Analysis

  • max time kernel
    77s
  • max time network
    79s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/06/2024, 15:13

General

  • Target

    1.0

  • Size

    162KB

  • MD5

    17c7f6309a05c6994869f8ddb492452f

  • SHA1

    1b8e66fdcb7c96a821159f12b204105043caa6dc

  • SHA256

    fed1699376bcebe3f119f0fcf15f7a7b73c0df51b8006ce8e44e3e1670876693

  • SHA512

    728db1edf220fd698543e20cf1f423314c9777eab0eca0a8297a9b03afd7b9ef31e2683ec5276fb50b718185b4cadcab5589c26f84ad779adeff0acaac1d1e27

  • SSDEEP

    3072:NXLygHEMAqbiwxZwbT83alfPfkgo92WaicBENZp0sZioS7tZ9HWPQ3EqG2n9dH5d:psoIG2n9dH5M2vkm0aWyRv3pId9RW9tR

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\1.0
    1⤵
    • Modifies registry class
    PID:204
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2716
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3616
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4916
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.0.587944708\1004666016" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50b52cf5-3256-43a8-937e-85cdff303ab4} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 1808 195fdef2458 gpu
        3⤵
          PID:1380
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.1.1958987979\172712327" -parentBuildID 20221007134813 -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eb55291-9551-4350-b00a-a33d8b1ba0e1} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2164 195fddfcb58 socket
          3⤵
          • Checks processor information in registry
          PID:428
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.2.1654312061\97086474" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2976 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ff3c607-56c5-4007-b165-cdcad5cf0729} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2680 195fde5d858 tab
          3⤵
            PID:2232
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.3.741570910\1861082903" -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 3240 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7ef529e-ede5-436a-a18e-bfb349d6ce7b} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3556 19582982258 tab
            3⤵
              PID:1896
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.4.1999303363\1906745770" -childID 3 -isForBrowser -prefsHandle 4316 -prefMapHandle 4312 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {785145db-8abb-4c15-b41e-d5bce80f3ebe} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4328 195834e0958 tab
              3⤵
                PID:4524
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.5.155164755\572750658" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4792 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08233834-ef9f-4796-b190-1a7ef81a8868} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4848 19580ae5358 tab
                3⤵
                  PID:4652
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.6.799840737\1531666014" -childID 5 -isForBrowser -prefsHandle 4932 -prefMapHandle 4936 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b45d4425-5502-4cac-b23e-f1e0c31bcc75} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4924 19584d25c58 tab
                  3⤵
                    PID:1996
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.7.1432294318\336165817" -childID 6 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24307bf1-e43a-41a1-bd3b-4b35eb64d222} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5104 19584d23b58 tab
                    3⤵
                      PID:1248
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                      3⤵
                        PID:2800
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe"
                          4⤵
                          • Checks processor information in registry
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          • Suspicious use of SetWindowsHookEx
                          PID:5016
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.0.805576762\526796480" -parentBuildID 20221007134813 -prefsHandle 1628 -prefMapHandle 1604 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa9bac8e-1092-40cc-8800-31c4839d7310} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 1708 2257ebefe58 gpu
                            5⤵
                              PID:2600
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.1.858200167\1362969539" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16f352f8-118a-447b-8869-59cee2efdd90} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 1900 2257f068858 socket
                              5⤵
                                PID:1552
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.2.934729358\2123729603" -childID 1 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 23735 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e385176a-39c2-4648-a7aa-26971901e4c9} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 3532 22506d2b658 tab
                                5⤵
                                  PID:952
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.3.809756883\1865663669" -childID 2 -isForBrowser -prefsHandle 3336 -prefMapHandle 3884 -prefsLen 23842 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e515daf0-c12a-4f50-9246-8758d2be197c} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 3764 225071ea058 tab
                                  5⤵
                                    PID:2800
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.4.2101786080\977300479" -childID 3 -isForBrowser -prefsHandle 3120 -prefMapHandle 3088 -prefsLen 24924 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f61b7b23-c6a3-4896-b869-bc5c6d6c5b36} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 3156 2250789ca58 tab
                                    5⤵
                                      PID:1480
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.5.1373290001\340404767" -parentBuildID 20221007134813 -prefsHandle 3228 -prefMapHandle 3832 -prefsLen 25857 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {250f5877-2313-4067-b379-1b2d717d13c1} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 3852 22508616f58 rdd
                                      5⤵
                                        PID:796
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.6.1824624834\733463986" -childID 4 -isForBrowser -prefsHandle 3580 -prefMapHandle 3708 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e50f4a-7c75-40b9-ad61-24f9ef55606b} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 2912 2250a6bab58 tab
                                        5⤵
                                          PID:3680
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.7.516811221\1743000137" -childID 5 -isForBrowser -prefsHandle 4560 -prefMapHandle 4564 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16e5fd7-a8bd-47af-ac87-5f7cd9c42626} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 4572 22577562258 tab
                                          5⤵
                                            PID:2148
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.8.899384592\1933372863" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed85b3e8-df0e-41c7-a342-cb9735beb512} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 5140 2257756d058 tab
                                            5⤵
                                              PID:3484
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.9.1446119504\924732987" -childID 7 -isForBrowser -prefsHandle 5368 -prefMapHandle 5376 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be19e1cb-6d3a-49fd-b169-489d6176fbc9} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 5360 2250c474e58 tab
                                              5⤵
                                                PID:3336
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.10.1829620184\1630566488" -childID 8 -isForBrowser -prefsHandle 5824 -prefMapHandle 5820 -prefsLen 32266 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2c81f1c-c051-47ce-a7a0-05f5ec8c3e1f} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 5832 2250a5f7558 tab
                                                5⤵
                                                  PID:3928
                                        • C:\Windows\System32\rundll32.exe
                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                          1⤵
                                            PID:208

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

                                            Filesize

                                            102B

                                            MD5

                                            7d1d7e1db5d8d862de24415d9ec9aca4

                                            SHA1

                                            f4cdc5511c299005e775dc602e611b9c67a97c78

                                            SHA256

                                            ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

                                            SHA512

                                            1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                                            Filesize

                                            9KB

                                            MD5

                                            627b3c0f676952dd656ed1f9ac491ba9

                                            SHA1

                                            e2d7294f6d9fba1fb9d63251076d522ef356af83

                                            SHA256

                                            fe954bf810b94694173863794856cec02062a11cf0784ba7955e8046e8a40263

                                            SHA512

                                            b3774ed7216d3cb41306dfc9d3e4eec8041e4b3f30e733d7ba9e768cfdd306d773abcea5af1f301784876cbcf47fc3d77e7cfb77908d96875f3138a4b8c59164

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                                            Filesize

                                            11KB

                                            MD5

                                            b2aad06d9870227cf6a34bd8edf038b5

                                            SHA1

                                            b0efdf043321e6923900f877bf68a903f83735cf

                                            SHA256

                                            3447882655e4cdfecf993d3acb20bd51fbdd4b3a201453d4b4da7b3d58c06c8c

                                            SHA512

                                            8eb5c1c48520bde338a8101b7e84d56cdc290a10f51d353ad5d0798a4d28406b6db1fb31c8be6f0aefde939d2b0b2251716cab54965fb47661253753cc3d50c2

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

                                            Filesize

                                            13KB

                                            MD5

                                            24bb981bf542fd248c9afe8f0c646b86

                                            SHA1

                                            d9381121b72770505583cd1e2709828925127652

                                            SHA256

                                            3d5a8cd2545649faede7ec4aeea236392653ecbf68cbec29e5c0888e8e55d1fb

                                            SHA512

                                            a1eaf53018c0ee91f552238c05a0bd34db826c8cdd2b59f0dac4eeac127604af5c83fbbdd4a7b5a7e085a912f897b5607c7d986ca8731a30164dbb7159169369

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\startupCache\scriptCache-child.bin

                                            Filesize

                                            464KB

                                            MD5

                                            b1c0b3951a7abee30fb0ab72941beba3

                                            SHA1

                                            3d996cedee1d6eb87d144f8e220d41740978247e

                                            SHA256

                                            41edcec5320de0978c90cc2563ad07fd3e1e39b00be164ec27a299885b71299f

                                            SHA512

                                            dc2f9b4b5e4a81d9537d47372763b7570e8dee1b25e80131548ad816c8823424e9e2e298975932ea2d36e680922312cab5e65ee6c5715ba078a4c28d11b8829f

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\startupCache\scriptCache.bin

                                            Filesize

                                            7.7MB

                                            MD5

                                            f54a11cecb7c0f43285e3233b0cdb97d

                                            SHA1

                                            6339698a4ea256797155eb39f8f5a2eaee40b4bf

                                            SHA256

                                            a3b439d0d50b2d1347da035d3abdf39cbab64fc8d51be21a714ef4a03909ffd9

                                            SHA512

                                            a6798d6b4558bc5badbbbaeef763853a01347b8804ad5d6db4a941a2e363be245098f5284a3c47a599f5bd84043c1abcae5ac2b2939130d4cb37a0d06eb0dcf6

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\startupCache\urlCache.bin

                                            Filesize

                                            2KB

                                            MD5

                                            5a3e1cca06569a3abad215db82b0b76c

                                            SHA1

                                            18ecdf820ea13771e7b56bdb6ef306f0c0c13334

                                            SHA256

                                            503d2ae1b9e57f6b33593b6013152cc3a6b60b7697366416192d205673bf481f

                                            SHA512

                                            fd2b7fc449db397f5a8c23484a369a5ab7ebded5f2e21a594fe7a5faa314f185453c31650fd6bba83a66c4405a50f49748c1e79bde3a0bc69bceb6d069d2a8e7

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\activity-stream.discovery_stream.json.tmp

                                            Filesize

                                            26KB

                                            MD5

                                            6077c16a0b030dd4c9f161f4f69b6c93

                                            SHA1

                                            221d23050963f697b0e3722ef6eaa91b96289d13

                                            SHA256

                                            b528e3cb0591ba61f285aacedf170f489b8b5c467c5545eff522ce186b995815

                                            SHA512

                                            846247db553f2f30e0afc97e47c93f441ec4f81e497dea9fdf924e8fdf2a655b204c1617a5e39ccc979ba5cf6de49b88bd7457c3ae0acd904907a8409dfcd24d

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\cache2\entries\D4D34D19E2639F2E09A6AEED2F398A705DF5A427

                                            Filesize

                                            60KB

                                            MD5

                                            f7bc51dcb64ca166d70f1e3ee3442bf0

                                            SHA1

                                            d2c3ac68c1dbb6683bba7ce5afc7a50b729663d6

                                            SHA256

                                            c1ad495b23a42c91cc5058baed3ddfa1f7274f0dc7a76ca17fd459bbfd00422f

                                            SHA512

                                            40eb1362697931febb19815e7f75b17019e3a12f179af6cc5ac23d4b4795a20425aafee8c512c2c070795786811047a5a023b8f888b5036c2e8b57f7f2cf6b9e

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\AlternateServices.txt

                                            Filesize

                                            163B

                                            MD5

                                            2c3449b33d25160a7524d74bf709a57a

                                            SHA1

                                            0433e30f8dc13f7dbebd79efcfe011bdbfe030a8

                                            SHA256

                                            5c5de73a0e354fd6c2332458a761adec9bdc8846f4e0ef56aca3316326423d9b

                                            SHA512

                                            10adbfdde95f393513eea512880a9e793df15a643da076742e049d963ce6e6e2b67674fc5987751ce2ef925e8c7074ef975349b6d193fd30eb0ddd30cec9c334

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\SiteSecurityServiceState.txt

                                            Filesize

                                            324B

                                            MD5

                                            1f67a899769d659caf9f7f5fab5cf6ee

                                            SHA1

                                            3750d9e9cb643ff97d475ff141d629264b071b45

                                            SHA256

                                            f4376b852bbeb27b14030c9efce265b45db3ee13a24429ada8d55d04281818d9

                                            SHA512

                                            10621a9704526ae29242a829519af52af664941350c09c936a0f0fa5f4a9223bc51d619ef559e23b2ebd8f3c06f212cbad2e158d4d0da2634e3c92099dcf09a0

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

                                            Filesize

                                            2KB

                                            MD5

                                            cdb946afa3827f472721068767bdf62c

                                            SHA1

                                            fa205a74610ca1010c41dc4f1b44c48c384eaafc

                                            SHA256

                                            6aafd7c3d746ef0c909104ec9c19ee8b22eeb12121be6617f53ecbd8f1af0321

                                            SHA512

                                            5169d4d49d0d874464bf0c3f135dde6e60aa1ff023d8ae8dc8d1525dd57bdc93c875aed7e7fdcf87afbd3e68f0b81c059daac017976de4cd7784daf21873aaf9

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

                                            Filesize

                                            4KB

                                            MD5

                                            465aa8fe69e3d3a6e8d670f7dd942e98

                                            SHA1

                                            13254bca23eb74e08ce83e106fa5140836eab967

                                            SHA256

                                            faa4e5e14a1002627d809ebb256e6af316ac2a7b22e42693c5430b4f667b02e5

                                            SHA512

                                            2256fa713b9be50a60155f10dcaf23dec69314a50a9f3d6008dcaf94082519d5fcecf0dacd89ede15223009067b86d3c428d0a86a8de185d542a47b0021c0c76

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\717b8e43-cbe9-4a17-b6a1-617bcb242339

                                            Filesize

                                            10KB

                                            MD5

                                            db2e8e6b183c64ea9f7897c3b9f2396e

                                            SHA1

                                            24bfea1b0b374f943ce0ba23437e3fe551be56b2

                                            SHA256

                                            cf828ea3800385f0beb6aa021b7e1d1a254559c9b037158c4d05a649c1c5905d

                                            SHA512

                                            1bccb3f8a6b6ba96100e6840b05f8620649d92bfc80943ab01ae04e2200f950b65efe548ce8e4ef5346585fa7fbce6776c98bb990d0a5609eadb14fd635fb276

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\7ee315eb-3038-440b-b91f-03d81fc66850

                                            Filesize

                                            746B

                                            MD5

                                            15263f06513165b4d172bb0959b420df

                                            SHA1

                                            55e5513507495f48ba19c7cc6b73cdc0fe33f730

                                            SHA256

                                            c192e7fa3090e814b3f808417910caecc7ef6a0c8dc2583e993d63dd1797ceee

                                            SHA512

                                            be3c518b6b95144807a5ff4fd5febef4eec69924732dd41ad16f2af4f8983496adec9b6cd9dcef6106e3126ee750ce17912188d7473631503835eebca78b6589

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

                                            Filesize

                                            6KB

                                            MD5

                                            fe78be53c359b5d624331448600c53f3

                                            SHA1

                                            6a75007089e5fafd64ca1ee4f2e2425b6d640f72

                                            SHA256

                                            852d2faa75aae1f3eb0c893bc9d167a5d6a12ce67ebfb2f1c5eeddc54a08ebee

                                            SHA512

                                            45a2c6b07643cca2fadc51194771eef5fb25396ff500dfb04a44648cea364e942dfc15c44022493a755fdfa2ef42ef15e426e35be60ad8acd04800c5e8a5b72e

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

                                            Filesize

                                            6KB

                                            MD5

                                            c59a1f55646625d94b057558f89725db

                                            SHA1

                                            32f6e0bc4382751c2e17187cc391fb0ff3781a30

                                            SHA256

                                            c686f6c29fe07b9571bcec0b1193f2770dee3e6e819a2a348c3a0385d646354a

                                            SHA512

                                            d62f3b1894934ecef974da7a2370bfe5386e859a7dadf225d28719a80a1f3e8fb2eac4616ed407a2bbf526a9f7f4278da7cc5ac6c4871ce196e3327320437a77

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

                                            Filesize

                                            6KB

                                            MD5

                                            733817cb6b44c21d8e1a46d73f10c4e2

                                            SHA1

                                            5ad2eceecc4bd55559e59a77a261da5aef368c53

                                            SHA256

                                            1c9571773f8d7b14e8f000732ab24014f8cd33246206381c8e28a22fd4d06358

                                            SHA512

                                            5cb39a1d880870cc4dfc5d9281d32f81bd92636c9109edf64a359045f6209226ee6ebd09c199fc0f6a8ff317f449b2a38c12236b4e884b5af6963ebab8bd3748

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\protections.sqlite

                                            Filesize

                                            64KB

                                            MD5

                                            deeced8825e857ead7ba3784966be7be

                                            SHA1

                                            e72a09807d97d0aeb8baedd537f2489306e25490

                                            SHA256

                                            b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

                                            SHA512

                                            01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json

                                            Filesize

                                            288B

                                            MD5

                                            948a7403e323297c6bb8a5c791b42866

                                            SHA1

                                            88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

                                            SHA256

                                            2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

                                            SHA512

                                            17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

                                            Filesize

                                            1KB

                                            MD5

                                            ac93e78af23bc59bf21366fef6474c0e

                                            SHA1

                                            0822a0cd6982b772aadba50798faaeffdbeee9db

                                            SHA256

                                            f2812d986d2fb8a06119fdc2679423a983eb83cd1337eedc60d48bf46b9dba7e

                                            SHA512

                                            108a112ed47da0b532a7da359f52359353a738383130aaa2c84e910de25c0f18838e3ae45a97d872631a9ce0915c143804f3d41738a0d3e26f48e438f4af5935

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

                                            Filesize

                                            48KB

                                            MD5

                                            00e9c020253cbe0ce651b40c35dc39f3

                                            SHA1

                                            1bcd6de017c8762bc27a98eabe1a54f91bd347e3

                                            SHA256

                                            33b82ce0b88b9aa8f982dc26ad69130301bec1c8dfddb6b994c8864ffcb3617a

                                            SHA512

                                            52a502822f327a401198588b3bb0d6801b5a9df43036d836519b75f2a51698195a0bda5e0798c2b955a12871fbaeeb6af209c99ab31b8fff7fd4cd08e0c2aaad

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                            Filesize

                                            184KB

                                            MD5

                                            0ed2663971e8051b2bcb574926400fa8

                                            SHA1

                                            467756bf41c377bdb07c8be10d5391f1df1d80a7

                                            SHA256

                                            0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

                                            SHA512

                                            e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\containers.json

                                            Filesize

                                            939B

                                            MD5

                                            94a3843fad8c45c48b0e07342df3dfdc

                                            SHA1

                                            d55b650208bda884d573afebd90830a3f4d7c201

                                            SHA256

                                            854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72

                                            SHA512

                                            4d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\datareporting\glean\db\data.safe.bin

                                            Filesize

                                            2KB

                                            MD5

                                            c782fd8692d0974758473a6cddefd595

                                            SHA1

                                            07e78d13ded3572f686a7b3ddc3abf0b4630ec7c

                                            SHA256

                                            5d58825c168bd883afef138deb42c8054068f7dbb743137407a39bce5716b6e3

                                            SHA512

                                            d3877ff34f7ca99a4dfe9dedd1ae24b510798cca967f48272e5a8714b18910da0522226095462c6c459d12b4588eec3e5e40734ed3716d6d8a3e2b6dc5f0b1a2

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\datareporting\glean\pending_pings\8567fc28-d3b3-4fa7-aee5-c3373d9e2df0

                                            Filesize

                                            587B

                                            MD5

                                            b7b2b37b70586d7dc2308dd5801bb0db

                                            SHA1

                                            0813e994f050d8663d10d0982c2529539d8da5f4

                                            SHA256

                                            25db27f1e87596112ea965388af2373a01c4679d58298f26ffcaf222eb8247ef

                                            SHA512

                                            862b7b8f505fc63557fd22593b23431eedd274fcbad3e473e5509f59511c268a41cd52a0ba99cef7dafbea9070ce537250ed8354d09fa5b0f20ba6415e56090d

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\datareporting\glean\pending_pings\dc4fa8e0-7ead-440b-ad4c-8a6a3bdadb20

                                            Filesize

                                            656B

                                            MD5

                                            e5e3cf8b38326b4c56bf42a560e0866d

                                            SHA1

                                            b830be787641dd2520c202e4728e4ed2adb05f40

                                            SHA256

                                            da28606b84fb09cf8100f2beeb6f93f92a8e69208eb8e644914c6af4eab52e77

                                            SHA512

                                            31d38eef7d1e176fc0e7bd063cd82b08fb7da27f3d182f73f47007ed23a75a788a5a5bbaca91e734d5365b3e1f5f5582e28a3797e6edf9945bab5757395a5f02

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\extensions.json.tmp

                                            Filesize

                                            42KB

                                            MD5

                                            6fea7b8a7c492b70ef56f022c53a41ba

                                            SHA1

                                            07a5f681ad3bf607534369a8c1c302d44f560ff6

                                            SHA256

                                            1a86810ccb4613ae4af90705d6ed0bbeab2d0ae64a35d605448b43bf94eefae9

                                            SHA512

                                            fee8a77439a3cf8dda9d4d6478efbc1da2538db2b0e2ab9127e5d9bcd3cbeb84e91c26f4b9bfb54fb68465f20078f223b2a1ae6c76778fb19487d77c0c0d4f7a

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\handlers.json

                                            Filesize

                                            410B

                                            MD5

                                            e7a65c5ead519a7b802f991353c26d3d

                                            SHA1

                                            34cc3c1cf9bd4912dba5fa422010934e46419fa3

                                            SHA256

                                            0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2

                                            SHA512

                                            2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\prefs-1.js

                                            Filesize

                                            6KB

                                            MD5

                                            78434acc2982a3ab6608b79260e5f7cf

                                            SHA1

                                            b5601dd95165aff858ce3a151b899b76f33b2579

                                            SHA256

                                            546240534bf37a32fcc6ba50ed6f83e8d4d88ff5447a1467e29beb00b3a58c05

                                            SHA512

                                            f6eb40c9e8b2ec4ee1d50187419acb2a97027a284953bdb9203a645bed2122a0144138fd32a5af2132e2d43b7b2a067cb1be527e2ecc9a798ec145315db17dcc

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\prefs-1.js

                                            Filesize

                                            6KB

                                            MD5

                                            02958029629763b2fe4b715071be5e6e

                                            SHA1

                                            db42ecf9c6101462ede0aebfb3fff337b49f5540

                                            SHA256

                                            5870d09437df5d5d61c9045775591d6c96ed2529160e02b12890978e92b3f524

                                            SHA512

                                            68b15dd6aac16d9060735e24386ff52cadb6beab005755a9a96b6ada2d1726d89bafef59097d62448c16940ce3a5a9ac3c656a9d876ba448f8bb97d6e6fb6152

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\prefs.js

                                            Filesize

                                            4KB

                                            MD5

                                            576156d4106a738d59000f6d5d72762d

                                            SHA1

                                            ec11949f04357802e1d1a1ead5d43a4a38216e17

                                            SHA256

                                            14e1506971cf32c68f33a5806f62e611bea8ea011453d608ae0d0ad85719f39a

                                            SHA512

                                            6b1ce7fb5234b4ee9673d5a6a3b6f9c1f05dadea46e693a31260677ca4f2c5ed71f5ed8dab78e2774d247d8fc978312d70ecb949ccd97ff021c4671986261399

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\prefs.js

                                            Filesize

                                            579B

                                            MD5

                                            4975ad0a555ed22e5ad5aaaaf8100e86

                                            SHA1

                                            63ca75b845088fb227cc48f77ef940b3aafa479b

                                            SHA256

                                            191c36b735e89340fed0439669b8e6ddaaf1b531a08dd1d02245a5c648411c33

                                            SHA512

                                            4b529efb5a6f31b8830ee618e8858d94a1d5ed0e1452c49c578685ba7a3ff224752bb728196900a60cf10f0ed63a553a435fa597d22632af2136b1ba281c20a0

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\search.json.mozlz4

                                            Filesize

                                            280B

                                            MD5

                                            41d220d4783f67d2b57beec20c135229

                                            SHA1

                                            6e97765e77920b6010fac2cb4abf1e3cea106541

                                            SHA256

                                            5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc

                                            SHA512

                                            dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionCheckpoints.json.tmp

                                            Filesize

                                            90B

                                            MD5

                                            c4ab2ee59ca41b6d6a6ea911f35bdc00

                                            SHA1

                                            5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                            SHA256

                                            00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                            SHA512

                                            71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionCheckpoints.json.tmp

                                            Filesize

                                            53B

                                            MD5

                                            ea8b62857dfdbd3d0be7d7e4a954ec9a

                                            SHA1

                                            b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

                                            SHA256

                                            792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

                                            SHA512

                                            076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionstore-backups\recovery.jsonlz4

                                            Filesize

                                            3KB

                                            MD5

                                            de2dbeea7a01f9d7cef58c2ae73255bc

                                            SHA1

                                            e1e3a826e08f5bc260622f1e2e540fbb500b625e

                                            SHA256

                                            acf727e7f89830c085e0de310f9c658729be7697c9a2e044e5cde099b1b7798e

                                            SHA512

                                            28accb36e990174512afd0e7d80b6a4b23d8e6a6177445458947f1cb78fb8691a32b496e84c49e09b63f1ebf951add30433ac9f0a516ef06d7609c4e01d52de0

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionstore-backups\recovery.jsonlz4

                                            Filesize

                                            4KB

                                            MD5

                                            8c3c19017203b9c8260800365c36b67f

                                            SHA1

                                            a7e98999b683f41f3f35adae2d7c9ad062b059d4

                                            SHA256

                                            0eed3650a8395433a04e9f55732c85c334b96dab7a6f7babc6763e69b062df2f

                                            SHA512

                                            0adba33d4bb13305e39ac8f29aec5d082d835ad8282833a69aad0e7da160364ae736887c7284b055676cc1882e404bf1d79ec0edc4418cf9418c162d378e5a0e

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionstore-backups\recovery.jsonlz4

                                            Filesize

                                            4KB

                                            MD5

                                            3a0929553f93ead334f9160fae56367b

                                            SHA1

                                            f6f47530b9fe2489c2ce78f6e6b12b97221e4d4e

                                            SHA256

                                            5083320a4f63734a45d8a1477a0323a79c60ee90bbf1a0c6ee8f785aa8c5a370

                                            SHA512

                                            27c789b250abf55ff848ad9eefc4d612310013fa0f54b780158dd52b29eb5114d77bbae96e22a50480bd38b07d21a1b36832ac6035216a5dde2efe77509d21b5

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionstore.jsonlz4

                                            Filesize

                                            266B

                                            MD5

                                            4fdb7f9a51ba177262d07d38c0238915

                                            SHA1

                                            f12c5a74467bf624164ac77ab7af517ce46ace8d

                                            SHA256

                                            a641f5701e0ccb2fc22a9f4323c96d899db4397fc08c63fc5de852d9aadca9d7

                                            SHA512

                                            fd0e72672b280e9f362cd8ba4a81c795fd741163020cd2c62a104c3f8e006883ac592951db85f364f3fece2d9af386f635b93ced301e12b4418e1e0a7fdd9c09

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\shield-preference-experiments.json

                                            Filesize

                                            18B

                                            MD5

                                            285cdefb3f582c224291f7a2530f3c4e

                                            SHA1

                                            f816c3e87aa007b6e6d31eb6a4618695a7d83439

                                            SHA256

                                            704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05

                                            SHA512

                                            8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58

                                          • C:\Users\Admin\Desktop\Old Firefox Data\c5nsco79.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

                                            Filesize

                                            48KB

                                            MD5

                                            04c288a1562d51d0bde6692d1a5a6982

                                            SHA1

                                            96cfa3f4b5f19d53145bf761d25c70c5db59b424

                                            SHA256

                                            9748504d46f56cda1857f8a159551c1d33e386b46b273b93aa210c65402be776

                                            SHA512

                                            2cb8bc9d58a6f0f4231c16b735b5ac834f4a66c25164945ea69c50e189bc0205c5354d9869cfe214d5b8a5defdc995851c527b0135938f4e480f6f9f426782b2

                                          • C:\Users\Admin\Desktop\Old Firefox Data\c5nsco79.default-release\targeting.snapshot.json

                                            Filesize

                                            3KB

                                            MD5

                                            83044eccfff6dcef080f66e49072ad59

                                            SHA1

                                            30af0d7971f55071f85c92f31e3608e065497887

                                            SHA256

                                            f7fca2f51f59acd6244398fde078efec9999545d9cf8897282d82e1e7f701e07

                                            SHA512

                                            97cfc9c162921b8adedafde02f8ee853c1670cea335fcd78433701e51bd4ddf55cdc2b6930c745c6d2f8d96be76feed9608a9792ef43f9c1dbe3de3d3e370d2f

                                          • C:\Users\Admin\Desktop\Old Firefox Data\c5nsco79.default-release\xulstore.json

                                            Filesize

                                            120B

                                            MD5

                                            05e1ddb4298be4c948c3ae839859c3e9

                                            SHA1

                                            ea9195602eeed8d06644026809e07b3ad29335e5

                                            SHA256

                                            1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

                                            SHA512

                                            3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e