Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://example.com

windows11-21h2-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250210-en
  • resource tags

    arch:x64arch:x86image:win11-20250210-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-02-2025 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://example.com

Score
10/10
vidardiscoverystealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/b4cha00

https://steamcommunity.com/profiles/76561199825403037
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0

Signatures

  • Detect Vidar Stealer 1 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Blocklisted process makes network request 5 IoCs
  • Downloads MZ/PE file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 23 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://example.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://example.com
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2892
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1896 -prefsLen 27120 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9583b9c0-fd73-4fb8-a161-cb7464698d7c} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" gpu
        3⤵
          PID:2716
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 28040 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4790afd-5030-4ce8-9adf-ba17b7e1e125} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" socket
          3⤵
          • Checks processor information in registry
          PID:2120
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2720 -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 3120 -prefsLen 22684 -prefMapSize 244628 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eebfb70e-6fff-4e89-944d-01fd128fd2f2} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" tab
          3⤵
            PID:4860
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2812 -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 2776 -prefsLen 32530 -prefMapSize 244628 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f97bfd4-7d6d-44f5-96d3-23775483a0b5} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" tab
            3⤵
              PID:996
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4732 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 32530 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3839db81-09fd-4d30-b9c4-6e4a18792e2d} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" utility
              3⤵
              • Checks processor information in registry
              PID:3292
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5296 -prefsLen 26976 -prefMapSize 244628 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1db01b27-e205-4eea-a730-99b84cb91627} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" tab
              3⤵
                PID:1208
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 4 -isForBrowser -prefsHandle 5448 -prefMapHandle 5456 -prefsLen 26976 -prefMapSize 244628 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e79dc082-853b-4d85-a40d-37388593bcd9} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" tab
                3⤵
                  PID:2908
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 5 -isForBrowser -prefsHandle 5632 -prefMapHandle 5640 -prefsLen 26976 -prefMapSize 244628 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f563698-7221-4fff-bad4-0c5bfa29887b} 2892 "\\.\pipe\gecko-crash-server-pipe.2892" tab
                  3⤵
                    PID:2820
              • C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\wt.exe
                "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\wt.exe"
                1⤵
                  PID:4552
                  • C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
                    wt.exe
                    2⤵
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SetWindowsHookEx
                    PID:248
                    • C:\Windows\system32\wsl.exe
                      C:\Windows\system32\wsl.exe --list
                      3⤵
                        PID:2784
                      • C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
                        "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa0c --server 0xa08
                        3⤵
                          PID:232
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          powershell.exe
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1360
                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
                            4⤵
                            • Blocklisted process makes network request
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            PID:5040
                            • C:\Users\Admin\AppData\Local\21090d4a-3c59-4716-a3cc-1ffd702a3b04\updater.exe
                              "C:\Users\Admin\AppData\Local\21090d4a-3c59-4716-a3cc-1ffd702a3b04\updater.exe"
                              5⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              PID:1392
                        • C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
                          "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xb54 --server 0xb48
                          3⤵
                            PID:3736
                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            powershell.exe
                            3⤵
                            • Blocklisted process makes network request
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            PID:3292
                      • C:\Windows\system32\BackgroundTransferHost.exe
                        "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                        1⤵
                        • Modifies registry class
                        PID:1620
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDQwMjQ2OUItMzBGQy00MkU2LUFBQ0QtMTBGMEY3ODc4NzlEfSIgdXNlcmlkPSJ7M0VCNEVGRTgtRkUxQS00RTJCLTkzNUQtREFENUZFRDVDRUM2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NkI2RUE4NTQtMDkyQS00REEyLThBQTUtNzUyMDVENDdDMzM2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjMiIGluc3RhbGxkYXRldGltZT0iMTczOTE4MzcyMyIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNjU1NTQ5Njc0MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwMTcwNDc3NjIiLz48L2FwcD48L3JlcXVlc3Q-
                        1⤵
                        • System Location Discovery: System Language Discovery
                        • System Network Configuration Discovery: Internet Connection Discovery
                        PID:1324
                      • C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\wt.exe
                        "C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\wt.exe"
                        1⤵
                          PID:2008
                          • C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
                            wt.exe
                            2⤵
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SetWindowsHookEx
                            PID:5032
                            • C:\Windows\system32\wsl.exe
                              C:\Windows\system32\wsl.exe --list
                              3⤵
                                PID:3076
                              • C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
                                "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0x9e8 --server 0x9e4
                                3⤵
                                  PID:4052
                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  powershell.exe
                                  3⤵
                                  • Blocklisted process makes network request
                                  • Modifies registry class
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4628
                                  • C:\Users\Admin\AppData\Local\d54129cf-b58e-45d5-af65-d92b0fd55189\updater.exe
                                    "C:\Users\Admin\AppData\Local\d54129cf-b58e-45d5-af65-d92b0fd55189\updater.exe"
                                    4⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    PID:700
                            • C:\Windows\system32\BackgroundTransferHost.exe
                              "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                              1⤵
                              • Modifies registry class
                              PID:3152

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\21090d4a-3c59-4716-a3cc-1ffd702a3b04\updater.exe
                              Filesize

                              3.2MB

                              MD5

                              c1ab7781370290e0f7d8ea98705e8c84

                              SHA1

                              bf2cc6fe244d17f05d0185d17758fd726562afee

                              SHA256

                              17bc5b41b35d894b37224e5daa66e2c7326e10a8309e299af122c6602afc953e

                              SHA512

                              f28465ca2cad0c3476a867acad8f2d530fcddf8aaa83f5003566781e727846192a5519fce89d597d20b9291e8b462f4c34124ce6cfca95387b7547368892f37f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                              Filesize

                              2KB

                              MD5

                              5f4c933102a824f41e258078e34165a7

                              SHA1

                              d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee

                              SHA256

                              d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2

                              SHA512

                              a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                              Filesize

                              62KB

                              MD5

                              e566632d8956997225be604d026c9b39

                              SHA1

                              94a9aade75fffc63ed71404b630eca41d3ce130e

                              SHA256

                              b7f66a3543488b08d8533f290eb5f2df7289531934e6db9c346714cfbf609cf0

                              SHA512

                              f244eb419eef0617cd585002e52c26120e57fcbadc37762c100712c55ff3c29b0f3991c2ffa8eefc4080d2a8dbfa01b188250ea440d631efed358e702cc3fecd

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                              Filesize

                              1KB

                              MD5

                              09cc5fd224113d9c869b9202a35117d3

                              SHA1

                              e627325ce76adaacbe491cea08c1bcc9d6cc6bb1

                              SHA256

                              62a329ff9e0b637e53d3146763d98cc288a3a996b042bf9dccca087a1d6cbc3a

                              SHA512

                              ffba1d2307d01823bc56268fcc644bb5416d67ff83b226dfb406e34d4e9e7c6054a0748096ad65a1bf7ae02e8c5ddcf1d2ea0c316a4236531b358152de3cd825

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                              Filesize

                              1KB

                              MD5

                              4b417a8d3ac6c451cd0da7a68bd0ae69

                              SHA1

                              524a0520cb72baf8daec44afcd9f596966b9129d

                              SHA256

                              2423f591bc63e8e42e652428d1c7b33d17926fd4ba25f2f27b1f76efdf6d7fd9

                              SHA512

                              19ab508877117ca415cf42bf86bcc26df8a75c32641ce6a736baaa646ee24e99ffb3c02b9ad1cce1d58e914249062008940930be7718fc6377f4403260f742f3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4u4gpgs7.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              21KB

                              MD5

                              431629ffa2e0fca133ed384217be6ddc

                              SHA1

                              072d79219423f06f5181171c48efdf2ea65a29dc

                              SHA256

                              16ec90754e4d546839d9d531e24706a042f3d2904c8ab70ebbcef22371e88885

                              SHA512

                              6f505a9daee810b472f2a12e020851d3dbc735843e7ca0598f87859c5513ee84c9293ece5e25196209ed8725870c3000f37b253e1c69c37f10885042edfb23ec

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\LocalState\settings.json
                              Filesize

                              3KB

                              MD5

                              fb1ada2c3983da2684666a80994c2d31

                              SHA1

                              1b4ed848bdaaf98191fd52df06d190980a1c85e5

                              SHA256

                              81f2cc58c4b4609ced990e7987a0903952eb1e001360eb89fd232ac07a1de3da

                              SHA512

                              fa4e45ee3a8d8bb929347cb9091fb4f6d7925ef58591531e19c008b2cb3a8a31742191a777f404f0582bbdb9912df5f3c1770b91558309ce7bc413d688ce0009

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5jz1gq2b.ahb.ps1
                              Filesize

                              60B

                              MD5

                              d17fe0a3f47be24a6453e9ef58c94641

                              SHA1

                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                              SHA256

                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                              SHA512

                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
                              Filesize

                              12B

                              MD5

                              201fe8c7c527eeb752c13a3814e08e52

                              SHA1

                              d7b78c17e4461a0d6cef959add08bc4b98445412

                              SHA256

                              ddaf261201fd46f0ed24e500f805d14abc6ab5b3b17d806901777d2f9d4c24c2

                              SHA512

                              bc6d91200f2c073a6a5e128b40663f8c888afe5029e1ee83a4c3f4b99a98f45659170e500112d3aead707a0ab4de2d764cdc5ea20cd5767b04f639de43b6e387

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16f2f0042ddbe0e8.customDestinations-ms
                              Filesize

                              4KB

                              MD5

                              af2754c73fdfac9f1dd1a4834468fa2f

                              SHA1

                              8955f4cc26e63914b5ee3522b53a59d8be746131

                              SHA256

                              beb7dc30a393634498ee231c10651a39c8f19b6909bfe4a0e8917fe90cab789c

                              SHA512

                              69ad30ee5800bca70075428c1346ba7e4114aa9458f075ce57cda258b236f89cf34d6dab3641d2af137f72ef2c8b3840a5f88bb0e4d018e81f73bc77dc6f436f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16f2f0042ddbe0e8.customDestinations-ms
                              Filesize

                              4KB

                              MD5

                              2e5d88839a434e5cd88b676d6f7c7e1a

                              SHA1

                              f147b2a687345387540817a44280f33f4417fc37

                              SHA256

                              c9c761222904bce088d7f05d5aa2c17bfb6b2d7298056ffd8dfd7f3eb0aae187

                              SHA512

                              6bf3974ec80430e8d17903d46b44e160c815ee28ec2c4fd05a043bea56ef0142e65448252aa71299c435f6d1900908fb86fb86b6cfdde007f13035b5a63aaea6

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u4gpgs7.default-release\datareporting\glean\db\data.safe.tmp
                              Filesize

                              5KB

                              MD5

                              402975f907c5fe4164e400b3f964dc38

                              SHA1

                              2495c764ad6d19ca73899a94730c22f35b4464ee

                              SHA256

                              3c39b9ecd1fd7bae0d50c65a67860e71ce56b83876b81d00673591b9ec1ebfa2

                              SHA512

                              43113620eec4e19c29e6e50dc5948d0d4dede27077ef53da33d9db929d72a344082080106885c56831550534f0ff0145389d32feec5c51c14af57f7736c38a83

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u4gpgs7.default-release\datareporting\glean\db\data.safe.tmp
                              Filesize

                              5KB

                              MD5

                              954fcc3b64380df358267520bfb8342c

                              SHA1

                              e4d429abd357c4ce824d691a19e21a7ec92e5b23

                              SHA256

                              6d62f10df8a786be6455df2fb79e1797b67458c1fecb2633d7179e673ca51356

                              SHA512

                              4648efaff9e2dd55943f05daf2fc8c7f2f81b75755e83beb670401d118abb73f210fb64983c529d2678ceeddc0054373f65d195864cca351d2803678e8236b76

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u4gpgs7.default-release\datareporting\glean\pending_pings\62b667fe-c10e-4905-a33e-2965321ee599
                              Filesize

                              28KB

                              MD5

                              7818b9422988d9b9765d3409ee99721c

                              SHA1

                              a8d20c9dbdce79e3a9a2772ca82dd21829639948

                              SHA256

                              c3eb49eb41bcd463ef1503865b1cfd4e44838b747d7bd111cce5438175ed1dd5

                              SHA512

                              bf3b025902aa40f2640309694736c88218133378e0d88a817cb2571836899dd8de671989a2da6d29b6f0875943ad6f97f1e4cb6f986abc4e09f61043ad6dd591

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u4gpgs7.default-release\datareporting\glean\pending_pings\7b9e9e64-7cdd-4209-aca2-a042d821efc5
                              Filesize

                              982B

                              MD5

                              48ce182881b1330803afb3e9ce5b1734

                              SHA1

                              c2f33ae89d1f6f8e13060ce947442ff5069578ed

                              SHA256

                              d74ac2fe2ed50bed8640988a0639e957a11fef9b0d918905255955c9debd54f5

                              SHA512

                              03e1eaf11b3ab763988062c38801b274d185cb29689240708683891c0645e4eaaaec6175b999e8235a4ef5c5be26d4760d577e2e28fda8c488c36c95bf84d5f9

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u4gpgs7.default-release\datareporting\glean\pending_pings\fb998509-3a2d-482a-875e-e06e0cbe26a5
                              Filesize

                              671B

                              MD5

                              294257ea39b5bff7c654e5c543f1655b

                              SHA1

                              30c5677c4e2667c8a3ebcc88eabea66edae59ce7

                              SHA256

                              5c9f7976e35d19e22844e3a43c0ad2a69fa7ed99189adac883c72f49f7b5864d

                              SHA512

                              79ecfb2cef0f36835d2821839fcce6bfab4764c81506c9be864f74678f36d67fe8a4f64f2894c2af96eddbc72f35d0fdeb2bf74d781acd9d63741c3bce431eda

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u4gpgs7.default-release\prefs-1.js
                              Filesize

                              9KB

                              MD5

                              49acbd8eb68d61864cdd705ca85ac76c

                              SHA1

                              798727f2401ae75bae768bb28d3fdec56b5e918e

                              SHA256

                              26136fb8fe5f6588b4fa18f791e8644fb6650ec71461b989ac833ed23f9a5442

                              SHA512

                              7eaca395692b97953e276670cb234dd56c594d734d3722c8f68b1b61fe93c632d1236d660cb7caeefb5237150b6c5bf841a4a6a0d32974f640c402c82ede5298

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4u4gpgs7.default-release\sessionCheckpoints.json
                              Filesize

                              259B

                              MD5

                              e6c20f53d6714067f2b49d0e9ba8030e

                              SHA1

                              f516dc1084cdd8302b3e7f7167b905e603b6f04f

                              SHA256

                              50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                              SHA512

                              462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                              Download Submit

                            • memory/700-513-0x0000000000930000-0x0000000000DC3000-memory.dmp

                              Filesize

                              4.6MB

                              Download

                            • memory/700-522-0x0000000000930000-0x0000000000DC3000-memory.dmp

                              Filesize

                              4.6MB

                              Download

                            • memory/1360-340-0x000001D75AE90000-0x000001D75AED6000-memory.dmp

                              Filesize

                              280KB

                              Download

                            • memory/1360-331-0x000001D75AD20000-0x000001D75AD42000-memory.dmp

                              Filesize

                              136KB

                              Download

                            • memory/1392-429-0x0000000000B00000-0x0000000000F93000-memory.dmp

                              Filesize

                              4.6MB

                              Download

                            • memory/1392-430-0x0000000000B00000-0x0000000000F93000-memory.dmp

                              Filesize

                              4.6MB

                              Download

                            • memory/1392-516-0x0000000000400000-0x0000000000422000-memory.dmp

                              Filesize

                              136KB

                              Download

                            • memory/3292-364-0x0000021A9F790000-0x0000021A9FF36000-memory.dmp

                              Filesize

                              7.6MB

                              Download