Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05-05-2024 01:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.tekdefense.com/downloads/malware-samples
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
http://www.tekdefense.com/downloads/malware-samples
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral3
Sample
http://www.tekdefense.com/downloads/malware-samples
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral4
Sample
http://www.tekdefense.com/downloads/malware-samples
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral5
Sample
http://www.tekdefense.com/downloads/malware-samples
Resource
debian9-mipsel-20240226-en
General
-
Target
http://www.tekdefense.com/downloads/malware-samples
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks processor information in registry 2 TTPs 13 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 1756 firefox.exe Token: SeDebugPrivilege 1756 firefox.exe Token: SeDebugPrivilege 5480 firefox.exe Token: SeDebugPrivilege 5480 firefox.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 1756 firefox.exe 1756 firefox.exe 1756 firefox.exe 1756 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe -
Suspicious use of SendNotifyMessage 6 IoCs
pid Process 1756 firefox.exe 1756 firefox.exe 1756 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe -
Suspicious use of SetWindowsHookEx 11 IoCs
pid Process 1756 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe 5480 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 4492 wrote to memory of 1756 4492 firefox.exe 109 PID 1756 wrote to memory of 2852 1756 firefox.exe 111 PID 1756 wrote to memory of 2852 1756 firefox.exe 111 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 4396 1756 firefox.exe 112 PID 1756 wrote to memory of 2520 1756 firefox.exe 113 PID 1756 wrote to memory of 2520 1756 firefox.exe 113 PID 1756 wrote to memory of 2520 1756 firefox.exe 113 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.tekdefense.com/downloads/malware-samples1⤵PID:4412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5792 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:11⤵PID:1756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4956 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:11⤵PID:4504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3280 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:81⤵PID:2828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5288 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:11⤵PID:4748
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\2a74b442d4f447e691bb409ff6d855e8 /t 2668 /p 15961⤵PID:3520
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4492 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.0.514259291\592613142" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76fb51eb-ce58-448b-ae5a-e38bca4bb807} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 1948 185480ddb58 gpu3⤵PID:2852
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.1.1594918747\1653959676" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a7c8d74-51a4-4598-a74d-56be5879968f} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 2356 18547a3f558 socket3⤵
- Checks processor information in registry
PID:4396
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.2.405209962\572334673" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2952 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a49cb864-b08b-481f-b9d7-ee6dce5680c5} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 3052 1854bfa2858 tab3⤵PID:2520
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.3.2061278023\1986619140" -childID 2 -isForBrowser -prefsHandle 1124 -prefMapHandle 3512 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2a7f334-57ad-4344-9808-b28c210fe967} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 3616 1853b55b258 tab3⤵PID:2040
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.4.60979104\1727185916" -childID 3 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c2106c9-8a4c-4de2-9598-2fef13cc6088} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 3992 1854d174158 tab3⤵PID:4300
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.5.1039264893\2106576076" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5056 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7b89667-1993-4035-9289-76717d7e0d2b} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 5016 1854c5b2458 tab3⤵PID:2572
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.6.1016422503\1554332030" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d9ec16e-9479-49ac-b19b-c8e4c7231007} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 5160 1854e520e58 tab3⤵PID:1952
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.7.1880656417\1792048421" -childID 6 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dabf5281-e57e-47f3-b089-8c3c2d9cdbf7} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 5348 1854e759858 tab3⤵PID:3608
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"3⤵PID:5464
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"4⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5480 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.0.770775106\1827621845" -parentBuildID 20221007134813 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1e901af-8568-4563-ac05-a55210d5f9a3} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 1852 24c2ccefc58 gpu5⤵PID:5612
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.1.1488685197\1959703269" -parentBuildID 20221007134813 -prefsHandle 2036 -prefMapHandle 2032 -prefsLen 17556 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {641887c6-761f-4ce6-af09-0b80f667ddac} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 2064 24c2d174e58 socket5⤵PID:5672
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.2.359152571\514828270" -childID 1 -isForBrowser -prefsHandle 3548 -prefMapHandle 3172 -prefsLen 23627 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d074f562-2438-421f-878e-b8dcf0086695} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 3576 24c31e22558 tab5⤵PID:5144
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.3.1991207879\1254640864" -childID 2 -isForBrowser -prefsHandle 3028 -prefMapHandle 2908 -prefsLen 23734 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df501031-6d48-4329-b611-13073498a995} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 3796 24c31a97c58 tab5⤵PID:4176
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.4.1707678678\395858728" -childID 3 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 24816 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0621f17-4840-48a7-8077-1454de9eb63d} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 3304 24c32896c58 tab5⤵PID:5352
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.5.2107740311\483034423" -parentBuildID 20221007134813 -prefsHandle 4440 -prefMapHandle 3304 -prefsLen 25750 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edf7776a-27a8-4e4f-b033-667cbb49d91a} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 4452 24c2cf42258 rdd5⤵PID:4248
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.6.293148974\1511147407" -childID 4 -isForBrowser -prefsHandle 5096 -prefMapHandle 5232 -prefsLen 31796 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d95dff4d-b9ff-420d-b523-2ddedb00aa9f} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 4924 24c2cf7b558 tab5⤵PID:208
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.7.553512234\474618350" -childID 5 -isForBrowser -prefsHandle 4884 -prefMapHandle 5304 -prefsLen 31796 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d89a7e26-2a3a-4d43-a54d-442b07202f41} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 5208 24c34143558 tab5⤵PID:2312
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.8.624215838\2005427723" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5096 -prefsLen 31968 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3010fa8d-1338-4938-af8a-99d9ee69d794} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 4664 24c34c94758 tab5⤵PID:4320
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.9.982041357\1844970501" -childID 7 -isForBrowser -prefsHandle 5720 -prefMapHandle 5716 -prefsLen 32089 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4c7acd8-931c-4317-80d4-f0a96e849b45} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 5728 24c344c2c58 tab5⤵PID:5416
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.10.1798098432\874688615" -childID 8 -isForBrowser -prefsHandle 6188 -prefMapHandle 6212 -prefsLen 32185 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {303e608c-c74d-470e-aeb8-3c1786630559} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 3692 24c34360358 tab5⤵PID:3676
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.11.32923560\591055210" -childID 9 -isForBrowser -prefsHandle 5252 -prefMapHandle 4940 -prefsLen 32360 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88b25c71-7c31-443c-b385-1155412cccd8} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 4828 24c32b55e58 tab5⤵PID:1824
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
Filesize102B
MD57d1d7e1db5d8d862de24415d9ec9aca4
SHA1f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA5121688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize9KB
MD512a8f38b8a22868d6fc794c34b07a303
SHA198fde6964d9badc7b03560fe29b22b780a4d0a32
SHA2561f9aa58830de6b780ce3edd060db67120a21e3bccf6fa71e25d05e00ae3e9117
SHA512d237f37e28124b2167d9a2786e4444638e488de6b5fa2e81dd2087f73ed0947c3f422965424cb878a34a00d8b1afb362ff254558362a68af0ec0758e2d417357
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize11KB
MD53ef5741e20a967de685413e3c744127b
SHA151840020e389dd2d340c8e62a22d76a658d76418
SHA256c00333604ae89914082bdf4abf8db642d3b1e5d2691e4004d536998b4ea5c890
SHA51238aebce9649ffbc3f6beb9c72ff854ddbe59164c47c8c4661818323bc84cd4fe0cf25e391184ffe8a039bde6282fa5a5e6cf4960abf422f462423da42c97a6f8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C
Filesize13KB
MD5a45491902d94772edac3a65634ba9991
SHA1b5c25c3915bf173dda01e13ad39a811800d6610a
SHA2564a3bf5d3864d691195b6e0b44861ef524b892c97e88f83e5353de81a4db03e05
SHA512fa870c48d3c7080bd8e234bf46f9896ed073f4c2f01d2a93fbd83dac650214ac6f5aae21dbb357a36911a86c9c367a3c0be874c27fee5054a7d9d85941b55cc5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\startupCache\scriptCache.bin
Filesize7.7MB
MD528a1c3782e464f5473c4917efd5961cf
SHA1c2c4452bcbf3390792c232e156be98408de6a282
SHA256e6fc321091f18293e90e6c2d3f342b3a8f6288eb1451e52f6be153235041fc5d
SHA5127b6ba8dbb45ae6c94275a40553985016b44bd90536314f342b590b86713ddeeb63764c5e65cdb69dadbdb459723a24ad41966ff393b563569726c6f56bc14ee4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\startupCache\urlCache.bin
Filesize2KB
MD552108c87dcecdfc3307911e304c903e3
SHA1909d29792263fccbc01a85624ec9b736ba9fc906
SHA2567f80308eabbfe640e1baf5e4ba66f62a9b334dd5882229bad818720c8d42dbeb
SHA5125c553b6c9b3955d46491f3961078e04717ec3ca7a855e20feace77cf5c3343fbdb2bc6e126b2a297573ef2054689d405b16b999b2035498e1d8ef745119a9790
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\activity-stream.discovery_stream.json.tmp
Filesize26KB
MD5999f35fbfc9f2e9a98060ad757d31fd2
SHA1c31465290697c768d6acc507eca52c2c25540dba
SHA25603e396529a8e797e7266084516633c8a0f66a644c5a962b0432d03a2b71715f8
SHA51295e73fd2bc25377294f066cc6eae216a60d8b41934f65e9b21750abdefc4a47bdbec94526e5f32b73a77b720589a1da4e3d57f6427b0d3dc21c8f70edcb3e978
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\AlternateServices.txt
Filesize163B
MD590a968b4fd7439fa9f3127b581ef4370
SHA1adab289b578d3d0636bcba119f88e53e982dda17
SHA2565033e3a681f321ce9cc11e3e7791f4c4cfda8cb98083788ec877e758d4f5dad5
SHA512c74b2de0451aa3e4e312db33f1e727373622f4d08a879f46a8b9a7606d7c49d108f7bca3cf410ff272bfb9035abe2c48c22bba3b510d23c730f7db19855d0c0e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\SiteSecurityServiceState.txt
Filesize324B
MD5b07b69deefc2812412cd6d2f163bf983
SHA1a6a00a05ede949a5e186b8b39530452d4c309398
SHA256cf09c3e993467a48efd24329c04806634d9831aa89eee3267774e30d45b19223
SHA512f88e615bcf9c6ea9b8bf73484a1e6ce16ef1fc61a7b9d6b66e4d9f4f8eb4b81c8e67e3e4e09b54f5dd081b2ea158bfd98a5818e1526c34a6a16c62723b4acc46
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD523ba48a780074d9a237d88114111c128
SHA18e68eaa956c4ee6173168efacb2eae7d1f4c83e2
SHA256eb84e88f826bba6e0d420a043be673e7b0df0716bc44367af854e25819e8b427
SHA5121add793342dc145db0e5f59644d0e22426fc8bc1467f9c0d5774445acc536f2c0d35a29d55c00978d6d686b5d0b66354643789b7735a73ee23a430f01bb7ad09
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
Filesize9KB
MD56cace76cfe3b5c40ba5882306d373251
SHA1d1e3d1f3e7452e6a5c3063b94c335bc909341191
SHA2566a4f1e0a5dda7a7735e4e36e8c98bb49b7760bee7c8a78087e408f8a7fbf9e4d
SHA512bd4bff19456ca90f7f3f646e379f8b8a2d4908baac60535902ed266aacf0e431e0e3a8fdb9f02529c94e1d47e7dcc3f4f72a075756c413ec71843a123642c074
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\578ad8d6-727e-42c2-8dc7-0e211f34a29a
Filesize12KB
MD5aa8c4d75630cb3d7cc97b7db3e633616
SHA1ca207069a9a6e131cda3dc6e307c9f6f111c45e7
SHA25679fe7c14f331e12123bd40812099f47aebdcd8aa082910aa62dbdc92528a1ed4
SHA5125485a160894f28f09fa7f15ed269f9dbed18eebb624512c47e84ebbb037e906e751bfc18ac49e0caf4ced698cbeb08fa5e0b0abf0cd3cf23cfabd76831b6e91f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\b55140a7-c7aa-47d0-8ec8-741e7e8bc25b
Filesize746B
MD5f2c8557f617e73d745a7e631af9780d5
SHA195b8cdf737c5f37374c0d270ce4377ceface2cba
SHA2563cd06a8a77d211120074d84f35e7df1d44619d4fbb9705e7fdf400680cf40703
SHA512dcd49981d8b1fdd1f00467a94a64efaa1cdbadec43d686ba1cab54b877db30ed9b0d9a80d1a2d2e3c4e7f69fb7d9e3b4cf8de9b01d197d3fa5fea1da9f4d8df2
-
Filesize
6KB
MD5fc51eb4dbdfd892f2b700075e2ca3b5e
SHA110a3110e9a0ec5866b9f2dc27a3d47ff2725a4f6
SHA256b2d9728526d9bb69cd55c3f63a2e47d855520e21a0e22dff98ab3ed97eece946
SHA512f13e49f845c1dd2031d1c190276cd7ad929b5b53de871de47a389167cd2dcabe169460f3d93d0d0b0f492d3a208a24127d57471623db30ead5b6f7a21e98a759
-
Filesize
6KB
MD5ff232d5a3d6d059538d3dc5d98af3dd4
SHA14dc625e9e660088db0e7f6ff93d7be8287bab6f0
SHA256ffa40d7891697a1b63fa7daf338932b584b6b94f28f07494f06008b349f88b3a
SHA51293634215f0c8550b79d0803008614dc6ef9abdca28fcc16c8855d212f2cab0bdfb1693d362c9babed15eb3587f51ac773779e5697d59cd85e2243877631900b7
-
Filesize
6KB
MD5580ddfac0734406242f415e2b228bd36
SHA154c3d178d4c2923a65f801964bc0d393bcbb3179
SHA256e5633bc0a1c0b13bf271c4bea6b61795fc1af623b78b75a39948206bfc156ee3
SHA512b006f58336ad61eeec56a3d75c1d1b456738b88c1f469f7c121ef211920d16ac488c75ce2dd99ba8af496667a6df85a86f5b3712af91d7166bd3d5db14675eaf
-
Filesize
64KB
MD5deeced8825e857ead7ba3784966be7be
SHA1e72a09807d97d0aeb8baedd537f2489306e25490
SHA256b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54
SHA51201d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json
Filesize288B
MD5362985746d24dbb2b166089f30cd1bb7
SHA16520fc33381879a120165ede6a0f8aadf9013d3b
SHA256b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA5120e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4
Filesize1KB
MD57edb5d9e8ca9d02d86a9f10bcc8d2e7f
SHA19a7d8188a19e32c68cba42cf162ffbaf73b5e14d
SHA2561e86cd64c3891748fe97e1fedf9de380dc6b655b2adc3e1be49a9f9a326efb5e
SHA512b1ed527a654ad66d9c77d451f27677958203fd0ef68cf171f776a4877bd2acab59f80835b588152c20ab0048ce3c44a6d752503867d8ed2756effb58173e6267
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize48KB
MD5f85482e18d015dc2ec59f4fc5a255de7
SHA15c1a08b0654fa20d477427cf9bc45a495aae16f9
SHA256f6765047dc6c952a234adfd23bd2534fbefad7a83c7ed989c7de724a5b874b93
SHA5128a03989cec4d3f0533114e0ceb7b7cb76cb1ff21fa2563ef1bee4d82d0e21046db2820a528fcffb7504afa638f1f9a220e0c6bbdca320748745f183be98a12ab
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5b01efd0877d8bb4a5d754d6d5a5922cf
SHA16dfaecd4219afbb206185171c64c777e9c73ae21
SHA256ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90
SHA5126f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json
Filesize3KB
MD5d73c81d104461c3c4cd37302d5bda0de
SHA11d51c8f969b1e858da2afa7c2c3f5f8531630c6f
SHA25606cc629d9b5a1d494a77a5b52e3dcca304cd40e7468fc5c0b24fb632a15abab1
SHA5127c7683fae6ef74c1d2122bdcc0fc42a2fc45dd5283b8ae24921e2fb9307aacb0361427c85d6b354d89f6ee1dc536c13d1ddd6c56401a2e34ff7dceed265f827a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\containers.json
Filesize939B
MD594a3843fad8c45c48b0e07342df3dfdc
SHA1d55b650208bda884d573afebd90830a3f4d7c201
SHA256854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72
SHA5124d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\db\data.safe.bin
Filesize1KB
MD537299a0d2a457411aef3cfeea31d6c6f
SHA132f0ea8c9b2122e1933d28e51c9c746a2913765f
SHA256f782dcdf973686286c6c82750f57c32fbe7ddc0cee1d9d340dcd7ca7d6db3823
SHA51219c08aec26cf12ab814ebc3c05f0749969a05924bc90570684b2ace8ac6b885349c76b7e5b89f1cab1fdddd520dd66380062b56fb43edf2468bc1ad9da3b216f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\db\data.safe.bin
Filesize1KB
MD56c017e12e55af04ac3a228a2eefcab79
SHA13b7cb022e59f6c290b9f5fee0bb60144553540d6
SHA2567ad5083ca316b9ee55a5db0282e3735d3c0404660a8c3de8c1d0e48bc71539b2
SHA5125c56bf2446f5c3a78047c1c1b096241715904418743b4dc00889141bc9f923b4b570e751602d2ca7e24e932e06c9ef5e8d53b08d78b2494ce23bd290c20713b2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5d1258fca00d6ebd70b527d70e532638b
SHA120bffc39324d3c919031dca0b6cf25ce8c56fa54
SHA256de0e33bae336d472e71125a812d3dfa03fd847d8bcb3db41628c69955ca2edd1
SHA512ee52ca7b2b49cc849856e69df30184e5baf193fb3d44feb4b55fcf5e27991b588dc9dd7c7e372580b70380517d808738c903cd0e4f394189c801f202ef96edd6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\pending_pings\5b6906a0-1026-481c-a256-f781ed75ba25
Filesize656B
MD5102c42e9a9dc77b80902be412d2df10d
SHA1e3dd0ccae93f9ea7b92e1801cff93c6995dcf737
SHA25636e24b5dacbecd41dc89a725d328cc6f2990a859c4ca7d849ee403c5596dc97d
SHA51298edc3ab304f60f2b3ba7bca123106db010be6017d28006be6d8a91aab315867aa417dfe7dcb68d84711bc7209ed4497b5d9d36ef7309b5b935366a6d46ef249
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\pending_pings\fef70d1d-e631-44e0-9aa5-6eafb9b3dd7f
Filesize587B
MD50afd3e615aaccec168ff2b1fe59e865e
SHA1a6517bb87fdb5a8b48201e59da594fde1ca81121
SHA25612af651b6a651422ca356aac47eaac4708b37cbd2dfa98780539a5e0e513771b
SHA5125b2005f4f74623727f17e8e0128ad1614b7c3881d8dd1c7da7c528b35a1db5789c34554acf964f70a6dbf5ce3d9b569c2e9a9714fdc3ce4e89d30f9381a4a8c8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\downloads.json.tmp
Filesize1KB
MD5fc85d2d4d4bd22ad9dedfc9c3eaddcc6
SHA1a831be700a56c973f9319b98174f692a7eccd1dc
SHA256a809a93a603253e50aa7881a10dc49426e27d03a73d60b7c340d288621201b9f
SHA512014c0644f765a053d710713aa90dd246df7a4d547c7019d07aa66cefb8d95938dd7c8f59d0f76b552e4148fc09d81911c256fa2fdb211f1c2e3864a59d986691
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\extension-preferences.json
Filesize1KB
MD5ae847cbf837f2442924326b0e1da512a
SHA1c4b8800837aa542921d44de0f5188db78b153a69
SHA2561d48a03b907ea8c2412ab0dea238abcd1c7ba686dc1cac155ec55a598f0533f3
SHA5129f7437c3e3bdebdee427642c232ad23a83142ec1c8cd2a3288358a8afa496c4b9a4a98f29a7baa706e837eb84ffdc1a4794114aaa3b7ced3b77bb97486410673
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\extensions.json.tmp
Filesize42KB
MD5b7e35de1f99dbcb0aee11451175f4c97
SHA18b35249cd7d4512301267e75108aad1d723b4ae6
SHA2564eddaca8af2e9d62f69dc92030bb0bded2105428c5b0d6367be819ec7e1800f8
SHA512223eebd4381e8cc5060cb5572eb11e9011100c9b3cbf06770c5644174b252d9fb610e8e2e51e0cb4e6f1d0add79d61aa3982751e425c2a1ac27ca11ecf1c93c0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\handlers.json
Filesize410B
MD5e7a65c5ead519a7b802f991353c26d3d
SHA134cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA2560e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA5122a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\key4.db
Filesize288KB
MD50412d4f1fbbc8a52195c0dd0c4526eb5
SHA18e3c27b0d10adf47213956a1b53a30488017a948
SHA256e3e09a94b9254c4f8f1b0d17f07b14a4e3df56eb70f32b2ed72673c72430e190
SHA512957faf91c2fcb46f7503e1046f45707a678d0b6eb15ad045f93030a0694eea79081e37e440a2e704ec1cc6cd946d6d3b7e4e897914d133fe551d7cfe42df88a6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs-1.js
Filesize6KB
MD597147b442e690208002c1787f56a88fe
SHA10c576d0a9186d9c55cd17d848c22ac3a4be032aa
SHA256abaafb9e4a2121bde3eacf09142b8dfaae99cf363c779ab5bdc13d0335c9fe67
SHA512a58f341b0c11e29398bbb15973a09d13878f1d5bea2be79d312a09d05bd9a7057ccd06ac6984297a0302cd82c28a1db96ec1ec410c26e5d8d058261df4983abc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs-1.js
Filesize6KB
MD5c2ead25df80baada7461c2a19be91a4a
SHA1e15e72b2e64e1e487c6e1c5f2e4b368b9b9144d4
SHA256611840de9b4b8fe3e2f6f5b344cca3866728c416c0eacb18968e07949d83b4b6
SHA512d5b976ab391cacb45a145c7d5603e8ee09408b9bcc59a80c798a65594c846a689a7011a3a2797a851a313033968d16b73ef8571e1bc01a528fc23d329fd64363
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
Filesize2KB
MD5aca80c4b68521be7eeb6903445e4b7ae
SHA117548b89cf00f7014dc784c102a021bb8c7afeb3
SHA2562ebd6ae67832ac83c5aa8737a6b5002e1078d1e1504233cc38126b0f541300e8
SHA5128de503ce278dfc2dd23c86aca25f90c36c3130ec758822aeb6544887e5acabc67b23fb08a6d1830651b18ae2dad16a30413face858056c8d9b45d03a861ff767
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
Filesize721B
MD569484729dd463f54d8b4ece129acad83
SHA1ab25516841bda679279e616446e6b99a68b9399f
SHA256fb4cb9b4f3c02399ce513688b4eaa552b1f502e7342ee9b606d924c8840fb3ce
SHA5125e617d8ae3ecf11dc4087ed8dbd030207f8043f518cf5b8fcb52e2dc8a21b50c3be4636bfb9c118883bb083fa27e333394c4e16491e948e245c048987966e595
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
Filesize5KB
MD5830380754a25a0932993536eab0aa077
SHA199d45050a02eac089ae9619278728c0c3e632ea6
SHA256cb760d6e030f12be0060a2dc4ba5c30d00ce595425238fb11868b21cf69e6c37
SHA512a66cebd75d27ec9d2a12881936446eb8fb8725fd7e0838b785cd846bd8d4190c9460eca9be1a8cead5228d6c43a9ccb82fe597f66ab2706b5fdc95fcbe8b67f7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
Filesize6KB
MD54b0551a1b271c50d8be99d0f623804c3
SHA1a7eb60f0dcbf49d4cb29e931136b7ad765de4837
SHA2569b1d70c1954959c040f2de57296a09720fcad14ed9ab268c7ca774d7e7dd65e8
SHA512cd371a2896fb913e4c9f5757cd509aebbb1c61e656c29f0b6ffa0b202f25de2ed3469624690f73e91720f85e3f91ae7cb4e14a6a57adf1f9d53a93d87e62acd1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
Filesize6KB
MD565cec362f4e082e39b0ba8e55b5bea46
SHA11b67bace26859ecff92cb6c835c6a4b1c7810470
SHA256044bdd46c060765d8737f584f4b5abe85f42d42868b1a707f902553c83daf2e7
SHA51288cb855c334522115b82e250086c7336be1851fea12c3f1c7a00d1e50d90f97ff3af16ca37cb4992a66fd2813fe8fc125faebb0452e49dcddfc3e5f526dde7ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\search.json.mozlz4
Filesize280B
MD541d220d4783f67d2b57beec20c135229
SHA16e97765e77920b6010fac2cb4abf1e3cea106541
SHA2565d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc
SHA512dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionCheckpoints.json.tmp
Filesize53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionCheckpoints.json.tmp
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore-backups\recovery.jsonlz4
Filesize693B
MD5c7be421d5fe3f6e4a68a10ccffc80b42
SHA1e8e72c8e586c72066e886b4ca915ab13526d8e0e
SHA256dd50a6b84c5a3eeb1659dc5783bbe58587f71c29e0a20a2dbdddc625865f67c5
SHA5129949d3b8917865b0e322694e065cefc345098b3f7da31a156ca1a9a42b06bc11828dc8a0fadc96e41e12254936d4caace0581eef3f5e616e1b3c879e071652e1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD580ddff2878fe3e2b424a7b2053cbe0b0
SHA14ac68af4a29a668a6863e59105ee268ed808d724
SHA256fe45635a8debe8c686c38ba9bba1525755df06c588d4985b7c9133a51721fd41
SHA5123bd95ce35dc3731304b0edf6071fd720456a667f0a6a963a10c4adf85d16e48b13d3d091f67c564b56f3b9121416839b381fd13b1d7645e49dd2891288730118
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD59f914c624c6c449c75be4c5b83fe5172
SHA1618ec5f561eb508babd5de40148aa85cc8598a53
SHA2560f8ec13084c5a2e7d694ac7648b57eb35c024ee03345c948b42c43892abe5ded
SHA51289f8d9a322431194f61bb155e7e1ddf9e62c48e980b8d9ca67389ac7edb4e182867c8a77ef49417557ba4cd0f3af0bcecba8acb35f3756114e1dffd89a083163
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5af8134a6708c623d2e4806fd44ee39b2
SHA14feab440b4ceb9d8706b13ebb004ed962ccfb50d
SHA25666a5921818a3eda8192da01d8a05668491b7a807ea424b6fa99a4fb93da6f50a
SHA512efa2a055af9647807a53edad1a7339c451ec80d68d453123a30208ce6c3ef0947fde7627b95b7234b79515f60a10f582564b872e6c33f4630234d40e80fee0f8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore.jsonlz4
Filesize266B
MD54fdb7f9a51ba177262d07d38c0238915
SHA1f12c5a74467bf624164ac77ab7af517ce46ace8d
SHA256a641f5701e0ccb2fc22a9f4323c96d899db4397fc08c63fc5de852d9aadca9d7
SHA512fd0e72672b280e9f362cd8ba4a81c795fd741163020cd2c62a104c3f8e006883ac592951db85f364f3fece2d9af386f635b93ced301e12b4418e1e0a7fdd9c09
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\shield-preference-experiments.json
Filesize18B
MD5285cdefb3f582c224291f7a2530f3c4e
SHA1f816c3e87aa007b6e6d31eb6a4618695a7d83439
SHA256704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05
SHA5128f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58
-
C:\Users\Admin\Desktop\Old Firefox Data\4s2odj76.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
Filesize48KB
MD53d3516f9cf1dd5564ddd0c5f04ce6a18
SHA1a878ca228d90864aff9cd263a0638128afe3f23e
SHA2561b1553e8f19f2981f6e3992367a699427b00f23ee5c9aa6ad1710917abc9a3d4
SHA512ff60ae8a8b89929ef0079a6c34c0b70cae72cb1ccc0e3976ffab9759abc118b91a7de196f7f04d5a0ac98253370f38527115b3c9858f636ca7f0e6fb9e773207
-
Filesize
120B
MD505e1ddb4298be4c948c3ae839859c3e9
SHA1ea9195602eeed8d06644026809e07b3ad29335e5
SHA2561c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA5123177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e
-
Filesize
8.4MB
MD55807a2765d82b841715bb5bbd441f939
SHA1439c549c9f2d7a39656c06f046fa21f621ef5845
SHA256771d2b99a25415f21cb9a25287e0ae5d110708e5ed16945dcf58e9109af2b956
SHA512f5469d7e37cafc88c997344b4eb395030a45fa05c791d8c1ade7cd30aa9c452734f70a95a937a16bb5e894357473711ea9b91d6bb83b53cf401a56644c5a0728