Analysis Overview
SHA256
7fe21d2e184759989b487be1c0583d586f398d1060228a4384e2aa5a224ba0c0
Threat Level: Likely malicious
The file Prax.dll was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Themida packer
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-09 12:36
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-09 12:36
Reported
2024-04-09 13:22
Platform
win7-20231129-en
Max time kernel
2631s
Max time network
2282s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Prax.dll,#1
Network
Files
memory/2356-0-0x000007FEF5190000-0x000007FEF667C000-memory.dmp
memory/2356-1-0x000007FEF3CA0000-0x000007FEF518C000-memory.dmp
memory/2356-2-0x000007FEF5190000-0x000007FEF667C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-09 12:36
Reported
2024-04-09 13:22
Platform
win10v2004-20240226-en
Max time kernel
2690s
Max time network
2617s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Windows\system32\rundll32.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\system32\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Windows\system32\rundll32.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\system32\rundll32.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Prax.dll,#1
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.0.2087620537\1929954534" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc8cd7e0-4931-4bd8-9aa9-12e0766fb069} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 1804 247606d3b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.1.1801495566\1532379803" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb0706c7-4d0e-4099-8bec-f2a09d2be7f3} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 2364 24753f72e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.2.1471974561\494109113" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba17b85-6798-4f22-9c51-7a59e3055b30} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 3192 24764794758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.3.61728300\112355256" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85e48adb-6141-4cbe-ada2-19d151349eb4} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 3596 2476322b558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.4.434649572\2002566963" -childID 3 -isForBrowser -prefsHandle 4564 -prefMapHandle 4560 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98b79545-fee0-4776-b45e-88f5f62ca4d4} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 4588 24766703858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.5.746786794\286248377" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6416add-d401-4ecf-bf37-c8c44e8411fb} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5004 24764e92158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.6.127743329\2121751179" -childID 5 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e0cc41a-8b53-4c7a-9dca-050b828b0919} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5140 24766d28158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.7.1085423963\1423450674" -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 5344 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f1710a5-250a-4eb7-84d0-56bf9da13a6d} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5332 24766d27b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.8.2024641948\225702700" -childID 7 -isForBrowser -prefsHandle 5888 -prefMapHandle 5932 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {837da488-dbd2-4661-bf6e-d916a8c9afac} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5944 24768b76658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.9.2021872792\851183040" -childID 8 -isForBrowser -prefsHandle 6052 -prefMapHandle 6056 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edccd996-98f0-473b-9619-5a352c6f26f0} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5092 24766dd1b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.10.596743461\932037144" -childID 9 -isForBrowser -prefsHandle 2768 -prefMapHandle 3540 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd1c5831-2079-455f-ab9c-a73a881f67d0} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 4824 24763241858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1420.11.276562840\1756273672" -childID 10 -isForBrowser -prefsHandle 5000 -prefMapHandle 5092 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7602b687-f76f-4436-8727-65e7e0ff1c21} 1420 "\\.\pipe\gecko-crash-server-pipe.1420" 5168 2476323fa58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.250.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.191.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:64290 | tcp | |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 52.10.78.57:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 57.78.10.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:64296 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 52.41.233.141:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 141.233.41.52.in-addr.arpa | udp |
Files
memory/988-0-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-1-0x00007FFBA2FD0000-0x00007FFBA31C5000-memory.dmp
memory/988-2-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-3-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-4-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-5-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-6-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-7-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-8-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-9-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-10-0x00007FFB83CB0000-0x00007FFB8519C000-memory.dmp
memory/988-13-0x00007FFBA2FD0000-0x00007FFBA31C5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 2e1dea09cccaacec208ea6bfcd8c61ca |
| SHA1 | d5288a91fada32c032255f7b8407a9a91e948996 |
| SHA256 | 99e66404a6edef8f7ba49a05dc04151bae3f00be6c2168f10bfbb4ce40c32dfe |
| SHA512 | 446f796d11957e735611ecead4ff2dcef04e2432c62f9c9a921b22700dd1ba36f377f5cb0ed4f82d944b987509f9653ad4f0bc7601c58a1344a287c9b3694dca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\27e39e88-6857-4d66-8110-a30a44761c67
| MD5 | 7e998abe912abd75195a2ff5b1c16f08 |
| SHA1 | b83f684e1860210e1146042ba9e2ea95721adf51 |
| SHA256 | 29b99fc6c4251d4cf23c46ba2754b4cc493e20b243b5f213f2e32975b914c9ce |
| SHA512 | 8f35683725ace09f00861e57019522c99a433dd3c3fecdd471050070d01c92988a29da84cbc38b1c4c4c1569ae9e93558d2ef8e3a764a5619420701e82834fa5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\a0a7d4f7-15f9-4e5a-8620-0483ff45b18b
| MD5 | b49962c0e11c463353f22b20c95ef1d0 |
| SHA1 | e3f1ce5dad7871e43af7c4a10dc2e8ae5a7c70bc |
| SHA256 | 2c869367189a0b237362c1f06e68ff6a61f41dff0e954247b80c7f8ef842524d |
| SHA512 | 7c74288a216c4574544c456fd174f28db520347380f83e564d2f170fa6513c8f3d3008b177e8f0a31b431f3ec3b29007534191da1b832337c4e047ae55c5ce8a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs.js
| MD5 | e637fa0a4fbe25265d66b00fa12438a6 |
| SHA1 | 390f140e6cc1d1872456d779ae918b30b7aafdb1 |
| SHA256 | 392f1b8493276cc2e00fd395b24a99b9f29e27d230201092b7e30756d7ab55bd |
| SHA512 | 11f54d94640917e8a18bdff6611ead6090daa422bbd5e482f32a40bdd3ef34f00bf93b5c84fca4a1ca18437e12650a474255093c7dadf2601fa6fe72f4cf14d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js
| MD5 | 09ffd82db52bdd54e201051617a28c48 |
| SHA1 | cf62fe938d94676338b7335a97df181b20b09075 |
| SHA256 | 6f6bb9a67765177e8bed9bae4735f3dd1f821c3d5ef43f159ab44c40e62979fc |
| SHA512 | 72cc978f1f05a07ea4e108281a34e602220b8aea5e491c217d43b97961c0bc50c22133aeea8679fe47a6ee3695f3849b6b68382c68bd9e800e8c931591299ea7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e3f54302ade40517ad673dae9a59a253 |
| SHA1 | fd55113e108eec547ff4fadb647699c2bf9f1339 |
| SHA256 | e31d13a22d7ae341af2b0f2e2e2b1f62038e39a66f299653370c3c56e72ecea1 |
| SHA512 | 0e73c4e5d1c8178b3bc84e2ff23951a333af676f4faf8b08ca681ef4b8534183161ef1d9f17b7f3ee8cda457bca476b8f173fe662126e96c911638437f914929 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0a26949141053660dfadb1d6f46bb51c |
| SHA1 | d16473f13b0a6f70f313c7732b4cc71f8dc07611 |
| SHA256 | 0fe013bf64f109f3b9e5037f89472085e6e195a8915a819ced37d134bb417dcc |
| SHA512 | 2efe2b3d79c641c00fc0db6bca703db9915c379103e0bff88f77853aca22ae9a40657ab8be76d497937ca6ca4b053cff580ebb048790db786b50b1bf53b03bed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js
| MD5 | d7afc5aee4c8267e7fca87414ed37533 |
| SHA1 | 99a7a4410298fabb2792e136a901e6460ea84981 |
| SHA256 | 4fbc1752df82a0b96e4a5fe820a30c2a752eb0289091658dd44ff6294598a721 |
| SHA512 | 69d48e655b72e4e154c15d3e0ab025969f11c7c280a89e21cf12f53979d8957945856b606e34bb6cfafcc14949341e9ef98ccecef364c7f1ce5cef8caa52d061 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 657689151fe23b77f4b06629d5fbf51f |
| SHA1 | 87060fdba80f4ca3a69ef55e639e703417d2d5e0 |
| SHA256 | 333c066413ea3520fd798d20810c6f408138822a1d59bf580b5ff3110946567e |
| SHA512 | 1db18db2949a82a93d3de1c0bf6bc085eda609180339187fc5db5f6cce083952b41b1017a2931d9c8afef66f066b64f1cd119811812de64e60316ee008e63c31 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\entries\113033F239D4B40B35BDF0AA58BF8A9E3199B8C5
| MD5 | ca3dd1595790b1b1dbfb21b977a0f330 |
| SHA1 | fef33656abc996e8907318e1a81971e597fd60f1 |
| SHA256 | 2fd515180667169729513d72b4b96727fedf517694e44762a521c6f37596d247 |
| SHA512 | 1c1ce4aff49b58e6f52a242265a5c55ce6dc2dd181c68a0b8562e32182658ad6e7452dc7695b423808bd54cf1853c7b47dc5feb44a166b7f2263405f9efa6c4c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a6a41678a55ba7a07e0e01941eb76189 |
| SHA1 | bd46d0beb651d5ad95fb7c2bc7f99aa81ee0ccb0 |
| SHA256 | 1493d351348ada3bb4180f7283bad11330d2f7126de30fc9449779c5c913e5ba |
| SHA512 | 289efb3722753dee9720e74a2a48b9918324d12fe9739d5a885f5e2ae9e67425f861e2bf2202bcafffa3c60925d66d70c5c6722115c3ff080ef9bd03151d98c4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\15662
| MD5 | 0fa2b96010b79c990c242d194f40a98f |
| SHA1 | 7fbe03693f22b30191e5509de6f6a04c9cf4fe7a |
| SHA256 | b900491e56b9f5e387e900eb25448787b7217bcb6676d827c413cfdff42ac94f |
| SHA512 | caddc11e4fb3943327d960e098c67d6d05417eafa5d6bc34a283a0b7dd320d454398dabbe3da2742b42ab71f8336bd15ccb6cde53b3ce26a631153e05d3846a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6a51f62202d92be5ea326b834082d746 |
| SHA1 | 10f27b6d287e0230d965f7a4661484d092377524 |
| SHA256 | f4ed3e6a904a70f106a98b9627b2bb063942b1117a9fe6eb643a15677f251b70 |
| SHA512 | 1e2e9086995dcb6886cec9ad9be17296b91777f0a67a7d23f5879c879c06d044effcc72e8fbe14b9e35d94e85780aa61304dffa903127dfc5f1e2efe3c12c164 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\fe820729-a651-4828-8567-9baa6f1dc25a
| MD5 | 80752ca7558ad3bc0dc9321319ca1dc8 |
| SHA1 | b0cb7b42a71b33563168e3a36779de570bf34ac8 |
| SHA256 | bd654fc886946ea466238e98eef07454bb87163d3070719d7c62b7e3861e38b3 |
| SHA512 | 75311dede9a88c02afa49686f9c823deb52f2be02ef84c8d95b5257d6da69eb2510d53b0eeaca3a33a256497a74e79efadeae3752eb6bacbb7a7759f87392457 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\f4cc8c7b-c6c1-4325-98b7-f2b989cfaa57
| MD5 | 72e55d48e7c4a99a21c739bcf1b040d2 |
| SHA1 | ebca54b83064a323c4b3304ee576e95be95b85c7 |
| SHA256 | ec56ace77d20212afaccf3524742b21e3ec7490ff0b511c4234f0357a6b66456 |
| SHA512 | 16c21d8e90dd97b144de8103e8b3c0b0221b73e835e741df185e8dd4a347eb702ae7ea4e7b43f03b2cd476b9ba110aeda8d7d63c41d0b0dc982a3e82688b110a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 73b26b2c4c8a5aa29c7403be81da6aca |
| SHA1 | 1571ea9a99e9f8032a9e446d47f0bd22d4a7776b |
| SHA256 | 0f7c99ddd9789d1e3dc6ed34edc7bed19622951f368e395309a20a122a75d066 |
| SHA512 | 0d6270772e6ab27f3ae4ce055df7863f052e67cdb86f7b4dec855ee17fc39cb4f88b3a37d43eb2c86b1b01687639cd9fa1f12960e7f49522e6c3c8efe5cc70a5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js
| MD5 | 46a0f106d4e0181e6af99c04706027d5 |
| SHA1 | 003941f1e9eb34d20235af1e4577eac90868a23c |
| SHA256 | 8177129f6225e50c62d9544082be3aa65315a26f8354b0141a2030a986ec3af2 |
| SHA512 | af1aba0cd4a7679ff670a426990acf5d9228b7da8ac38047619d5d9d1c84033dedec4f99a19e05bf68c37207d759648d3ee58d00f1aa154ed2649b6a3110c93e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 5271b2d56584f955d6560854ef245b8b |
| SHA1 | 786240afeb9deb56b7f2dddb5cd73aaf642646f1 |
| SHA256 | bac3a622339d1774fd551343c7dc99c2bcbbe01d5f60d3eb8bdc5b38f0c96246 |
| SHA512 | 5669a0d5352f669d238ce358da34e70d7ace9e5f2dc2ae276d562ef6725b0c84fb6f5466a74eed957dfac42b011c5460e30babbdc73313e56dc4693fa8433c3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js
| MD5 | 421c1865787dc4c7341d6f86c053a0b0 |
| SHA1 | 3ea5002ca94e330ca09efa355515b1be509cb657 |
| SHA256 | 060ab4461b89ba23b6b38071900cf63af3f9e6ada0bdf333d571ab7deed3b2bd |
| SHA512 | c1e472283a0da4e5fa8db2bd3999752157e1249adcab9b325df44122c5b9f091a20f9939fbdd03265377773310d088a676ec1f3db4a8314b8c0cfe9be8993843 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\targeting.snapshot.json
| MD5 | 3bfb4dec72a7994a524af01fa8bb42f2 |
| SHA1 | b623294ac8babb18c6d9b2b066424a3a466febf5 |
| SHA256 | 78639d0ace36e06f64347f47851375f80b60a7ae9f8a9203b53cf8122721a6ba |
| SHA512 | 4bad0b229d1100c071b6af2e59c92938cbeeb6e42a7871f0d5bbb64ff5f6ebd343f967ac498e524df28c934e71d5a68ab156ea38873fa63163d2a878985372a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\bookmarkbackups\bookmarks-2024-04-09_11_Bkue46DMJqtnj4X9ytypXw==.jsonlz4
| MD5 | eed3c81e7a7d7f861edc6c6b72da3e9d |
| SHA1 | 25e1e59c34894004b1bb333a410810b0d8911441 |
| SHA256 | 9fb48ba9c291e61e8b5ec2a5fac312f010c4b026d9f7014fc1c0401a0e2d42c1 |
| SHA512 | 47c87aa176411ea921e0a3ca6360626cd6f37ff49486fc915098244506c957e0cabcc874fd5dcb19f93cbd234088e0050d7f95345fc6a41986f2bc497d3bd61f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\SiteSecurityServiceState.txt
| MD5 | b77c18a7c228330f37a0de0909efe56f |
| SHA1 | 59796d365d863da1a16b6e0c6c69709cf94a7219 |
| SHA256 | 8fc376106fafe15ab6a3acc3a1071835072133f9c2bd746594fad2c9669dd43b |
| SHA512 | 6678c848bfc90eddd522421e9118b184685ac1c7129deee03edd8414702550fa9112c5ba70a2abfe1c49ad9fd11b476ce0a570bc7993c43d6870f0250ca0c75b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs.js
| MD5 | d219f5b0d25519761df7fbe3ab88d955 |
| SHA1 | c2ace4ee711b6385c407accbf401d058107bf178 |
| SHA256 | f7023b129c4dcb2a112bc90cdceb195487dfa4285051f3e238ea6f6e492f4661 |
| SHA512 | 228ac1a93fb42475624e7c05b4de597db9b080680f06f9982bbe00527e096b48bb9e674d7b43a4d29e1ee953e3b3ea37a0b422246a8d671ecdd6ad5d0c2b44cc |