wannacry | ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26

Resubmissions

18-02-2025 12:41

250218-pw6myazqbq 10

Analysis

max time kernel
62s
max time network
66s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-02-2025 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Size

5.0MB
MD5

f59c100dc24aee439206d9a3989232ce
SHA1

371e747153587bde7a8efb12f9484e4e23174f1f
SHA256

ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26
SHA512

ce4402cee0c19b1a7f61dc16e2cca0bf7d0e9f73a077384f62fd0cb8f4daff867cd6cdf17ee56299a2b706c617e907705385f15238871f53998bb67419d0ad69
SSDEEP

24576:hbtkVihdmMS7dhAdlvQihdmMJdhAdlv/jkQg6eX6SASkvdhAdlvw:huMS7dhMvaMJdhMv/jkQo6SAFdhMvw

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\tasksche.exe	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2728	2760	WerFault.exe	78
2792	1232	WerFault.exe	104

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies data under HKEY_USERS 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	5652	firefox.exe
Token: SeDebugPrivilege	5652	firefox.exe
Token: SeDebugPrivilege	2028	firefox.exe
Token: SeDebugPrivilege	2028	firefox.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
5652	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5652	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 1648 wrote to memory of 5652	1648	firefox.exe	85
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 3528	5652	firefox.exe	86
PID 5652 wrote to memory of 2432	5652	firefox.exe	87
PID 5652 wrote to memory of 2432	5652	firefox.exe	87
PID 5652 wrote to memory of 2432	5652	firefox.exe	87
PID 5652 wrote to memory of 2432	5652	firefox.exe	87
PID 5652 wrote to memory of 2432	5652	firefox.exe	87
PID 5652 wrote to memory of 2432	5652	firefox.exe	87
PID 5652 wrote to memory of 2432	5652	firefox.exe	87
PID 5652 wrote to memory of 2432	5652	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
"C:\Users\Admin\AppData\Local\Temp\ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3588

C:\Users\Admin\AppData\Local\Temp\ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
C:\Users\Admin\AppData\Local\Temp\ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe -m security
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 1108
  2⤵
  - Program crash
  PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2760 -ip 2760
1⤵
PID:1016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1396 -prefsLen 27359 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8714d9f-553d-4558-aa05-1724b4c7d8f4} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" gpu
    3⤵
    PID:3528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 27237 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63bd3d51-60dc-4ae7-911c-16fb647242db} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" socket
    3⤵
    - Checks processor information in registry
    PID:2432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3236 -childID 1 -isForBrowser -prefsHandle 2840 -prefMapHandle 2904 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c99c1993-1e49-4cee-bb4b-160675fac809} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" tab
    3⤵
    PID:3540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3980 -childID 2 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 32611 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7798d8d2-a57c-4d1a-9092-88a525f5495c} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4680 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4424 -prefMapHandle 4724 -prefsLen 32611 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e0e3a9e-cae9-48d5-881f-1d52f52702b5} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" utility
    3⤵
    - Checks processor information in registry
    PID:3928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 5472 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42e5002f-4e0d-42e6-b5c1-cee7ae4e9518} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" tab
    3⤵
    PID:4308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 4 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ccbc2b6-c37b-4533-9b57-dfb2a5671803} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" tab
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5840 -childID 5 -isForBrowser -prefsHandle 5760 -prefMapHandle 5764 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a62947e-7162-4200-9f6e-8d634a22a19b} 5652 "\\.\pipe\gecko-crash-server-pipe.5652" tab
    3⤵
    PID:3640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6080
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 27269 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d54aec9-9be2-4ab6-99d9-c8a0435137c5} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" gpu
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 27305 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4134ed76-f1f6-41af-8bff-80c97f75ba88} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" socket
    3⤵
    - Checks processor information in registry
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2948 -prefsLen 27446 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d7dfe6a-205e-46e1-8a4d-b45119535737} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" tab
    3⤵
    PID:5552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 2972 -prefsLen 32679 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd7535d9-2b64-4ba7-80ab-38566bf967b3} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" tab
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4932 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4924 -prefMapHandle 4920 -prefsLen 32733 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b498c1c-8aff-48d4-9f86-8f35dc7ffc6a} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" utility
    3⤵
    - Checks processor information in registry
    PID:1960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b13c97a-8bee-4fcd-9475-fb280fb596af} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" tab
    3⤵
    PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec7e87e0-744f-49b2-9888-387f4dbbdfe0} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" tab
    3⤵
    PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69710f8f-9f5a-4eae-b64e-196abb966d97} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" tab
    3⤵
    PID:4356

C:\Users\Admin\AppData\Local\Temp\ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe
C:\Users\Admin\AppData\Local\Temp\ca0fd61f579ff8a0c7760cc8d5ae85e073c39f9413fb4dad4113933455ce1f26.exe -m security
1⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1232
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 1116
  2⤵
  - Program crash
  PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1232 -ip 1232
1⤵
PID:3248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
944d02d169387264aa0caa2fe3c58432

SHA1
17c1cc00f500d0f1df9431c0b009e35d0ecf5c5c

SHA256
ee87edc701e907e435357126d2fc4a1f692977b79a2eec6c5339f20ea7dc865a

SHA512
c2a8b7ba7f9c32253083fe834f48f13e7aadba34f0cf570ae780f2b744d3c86b8f590cfe2e42c557b38a13a0c70f441c758057ad87d3b86324da38d10adc3cc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
a6555e7e8ab31f9ecc3381e886e8434c

SHA1
313da65853d39304f7e841f3caf7dfe83b5f0f91

SHA256
4603c2343d35d39ec619b344e2cca7de17b2a2d5b36465b79a910c3ab06eeb5e

SHA512
0d88b9d9b56d5b9dea2dcc763107029bba91db0a1190c9c8a2a5b2ece06f07492d37acfda2860fca64451dddee7565d6c9cf6d4a6d6032d8619ce85f032eb56d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\094A5FA25D56295058D77CC5F86E2D4A73ACC96F

Filesize
11KB

MD5
ffbafd5c968408671cb358e1b5526aab

SHA1
62ff16919b7da0dbb661f3ee2ba4d6ef53e5dc75

SHA256
c1903073e5547abf01809702dca21bf3095e198f54979597cf9daccfa65828b0

SHA512
e8afd8535cbed05197e705011c573f67aa1f72c6c108023bc9be8386c6cf41427142a85ce29538abaa119328ef89a590f354e6bf9f6a258cb2ceb19a21192fb1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F

Filesize
186B

MD5
51ba1a3a515a9db82b6b72c8378018b6

SHA1
afc53706f3cd75eddc937b1bf1d7b1938252963c

SHA256
7cf2ce17f1a99eab54eabff420f823308e3b815d1aa2046eece06c56d746d290

SHA512
3c657582558053570f55e45771ac86815c7508080fa0de75263076e70e6c73b0b93401fae2bde3e6c858b7838c3a0fdcc72c53d03d313a730012baa137ae7b28

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\109D080055C1548CE320A422FD98DA1D5E1A5BC8

Filesize
9KB

MD5
23d6e454c1379067bdef24822510da33

SHA1
4c421d43333e27fa1e9128efc587d2d795c9479b

SHA256
f8efc090117f6f976977e716c4cc42136d6626d47043d94ff4d2d888c4b80851

SHA512
6d8efe9de91983dff1708aabe8236975f16f8f6ad5d496680b570b8ff35a2fbbf879c7e9871ec6ec512b081a062998d43c9d89dd9ebdd3cd730d86801601035a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\20A676F4AAD2CBD987632DE3345A1CC98C7DBA1F

Filesize
28KB

MD5
e1bc1e4f273873d0e875b829910e7b6d

SHA1
ebb2a9248f37896f26f9ba375c81be98d3c30c79

SHA256
7c1128e8f68d83ae4e888ebf0dddfe49e9f46db2a214dda136264e97f806c8fb

SHA512
4134126727ab4e708b0b9ec4cc8ad557c980dca9039c94b9b529418a23f1ce44b82dc460a5993e55650f1724068a868004c81ba635861111903a885fc923d056

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\22F59957B7E08CD6CCFED6AF2A1DF26FE157DF40

Filesize
103KB

MD5
0c5798a3966932d7a2d4ec508dce9676

SHA1
901949a72bbe69172c69b625c7d1816dab32a33c

SHA256
07a50d948747774c3f3fb6f4f9aa280d3550c445dfd5bba1d3974e260fffad7e

SHA512
c17d52271753da3a69174ee0665c432269f74b4acdf7b2a7958ab4ad8937463635f7f32a7b872942c451dfba972642d423fd04bf4f18a5d132cf4cedd8e38fea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
4a9c193bce1e3fc9a8b5f92053060744

SHA1
02e4e6c9c3627c401855a280ba05968f937cbac6

SHA256
903dc81182715f2ac5aea29f5d2afc976603b4be3fd63f50aa4c839de063964b

SHA512
235c178d408ea70c0f7fba3f123a93e9ab610974fbf00c20bf9e3cf2b811d47a7fee6261203cf1ba3a74606b3f172d405e9058f0aab5d95e7dde053463ca3255

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\2B239730DBB7CCAA69D83C6AF8FD1D3E10303D04

Filesize
21KB

MD5
160c976ed22220a4d009fd53bae38a57

SHA1
6f534af8527a59642c06a645996b8e30290f9b0d

SHA256
2d19affbba6630c812f0263747ec6c3b5aa117d79f622f0caa54faff404df926

SHA512
a72fdc33b4282099a27e79ac0d9eea4c831b43bca53206aacd389dfea3dd4a0a462334366320167d447f10d824dc1ace41f0bae95a9809c80f67f2f6f7f251af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\2BB6924390CF59B96D237B36266526F42E539CE4

Filesize
25KB

MD5
7f74d337620c2ecf116e269a271b802e

SHA1
59b42b8823c4ed08ad8fbe21a9e4b2c48bf50cce

SHA256
77c587b4ab88b4da8d9ec932023c83f97ccce220a8050feb866d36db09938c5e

SHA512
3f527533b57eafa472f4c93d24fb72e23ba2f026857dc23e246876a54c253f1996567a714d05dcd2eaec1908b84ab175f3431caa692eebf90a22dbca249c8151

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\2BE972023C5A094BB5AAB42202260D22B4E3DA74

Filesize
9KB

MD5
451630e1de22778518687c2ba75e7ebb

SHA1
df07d8edde5a90f41ffd1fad9e5384fc1baa1bd3

SHA256
ae2f66df6f8cf4fb9a0c87b2a8375baf8d292fa8ad1d52a99ed61ed71b51138f

SHA512
c96cc9b2c39b3e89cb2dcd29986efec6bad3297f65710e24643eafff66288699ada524a4364d1e6bf4ad2ce32f1f5591ce6b76b6d58e8576dc889aa8e2779d09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\2F255FBF3A388537FB813FF6092275026ACE7CD2

Filesize
19KB

MD5
e1acaed809f5bc6e5bb25fe334634070

SHA1
10766ae1adbf04dcd07e47903bbcbd30c6f162e8

SHA256
557fde4689e13e014f27deb3e009c45b45133408cbc1a3ae01d8bc77e2ddc65f

SHA512
a34f576e2282a5939640009461ab365597edf6efd22931053204863e6cda5d6c80b5ebd6d81e03a7482c2ee425da185202c32a95ca4b853680cc248b7b74ddd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\30F8453575F09E9EA57C17DF9FFB3381D9D40650

Filesize
10KB

MD5
df262f49d6de7f3707b287daefd5b422

SHA1
f65d06cea3f2f625bca3e1b26b0ad297b8aee9d4

SHA256
2c0f39788fae89e1db2b0f32d42fee5ca9a5b0c9077fb898d3b5144fcf97cc44

SHA512
fc8d75ff620b5efba8d5731a828714a78e25a7d411b1c329d8501e7d39f6cfe0ad2784316cc267dfcde6bf92a651d9999e2afd146c8043d09014c09f2ea806e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\314822CBB28F926E5106B2B480E05B5F4A8C3C3D

Filesize
10KB

MD5
10c49115a9d3665b7e613d21ae914fa1

SHA1
8dd4f959d26722118f78f0f9fd5f3799c480fc08

SHA256
dca75c6b0b3056275ef83f19a992bd28edf3f5e6ab71e24392042a236fb42ac2

SHA512
a248340cd63d77ca6aac5398920a79c5dae86d3fdf83046d7881915731711fe3b1ea67784e408443eed23c33e623b7da239c482480c116afbbd154eb535fde40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\31E8CC655550C9BBF7303A52D84A41D359B467E0

Filesize
9KB

MD5
6e05cda02e6dd7d32232a5503d5d7e5a

SHA1
55561e71e9d2e4ea8495a3e2278ba73d1bce5b68

SHA256
e1e3cb1e3f93ff84efb3acd4686ca4d9d6193031bcad771d74e4b683067ce4a7

SHA512
b41044e813f64badb5629b0c869f7bece42205858df3a3bd2168b07425bef092b5a3274c27b939423159cb31517c2e86521d251c48e8ebfc8355b09a0322b698

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\3C9B2D192D535C347CDA9FB12BFC88FD40CF0382

Filesize
96KB

MD5
9bcef9433f3faa3456634058b957b4df

SHA1
f665df92e0b4d7a0b2c9584c5d63a25da68968d2

SHA256
7c779db91843a338b7f033346d9b3eff93eb694893dbf9021480bd7dc264b4bf

SHA512
989ba731b152e41a6692410a69adfd119f0db014bd832c62a7db8a7e79a54c69204cc1bab4149f86b60e632ad91931df8358cc5b318b24d672efabe7f4a952ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\3EA4AAEC724D7877852E81DED047776542DC0259

Filesize
14KB

MD5
b201c56ba18551c2a7a9225000e75d15

SHA1
38c6443259b23f97a98d7709d42ff6da406de88a

SHA256
b539d649794384b36ea9816f560e90b0db53b35bfdfda8645f5ad03c7565bf57

SHA512
b3ba6146edd5b245da07f3eef39ecbbf2b268f795d305a7350033a7d303902374b9b5b967e62e29f619469b298716986cde88906f25b117cf236fc5388e7980d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\3F965E4BA59EC997D533C0CCCDACE6E485E20B21

Filesize
27KB

MD5
19816eb902359cd610daac6f04db96b7

SHA1
5e559f94e7019700b2cfb47bfb654ce93895797b

SHA256
254bdfc71188f84f63963334c268bc5033c29a03fdb7ce7c7e120602a52608f5

SHA512
61c8fcf80edc009255890be0d74ca270859bc8698b6334d901711e6778927b6e6f73f37bc1b91446afb10e020c6fce30c43af43bbff909e1cb42aa6acb5ab2b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\60AF6138C31AB7CBC0258FC85F36526A60597A84

Filesize
10KB

MD5
4cc91887b735b14ea0e10129b755b00f

SHA1
fc25e495808c289ba137c149f40000ea20eb8b2d

SHA256
639f4f06ef281aae0db72457fb8274c9f6393d7c6da1e9e62dbf479a5c4b7387

SHA512
f0aa5e373180c2c009ef332bac497bd14b5ba37f914b6ecdf3beb451b255f631c6ede418cff88887b06bda93949d012769f546c9bc7500703f8cb047d3438071

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\6762E24BB9F66A6430B9C774503510453B4EBA21

Filesize
10KB

MD5
6aad0309173b7a62bff1f1e513b52c16

SHA1
152adaba67182f8234f94413ab7ab80118dfe8a7

SHA256
c012cc0e5727f12085dc79a79e3198fb83139af9d21f2c17b52518f45fb86950

SHA512
c4373e524448cf7cc00a0f12fc8b4ec2d32b56c41acc7ad872fcf79789d7d5426e89f8a0efae02511bd42edbc9ead212806e5145458734085356be88b8c6ab0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\6AE157FC40B27EC1A4814C10157D6FB45BCD5B6C

Filesize
10KB

MD5
e1c73bc3a9a431600fa5f369e5a757fd

SHA1
729efaa576d35833329b2c31f56addca4e47586d

SHA256
ce4e304fb722ea761b033cb15caac580a382fdf7630d6cdd952687d48cb16885

SHA512
6700eac93618dcb99aa3dcd797a6b68a7bac468d6d2c82778c9d898f3900ffa5f469a08a45bdf670b300b37a28d8fc65185ca7b5314e6ce8139bc0d38f5224be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
13KB

MD5
9d560ac167b5e6b1f976429373d8b15c

SHA1
cab3f2b70d7a76073cff5cba508d73dabaac7447

SHA256
0267ef245d1576f0e5dff3e9e5b284ab36c701e8be760b821455e752474b6511

SHA512
6d620d680b440e1261535825244e9c44ee635d419847610a2fe257b89ba094f89376f270d527b4ff2154ba9a86759ad0d00504b5b3d05206c27ab1121a157882

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\76554F8FBF56F947910A8264985518A50CE61BBC

Filesize
11KB

MD5
1286dbbec445dd85469fc96757d5945e

SHA1
6c67aaba3411b8165f1a7aa6cb98a81816d2a74c

SHA256
057ff34863c1ffcc36737b8d494ea5e1a8cd9bbe02bbb8561325c5280b5ffeda

SHA512
2d803b523f9fb0d1702da078876ceeb0babc831ec90e6d1e98cea8ee019ea11f5f9cedc108e62401a52364e2abe1a1cb545b4d2abf41c16116fbbc091c94c875

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\77E0EFABCA0E3F8236C740423A24382E3AB63333

Filesize
35KB

MD5
b86dce4dbf4453acda753231961c8b89

SHA1
3a891aa7c665f56c27420b0b4e051aee95cbc877

SHA256
1ee64e475a6b37cdc8ef8cca29853373685e79311c205459ef0f6c80a1d5d30c

SHA512
7533bc1ee4f131ade789cd254616a53bab65ab636306bfdea610869c5035eaccbfcacba2a827a5c6a7d34a2300e975aa8124a9395c161728e5bbce06c7bd050e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\7B296DA3A21A35BA71B906EBD14E76DAAD1ACE93

Filesize
14KB

MD5
2840333441b665e0f0a0403ddfdf0d11

SHA1
0535af9533a66f17b8f05ac660f7b3ccfc798205

SHA256
f41b09dee092d431b9378e679db03ea447028bd92712ebcdb7cfecfb0e9db2de

SHA512
4068beea782efdff10206931c5799a6016b1a2952841f7190509a699ec3fa88ff196ed940bd1294f723b368aa311aedf1b6e986eef944f64eff1dd4760f11197

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\cache2\entries\ADF5BD09EB688DAB1F35EE02E8C35329D0E4AD89

Filesize
13KB

MD5
12f6474368196eae9ee34ffc597ff761

SHA1
78d215dbd49fdc4b792fb8cdc98f19ae734b6a78

SHA256
ca3cb954c7d2a4a3bc7de7998bf19cd1dd53104a60108c08ebd01d841bf56467

SHA512
8dd2f16931703b416831f0f7988b2839b67339af08ce8bef8107fc5cae337ff2394bf5eb6a2bde385a27a332e5ca0c7c3f8c31c07c6f0cd38c9a17c84c2d3a85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\ads-track-digest256.vlpset

Filesize
54KB

MD5
64d20d05a5e1dc74631f0b7efeda7ee9

SHA1
567a2116f2a6e7db0306485e64b170e7c8b6e3ae

SHA256
b224780de64479dfe67affae848dff9e838628ccff1d9515cbfc8ee074bd48ff

SHA512
529b682913b709af8eed4fca911224b1b691e94aeccc99951b8c970dfa8a7776f9ff2caf311ddcee44910bd7e3c419fce01cd8f32f41aa781ef3e020569fd3ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\analytics-track-digest256.vlpset

Filesize
12KB

MD5
01c9d44786c5994b56eccfa294d701f5

SHA1
1f1ec326e812ec296f97c675e39c60794920ffbb

SHA256
f3560ed7c826289cfd01f757d3e20273ca261110da70eb32c4d32d3c2e4aa2fc

SHA512
ed6742bd469d7d20bb94e5339f276a6b202706e04c34ad5ceff99549a6632fbcebd7bd5510843c0cc589b508cc80f45ba6bcabeb330d2bdcee9f1ee38f662a03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\base-cryptomining-track-digest256.vlpset

Filesize
2KB

MD5
75030fc0c97997338ab538b7615fd829

SHA1
dac3d0bb59949f922b99e4c0dcc6c705842fd6ad

SHA256
50780f9fd932d7707a4bcb454c7bf031205a22fcefceb5b9cbef3fc43acb9bcc

SHA512
21ad8d76b2a24d5cecc065ba9b5250cfc0f29265e741ece2fc30958662f7f820ebef5db476636cccbe5ed632006ad0fab22c42a05b714cf89a2fd93a89790174

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\base-email-track-digest256.vlpset

Filesize
6KB

MD5
213325f07445a473bc8b8e39ddd01f1a

SHA1
20008e14f24d114deea0193f3d4f41926a1d42a5

SHA256
27dfdce520faff676208952b08a0c4fdeb47eb8b506f69bf5ff2344d2b1b5a8c

SHA512
06ad311be8844db4d42250046aa0b875239ab6c31b5540d056f30ba1ad262eed0baf567717249574b558ddf0e0814f08554dbac4331b08abde7b1293c023342d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\base-fingerprinting-track-digest256.vlpset

Filesize
3KB

MD5
616affa2edda8a3e06dc1b85387d4246

SHA1
432e6e9144cc96cebf9f1b25b169eb0c6973dd44

SHA256
b2e4bb7de736b399f2caffb7274579f46bea111966ecc459ea6a6c02bc2aeb85

SHA512
98294b41e7a6020c2a6623d3b6e7b6f4b93f5545f4aa39470c6f588176d36febe3ff6fed102e215f0da811fd3d8926e81ea670c4d4bd952d62f7cbbd26ff98b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\content-email-track-digest256.vlpset

Filesize
8KB

MD5
af57a9620d86696b2bbffd0b7499e8ec

SHA1
0313dc7c50eb67d5974a95f8ad328e6d418751da

SHA256
ee6ff9bf6173569890e1d04556f5d25799898b3f18b7ac1f5a019d36e5d4e2ec

SHA512
cd5f88a80a0be1bbbb2b90b052df13dc6b2398e09eb4f20d613f81b86873701e959a2c33105730e338c693ceb1fe51c0e3f92b7df158c754e2f17c97a4c1db9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\content-track-digest256.vlpset

Filesize
8KB

MD5
68aa5542abf4f84cdf32f68d15ec7d87

SHA1
d19e327117566e16129319bcec12b11db1c42e47

SHA256
e80b6d551b6b93cf01fa2774746bcad9d365f509776659b84835f30e0aca1ca6

SHA512
7679f7a14c2bb7351789d4acb2b8edaea2c4f613f70492577d2c91afb71574087088c27727dfe0765cebd19dcefd0738234f64bff242a75948c61e066e37baaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\google-trackwhite-digest256.vlpset

Filesize
1.4MB

MD5
c0e1ac752cb716038a8245aa68af4c1f

SHA1
52152c6f058aab68f996311e424dd30341200fdf

SHA256
e448d98c433f007a572960b5a956b474528893020773110d6921767becfd3837

SHA512
a44670bb0e64bbc28bb647716e000405688cdcf62b841619fb00307b29163d9477c79260485d0a7675bc0f943fa343ac01d2225baf01b27ec098e2e2354b1150

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\mozstd-trackwhite-digest256.vlpset

Filesize
290KB

MD5
41fae052da51d99364071f405c6c003e

SHA1
04c88b9e06fd189859e283d0e8f945ccec7272db

SHA256
32fd3723664e71d8b405ff333c9140dc5cd221b7d20572255a41609a95001db6

SHA512
a47ef3facfd5ec05e8579ad1759b131eb2b53f55e47daaf7924d11d26c2b5867b489b0fc510245f13e960e7485ee1ed3080e1747033ced720485a716c119282b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\social-track-digest256.vlpset

Filesize
2KB

MD5
724e72a447fe71f26bf2d238b74ae4fc

SHA1
f523d76ca8dc7cc125572e3d72b142de0ab3b387

SHA256
239eed59fd36f00c99db1e31a50aa8b0151e4c9a10c73b2eda66c7370c591e60

SHA512
dca33c41afba5474411fb3f5e0a1b59aff4268613ac04c9ac9eda1a9c6dc705de300a9b8343dc7aec4f1cdf2dced5e6ffc8c48485f3554fd4497f7dcda4442a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\social-tracking-protection-facebook-digest256.vlpset

Filesize
485B

MD5
daaa03bd7519da1744f99811880c2e54

SHA1
3712d23c4138e87c8213678d0047968f6539eeb4

SHA256
3de18607bf87948b854949674e41d74373a8f8def1fd4e84b33a61bab84de49f

SHA512
cd65857f2f7c8f967050671b91ac85b7497fc2887332a5f289ec747ae228e4658d1b8b6f0f856b47a5d2d8346436000370fa85af9038e1870dec32ac62af34e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\social-tracking-protection-linkedin-digest256.vlpset

Filesize
165B

MD5
530d70dc8f251c579d059f5b1b73fa9b

SHA1
78b2a695f8741ed92e534ed431494d1adc566de6

SHA256
db7ec6c7001da7cc14c7814fcf8ccb76f689d20adba407d0a2b90febe1260863

SHA512
3e69371ec0801f952072ba0bca007b6e433eb744fd2aa8228d5ae0a0ed11943eb6bb035e44d05a013803eee063740fd34fa02a5bec18ef5175ae2472734f8148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\safebrowsing\social-tracking-protection-twitter-digest256.vlpset

Filesize
293B

MD5
8347e3838b3f176a0c4f78364fccbecc

SHA1
d68d4ff0bd768fb685bbeafe39187110c6ffb32e

SHA256
510dd943627bc1e62bd8d6c01ff3b448934813084c00390d33c9e60772bb529c

SHA512
41d7235a324bf27bea6cbb31271f20b132ceba2e6fb5a3f9acca132ac12771237b77acc7f5dcb8e11571beee1d7d6315ac1723476cf4c0bc3cb01307e8b22e1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\startupCache\scriptCache-child.bin

Filesize
469KB

MD5
548fd2001a067c9fea9453e7a51ae080

SHA1
9ea13cbd97e46f0235dc45a57d03dff824892c8a

SHA256
93907df64cc317113b0933101e6a6014eb3cb4e45214f7a672773d365af65c6e

SHA512
ab7a996e5b0291ea24839ff0181926f385433220d0fad11dda275c7a5bd51a7ff1b3505474f315e7793e7fd9b8ee50505532615651e50b1a2f4f824b7548b824

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
29d23c66b9a584e1e697121bb02f68bb

SHA1
f42123753d3798ec0f84786028ae6ee3538c9121

SHA256
dc18d462c90430fb3e01279ad3516b13e4b7f31012c57dff798771adc19c90bd

SHA512
7757ff7b3c7dfa01a8af43533d529ca6f1340feae664872dce4ce94aa5ad79c90e65901b60a330176939a1f1abf2ea6fe6ec60cb3c9167c8ac305297e157fbe2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
574388e0086140de6be99084b96eecfb

SHA1
ed97d2c058fac88c1f902343b0a3b05d755ef418

SHA256
2062e335fe60e351717aff4fd95c1dcc4b852943c32463d8799f3696d6755e2c

SHA512
0348592ba8162e2d028ebce8ded383d98c20d8b61ee677249d7efb709ab47bdeab700a51e5b05383531aaca3326291e97afa4258d04846309806f4103cc8fd09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tb720zov.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
78268da1edf85da8767f8fd5adefe3df

SHA1
60db005a2fd44567c3c5717ab029dbffde7969bb

SHA256
b6e140702047fb1bc28f5768e87f464ec3d1fcc6ec0b2152bb2c669c401ecbbd

SHA512
7f751ba0b20cc931250ef8e6b551de221bb77a2d0794550c80b2e0eed9657f38c39df84d9074fc4ef45ce0a4f4e2162827cbc107c284f5f41d52a8708ec6cebd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\AlternateServices.bin

Filesize
6KB

MD5
27dcd4de1544045e89e8e25342334b5c

SHA1
aaa3b4db32a84ff8346a544345c0021db752cac8

SHA256
34377ddb2285ad522ac7d49f3bbbe77e013834b4c602894585a4e86cf5f922ad

SHA512
514de04f910a327da7b211d1cbac0d8694e75ef94fc59fdda0c82bc5b78e34013d0c4f169a1f604ca9a7333c00a68eb5609092893ecf6277b4469d362fe4224a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
5a135feb22c78b946642512febd21609

SHA1
ba51b20d1b45a6018e8b4526e80877aa98efecc4

SHA256
d0b0dffac2bf552906b01dba0ac7c9257feccf409cff558625706264fcdc04ca

SHA512
ad0cb02738d7f7b233ff83a968bdef8987451776e5caca8653e7b4a6f4eb9049b9ebcdeaa10150bb08a647c466832114e6b1b1c5c373e66635d00ef28fc7106f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
1ba2b625aa5b2b2bb85d8f98ef922190

SHA1
dd182527af6e879521bc7926907eac79dd5ba4df

SHA256
34211be670c65d27ebf5cc76f0c63e67066bdffc79d5b3328f498d7435162ab3

SHA512
32a516aea87306ec50212a578a905fff268ab92e063efa6b0bd93dc75752343fe078b2f167978d47dc036a1bffaabbd8f499705b182e4bd452bc2dae52fa334b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\db\data.safe.tmp

Filesize
42KB

MD5
68e04031e21c721ee7f0bc99bae89f7a

SHA1
08a8eaa6d2fadff7196cbf18fb845171d8170249

SHA256
aee258617f3b5344c15ce4ceb074d7ee78e3d9f8bd720df680024835f3c58d4a

SHA512
d3d7300bcbf497de273802077357870bedd4be900788a7a800712f5edc44e9f15ba5086275a9c53e9acb48e43b38f3c46dccd12b95148e88dfc587a3d1f8da99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\db\data.safe.tmp

Filesize
42KB

MD5
6c5a02ff715f2a31d129767a4099ae13

SHA1
77c5e0b43435e6391ebaf9df3c92ef8a42223c4c

SHA256
c6d9664a09114103862f13dd4dd0b7d7e1b1684704900761951806fd18f5fc32

SHA512
f69419a440acee44f27e2d0c66a273ae1a246b3857dfa238e6a44b4e881d461dd4975abffb632fba5ffb81e65246c334d889151b6fb775a1b982649ccf145f68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9bddd2e200ffa01da06b7d4a54c047cb

SHA1
5d569b5a3c157998c5c13ad8af6a5e577636c2d4

SHA256
e1a71e06c45bf260828a0933259a8008e98f4324f77a24f0246f9cc48dcb5a2e

SHA512
05c66a88dd812385351706524bbd449d8ac45210d62fc01218267bdc8a2ac102d85306785e9f3e029051c9b67b8c390f4fe4e91ef1233b48c0464486351a93af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\db\data.safe.tmp

Filesize
42KB

MD5
4e9479638bf6b88ba6a099f010d894b4

SHA1
a4f34cc37b7b8e55cdc108bf68dcd3f5e02f6e77

SHA256
771039e55c0a883dc9363fddba17a1c4a1332b5b8f48651d1c264890af718d40

SHA512
be1e9f06cc8afce23ce26f7a92c829a45e91a4cf91134bdc136a9b7ff30c3a54e4cfbc6c97de9ad77007cd9706e9394e714d70139a6b3f1df618ff8cb0258167

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
64a0169b8518b8c302ab2288886b77bc

SHA1
43d8e0a629ce6c3fe77fad4f8c07d3ae9cffaa49

SHA256
02b9104c89b3e1d4e918cab254190c5d542e4ac1a8d057263002af4fb0abd3ad

SHA512
5ec0593646172349c4a04964b12dc2e3b51d8185c0639b6abe710ce9c8ab53e5ba5a10ea4be7fa59eb975bfe673b17f47b32aab244037cebc587ce907a61ea3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\events\pageload

Filesize
375B

MD5
d0fc78f4fc1d35377e75312d0f500055

SHA1
11b084127eafecc7fe6cd9a4922c9d950365fec5

SHA256
6af36060bbe94c76a6e2ca46543986c08f0f49ef064825cc77eb6f182d79bf0f

SHA512
2d2e9457f9dcd90f679e055654ebeb9406aec324851258dfb058cf3f420161062c9783970662a4f3dbc3860609137861d967f8b8ed5eb2d2ca62c64a8b4268e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\pending_pings\347209c0-239b-4f19-81dc-d380aa25e21f

Filesize
5KB

MD5
578c7531c87d9e50c069cdf8234848c0

SHA1
1a85ee4b23963524366ff657a70de855e5357507

SHA256
decef411b113452768b85a76b1616558012f6cd4d2ae6cb001b31111d8a253ce

SHA512
b8ed9c08f9e9515aabe08f763521a69baf98682e12c4a1ae80d8576fb375ea819e42aa0b7da27daa943f1242c912a1430e006c847b4406ba15b2ea5ac98705cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\pending_pings\716947fc-bb1e-4050-950e-e078661720a1

Filesize
765B

MD5
60577168eb3d1b13928ae3706227c23a

SHA1
c60748270c4164c22a7e83094a0a96a28cc49ed8

SHA256
2b24bb63795a07f38551bf663b30cd2096fb8b8b578eda732366001c3773b07f

SHA512
adf7dcc5c56a5b05dd5f7228999037d9be92c2995adafdae32acd6fda8a497975782c918b51701ccba5029f79e13d984c7b3202b733c3766c68756246bd6e624

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\pending_pings\73af45b3-d4ab-4356-a7b4-4bbf308c58b3

Filesize
5KB

MD5
f7f444371eaf0cae2a6258898c371b19

SHA1
4fab568863ab8c2ad3c89fe1238aa2705f16caca

SHA256
bdf05bf29e9846fae421f5c095e97aa8d18aef976a11d5344596c073dbd17c81

SHA512
ff46b311d89bd834582f33eff0ff7af6e934e9a1aa46581124dc8f13da91b38da027d0ae8213eb90ecebb420ab5a3f56ad36a879b2db71bf4469a762d50ff329

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\pending_pings\98aa0d8d-49a4-4377-8456-8de19982f82b

Filesize
25KB

MD5
f6518e245cceb88769bbee297a5d5ea5

SHA1
6e425b33abf4d32ac4ebcd513be832f4c639132a

SHA256
c8a29531f6fcdc0364d1ec38f827eb274d64eca57d67e7b1c5395631e2e4628b

SHA512
b13221ed5a3d2e1b27fa84f23cb29cca1ba9c08da4a08d81b2e475784390ea106ba1227455e74417e048bcc47965b330d0fd1dbf42c351be7f543e4fa7bbcce4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\pending_pings\9d369d72-15e0-43eb-84bd-c876caab0970

Filesize
982B

MD5
d4dd674b0f19ee165ce25e78479853f4

SHA1
1a86cb2b37dc861b2cc737a12ad61ad6b8ef143e

SHA256
db73d38f9de125a917c546f78c7dbedb64176e2ce0ad6d7e63e978b2af0b396c

SHA512
b1109e356f59fb94da2520a49fdb2bf5c3d626932150eb6af2e252dcbb84fa75178cff28ea272c596fbd8f21015a9e6a5e1cf734458bca932bcd64eb898a6dfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\pending_pings\a4f5e7ab-8fe6-45e7-b5da-43d6355506cb

Filesize
671B

MD5
c36df0723fb661b03151f4c4f810e5e9

SHA1
db8646bd741fccb161600630f01cbd27188aa0bf

SHA256
ebfcd90774c57b92b9b544c6be7c469f7a4f061b7876f7132d7774c0fade915b

SHA512
ebf102661862ae9b70a7502a4c111bf9404019856484b990fb6976b426859dd4d8f3fc076dc011fa2862edd992fb36036de6f3e9dd2cd8a7e05be5884fe100c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\pending_pings\df92a96a-11ab-4517-90e5-b81b1556caa1

Filesize
905B

MD5
917e25810c1af31f843d31212e1a39c7

SHA1
9f32f51381c653533148bade0c36dd0c7f7004aa

SHA256
643f3c75d0b4c59b692779291383badeafec8f64919738736dd87d79ad9b61c8

SHA512
79577dd8bcc9203ce0e9bb13cbe5b438979bb675090f4578ecebb67bdba3b0603f44e2fa2611b3a6c69541c69844e67e8466aaa7a5e6d9b177e6d56fa6a12a1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\datareporting\glean\pending_pings\e509ba18-503e-442d-a691-68b644c19d6e

Filesize
734B

MD5
850c0c3e94c7cfbdb7d06ab672566e4d

SHA1
5be646a3847af49169c87cb20227cf182c20b325

SHA256
1b1dcb2c7416773fc9ea689e24eb4fa300bb127738e8a1367312fae552ed52d9

SHA512
773db8312e0ed0ee02d47c3063715a143def244fb045db386d097d34fdf0eb7b6fcf001bee52c6e8ca5a8555125bbe290b2c63913c5dbcc9c7f3d4300feb7a0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\favicons.sqlite

Filesize
5.0MB

MD5
b79372b7452d7b97e09be7094400dd66

SHA1
8dde9a2a19f23db52cd5802ad891ad71eaf7b67f

SHA256
fbd049845ddd907944965db4aba701aa06889c1ba694ea24c801612b591120e4

SHA512
db6dbe2f712c66378ca332145879c7adc936648f89d184e1d77328430ed951f68506f4d4b957ddf83779ce88fede44babd0c687bbf800ae72a32e697f264e9ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\permissions.sqlite

Filesize
96KB

MD5
27221ae7b1dc772cf92a1305cb8ec03c

SHA1
f319ec2439d96743939536100702da132b1dfa04

SHA256
3eebbcfd06488c933e971703a3e2b35292990c43704d0f9e408c034b38aceff7

SHA512
8df6cf8e1e6e84c69cb4fe65133beea6d579c6206b6caef5433eb2611534dbc093d14890b8f0976f26e96fa28c12ffa952569dc5b9ef23e51ed1134562b20cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\places.sqlite

Filesize
5.0MB

MD5
115aad71b18d2a2b594bd71776218d84

SHA1
0101bbdf1b32898b46d3e34c44aa131f5560f87d

SHA256
1ec24cf38b1f4603447f0b56cfb94982af6003fdabf2b5ce5b461536523bd2aa

SHA512
2b648342aacd0b492208d33d9c0adbb25ade0619cacf838baef76617ee45484af3f03caeb2aed416411e2013da3fb0726baa279e9e93446cea0052ea4d397bdc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\prefs-1.js

Filesize
10KB

MD5
6ee62b9ebfa41c713e241f02b668c62f

SHA1
4d5c30c12e675cde84e32aff216d0150a3302db5

SHA256
c7077a14e520371e232fc6c20e845895f2d5c83da60cdda03e63088c2ce6d4d1

SHA512
9da0a2333b750779e4640fed1b3fa0b1ccfc98b873839132defb2425afbfce038f839ec2c0bb2b3c28d1415c4ce9663301d2bac3ccbca741297947d1db8ec275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\prefs-1.js

Filesize
9KB

MD5
aef749dbf3890fc4e4c7602bccb182bb

SHA1
aa5ee43e772dc76384a03ba722bc8f06e3178fe6

SHA256
1302a954f6a8150f308575c26667a8516a029c885d5e3c355df85fa16d0de92c

SHA512
923fe65d361a600cc7e768b60c4fd71b7daf91d8523b577de11c95ba6b75cde3a2fc85df3e05ea426a0df6398b46107b058518bf17ca4eb961a16ce09e3880de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\prefs-1.js

Filesize
9KB

MD5
78abf031ae82d0a4a2f906209a4a5add

SHA1
c3255199d028378f0b87f82c4af57bf2aa8aeb40

SHA256
6c87314fce63024926cf9a181add46e6fcda27b44cbd89a4635acf2bed794f1f

SHA512
b6b5f59399197583983869956bf78df7f2694e99e9d52dc3eeaad9333f51cf6085dbd8aa9fb8f5027b40808b9c00da6648f07ca0716cce893fea4aae69930ac9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\prefs-1.js

Filesize
9KB

MD5
392fc0035d0bb3f4c4e6fefb046feb70

SHA1
5c7279a845a12bbbdc7f37e41a8f18e39607a851

SHA256
95509885329ca548e57c56baefb7a3a5fa3b0b9a9939219a3c8c755dbf5135d3

SHA512
f7bc084a252a576c18f7e3cf0e02043c801d96405480eb51f501bf4835f4a07f78e6274c990c8bba32378f221d7f51e7577f0261a02113f8b98c060027ebb0c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\prefs.js

Filesize
9KB

MD5
57f5aa443ee2d1ade94eec94da9cc13d

SHA1
fc0562c1bab9abe1c820ec622c8fc401e33c72ad

SHA256
8214311ab837c17e01a4d83e3969055a096e3dd34efbebb29fd9efb9e8d9fee5

SHA512
8cd7977db9030057cd808cd169746bd8cca3893c347e08cbc753439ad2d73ec2f59515d05de2d6d8726c4b8cb517cf84e9606d4d460d9b9908821a6ecf35a5ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\prefs.js

Filesize
9KB

MD5
33f9029e8b1fef64def7088c35a94003

SHA1
4f5f91e7beae46223b59dd9a333fd9c81d6aff46

SHA256
a1821cb565fecef20e0425074d8a45d47fc20924aedb7146dbe894138a754f8f

SHA512
05de669d4a63f1b00b145fb120d600c786b4f9a8a183634bc8810c67f3c3aace03c65bc68fc3f2e51390a281fb70642850d9b1353c2059bab5f91884eae5eac7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
e635084b4f44a30f2a40e09b561cda2d

SHA1
9c85a71139cba52bb72bfdde287fc9a804564da0

SHA256
801d7ab364eb739ca5e4683c0cdc372b6296d66f34e405a5f17c4277cb04654b

SHA512
0174c012d44664bd6e2763f29511d91bbbdde80344979209ca225661c0485ab6c754f53c846efda85b40116f104db20b1943a47cf6077b9e9b65af9ee951af2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
f2d45f70c9dda418c3ace1b67f6d655b

SHA1
fd1613cbf2c146048b053516155afce61eeb7e7b

SHA256
5bd99bfb3c9cd03635214c1342ea2b8d253f98018e261dd524af0ffb73210429

SHA512
43dbe5523b6086b5f2037d80d131b8628943e81147985c9be20c935c0aeeda11de7fb51344157f8303bfe5c2569351282a6bf19c1abf6b27c449dede8e41b926

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\sessionstore.jsonlz4

Filesize
14KB

MD5
fcad2b4eca45ae193ce0841bea1a3e06

SHA1
6360b400a6b540016aad43ac4577d8b50d891434

SHA256
58ee2c17b7f6ad028eb15c686e8014d5f3331547149b0401e91cd6f9adcc4f74

SHA512
5d18cc5ffca4c9583018d63c490137681130ca2143bb991dd631abf0f961e93b09535ebc09af9e4ddcf2ba828b36247c51783446c9fcee92b891953525e3000f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\storage.sqlite

Filesize
4KB

MD5
23605e20ec7b9c605b210ac3996e7a62

SHA1
e01d89d33f05c4e7ef9eb63d1487b297b420ac86

SHA256
1387ad3f14749464f83e64bff542db5bdb73d1ec9a6556bbf3041d943a7e3003

SHA512
63f6a0102efd24da5fd50b0fc6ff00da33baf2cf3cd2fb1596e6293aaf551ec41b2ddda9b868f606c3c7269132e282d06d3c815b75d71ed9c2e46354ce588450

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
912edd0714e56c4168c3b90687beb46c

SHA1
a65e454ee6794a285663dd142b0e32b45c59d1fe

SHA256
cb58331c3e6c2a1b2bdd9588b91ce4da16a9ed36ae64e1576644b4b9f0f3307a

SHA512
bba7fecba52ca326449d435a61ea1b7dc4520f66ecb3c18378e78343def6378d358ca494da6d0d36ac522d4e0a07e64646b226ecd8e87fb6f858055f493657b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
648KB

MD5
cc772c5d3d65c1aa9001b073dd443a7a

SHA1
0783e31bb1ac5d678e50b35b5a7561e282ab892a

SHA256
7930db2bbfc4e3c28dafae0a54bde8d5fdb50235b3189dcfcdebf039832f6d41

SHA512
1e435f569495713cb8dfef0e60f8e258ce6cdc12caf59f8decb30d4b8ac5c3ca054b25b7674fcb56b6e7f2ed4b8f8e35897e7ec7467ad4b1fbd87c0cf6e488ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tb720zov.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit