Malware Analysis Report

2025-04-14 03:24

Sample ID 240612-sl24jstcpp
Target 1.0.0
SHA256 fed1699376bcebe3f119f0fcf15f7a7b73c0df51b8006ce8e44e3e1670876693
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

fed1699376bcebe3f119f0fcf15f7a7b73c0df51b8006ce8e44e3e1670876693

Threat Level: Likely benign

The file 1.0.0 was found to be: Likely benign.

Malicious Activity Summary


Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:13

Reported

2024-06-12 15:15

Platform

win10-20240404-en

Max time kernel

77s

Max time network

79s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\1.0

Signatures

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 4916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 1380 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 1380 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4916 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\1.0

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.0.587944708\1004666016" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50b52cf5-3256-43a8-937e-85cdff303ab4} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 1808 195fdef2458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.1.1958987979\172712327" -parentBuildID 20221007134813 -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eb55291-9551-4350-b00a-a33d8b1ba0e1} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2164 195fddfcb58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.2.1654312061\97086474" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2976 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ff3c607-56c5-4007-b165-cdcad5cf0729} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2680 195fde5d858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.3.741570910\1861082903" -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 3240 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7ef529e-ede5-436a-a18e-bfb349d6ce7b} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3556 19582982258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.4.1999303363\1906745770" -childID 3 -isForBrowser -prefsHandle 4316 -prefMapHandle 4312 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {785145db-8abb-4c15-b41e-d5bce80f3ebe} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4328 195834e0958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.5.155164755\572750658" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4792 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08233834-ef9f-4796-b190-1a7ef81a8868} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4848 19580ae5358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.6.799840737\1531666014" -childID 5 -isForBrowser -prefsHandle 4932 -prefMapHandle 4936 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b45d4425-5502-4cac-b23e-f1e0c31bcc75} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4924 19584d25c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.7.1432294318\336165817" -childID 6 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24307bf1-e43a-41a1-bd3b-4b35eb64d222} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5104 19584d23b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.0.805576762\526796480" -parentBuildID 20221007134813 -prefsHandle 1628 -prefMapHandle 1604 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa9bac8e-1092-40cc-8800-31c4839d7310} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 1708 2257ebefe58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.1.858200167\1362969539" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16f352f8-118a-447b-8869-59cee2efdd90} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 1900 2257f068858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.2.934729358\2123729603" -childID 1 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 23735 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e385176a-39c2-4648-a7aa-26971901e4c9} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 3532 22506d2b658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.3.809756883\1865663669" -childID 2 -isForBrowser -prefsHandle 3336 -prefMapHandle 3884 -prefsLen 23842 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e515daf0-c12a-4f50-9246-8758d2be197c} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 3764 225071ea058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.4.2101786080\977300479" -childID 3 -isForBrowser -prefsHandle 3120 -prefMapHandle 3088 -prefsLen 24924 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f61b7b23-c6a3-4896-b869-bc5c6d6c5b36} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 3156 2250789ca58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.5.1373290001\340404767" -parentBuildID 20221007134813 -prefsHandle 3228 -prefMapHandle 3832 -prefsLen 25857 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {250f5877-2313-4067-b379-1b2d717d13c1} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 3852 22508616f58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.6.1824624834\733463986" -childID 4 -isForBrowser -prefsHandle 3580 -prefMapHandle 3708 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e50f4a-7c75-40b9-ad61-24f9ef55606b} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 2912 2250a6bab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.7.516811221\1743000137" -childID 5 -isForBrowser -prefsHandle 4560 -prefMapHandle 4564 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16e5fd7-a8bd-47af-ac87-5f7cd9c42626} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 4572 22577562258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.8.899384592\1933372863" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed85b3e8-df0e-41c7-a342-cb9735beb512} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 5140 2257756d058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.9.1446119504\924732987" -childID 7 -isForBrowser -prefsHandle 5368 -prefMapHandle 5376 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be19e1cb-6d3a-49fd-b169-489d6176fbc9} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 5360 2250c474e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5016.10.1829620184\1630566488" -childID 8 -isForBrowser -prefsHandle 5824 -prefMapHandle 5820 -prefsLen 32266 -prefMapSize 230321 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2c81f1c-c051-47ce-a7a0-05f5ec8c3e1f} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" 5832 2250a5f7558 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
N/A 127.0.0.1:49764 tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 238.65.237.44.in-addr.arpa udp
N/A 127.0.0.1:49771 tcp
N/A 127.0.0.1:49926 tcp
N/A 127.0.0.1:49929 tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.162.46.230:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 44.237.65.238:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 230.46.162.35.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\7ee315eb-3038-440b-b91f-03d81fc66850

MD5 15263f06513165b4d172bb0959b420df
SHA1 55e5513507495f48ba19c7cc6b73cdc0fe33f730
SHA256 c192e7fa3090e814b3f808417910caecc7ef6a0c8dc2583e993d63dd1797ceee
SHA512 be3c518b6b95144807a5ff4fd5febef4eec69924732dd41ad16f2af4f8983496adec9b6cd9dcef6106e3126ee750ce17912188d7473631503835eebca78b6589

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\717b8e43-cbe9-4a17-b6a1-617bcb242339

MD5 db2e8e6b183c64ea9f7897c3b9f2396e
SHA1 24bfea1b0b374f943ce0ba23437e3fe551be56b2
SHA256 cf828ea3800385f0beb6aa021b7e1d1a254559c9b037158c4d05a649c1c5905d
SHA512 1bccb3f8a6b6ba96100e6840b05f8620649d92bfc80943ab01ae04e2200f950b65efe548ce8e4ef5346585fa7fbce6776c98bb990d0a5609eadb14fd635fb276

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

MD5 cdb946afa3827f472721068767bdf62c
SHA1 fa205a74610ca1010c41dc4f1b44c48c384eaafc
SHA256 6aafd7c3d746ef0c909104ec9c19ee8b22eeb12121be6617f53ecbd8f1af0321
SHA512 5169d4d49d0d874464bf0c3f135dde6e60aa1ff023d8ae8dc8d1525dd57bdc93c875aed7e7fdcf87afbd3e68f0b81c059daac017976de4cd7784daf21873aaf9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

MD5 fe78be53c359b5d624331448600c53f3
SHA1 6a75007089e5fafd64ca1ee4f2e2425b6d640f72
SHA256 852d2faa75aae1f3eb0c893bc9d167a5d6a12ce67ebfb2f1c5eeddc54a08ebee
SHA512 45a2c6b07643cca2fadc51194771eef5fb25396ff500dfb04a44648cea364e942dfc15c44022493a755fdfa2ef42ef15e426e35be60ad8acd04800c5e8a5b72e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0ed2663971e8051b2bcb574926400fa8
SHA1 467756bf41c377bdb07c8be10d5391f1df1d80a7
SHA256 0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c
SHA512 e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

MD5 733817cb6b44c21d8e1a46d73f10c4e2
SHA1 5ad2eceecc4bd55559e59a77a261da5aef368c53
SHA256 1c9571773f8d7b14e8f000732ab24014f8cd33246206381c8e28a22fd4d06358
SHA512 5cb39a1d880870cc4dfc5d9281d32f81bd92636c9109edf64a359045f6209226ee6ebd09c199fc0f6a8ff317f449b2a38c12236b4e884b5af6963ebab8bd3748

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

MD5 ac93e78af23bc59bf21366fef6474c0e
SHA1 0822a0cd6982b772aadba50798faaeffdbeee9db
SHA256 f2812d986d2fb8a06119fdc2679423a983eb83cd1337eedc60d48bf46b9dba7e
SHA512 108a112ed47da0b532a7da359f52359353a738383130aaa2c84e910de25c0f18838e3ae45a97d872631a9ce0915c143804f3d41738a0d3e26f48e438f4af5935

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\AlternateServices.txt

MD5 2c3449b33d25160a7524d74bf709a57a
SHA1 0433e30f8dc13f7dbebd79efcfe011bdbfe030a8
SHA256 5c5de73a0e354fd6c2332458a761adec9bdc8846f4e0ef56aca3316326423d9b
SHA512 10adbfdde95f393513eea512880a9e793df15a643da076742e049d963ce6e6e2b67674fc5987751ce2ef925e8c7074ef975349b6d193fd30eb0ddd30cec9c334

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

MD5 465aa8fe69e3d3a6e8d670f7dd942e98
SHA1 13254bca23eb74e08ce83e106fa5140836eab967
SHA256 faa4e5e14a1002627d809ebb256e6af316ac2a7b22e42693c5430b4f667b02e5
SHA512 2256fa713b9be50a60155f10dcaf23dec69314a50a9f3d6008dcaf94082519d5fcecf0dacd89ede15223009067b86d3c428d0a86a8de185d542a47b0021c0c76

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\protections.sqlite

MD5 deeced8825e857ead7ba3784966be7be
SHA1 e72a09807d97d0aeb8baedd537f2489306e25490
SHA256 b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54
SHA512 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\SiteSecurityServiceState.txt

MD5 1f67a899769d659caf9f7f5fab5cf6ee
SHA1 3750d9e9cb643ff97d475ff141d629264b071b45
SHA256 f4376b852bbeb27b14030c9efce265b45db3ee13a24429ada8d55d04281818d9
SHA512 10621a9704526ae29242a829519af52af664941350c09c936a0f0fa5f4a9223bc51d619ef559e23b2ebd8f3c06f212cbad2e158d4d0da2634e3c92099dcf09a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

MD5 c59a1f55646625d94b057558f89725db
SHA1 32f6e0bc4382751c2e17187cc391fb0ff3781a30
SHA256 c686f6c29fe07b9571bcec0b1193f2770dee3e6e819a2a348c3a0385d646354a
SHA512 d62f3b1894934ecef974da7a2370bfe5386e859a7dadf225d28719a80a1f3e8fb2eac4616ed407a2bbf526a9f7f4278da7cc5ac6c4871ce196e3327320437a77

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 b2aad06d9870227cf6a34bd8edf038b5
SHA1 b0efdf043321e6923900f877bf68a903f83735cf
SHA256 3447882655e4cdfecf993d3acb20bd51fbdd4b3a201453d4b4da7b3d58c06c8c
SHA512 8eb5c1c48520bde338a8101b7e84d56cdc290a10f51d353ad5d0798a4d28406b6db1fb31c8be6f0aefde939d2b0b2251716cab54965fb47661253753cc3d50c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

MD5 24bb981bf542fd248c9afe8f0c646b86
SHA1 d9381121b72770505583cd1e2709828925127652
SHA256 3d5a8cd2545649faede7ec4aeea236392653ecbf68cbec29e5c0888e8e55d1fb
SHA512 a1eaf53018c0ee91f552238c05a0bd34db826c8cdd2b59f0dac4eeac127604af5c83fbbdd4a7b5a7e085a912f897b5607c7d986ca8731a30164dbb7159169369

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\startupCache\scriptCache.bin

MD5 f54a11cecb7c0f43285e3233b0cdb97d
SHA1 6339698a4ea256797155eb39f8f5a2eaee40b4bf
SHA256 a3b439d0d50b2d1347da035d3abdf39cbab64fc8d51be21a714ef4a03909ffd9
SHA512 a6798d6b4558bc5badbbbaeef763853a01347b8804ad5d6db4a941a2e363be245098f5284a3c47a599f5bd84043c1abcae5ac2b2939130d4cb37a0d06eb0dcf6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\startupCache\urlCache.bin

MD5 5a3e1cca06569a3abad215db82b0b76c
SHA1 18ecdf820ea13771e7b56bdb6ef306f0c0c13334
SHA256 503d2ae1b9e57f6b33593b6013152cc3a6b60b7697366416192d205673bf481f
SHA512 fd2b7fc449db397f5a8c23484a369a5ab7ebded5f2e21a594fe7a5faa314f185453c31650fd6bba83a66c4405a50f49748c1e79bde3a0bc69bceb6d069d2a8e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\startupCache\scriptCache-child.bin

MD5 b1c0b3951a7abee30fb0ab72941beba3
SHA1 3d996cedee1d6eb87d144f8e220d41740978247e
SHA256 41edcec5320de0978c90cc2563ad07fd3e1e39b00be164ec27a299885b71299f
SHA512 dc2f9b4b5e4a81d9537d47372763b7570e8dee1b25e80131548ad816c8823424e9e2e298975932ea2d36e680922312cab5e65ee6c5715ba078a4c28d11b8829f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 627b3c0f676952dd656ed1f9ac491ba9
SHA1 e2d7294f6d9fba1fb9d63251076d522ef356af83
SHA256 fe954bf810b94694173863794856cec02062a11cf0784ba7955e8046e8a40263
SHA512 b3774ed7216d3cb41306dfc9d3e4eec8041e4b3f30e733d7ba9e768cfdd306d773abcea5af1f301784876cbcf47fc3d77e7cfb77908d96875f3138a4b8c59164

C:\Users\Admin\Desktop\Old Firefox Data\c5nsco79.default-release\xulstore.json

MD5 05e1ddb4298be4c948c3ae839859c3e9
SHA1 ea9195602eeed8d06644026809e07b3ad29335e5
SHA256 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA512 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

C:\Users\Admin\Desktop\Old Firefox Data\c5nsco79.default-release\targeting.snapshot.json

MD5 83044eccfff6dcef080f66e49072ad59
SHA1 30af0d7971f55071f85c92f31e3608e065497887
SHA256 f7fca2f51f59acd6244398fde078efec9999545d9cf8897282d82e1e7f701e07
SHA512 97cfc9c162921b8adedafde02f8ee853c1670cea335fcd78433701e51bd4ddf55cdc2b6930c745c6d2f8d96be76feed9608a9792ef43f9c1dbe3de3d3e370d2f

C:\Users\Admin\Desktop\Old Firefox Data\c5nsco79.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

MD5 04c288a1562d51d0bde6692d1a5a6982
SHA1 96cfa3f4b5f19d53145bf761d25c70c5db59b424
SHA256 9748504d46f56cda1857f8a159551c1d33e386b46b273b93aa210c65402be776
SHA512 2cb8bc9d58a6f0f4231c16b735b5ac834f4a66c25164945ea69c50e189bc0205c5354d9869cfe214d5b8a5defdc995851c527b0135938f4e480f6f9f426782b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 00e9c020253cbe0ce651b40c35dc39f3
SHA1 1bcd6de017c8762bc27a98eabe1a54f91bd347e3
SHA256 33b82ce0b88b9aa8f982dc26ad69130301bec1c8dfddb6b994c8864ffcb3617a
SHA512 52a502822f327a401198588b3bb0d6801b5a9df43036d836519b75f2a51698195a0bda5e0798c2b955a12871fbaeeb6af209c99ab31b8fff7fd4cd08e0c2aaad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\prefs.js

MD5 4975ad0a555ed22e5ad5aaaaf8100e86
SHA1 63ca75b845088fb227cc48f77ef940b3aafa479b
SHA256 191c36b735e89340fed0439669b8e6ddaaf1b531a08dd1d02245a5c648411c33
SHA512 4b529efb5a6f31b8830ee618e8858d94a1d5ed0e1452c49c578685ba7a3ff224752bb728196900a60cf10f0ed63a553a435fa597d22632af2136b1ba281c20a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionstore.jsonlz4

MD5 4fdb7f9a51ba177262d07d38c0238915
SHA1 f12c5a74467bf624164ac77ab7af517ce46ace8d
SHA256 a641f5701e0ccb2fc22a9f4323c96d899db4397fc08c63fc5de852d9aadca9d7
SHA512 fd0e72672b280e9f362cd8ba4a81c795fd741163020cd2c62a104c3f8e006883ac592951db85f364f3fece2d9af386f635b93ced301e12b4418e1e0a7fdd9c09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\search.json.mozlz4

MD5 41d220d4783f67d2b57beec20c135229
SHA1 6e97765e77920b6010fac2cb4abf1e3cea106541
SHA256 5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc
SHA512 dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\prefs.js

MD5 576156d4106a738d59000f6d5d72762d
SHA1 ec11949f04357802e1d1a1ead5d43a4a38216e17
SHA256 14e1506971cf32c68f33a5806f62e611bea8ea011453d608ae0d0ad85719f39a
SHA512 6b1ce7fb5234b4ee9673d5a6a3b6f9c1f05dadea46e693a31260677ca4f2c5ed71f5ed8dab78e2774d247d8fc978312d70ecb949ccd97ff021c4671986261399

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\datareporting\glean\pending_pings\dc4fa8e0-7ead-440b-ad4c-8a6a3bdadb20

MD5 e5e3cf8b38326b4c56bf42a560e0866d
SHA1 b830be787641dd2520c202e4728e4ed2adb05f40
SHA256 da28606b84fb09cf8100f2beeb6f93f92a8e69208eb8e644914c6af4eab52e77
SHA512 31d38eef7d1e176fc0e7bd063cd82b08fb7da27f3d182f73f47007ed23a75a788a5a5bbaca91e734d5365b3e1f5f5582e28a3797e6edf9945bab5757395a5f02

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\extensions.json.tmp

MD5 6fea7b8a7c492b70ef56f022c53a41ba
SHA1 07a5f681ad3bf607534369a8c1c302d44f560ff6
SHA256 1a86810ccb4613ae4af90705d6ed0bbeab2d0ae64a35d605448b43bf94eefae9
SHA512 fee8a77439a3cf8dda9d4d6478efbc1da2538db2b0e2ab9127e5d9bcd3cbeb84e91c26f4b9bfb54fb68465f20078f223b2a1ae6c76778fb19487d77c0c0d4f7a

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

MD5 7d1d7e1db5d8d862de24415d9ec9aca4
SHA1 f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256 ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA512 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\activity-stream.discovery_stream.json.tmp

MD5 6077c16a0b030dd4c9f161f4f69b6c93
SHA1 221d23050963f697b0e3722ef6eaa91b96289d13
SHA256 b528e3cb0591ba61f285aacedf170f489b8b5c467c5545eff522ce186b995815
SHA512 846247db553f2f30e0afc97e47c93f441ec4f81e497dea9fdf924e8fdf2a655b204c1617a5e39ccc979ba5cf6de49b88bd7457c3ae0acd904907a8409dfcd24d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\datareporting\glean\pending_pings\8567fc28-d3b3-4fa7-aee5-c3373d9e2df0

MD5 b7b2b37b70586d7dc2308dd5801bb0db
SHA1 0813e994f050d8663d10d0982c2529539d8da5f4
SHA256 25db27f1e87596112ea965388af2373a01c4679d58298f26ffcaf222eb8247ef
SHA512 862b7b8f505fc63557fd22593b23431eedd274fcbad3e473e5509f59511c268a41cd52a0ba99cef7dafbea9070ce537250ed8354d09fa5b0f20ba6415e56090d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\datareporting\glean\db\data.safe.bin

MD5 c782fd8692d0974758473a6cddefd595
SHA1 07e78d13ded3572f686a7b3ddc3abf0b4630ec7c
SHA256 5d58825c168bd883afef138deb42c8054068f7dbb743137407a39bce5716b6e3
SHA512 d3877ff34f7ca99a4dfe9dedd1ae24b510798cca967f48272e5a8714b18910da0522226095462c6c459d12b4588eec3e5e40734ed3716d6d8a3e2b6dc5f0b1a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\shield-preference-experiments.json

MD5 285cdefb3f582c224291f7a2530f3c4e
SHA1 f816c3e87aa007b6e6d31eb6a4618695a7d83439
SHA256 704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05
SHA512 8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\containers.json

MD5 94a3843fad8c45c48b0e07342df3dfdc
SHA1 d55b650208bda884d573afebd90830a3f4d7c201
SHA256 854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72
SHA512 4d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\prefs-1.js

MD5 78434acc2982a3ab6608b79260e5f7cf
SHA1 b5601dd95165aff858ce3a151b899b76f33b2579
SHA256 546240534bf37a32fcc6ba50ed6f83e8d4d88ff5447a1467e29beb00b3a58c05
SHA512 f6eb40c9e8b2ec4ee1d50187419acb2a97027a284953bdb9203a645bed2122a0144138fd32a5af2132e2d43b7b2a067cb1be527e2ecc9a798ec145315db17dcc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionstore-backups\recovery.jsonlz4

MD5 de2dbeea7a01f9d7cef58c2ae73255bc
SHA1 e1e3a826e08f5bc260622f1e2e540fbb500b625e
SHA256 acf727e7f89830c085e0de310f9c658729be7697c9a2e044e5cde099b1b7798e
SHA512 28accb36e990174512afd0e7d80b6a4b23d8e6a6177445458947f1cb78fb8691a32b496e84c49e09b63f1ebf951add30433ac9f0a516ef06d7609c4e01d52de0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionstore-backups\recovery.jsonlz4

MD5 3a0929553f93ead334f9160fae56367b
SHA1 f6f47530b9fe2489c2ce78f6e6b12b97221e4d4e
SHA256 5083320a4f63734a45d8a1477a0323a79c60ee90bbf1a0c6ee8f785aa8c5a370
SHA512 27c789b250abf55ff848ad9eefc4d612310013fa0f54b780158dd52b29eb5114d77bbae96e22a50480bd38b07d21a1b36832ac6035216a5dde2efe77509d21b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\prefs-1.js

MD5 02958029629763b2fe4b715071be5e6e
SHA1 db42ecf9c6101462ede0aebfb3fff337b49f5540
SHA256 5870d09437df5d5d61c9045775591d6c96ed2529160e02b12890978e92b3f524
SHA512 68b15dd6aac16d9060735e24386ff52cadb6beab005755a9a96b6ada2d1726d89bafef59097d62448c16940ce3a5a9ac3c656a9d876ba448f8bb97d6e6fb6152

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\cache2\entries\D4D34D19E2639F2E09A6AEED2F398A705DF5A427

MD5 f7bc51dcb64ca166d70f1e3ee3442bf0
SHA1 d2c3ac68c1dbb6683bba7ce5afc7a50b729663d6
SHA256 c1ad495b23a42c91cc5058baed3ddfa1f7274f0dc7a76ca17fd459bbfd00422f
SHA512 40eb1362697931febb19815e7f75b17019e3a12f179af6cc5ac23d4b4795a20425aafee8c512c2c070795786811047a5a023b8f888b5036c2e8b57f7f2cf6b9e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mc5xhbtp.default-release-1718205251067\sessionstore-backups\recovery.jsonlz4

MD5 8c3c19017203b9c8260800365c36b67f
SHA1 a7e98999b683f41f3f35adae2d7c9ad062b059d4
SHA256 0eed3650a8395433a04e9f55732c85c334b96dab7a6f7babc6763e69b062df2f
SHA512 0adba33d4bb13305e39ac8f29aec5d082d835ad8282833a69aad0e7da160364ae736887c7284b055676cc1882e404bf1d79ec0edc4418cf9418c162d378e5a0e