eb6bacbb7a7759f87392457
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD509ffd82db52bdd54e201051617a28c48
SHA1cf62fe938d94676338b7335a97df181b20b09075
SHA2566f6bb9a67765177e8bed9bae4735f3dd1f821c3d5ef43f159ab44c40e62979fc
SHA51272cc978f1f05a07ea4e108281a34e602220b8aea5e491c217d43b97961c0bc50c22133aeea8679fe47a6ee3695f3849b6b68382c68bd9e800e8c931591299ea7
-
Filesize
7KB
MD546a0f106d4e0181e6af99c04706027d5
SHA1003941f1e9eb34d20235af1e4577eac90868a23c
SHA2568177129f6225e50c62d9544082be3aa65315a26f8354b0141a2030a986ec3af2
SHA512af1aba0cd4a7679ff670a426990acf5d9228b7da8ac38047619d5d9d1c84033dedec4f99a19e05bf68c37207d759648d3ee58d00f1aa154ed2649b6a3110c93e
-
Filesize
6KB
MD5d7afc5aee4c8267e7fca87414ed37533
SHA199a7a4410298fabb2792e136a901e6460ea84981
SHA2564fbc1752df82a0b96e4a5fe820a30c2a752eb0289091658dd44ff6294598a721
SHA51269d48e655b72e4e154c15d3e0ab025969f11c7c280a89e21cf12f53979d8957945856b606e34bb6cfafcc14949341e9ef98ccecef364c7f1ce5cef8caa52d061
-
Filesize
7KB
MD5421c1865787dc4c7341d6f86c053a0b0
SHA13ea5002ca94e330ca09efa355515b1be509cb657
SHA256060ab4461b89ba23b6b38071900cf63af3f9e6ada0bdf333d571ab7deed3b2bd
SHA512c1e472283a0da4e5fa8db2bd3999752157e1249adcab9b325df44122c5b9f091a20f9939fbdd03265377773310d088a676ec1f3db4a8314b8c0cfe9be8993843
-
Filesize
6KB
MD5e637fa0a4fbe25265d66b00fa12438a6
SHA1390f140e6cc1d1872456d779ae918b30b7aafdb1
SHA256392f1b8493276cc2e00fd395b24a99b9f29e27d230201092b7e30756d7ab55bd
SHA51211f54d94640917e8a18bdff6611ead6090daa422bbd5e482f32a40bdd3ef34f00bf93b5c84fca4a1ca18437e12650a474255093c7dadf2601fa6fe72f4cf14d8
-
Filesize
7KB
MD5d219f5b0d25519761df7fbe3ab88d955
SHA1c2ace4ee711b6385c407accbf401d058107bf178
SHA256f7023b129c4dcb2a112bc90cdceb195487dfa4285051f3e238ea6f6e492f4661
SHA512228ac1a93fb42475624e7c05b4de597db9b080680f06f9982bbe00527e096b48bb9e674d7b43a4d29e1ee953e3b3ea37a0b422246a8d671ecdd6ad5d0c2b44cc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5e3f54302ade40517ad673dae9a59a253
SHA1fd55113e108eec547ff4fadb647699c2bf9f1339
SHA256e31d13a22d7ae341af2b0f2e2e2b1f62038e39a66f299653370c3c56e72ecea1
SHA5120e73c4e5d1c8178b3bc84e2ff23951a333af676f4faf8b08ca681ef4b8534183161ef1d9f17b7f3ee8cda457bca476b8f173fe662126e96c911638437f914929
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5657689151fe23b77f4b06629d5fbf51f
SHA187060fdba80f4ca3a69ef55e639e703417d2d5e0
SHA256333c066413ea3520fd798d20810c6f408138822a1d59bf580b5ff3110946567e
SHA5121db18db2949a82a93d3de1c0bf6bc085eda609180339187fc5db5f6cce083952b41b1017a2931d9c8afef66f066b64f1cd119811812de64e60316ee008e63c31
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD56a51f62202d92be5ea326b834082d746
SHA110f27b6d287e0230d965f7a4661484d092377524
SHA256f4ed3e6a904a70f106a98b9627b2bb063942b1117a9fe6eb643a15677f251b70
SHA5121e2e9086995dcb6886cec9ad9be17296b91777f0a67a7d23f5879c879c06d044effcc72e8fbe14b9e35d94e85780aa61304dffa903127dfc5f1e2efe3c12c164
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD50a26949141053660dfadb1d6f46bb51c
SHA1d16473f13b0a6f70f313c7732b4cc71f8dc07611
SHA2560fe013bf64f109f3b9e5037f89472085e6e195a8915a819ced37d134bb417dcc
SHA5122efe2b3d79c641c00fc0db6bca703db9915c379103e0bff88f77853aca22ae9a40657ab8be76d497937ca6ca4b053cff580ebb048790db786b50b1bf53b03bed
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5a6a41678a55ba7a07e0e01941eb76189
SHA1bd46d0beb651d5ad95fb7c2bc7f99aa81ee0ccb0
SHA2561493d351348ada3bb4180f7283bad11330d2f7126de30fc9449779c5c913e5ba
SHA512289efb3722753dee9720e74a2a48b9918324d12fe9739d5a885f5e2ae9e67425f861e2bf2202bcafffa3c60925d66d70c5c6722115c3ff080ef9bd03151d98c4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize7KB
MD573b26b2c4c8a5aa29c7403be81da6aca
SHA11571ea9a99e9f8032a9e446d47f0bd22d4a7776b
SHA2560f7c99ddd9789d1e3dc6ed34edc7bed19622951f368e395309a20a122a75d066
SHA5120d6270772e6ab27f3ae4ce055df7863f052e67cdb86f7b4dec855ee17fc39cb4f88b3a37d43eb2c86b1b01687639cd9fa1f12960e7f49522e6c3c8efe5cc70a5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\targeting.snapshot.json
Filesize3KB
MD53bfb4dec72a7994a524af01fa8bb42f2
SHA1b623294ac8babb18c6d9b2b066424a3a466febf5
SHA25678639d0ace36e06f64347f47851375f80b60a7ae9f8a9203b53cf8122721a6ba
SHA5124bad0b229d1100c071b6af2e59c92938cbeeb6e42a7871f0d5bbb64ff5f6ebd343f967ac498e524df28c934e71d5a68ab156ea38873fa63163d2a878985372a1