39b8d89f49c86b2a1f876763e3b4666749c85de715aa10aa96a00d5a2d83861a

Resubmissions

21/04/2025, 09:34

250421-ljrrga1rt5 10

21/04/2025, 09:28

250421-lffj2aytdt 7

Analysis

max time kernel
93s
max time network
89s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
21/04/2025, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Iаuncher_v9.1.rar
Size

13.6MB
MD5

6adf66f995f52565c6f44edd024ad6d5
SHA1

4ced5eb46794194e90a0baf8d01d78efdaaa2a77
SHA256

39b8d89f49c86b2a1f876763e3b4666749c85de715aa10aa96a00d5a2d83861a
SHA512

0ccc86c3e6605299f2d24c7982e909af038ffc030e82426ac7cecf8f797e2b0122b18722056d381764056c21e340e8e01df1b1025764e7a9158d43cbcb944522
SSDEEP

393216:xTR2upwCQ5NKmlfv29/Vbrb3C48I5x2jUyt2jSVdXR/X:x8gwCQPJv29BHzfxdQ3R/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 40 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	5832	7zFM.exe
Token: 35	5832	7zFM.exe
Token: SeDebugPrivilege	6140	firefox.exe
Token: SeDebugPrivilege	6140	firefox.exe
Token: SeDebugPrivilege	2104	firefox.exe
Token: SeDebugPrivilege	2104	firefox.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
5832	7zFM.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe
2104	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
6140	firefox.exe
2104	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 2508 wrote to memory of 6140	2508	firefox.exe	81
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 4976	6140	firefox.exe	82
PID 6140 wrote to memory of 5056	6140	firefox.exe	83
PID 6140 wrote to memory of 5056	6140	firefox.exe	83
PID 6140 wrote to memory of 5056	6140	firefox.exe	83
PID 6140 wrote to memory of 5056	6140	firefox.exe	83
PID 6140 wrote to memory of 5056	6140	firefox.exe	83
PID 6140 wrote to memory of 5056	6140	firefox.exe	83
PID 6140 wrote to memory of 5056	6140	firefox.exe	83
PID 6140 wrote to memory of 5056	6140	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Iаuncher_v9.1.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:6140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1968 -prefsLen 27097 -prefMapHandle 1972 -prefMapSize 270279 -ipcHandle 2044 -initialChannelId {85e6faa8-40cc-418a-b398-691dd8ebfd99} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2412 -prefsLen 27133 -prefMapHandle 2416 -prefMapSize 270279 -ipcHandle 2424 -initialChannelId {b7929f8a-2abe-4378-944a-cd4cc92673fe} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3800 -prefsLen 27274 -prefMapHandle 3804 -prefMapSize 270279 -jsInitHandle 3808 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3816 -initialChannelId {2a7f0656-51b3-443c-846c-ba4c2ccff27c} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3964 -prefsLen 27274 -prefMapHandle 3968 -prefMapSize 270279 -ipcHandle 4060 -initialChannelId {0c077302-aec2-4b2d-b497-64c220d7a437} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:4064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3288 -prefsLen 34773 -prefMapHandle 1464 -prefMapSize 270279 -jsInitHandle 2600 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4452 -initialChannelId {0c40795d-868d-499f-86ea-cf773ebb3859} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4976 -prefsLen 35010 -prefMapHandle 4808 -prefMapSize 270279 -ipcHandle 4992 -initialChannelId {7681b987-25fa-4416-ac58-c303b821d28b} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1680 -prefsLen 32952 -prefMapHandle 2740 -prefMapSize 270279 -jsInitHandle 5100 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2552 -initialChannelId {69be171a-e344-4c7b-8bf4-112f14146767} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:6000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5656 -prefsLen 32952 -prefMapHandle 5660 -prefMapSize 270279 -jsInitHandle 5664 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5672 -initialChannelId {9b1cdd55-4306-434e-bc76-8a5b9ed5682e} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5844 -prefsLen 32952 -prefMapHandle 5848 -prefMapSize 270279 -jsInitHandle 5852 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5860 -initialChannelId {6c37d36c-f6da-4667-83df-d6eed41a1c2b} -parentPid 6140 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6140" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:3128

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5032
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2028 -prefsLen 27057 -prefMapHandle 2032 -prefMapSize 270326 -ipcHandle 2120 -initialChannelId {1cae4b7d-1ac2-4ee0-b5d9-5af2c4d27f83} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:2152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2488 -prefsLen 27093 -prefMapHandle 2492 -prefMapSize 270326 -ipcHandle 2500 -initialChannelId {e4e563bf-4111-43cf-876e-0291a743e9fe} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:4504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3800 -prefsLen 27234 -prefMapHandle 3804 -prefMapSize 270326 -jsInitHandle 3808 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3816 -initialChannelId {14a94534-bd5d-403c-839a-ae3d0eb1b357} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3972 -prefsLen 27234 -prefMapHandle 3976 -prefMapSize 270326 -ipcHandle 4072 -initialChannelId {a42c5c48-afd9-4a54-ae1c-ccef7b402c27} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4636 -prefsLen 34844 -prefMapHandle 4640 -prefMapSize 270326 -jsInitHandle 4644 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4652 -initialChannelId {18b702f5-c5a4-407a-978d-c0f851fa283d} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:2428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4936 -prefsLen 34893 -prefMapHandle 4932 -prefMapSize 270326 -ipcHandle 4644 -initialChannelId {96c2203a-e267-49f2-ab9d-cb327be68920} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5676 -prefsLen 32818 -prefMapHandle 5680 -prefMapSize 270326 -jsInitHandle 5684 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5660 -initialChannelId {ae5750e3-164b-4b9d-92d0-5eefcf8501dd} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:2012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5904 -prefsLen 32818 -prefMapHandle 5908 -prefMapSize 270326 -jsInitHandle 5912 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5920 -initialChannelId {b095fc13-8d4d-4fd6-87ab-086098b7d78a} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6112 -prefsLen 32818 -prefMapHandle 6116 -prefMapSize 270326 -jsInitHandle 6120 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6132 -initialChannelId {68dbb674-45fb-4a0d-babe-9b57969e25c7} -parentPid 2104 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2104" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:4932

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\activity-stream.contile.json.tmp

Filesize
5KB

MD5
9d8f8fdf619e860adc7d4301c966fdfe

SHA1
62fd0578796852d0a4d639891692d7933b1194bd

SHA256
56b983362bc01b19ce9f9018dcc1c768ec7b9874a4afe5ee201e51849d28a707

SHA512
90f8fe637e6a0ab210a29e72a72411c11586828d7aa61c4e04c7f7a8d69c9aef942e05d7077c1aa2e601f720d304d9cceba203e1cbf33142332afab29fed4960

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
d9150bb543390f4ee4a0c7b62f3cf589

SHA1
7c287b20f447d9e8da9ae8d42c02bf2b20ed2a83

SHA256
b0f64a211740a4d62950e1866a29e793d878a4eb37a303d9bb61936766e8f381

SHA512
ccc90042abe1ccb25c9f4ddbbaab2c59a1e4977e92e20817c3280ca48eee8e6d2a4b8200ec429a5a734aa008900b6d20c434ac2c3d36e8066bfcf0b58485d45e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\activity-stream.weather_feed.json

Filesize
14B

MD5
3ea4da2ce03c4204ffe9b30074d62fac

SHA1
b6b82844f7ce93098971fea6f2559b220be08e2d

SHA256
1bead770ec2d7afc6ec1e9d35383f40ef676591e079dece21c38db17c5c24a20

SHA512
dbbbee11f26deb954124b96d0fb7748ad170d9bab095f79691c83fb1dcfe57b453cd4ffd6a367c701d86bd676d40aabde7a390ecc57e2fcbd0c545d9940a41f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
13KB

MD5
b9d851c9542fe0e18ebd87e6df00789c

SHA1
d2d5538028cacb43b9c0361b9c81ddc99de022f1

SHA256
f287ff5be0a00be8733987da7ce3961b3571f25f680f0e4ecb12b99b9b87943c

SHA512
b18cb3b74614f33227978de3bacce5ea9229b74645eecbd6b282cb4b5a1f6342ac0cc87500875060893cbc94e9765376d66a8c2362c444d2219ce62981ddceb7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\cache2\entries\73EC3764FB3BA737E60C1F3545992FF513570DA7

Filesize
14KB

MD5
76e3cfb5deddcdca42f791a03abbd1f1

SHA1
01375c2270ee37c0dbbb1b27e83ccb13315052bd

SHA256
6f480c6af1569069f52d758968e62ccfcae0cdafe3b1b563eb4a3e3ee3be9699

SHA512
c310416fdc786a468fb48c649a4370eee37a8c058cbff2e61b463f96737485cc2e3abf8ead074f7527e8a145515574c1c96393aa2cb38b06b12343605f6df16c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
14KB

MD5
47db0d04a1a1da367e68528c9bd39b09

SHA1
81eac45ae3866685f05ec6606bc9363be0516ad8

SHA256
962ffa8d08e5be308e65e62beaf0f1953307936f067dc181f5b8fc4c49064be5

SHA512
80f8cd82abcd4c3fac6d12ebf5c36efe92cb298af0e9b0563fdd24ea108b4557c0df2baccb4616fe223583bb47f899f72d7e83b7ac3f786e84ea484e213b5757

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\cache2\entries\BB95D0607349D05725D5FE01D4FB300E319072AD

Filesize
9KB

MD5
25b4b109bf2b2d1221906dce077b05d0

SHA1
9cb4c1f7fd73db36552d653aaba1eb0bf3b45914

SHA256
d5ef0fab9412c88f8562955027bf5b83a565ca9ed9061043795c78b36cedc640

SHA512
80feb25b3a0bd6f5e3d0c505fd3462aba941d38815688f083109c38f43edc7896d73f4c2f2f8ef9592649df769d5d82161243d6108f87e2e2ab151dbe230d8ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
193KB

MD5
d759eab3645c381b64523d8b8c54a4ae

SHA1
6e882a2d25ec889cd25af45d28e6c2b7e88c29e4

SHA256
f81fd4e874fb2fac8ac7e67fa04c8fe4fcf08f9ef54496638ec2cc0c311378d5

SHA512
3825808fac46e994fb0be832d8a15b3e3298c4c0511e16c8b03dcb6bc1e3bd442b9b42285355b8c600edae648c285269091b13025d49763d3d37a4c637cf695c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\cache2\entries\DE5F6CB1BD71958EB146CDD974763A3115937269

Filesize
10KB

MD5
d1a38d170f8fdc0cfb5faf0c5f7cee5b

SHA1
5f8a83f495d3f5d9d12969ec6d87387dd19044b3

SHA256
9d7fd11ea99c809882d6686c854d0fdac410c1eb686ad3b66e3105c136e1cc4e

SHA512
7162d9c6b0abeb0aa926c8e905971c3e3b22a6cae1f0cbdec462c733e0f359941c7fef16a2d9f90696557463e532b3468520143e824b436e7c8065d20bee35e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\cache2\entries\E473D920361435DF4BBBF194E406FE372015579A

Filesize
9KB

MD5
705de5bfd8672d5873a8962690585bed

SHA1
0add78baebe5e4ec47c777b7b31d67af14cc5609

SHA256
c9a902307cad73afa8f271c57c06a66ce177d0929eda5a00a33a2db589d61450

SHA512
7e48932812116bb54e527f7ce0591b14673023dce206e51e6bbe2ff56768c887c3ce7c5f9cc251bb36b052fc21b2c223204d21ae54a492ebbc35333cac339732

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\cache2\entries\F6DB2CC802065A948266A380F89F5EB80BB1A349

Filesize
9KB

MD5
84485d45326b3aede0723731eb27137a

SHA1
ef086177ecd2a0791e2220af4edb8fd821579e46

SHA256
f3884e177a1cd8848fada4cf6ed57bb12e98b90391a29299212996981c610375

SHA512
766741417fb1c8efa9bb6e49be712e0da000b85825bb3342a0723542bd543d7c43416a2712e2e311d4d5d3d2aa9d96932b345472e381c792619894250aa85ea9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\startupCache\scriptCache-child.bin

Filesize
471KB

MD5
9d9af615d1064548fd54820894429dbd

SHA1
6c297e3ba9c82e20979acb2375198e6457e262fa

SHA256
067c497c7ca834470e8ad826a0bfb7a786697d6eafc1141167e441b74a0e9009

SHA512
ec08f7760f920697eea95e2abd71d3ac634983b3f59fffcda08b35cb720e55c581c34410a0f68150d4c5db93c95165b3bde0a6de9803c830c5a13a49149b0235

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\startupCache\scriptCache.bin

Filesize
9.9MB

MD5
09554580f91e03da53499324cf0ef010

SHA1
8fe373a08c6d75a00efdacb317f1f07aa3941262

SHA256
1ee573f236944a9c5bd2a0d520a2d0384018274c73454d4c2a5c297124e81c88

SHA512
543ca12f40a063fc4a4a3222233736c95a9debbb97a820306470f4b7ea67b555e9925ff9efcea30657afc560216cc7b7f0da3e1726b43573191b6c5f08e325e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\startupCache\startupCache.8.little

Filesize
8.2MB

MD5
d4631b86f070626d295a216320b5fe31

SHA1
0b672925fd4ab42ddf41386e3f79e2cf4c68d51d

SHA256
d829eed3614cb5dba4a60c30eb5f8ce9bb06c2a6799fb2f2a5566b56cd1dc7b6

SHA512
7e4ac805debce2d070946c8d741256ec52da47bf40d6b8dd708bf8d1c1f3ecf8dab0a6fa836e6be9fcc3c3341d5117b760f616f2926ec8530a78573b6ae60db7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
205bbbc940d8727aebe6b329fd311d80

SHA1
bf9f42e19202ca701cb7b614b0053e7e8eaffc3d

SHA256
0f14067fccdfc96da364a9c1a5fc764e61b3534ac5e0553daa3097d3e16a6b5b

SHA512
1bfd2caa49559f7a6c38a7d2c34463a1de6270c414ca1be9737b7f36661e5fe3a288abdb00b432f90af59f160568c5d20ad0298403ad0bbbeb35645eab42999f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fcddi1k1.default-release\startupCache\webext.sc.lz4

Filesize
105KB

MD5
6dc52bf47ccc4adcdc607d038c4ab468

SHA1
00b6201e0866a3c71a63603c65292d052a6906ef

SHA256
820b1453e2d16aea51bc58dd5ea4acc579dba6ec2effc6feb8beeffe028762f2

SHA512
499ef3ffc180efedc82b3c64bc1216506da580f45b2b3eef6a3770d215ea0e924b24952e185f2647576d8a1591cd14a56d2ae08a4002505fe3cfcf5c0f6e4ec7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\AlternateServices.bin

Filesize
6KB

MD5
6bb2b4c144d273dd8ea4b965a7e3c20e

SHA1
adf227af963515d707671851129320c58ac71fc3

SHA256
49e6801e12d9c4758b7421072b48a2a281bf2080afa59c1e8bc0611ecae8a600

SHA512
7cc923d5babc9c92e1ca3bff587d4a4ddc61c3ce567ea63b783d47f0f0c58737e14468d56eddeb9eeab4b4d5615b633f0f615669be04da867d79b84e8090e9b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
c46973230b1d5ecb3538ec914a0fa32b

SHA1
2eda731e4dbd46ce9ba23105dec140dabc534ded

SHA256
c27c57a2f3e64d308ffd2b883192fba6f6fb73bf5599d7f03af48bf5acff480c

SHA512
abe0830a7957dedb26fd2cf17de60bac81c1894d270f14a28d2ba00a8e1d2f9cec5e1067bb21c08f4afecc1020a9c09158eee92ea286ea578fb8cfe08f990a36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\bounce-tracking-protection.sqlite

Filesize
96KB

MD5
1fd6bd348a985b76dee8f0051337ddc8

SHA1
32ea4768657064b3ae4c7ffa2aa8d4cbeb044afe

SHA256
07389aebeff04f1d370ad4b1c9fedb5811035f354bb6bf950a4631bcf14a88d8

SHA512
05d81d1334e42cef9ec183c8c8db20721c286b8c1e2ba7da80322833d8488bd58de0d6eb458970d33acf5b525b74e249824b1a1b918b78548e2baa288dced5ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\compatibility.ini

Filesize
198B

MD5
ce9ef13caa8a74c25157b184aa038475

SHA1
db03a9935d8bb3ce6b120aca98feade536805160

SHA256
252b7fff962848c61092e82a3d87adca163849767713a93ab533bb397f1f53bb

SHA512
0f6f5053e78167ef5cc5fa70ed3a87dd116df0671a590299277a197341bed983e3d77e37ad2c33cd4afe880fab9ed1c7f7502210040617a01f97a81c1e1d4f29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\content-prefs.sqlite

Filesize
256KB

MD5
d3941a15a96fb3023cf1587a47b586b2

SHA1
94996d072eea6af88a1d96b8ef900a1fe3ea56ca

SHA256
fff6c2239e0d2ccc2dfe16bece3f51fe2831ce8baaa337827bbde444207a727b

SHA512
d627318f49a185b6ad4dbd76c9eb5aef82c360ab76fed195641fbd258e045e1f04c0d6359827a9c31c677414bc656e183770c0d1b829821388db8bfd2608f364

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\db\data.safe.bin

Filesize
30KB

MD5
136df4d0013a5278732af467266b81fb

SHA1
31f28f486ba93be1fc80814e7b1293a7e66eac10

SHA256
a2db4f84cbb6963294d9fdc9d211b023598a162ea696c358ed718f30f678d799

SHA512
055182ac892401fa54f380ad211c8eb8eccf701360f5e375000c01644d1a1ba2c3edbab33e6241362ba6dad21f06a05dbc469b1aa650daf9263c56253fe20875

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
edaef5d224c3bec6835a38df3da0ff2a

SHA1
151dd58c56b015e20ecfc3e7d9a12ff859c90583

SHA256
2459eb7729dfb3b1ac1e12ce84247959c045bd95e4a01ce7b55fd5382ac1d618

SHA512
755dd2715dc243967f2814786a133f4fb29a5e154b3acafad91ba0bb8653ce7d407e3ff2261d11f4efd540d3897fdb442495aacb8b8319b64f02bfcd1c74fdb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d5d2f38529615dbbd06608555e9254c8

SHA1
9f1b89ce7d51a3da6f60ac759c9cd7c3cb20bb5a

SHA256
bb1056ea1f34bf9a30363d4f7f6b6b8835926587087fd3f05b96a4b5bf860c18

SHA512
e8815b1d41093cd8431d25ba4ace6083d359aff645183d50ec9951995f1b78a43063a7d72476c86d0090c89993382bfb640abc283e0c05a3ebc59f49b45f69b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
c00931d73610d9d232d11f53c9db2981

SHA1
567afecf031fe4b17a2cc32018bde1267137df5a

SHA256
78ae8561f5e8e8c1a0f3a4455e2f6c2f0cf12ede98b5033655f5189ce84d380c

SHA512
c9f7c3f503441f171204ceed6213341f1a4dc66ee17dde3d939835e43c646402f66410903abf597fbe9701d01e69711938e2290cb0bc0b176dcda0e87a26cf81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
c307656f5d2dee7ecb3d46f60388ebd0

SHA1
d2f4b3a680a2aeb70c58701936a2f0abb415bc9b

SHA256
3df3fce906f5958dc063188f47c948d04db3d0c7e85385b0c038f1afe1b78d20

SHA512
1eab29beb7350ae4fde5c0306013ba95a799bf2689e539e61926e7560b0a11aebb9d54593c61bbe0e701dcbe9a812ec6812e257f0008e5598973ed2f43f20831

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
3bf5617e1874526c07acd4752225dc11

SHA1
eff5ce2fe99721e0795642e567ab39be42c68201

SHA256
dc23cf3dd8638bb130976b92e2db79ca25c5900c2fb187a9a98f4e8bb8b889d5

SHA512
8e38dee7b2516f4061bc1d3aca06aa9b9f2baab75dac1d175ce26afd30a4b466df82e23d35cf3556c9d10bdc68afac240878fbfc0bf644cb7923fc40fd00544a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
0a91485b88d6f9c9d635fd6c4e6f1273

SHA1
24bad8d4fc6d204e054845b84599eadadff9f5e4

SHA256
5c5e8c677a60eb6115aaae67967299840cc39b3264fbe9df24f972865714a7d6

SHA512
604beca5068568d00b8d948a23bd1c14319378e9d0f67852272636771ecaaafa3dba0483d51eff0f9e65bb26375df1d18477576af372bc72132007367a5a7ac6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\1f3a31c8-db6d-4a19-921f-dca04f7701fe

Filesize
2KB

MD5
4abe2071473445646af9b139f56527db

SHA1
220e7136dc1d90933cf17982aeeb94c02bcb461a

SHA256
43be1e1cd23810b6c86b9e09a62ef28c9de8e1bd008137c22a3b26d89879b575

SHA512
c46b56a5d64cbdd1103461f5fbcd4da77b290246a90aa722af0a9c9bfb891d03607d734c4f2fc5f16a8b83cad9ab29e909f92a2bd473cf489b2d51d3278322d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\246b8439-a27f-42fa-8794-1a359030c61d

Filesize
16KB

MD5
2ab62c7ed8771f48645088826a1a3bd8

SHA1
f7c0e49916c1fee45864069abf652388223f388d

SHA256
40a8f354405e31c08f606ebdfec389b2a693c475d2ddbbd10d51d6c8cd96108b

SHA512
a0640c34039f12a69a4be522893677a9b085a15c7818c01090ed6eb6873c970b9c6497778a070e105ae5286a5f6b4000b26af9ab646aec12e9bef5a6b6904d4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\67b6caf6-c99d-48b5-ae66-dd70d7ddf0d2

Filesize
235B

MD5
381366f394f739a883a779a9c69d2a6b

SHA1
41835827d1a89f01140612452eb30a9c981cdf42

SHA256
91ed9e73b85c1db157b288788f029fdf39de77f0f8b7112e6bad4f3c4ce3a35c

SHA512
954520b6c7465669b4a2d33612a55ad177d8a760a7dadebe164d546187611bc41f3e2c57c98ca55aeb4465d69f1dc79ba99d98cfddce0adec47c9476d01fcb05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\9c428b79-967a-4236-9199-8233f9afecc8

Filesize
886B

MD5
fad269cef6d335f239c1b6ce7f55ac82

SHA1
b0cf3ff5ea92c8d9fb14971023fb2ac2329711dc

SHA256
36598ab92236a20034662cf4fc9ce8690a21254f298d03543450975910886616

SHA512
16f3c48671183f5c6bcfdd6aeb514d16156dc65e18e6ef4c5bc9c336d6578e3f433d5bae16e1708367ea3eefc787e50328087b52b67d3c2f80a15908f5565460

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\a55819b2-e0a4-409e-934d-9fae9c99c3af

Filesize
883B

MD5
6e17da60877694c4ce5c2a6f1f99a641

SHA1
77737e01ede7a7a73f0a9974d5aed5a12c9342d0

SHA256
5b01db03fb0ce6ffde6a6e5bde92ce15132c4d6c0dce82acf4ce98f750560fee

SHA512
ba8ce5ebda8f1d0ad0e50749a09a6b5fb2ee3419a9e7eeab2533cdf0b2f079cec898b15a62e0d1c095343267adf6c62def6a092feb339430809efb25087f7977

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\aabe323d-f688-498d-952b-b7449669ac4b

Filesize
897B

MD5
5f4a60d107fe8131d7f737f2d794aeab

SHA1
877bf0c63e81ff7147027fd2d2d79a501facece0

SHA256
1ce81fc7bdaa116f5075d0d1e95b3efb92439812d9a065a7224e99b46ccb17fd

SHA512
2b6316b2e0d8d6d705b5e56125291c2da7dd6b28faa2bc8297276f3f225fa2a4001c06de83b64b7b063452b6f34a9f45c7329924618527927883840b79f85be0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\c75f022f-9be8-46b0-a02f-d74e549a217c

Filesize
2KB

MD5
e1d6251074150de2424e835a873732e0

SHA1
c151bd87dfc6a83cd68b86ae4783bba685af0605

SHA256
55490c9f265ec9217c0e622341462d7c9b31cd1b9c45fe62e5c10ab9bfd56495

SHA512
6f7ac0787a54811d4d94169972b0c85cacca5d74079d212a6758e5dec76670d8e6ee93da0046c3ef74bd22e19d48c6e3349e619cea706a2363aca1001822337c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\c776d48a-9e09-4723-99ca-40d346fe5701

Filesize
235B

MD5
50795a1b62408d72840483014feddd41

SHA1
e8d0622dd7f791efb46f266b679b774081d8fada

SHA256
7249064829ae97add8e7c83dbf5d28e1b94265c750d45b87d04da829430bd928

SHA512
a49053b6834270bd893933048b7f7d8b564c3abb4b4ea500473b6d7c14fd246bc8aaf171088db86cd2ce46fa18cdb038b8474a53667314732a8cdd4499911215

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\datareporting\glean\pending_pings\d30c1f71-e268-4eca-8b4c-40e37db2a06d

Filesize
235B

MD5
17d177e89f728db64d83011e87bd264e

SHA1
777c95fb106fd0ac37d7e389ba4487b8520278cf

SHA256
8dada69c4c0ef6b5dcc8d5e3cee53d33d4779c08abfcb1e4a023ec39505bbaea

SHA512
f91ba005ccdc89d17d02c989e171013dd34d15dfa1cd04d2fcb747c1cfee79472d37db98627c1955ff2979d35d2f5e08e690a9e50b658692c1058daca0830b26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\domain_to_categories.sqlite

Filesize
96KB

MD5
7231237395096e88196ba0ffd7ac0ac6

SHA1
d303ddfed1d4341f30ed79abbc23ce51f651bd35

SHA256
c7baab1cd8662625bc822a3c3c7b57973b927cd5c26192d6cda60ed9ecc0ed07

SHA512
6220c9908bfa889f1db84625dc214127ee76c40c97a0d2b81df251253d4a8cc7ba6387d94f751a8f092850ce8a86d5c7e0d7938b85ef763813c4ab4a0834055c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\formhistory.sqlite

Filesize
256KB

MD5
502a42abe8eea3848813b3474394c6a8

SHA1
e3227dcc2fbe92c08940838be5892e3e1324d12e

SHA256
479a11b34ffccce96b2949924ee1319785547cce240662c131f1ff459b889717

SHA512
6a32840d8d8aee72a9341dff8aeb08573483f1576e320bbb81aeb5ecd84e919a36d7f2915a41acf90a9494964e546d9cfbfa56ea951352ebcf25947b05d411fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\prefs.js

Filesize
6KB

MD5
2e0b0b79413d99ebe2f60fcd8dc7fb28

SHA1
86f4101a94339a678eadef79f6f4a231e39637e3

SHA256
30b8cd5107408bac6bf00acb421a80d9f0feaf31d5be71307d164fe828d4ba38

SHA512
6979acb55250595684fa1b1d796dc056c2a1c2ce8cfb8c184b0e31251aee5db472ced855a587a2b7dbf3d66028334a13cfc2ec0562f4ca8052c84a41193b4d83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\prefs.js

Filesize
6KB

MD5
3fe9e74123a75d2094a5ef7f5bb34bad

SHA1
e8a79e041f7c884c6453323e54ea19678e11f87e

SHA256
551436d81f297c37f8105a940abfd93fb413edc688dcab4617376f9e960c860e

SHA512
e5d75a6a946793d222e5256fe7e767fa8b056d740ba061724bcfa46b58942027abcdcc7c8ea03eec6f82da2c105cf2a5ee9ae2db5c76425b607d3ccd8eaca1d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\prefs.js

Filesize
6KB

MD5
bdfe4af69baf149bb71609469aec966f

SHA1
8a5b4502b8dc8b0cf1660faa63cad9e98226bcf6

SHA256
03ebd7e52957900ded5a603fb1df6ce62ff256ede0bd66f00ca596693e353023

SHA512
27d11308be05a8bbc054cdfc0bd5da0e173f25bdf8fcb3d87e1ff866ee1eec0bef82b3fbfe4a1063ab32144999a5e3031281bc0249e5202ad5c4902ec669cab9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\protections.sqlite

Filesize
64KB

MD5
46af60692fb8e773e3d4b5d45ecfd6fb

SHA1
e87e10ade210f83e774d5d43e0058c3bdb63df93

SHA256
17ede89dbe62fe12796fe6eb7cb3e371dd058299c4dbc3c103210439259398a9

SHA512
bb75958af15094d8bcef255bbebfa3e6cce6ec06f7b4b04662cee5d3efb6b548a8f9662a9bbc11e84c2fcb116c30f380e6b060e935360d481cd119ba74c464dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
d85cd3fabcaee29cde3132d3eb50be97

SHA1
86bcaeb2bc0225e226e4ac48482ba8932dfcfe6b

SHA256
8342ded080a45169f8a56bf1d719de0516a7eb8f9aac85a48c54a754a64a95e1

SHA512
4205164aa9b4d5360fa1b92ed5420454e494d4e6891c9f3dc8f8c779ad0d40faa9ec63d971f4bcfa9d22abac8373b11e277c6d33e14603b5a49a7caad7a392a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\storage.sqlite

Filesize
4KB

MD5
701bd81ab9bb9fb95ec393a557d20be7

SHA1
7f6d6f5a146ac2e0c5f5424da7d7199ca8b6662d

SHA256
1db39598ae2ee67e7a598723a6ec07a3b74ab17ef166a2614785c74c43d1c5c3

SHA512
4f6b7a82f3361c2f452f0093fb0286acfa898528a2933f501bfe627993899cc77e136c435a0cebd95457c72c604b030b46dc07fb7b2b937d67ce3dd46179fc5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
45a55dc8d1047a2c67aad0cdebfbda1f

SHA1
f12566229244ab0ee007d2e3fcfdd0ec71d3bbfa

SHA256
7f28ae4a96c716baf0e7d6703a41b77afa84fb551cc3b50a3a557b5b89de3545

SHA512
93d8d215532d757fc2bb485e90ba99fdc6d440c82c15d741f679f6d0e692092db31d087de1c52642814aa6500d8c601f3e2759a8e48793d12ee5954870281f8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.0MB

MD5
d74616609560769aed7c7596a4b00d2d

SHA1
f40ad5c320900ca90d430c8875eb49e6612cbe98

SHA256
f4df702c04275ff55317312e7d0260735075093e8ffdb34530b0e44b8720dd37

SHA512
f07103b362d882ac9e57c5e5f24ea52a337f634d9cbef310c1f8a8e7424eea802422b3cc9ff378620908cd8074693e808808301d8a3e95975a12eda1321e1cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcddi1k1.default-release\xulstore.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit