c4ad20f2b37a8d9141978a6a7a03e5808124f738db3db0cb887c418887a4e8c0

Analysis

max time kernel
111s
max time network
80s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28-04-2024 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Clean.cmd
Size

1KB
MD5

19db8c1d4b4caea5df586afd463304a6
SHA1

c5b21669e4e074b57449369b447680e8467efeca
SHA256

c4ad20f2b37a8d9141978a6a7a03e5808124f738db3db0cb887c418887a4e8c0
SHA512

4b28c1a283668c488e213c41d48615b2d56310746b93085f098a222892f17c30fb766b9bacac74b993a6355f546c51aad66d66dfb0bc5f33b8f8934ad93af9dc

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 1436 firefox.exe
Token: SeDebugPrivilege 1436 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

1436 firefox.exe
1436 firefox.exe
1436 firefox.exe
1436 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1436 firefox.exe
1436 firefox.exe
1436 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

1436 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	1436	firefox.exe

pid	process
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe

pid	process
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe

pid	process
1436	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 320 wrote to memory of 1436	320	firefox.exe	firefox.exe
PID 1436 wrote to memory of 2488	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 2488	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 3172	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 2464	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 2464	1436	firefox.exe	firefox.exe
PID 1436 wrote to memory of 2464	1436	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Clean.cmd"
1⤵
PID:2276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.0.1110396896\1363398582" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a214b590-a79d-4d6c-b655-edd242bf041e} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 1796 170fe3f0258 gpu
3⤵
PID:2488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.1.1000400118\191371148" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc9f5d5a-70d8-42dd-bc78-01ab0d2c9d6c} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 2152 170f326fb58 socket
3⤵
- Checks processor information in registry
PID:3172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.2.1139229792\1929040050" -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3048 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2450e628-2f55-404f-a722-868f079f1c24} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 3024 1708279ad58 tab
3⤵
PID:2464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.3.444665755\1591069076" -childID 2 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92664c28-da17-4eeb-bdf0-d423959e5267} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 3544 1708350fe58 tab
3⤵
PID:4356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.4.1798894442\63181464" -childID 3 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8105bd96-6194-473d-9405-67b1d8260734} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 4100 17080dd7558 tab
3⤵
PID:3688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.5.1196231164\670170892" -childID 4 -isForBrowser -prefsHandle 4272 -prefMapHandle 4800 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a44377b6-15b5-49a3-a855-65ae0bd3f3d7} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 4852 17084d88058 tab
3⤵
PID:4408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.6.420112062\251956879" -childID 5 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {322393c5-71de-4f04-acf4-8f944c5ac44c} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 4984 17084d88358 tab
3⤵
PID:3920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.7.1251111268\894585179" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe45e6ea-ad24-4008-b156-5fa56756849f} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 5180 17084d89b58 tab
3⤵
PID:4504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.8.79280969\490066232" -childID 7 -isForBrowser -prefsHandle 5660 -prefMapHandle 5252 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88d80894-63b2-4a38-a9a0-3ef119b56e5d} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 2780 17086ab1c58 tab
3⤵
PID:3392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.9.1545018682\490437617" -childID 8 -isForBrowser -prefsHandle 9700 -prefMapHandle 9688 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9f748b7-2beb-4e4a-a557-d7c3c0dc14b8} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 9720 1708279b658 tab
3⤵
PID:4600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.10.1760262776\1087502526" -childID 9 -isForBrowser -prefsHandle 9588 -prefMapHandle 9592 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e3b5735-d0ad-48c9-bfce-71db8858c1a3} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 7904 17086210e58 tab
3⤵
PID:1064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.11.258097393\605930106" -childID 10 -isForBrowser -prefsHandle 7780 -prefMapHandle 7776 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cde9c54c-c9e6-4626-aa10-131cfe29583d} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 7792 17080d72c58 tab
3⤵
PID:1236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.12.1156939408\205177081" -childID 11 -isForBrowser -prefsHandle 9456 -prefMapHandle 9592 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {782c848b-cce9-4936-b7e9-8420b863f34b} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 7744 17080ef2a58 tab
3⤵
PID:5444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.13.502358986\294091979" -childID 12 -isForBrowser -prefsHandle 7792 -prefMapHandle 9392 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4366a77c-830a-47c8-8e22-62636d848c7b} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 9260 170874c5758 tab
3⤵
PID:5452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.14.335240135\262861427" -childID 13 -isForBrowser -prefsHandle 8940 -prefMapHandle 9000 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fba6134-daab-4184-807c-bdc50181d0f4} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 8924 1708350dd58 tab
3⤵
PID:6048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.15.242597507\1697339600" -childID 14 -isForBrowser -prefsHandle 8796 -prefMapHandle 8800 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09638c97-c744-4232-bbaf-00242dcce03b} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 8788 17080ef1b58 tab
3⤵
PID:6056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.16.268458273\107995481" -childID 15 -isForBrowser -prefsHandle 9004 -prefMapHandle 7672 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {848d0334-2cfb-41d7-9ad2-0ed563607a66} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 7684 17084936e58 tab
3⤵
PID:5608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.17.1649037367\1815367842" -childID 16 -isForBrowser -prefsHandle 8904 -prefMapHandle 7636 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a6f5bd7-f134-4c02-b3c8-16b1a2571a6a} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 9208 17084938658 tab
3⤵
PID:5640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.18.2139463878\196627278" -childID 17 -isForBrowser -prefsHandle 7448 -prefMapHandle 7444 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba6e99f1-3c8c-4f7d-95fc-2fd116ac49a0} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 7456 17084a43858 tab
3⤵
PID:5648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1436.19.481791119\1254909896" -childID 18 -isForBrowser -prefsHandle 8384 -prefMapHandle 8388 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb325dfb-d501-4bbf-b846-206616c5e623} 1436 "\\.\pipe\gecko-crash-server-pipe.1436" 8376 17087483458 tab
3⤵
PID:6092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201
Filesize
41KB

MD5
e2c8c5118d117e3ddfa0c88ec03f1712

SHA1
ece44985828e68bd1628e35d4cf910a27deb90fe

SHA256
61324e5ffab1290bee47e70637b581e03b766e59f3d3cdd011bbbc6e79d3bdd1

SHA512
865281d39192756fcb96ff27af0af2eafd2c4b636fa40d56da1395e5b714703f73ebc5c94e7d179ae3ea06aac235ef971a9382ea9b9897496cc0a61d62b97b1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
4973b3a7b6be596d07c57c94cddb342b

SHA1
4b4d47416e2cd87104b864aeaea720958bd59c80

SHA256
df83da786e92ef189a594f9f62fe7244e0c54adaf19e5ae92215a234f806d5d0

SHA512
a93d1e1e9d4cf3a4d10810eb34e4ad442b4ee30387094400e35ba565bcdbb35d13c3a3a3294471c69bc969a732dee76d02ce394428074078805d7898a06e3b13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\72e030cb-133c-445c-934a-e0ea39e3693c
Filesize
11KB

MD5
8720335ab55a0075b688319b37857ce1

SHA1
ec126bbc1ec0c8b013c237fc50356b09c92d6266

SHA256
e2ad5471d4a293a9eca3fd9e4e60d39549ed9b0fee67c52ffa3dccc27a6610d3

SHA512
755595b3f9ba920088956e220cf86d8a99cf00519ea877c567451d608cdb5d2cae4f52ca76576b7cd8641714656bef5b46dacbf7e676ff5845c4f334bbd24a73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\e42b86a6-462c-4fb5-b353-375d1f485596
Filesize
746B

MD5
7e4bffdc3a0e5abc5081b7f5c33b2376

SHA1
67c5013bde30c6d14c122053ee7687547154f0d9

SHA256
2277599e7ab17c5dd8fb271f5ea2972a3f5d92fd23ae717a49b941935fbb3ebd

SHA512
38e4e40a9d10872d4a00b8f7a2a3b19f5d6ab5f4cdaea974c47cd1c101760ebee706bbea59df9cd13f643b16138b2db2a9a63602783f13e484a9ce9d56dfe57a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
Filesize
6KB

MD5
b9508ef4847954120a89532049e894a8

SHA1
aa63205ea6dc81c80b303762b4edf47455ca8ffc

SHA256
95eb1875b9fef146638a503886d97d2aad125f041f53b8785cb70305299947c6

SHA512
704dbad76e17bbea39183c335585ec8781a84420877f30c3bb85a2e2caa5ffaf272b91abb254124e003e2b9ed4ef23cfc3522ae1f1dd8b18233974b0923782b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
Filesize
6KB

MD5
3274640f5a42e9c59cf8db16531f90c0

SHA1
3f700b537087b689b8cb8aa196874d67ff743890

SHA256
3dc54e64422d0dbfa752984ccbd5c02d35884ce471ba0d5f27bd7e0a5b2b6a2a

SHA512
8606657582fb6064c8a9d0ac2df5d6885764e1092355d1cec8ab79b845bdf9826a07bf8d9a739274adccbd6328ebd088203c3d042281fff46afcd155492068a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
4fe272899a7936da62357d85e17119f8

SHA1
cd2cffe35d818d6c59881879ac0f86c78e625d71

SHA256
8dd67f4fc457f240312aca27ac45cc9f029ec245444e4bfe50254fa434ea211c

SHA512
95cd39734d2b8692f57900a2cb303e9eed64f7667f5d4991125b3cae6da54273b49c848952caf3b3f33dcea7bbc5c1401f07a276621c17eb288b60612728e802

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
96062cd9e89a3b7b67484efeaed020b6

SHA1
82e8603a5064a6b14d0868f52a28ef619e79a850

SHA256
e5125b8d5ec169c63adc784b55b12331acad35cb1d7d1f2dc71a99ba6b28dc6e

SHA512
d4f182a356b304b7a61fd9c14953fc5f2cb42a6d2705ccf199dcbccd253119463c5bd4e9c2646db3e199dfca90d2e4263f1d1d74b0513af79d6abdbf15dd0e55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
570655fef4016ccf9e1e6cb0d2db1c2c

SHA1
34b5fbb31f6b4ed70d980b616bc07c4c5f5cc70c

SHA256
f1f7ef974a06ae6b4159d92baa097a2bdda3bba8131c17d79ecda239bfe2c481

SHA512
07be4aed7eb989ef70da3246ac4633cbc8279f50f7aad0fa7ebfdc168468e3faf368a8d83324181b757e536c9163f623830b8b1785a9fdb7f9a915573a60329d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4
Filesize
2KB

MD5
798924c0cf674ec228fefbd56240094d

SHA1
c9a6803503467f7fa4e535d0bf394503570b14d0

SHA256
7c508e714f4f024ca186061a3cf72bf150398091b67e46d04d77c6cc0965fb4c

SHA512
e81d300e8998a3dcee94043e36693f8d55067179fc76b6d41e4258d8c6156b2428c38f66e886d61a891e9582e2eb05322957d73f68259830e6b7c905c4d2cdaf

Download Submit