9edcf4905388c25cb2782272ed5458157c6fded7d6e5ef0439102f1c74fd9925

Analysis

max time kernel
315s
max time network
890s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
28-08-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BrowserCollector_x64.exe
Size

779KB
MD5

71b5e70a257f47dd6c9ead4f1010bd88
SHA1

f75c41ecbf6f34ca0048534d72f8847b37c38229
SHA256

9edcf4905388c25cb2782272ed5458157c6fded7d6e5ef0439102f1c74fd9925
SHA512

475fd6c74c835fcdc765b56bb7baa18926e6da6c497f160386429938148f9277447918a678b41c9bf1293988896530f4fcac17d1fa93f630a446263f07d9f45f
SSDEEP

12288:ksUHsZCB1OcBfiv3P6gIo/Bw9av4Xzo0P9MqETKTvNo4UvXCt:k3RB8Wfiv3PJImBw9ag5P9MqETWxI

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4384 firefox.exe
Token: SeDebugPrivilege 4384 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4384 firefox.exe
4384 firefox.exe
4384 firefox.exe
4384 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4384 firefox.exe
4384 firefox.exe
4384 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4384 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	4384	firefox.exe
Token: SeDebugPrivilege	4384	firefox.exe

pid	process
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe

pid	process
4384	firefox.exe
4384	firefox.exe
4384	firefox.exe

pid	process
4384	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BrowserCollector_x64.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3940 wrote to memory of 4528	3940	BrowserCollector_x64.exe	cmd.exe
PID 3940 wrote to memory of 4528	3940	BrowserCollector_x64.exe	cmd.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 3732 wrote to memory of 4384	3732	firefox.exe	firefox.exe
PID 4384 wrote to memory of 3768	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 3768	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2824	4384	firefox.exe	firefox.exe
PID 4384 wrote to memory of 2948	4384	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BrowserCollector_x64.exe
"C:\Users\Admin\AppData\Local\Temp\BrowserCollector_x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:4528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.0.1077264860\141565050" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1704 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbad6ea6-4386-4593-9d89-9c72d9282483} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 1796 1de19cf2b58 gpu
    3⤵
    PID:3768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.1.1941593331\1870185890" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5169998-9009-4f80-a16e-578b6a3a7543} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 2152 1de07a72558 socket
    3⤵
    - Checks processor information in registry
    PID:2824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.2.156487952\1013908214" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3148 -prefsLen 20886 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fed7a81-2f69-4e9a-a1f9-a0d2a35fca43} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 3120 1de1ddace58 tab
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.3.378934471\2065089530" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3532 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4017bf1f-3b1a-4d1e-b2ad-7baa79c28c28} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 3548 1de07a5b558 tab
    3⤵
    PID:3716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.4.335655086\1533290701" -childID 3 -isForBrowser -prefsHandle 3764 -prefMapHandle 3768 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {753dbae4-19e1-450f-9167-606a37dd06d1} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 3752 1de2014cb58 tab
    3⤵
    PID:3284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.5.1537765170\1715801907" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4752 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9e5ff6-7d8d-4765-a225-69bad6c2859d} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 2624 1de205f0458 tab
    3⤵
    PID:3512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.6.592461286\1370863944" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c9b8e6e-18ce-4590-91d3-4e2314c77a53} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 5220 1de07a64158 tab
    3⤵
    PID:1036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.7.1445266568\847626420" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5500 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4258cd29-a03b-4c0e-be1d-7fcd3083fec2} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 5412 1de205f2b58 tab
    3⤵
    PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.8.1819862484\1999032228" -childID 7 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74b9bd27-128b-4bd1-99bf-13a11d30f946} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 2932 1de07a5be58 tab
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4384.9.426057594\512220204" -childID 8 -isForBrowser -prefsHandle 3760 -prefMapHandle 4888 -prefsLen 26714 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {996ceb5c-8b62-483d-81a3-d994710d0bb0} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" 4676 1de21f03258 tab
    3⤵
    PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
43KB

MD5
0caf33a1022ccef8b26dea93c2409f96

SHA1
701324c58f5620c632b454abc181541322b130ce

SHA256
3cf8b30285d1246a4658ad1a823fbad8d638391e0cf31475c6bbcf5eeddd43ab

SHA512
40935375f17f880138f92fd6313d259e34d8d727005e1a4dc426021f637d43eead40a5091187dc204edd7bd4ff7502c69d63472eed3a71a662692e9e2c9d8479

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\14022

Filesize
19KB

MD5
b8df8ea45eddb1a4c1eccea5fc2a0b31

SHA1
9eb40e25121e5999cc8c9e91fc466d4199667d89

SHA256
d99b4f37f324053cb43c829ca93743b611c1d43680f0ac0c3195a7deac2dc2f7

SHA512
97d6e1b4b0f54ae4ff7fd17e7b71de1e4d032cdf1e99252cb48e9934dadd8d071ab4423448537dc9e1d221f985c632cd441c50fd9b27d9c3d305e12a0082a870

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\1521

Filesize
19KB

MD5
f7f3491e2b8d6662f062435be62e85b1

SHA1
28934092afc57f3570bb851b68080eafd746944a

SHA256
65c2b80d051ac5ae43f7d436ff67f09c7466daba6a29fbf712d3947412f48d1d

SHA512
0a78c619bec697d93c18e98c333adcc07b48b5ae9cb996df997d7280978628d5cbe6fce56a0a02d98cd89fe606df2c0668c0f52056bd9c9c9ae62741b84d42fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\19431

Filesize
15KB

MD5
5650cdcf49134c983c2d54b59a43b46a

SHA1
0681cb45909479fc93ff5e80834c1a80fec73329

SHA256
e817d1779d4a3c39393421d4d660f63ccc08daeff9e67c76f9aeb077b1f1d085

SHA512
0644647cc558f47ed6029165d111ad69e5d8f9d91c88244f2c8e35ad7c57e9b40aae5ea52520c49404063040e0b0ee30d02321d130dd57dd9e781bd0d7003e83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\28880

Filesize
21KB

MD5
aad11e52ef8e9159816a9ef2b0ce9ade

SHA1
ab1c8435557285cb061ae399c868f75de4f14a89

SHA256
2d19e5f3dc88b9e6deb598cc485ea3280286ce40ddb7b330f6214da0654a5e28

SHA512
09d946c2946a7806c6eefeca62f48ea15a40502dc9ac56b411dfa036bb4fd94f26db964b7da40cd0e8750b2340cc8bbe7df5a5404f21f9bec5df9bee75bd4523

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\29565

Filesize
24KB

MD5
2a98b73bb7049d6b72ace6fff08bc821

SHA1
9147a3c150b6b9a91d355ebf03fd96f7add49cb9

SHA256
6a7ab1073aa045ed84367ef6b8632e3d375ead05c0828a961108775ae8fd97c3

SHA512
7e9b43cc1defe1ab4da4e155d91db1d1753d5c0d69ec255bee0468f5d78d4211e14d89a4e2ec832c568c6e122b17585338b00ca3591a51864f1304615bbc8e11

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\32145

Filesize
19KB

MD5
6aa282f9b6c0d5992e6eaf2d209d109a

SHA1
3c82f5a4dd987cbff7ee7f3b48c682749f93a98d

SHA256
1bab3273b7605e3b0451590f3ec3eeccdc1c13fe0e5bf5241e17686c05a2d7e3

SHA512
0f5d56c1707440d140943175e963d22efd9467b5c773b21055a193c41ec9c0485c11b77af0372a84933d1234d5848ebd63d50d5f20fd8d4609cfdca56b235a00

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\720F9328EDCB687F180A61D6EE96A9CC79671A28

Filesize
60KB

MD5
2f5c58128dae4075e60739da0b7a5f14

SHA1
5d5bf58299eb81bb5227360533da92a12abc5d87

SHA256
af2f637d7cf9e7ce4970c44c810a5ee4fbcaa6fde364e17ebcfcace86ee4d5d1

SHA512
79844d023f8a0e980082f3347e4cc35407a6b584e48291d6f2bc3ce749a1faa7f533997d95aa28f6241a4f2412523620a302eaf36c006d4fb661fc43b78fdfde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\80E40493E66F98650D12C73CDEFE29BBACA89328

Filesize
221KB

MD5
e5e8a5fa0866a9203dcc90531e4eaef5

SHA1
3ac4d60aebe3586f07309985ac1bf66999d06c1f

SHA256
cb2f91a303fe7e9a31686e3177d703b5a5dfbc05a11b1793965e2ab0fda631f6

SHA512
2c3dff30c5fa535d59a7e99a223943d5216d5bb9e4f605f188aea10183054cdd35fce28541ad2ee9b96893743e7438a9ae10e125dfd27a95bfd1ae106b156933

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
0e99cbc1d318d23372d30c71a9dd9428

SHA1
e9ee6d2c75769e7c0e64a6c43638d72fa8eda967

SHA256
ad773c2130130fb4314a441e6e6915fd9548cda6662f3ad6a2826c74f9304b93

SHA512
8021fc6195d7993bcba73c28dfada6920dab099a39acf090ca7e30f8678efd62cfdc3472b6c2e36a3b850f66785448cc9fa822ac13a34896a2ac5b4a0108d468

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\0ede37d0-c9ec-40f3-b797-3feefbe6849a

Filesize
734B

MD5
ffe3d7534700d68ae3c6d31bb53a3057

SHA1
006047cf7d4e30938fb089bdf1ba1cd271ce377c

SHA256
3ae663aa9f27a7c93bce15e2f954ace1da44d1a32c03dcf510d256ce8c2b0a5b

SHA512
0ad9f9a71ed0893c0c07ef0ef69269c871c6e1f1a2933ee8b6ee2004f29427bb67e50244df6b6536a27e6e9a83fe246ad4bfd2980f40810ed69f5488e3641a24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
6KB

MD5
419acac7f87b5babc32f575a3b12fb3a

SHA1
dbe5cc4ae5714ac52e4be4e8b6d586ef0952a723

SHA256
3c40f94f64f3a9dc784ca0c8310c3d073ba5198747e633e2e7355d80f1e5704c

SHA512
8a905b8a671565524cb5444b1ff79b7d84656393fb76faba1fabf363414c3218cb4e2a60ea446a1d447234321638f4e23b318201a7af6b4d3f95d8b27bf2698d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
6KB

MD5
c48f61a7bcd6bae1b83ed3d4ed95954e

SHA1
28a5e2ee143c45f5df6bc7b767aeebccc1579030

SHA256
fcc2571ed7077939146a428a0c4fb19f84f170d8d93328a4cf5e611d2e6ceeb9

SHA512
a0ef2692a7597364be2e5411d3c0386ad6914e6f75f6050cbbbc2cc692fcc40321712e0632aa965cbeb74e14003702c9226bccad3e70117f80b2ababbfd13338

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

Filesize
6KB

MD5
4dbdedd3f89c97514a463891880b55df

SHA1
e2c5da447ae907beecc83f5e149a1c9fb5e4b329

SHA256
dfdbe1e1b9d0fddb953d1817952eec627b0a414a3442801ec0a95a721ac0fa47

SHA512
d03432a517ee0d71e5847162d1c500406b2866c4beb57e3a4fbb9f0d90199b00588efeae2e92a83c7841d241eb0f12f64df0709a1c1087608ab61c235e17362e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b5b02df2f07ecce1b8c72c9e16cea9ad

SHA1
2bd169ef92a2a4e244461a0cb5abe5bd27f2c075

SHA256
eabda7d18852369b5fc5ae3ab5154b52a64ddcd13ac45ac0b089de5f2fc95af2

SHA512
6e60af48b200623d386c859a751563bb99e90147c3b2b1f9b08c79ce81c0792859b937eda81910696f279c0ed3c27f297b60d222da408f0b797794469c746206

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
71094bb54b2f2811abccfd1289f7317b

SHA1
0befbb7c1eb1fe6d54c017887ed3817ef9eac9ed

SHA256
d5da08266cb68a90949bd46302a8445093de050a9e0246788e6d906b3e941e66

SHA512
a6e9515c5c5522326c41121ea52378d1ba80f5b951fb56bc4175ec646291772c29db6c5b3dadbad0f3d2c569d8405f17733ddd42e513c0a59f1bb6bbedef351a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
91571ce7f4dfde4fb936505f2dafd626

SHA1
354cabfa628a23f6f81e158a4b129fd31396f5f3

SHA256
2271b9262b346be4660e9acf0d96244223770a677a16cee155997da091a7b6ac

SHA512
644ed5f0bd4756a9d18f907170a2020205af4737365b388505b4e420f885dfd5562bcb5ae9ffde65cc466b511b8e792829dc558cbfc7b366b90fa858fd37ce75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
8528ce6323e0c0c85ac341a00be20d4e

SHA1
4ff9fc03dd023393d7b46f0ac45046675bcd9b9b

SHA256
e9823d313af92ead500a04f97539501a607b6458ee288a68082332383c5268e2

SHA512
defccff0638cdc64393f09a3027b786ad5fd893a4ff674ef168cf5531014b19d90b937a6c62f9b23bfd48ecea15147065bd0374ea164d7d47e14c296ed72fb5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore.jsonlz4

Filesize
6KB

MD5
519eb385e6b5357475f6c55099f22fb9

SHA1
7881ac55e8aad6bd23c0cc6c35c08b89b85b13de

SHA256
e8b566ea2a465b8c649364484d829912f921bac18e2db0a434086abc30d8e2b8

SHA512
c5a5974c044dc56129b75daf47bc166cc16691cf434dac0b0319f7bac22c69bc166ee4b9b143dccf91fe19fb77b3c3bc7e5d1962cd45a78509828d8ab2956c04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++developers.google.com\cache\.padding

Filesize
8B

MD5
2738451a8f56827c1839ae3c00229ed6

SHA1
fbe8de0d1e48f043db3869125ad1f94abd15686a

SHA256
4e53e41b4e98d7125f272abf3739e1933a32e8b9e5194f95725b5c77e929ab11

SHA512
bbb29c27f67f0637ae70ec7befddc2f3ca6a126b61693773cf5846c00f3122edbd6902cd9e72156c1d42643d2529f1829e7aa31577f3d63a4c1696e04b721fcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++developers.google.com\cache\.padding

Filesize
8B

MD5
e24e897135d122fa8bb3ef5f238d2708

SHA1
e37c667ea4a961574874aa59abd19e11c191ac2e

SHA256
7c15780bcc95c3c9e610b1fce9b40531ad9706f330f429249c2f733bb0b0e585

SHA512
f485344c3bc91d8aac25b845802d71b980032ae5b5372ca0300ef0fb30fdfa87691ffbef96a1a2ece3487e8d8a3526cc41a2d5c24eb541f85682dbb9fe235e88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++developers.google.com\cache\morgue\97\{2f687272-e2a0-4159-8baa-e15ef64f2b61}.final

Filesize
8KB

MD5
621dd7233266d35e3aad0c8912c4d5a2

SHA1
308bd5e276343cd08b57fbecb999079b30a7f7b4

SHA256
83c99b5571b42a80bfef300a70c172c1b6ac6c9d477643b793f33833e4fa0c08

SHA512
1a2dfee69ab304acbb6140b08a09cecb8f624d134d37e87334b88493958a2d5a35d13f33bec58afaeee2577bca58e423309df5e3d8c253f54787627280831ce5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++developers.google.com\idb\1120474735dbedv-sxietden-i.sqlite

Filesize
48KB

MD5
000584ac9e19de9c360329aba91a9bc1

SHA1
76ae9e60022c8737b5111e2602e7ea9bb6e0d50a

SHA256
8ebb740d5d7bccc2159d15967344b20571936a20654bf9a8aef087331b3422fc

SHA512
188bbecafeee6ea3004bcec98e2e33787ab0c80ac39ad86c3ff341829d4f64cf0d2728a202adff6177f3adbcc11b7830f1214b643d1631289aeacc70d746e0b9

Download Submit