Malware Analysis Report

2025-06-16 04:08

Sample ID 250604-vf9ybahp6v
Target version.dll
SHA256 972d58a325c303624e7ee5e10263c6ec3676ccc05755e2cd73b0b8ff7eef9f0e
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

972d58a325c303624e7ee5e10263c6ec3676ccc05755e2cd73b0b8ff7eef9f0e

Threat Level: Likely benign

The file version.dll was found to be: Likely benign.

Malicious Activity Summary

discovery

Unsigned PE

System Location Discovery: System Language Discovery

Program crash

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-06-04 16:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-04 16:57

Reported

2025-06-04 17:01

Platform

win10ltsc2021-20250425-en

Max time kernel

259s

Max time network

261s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3360380284-3605397551-3210292082-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1864 wrote to memory of 4392 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1864 wrote to memory of 4392 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1864 wrote to memory of 4392 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5912 wrote to memory of 4876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 3664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 3664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 3664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 3664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4876 wrote to memory of 3664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4392 -ip 4392

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 624

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27100 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2088 -initialChannelId {5514ae8e-9615-4976-9495-eb3c66539055} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2464 -prefsLen 27136 -prefMapHandle 2468 -prefMapSize 270279 -ipcHandle 2476 -initialChannelId {d0c1cb08-8bb5-4924-8ade-055640bb01de} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3804 -prefsLen 27277 -prefMapHandle 3808 -prefMapSize 270279 -jsInitHandle 3812 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3816 -initialChannelId {f8519931-f32d-4cf9-a685-0183ffdebff2} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3992 -prefsLen 27277 -prefMapHandle 3996 -prefMapSize 270279 -ipcHandle 3804 -initialChannelId {03cbe8d5-84cb-4cda-a784-092cc9aa70c8} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2992 -prefsLen 34776 -prefMapHandle 1664 -prefMapSize 270279 -jsInitHandle 1668 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1376 -initialChannelId {86083f30-c43f-4a6a-aa6a-96dc1413778a} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5104 -prefsLen 35013 -prefMapHandle 5108 -prefMapSize 270279 -ipcHandle 5080 -initialChannelId {d3bdb092-12f4-4426-a022-2d2f3f3a0ddc} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5464 -prefsLen 32952 -prefMapHandle 5468 -prefMapSize 270279 -jsInitHandle 5472 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3216 -initialChannelId {91e3e7d4-7916-4f39-b8d7-2bfcdd0db06b} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5592 -prefsLen 32952 -prefMapHandle 5596 -prefMapSize 270279 -jsInitHandle 5600 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5608 -initialChannelId {fb0d7f1d-29e1-48cd-b2d8-3adc73bc32c4} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5780 -prefsLen 32952 -prefMapHandle 5784 -prefMapSize 270279 -jsInitHandle 5788 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5796 -initialChannelId {049f30f0-f821-45ca-8ebb-2404afe1370a} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6420 -prefsLen 33071 -prefMapHandle 2852 -prefMapSize 270279 -jsInitHandle 2856 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6368 -initialChannelId {b437129d-1d03-406a-bd78-44d1efd630d0} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5368 -prefsLen 36543 -prefMapHandle 6292 -prefMapSize 270279 -jsInitHandle 6752 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6296 -initialChannelId {717be1ce-06be-4a6f-840b-f3bfb7d1ac50} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5396 -prefsLen 36543 -prefMapHandle 5392 -prefMapSize 270279 -jsInitHandle 4932 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3124 -initialChannelId {ff6d3284-6c2a-4494-ade8-2ffc7bbb11c3} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1636 -prefsLen 36543 -prefMapHandle 6052 -prefMapSize 270279 -jsInitHandle 5976 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6932 -initialChannelId {f91afa9f-8cf8-42de-8a01-c9be74f62518} -parentPid 4876 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4876" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49836 tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 8.8.8.8:53 mc.prod.ads.prod.webservices.mozgcp.net udp
US 34.110.138.217:443 merino.services.mozilla.com tcp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 8.8.8.8:53 mc.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 8.8.8.8:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 8.8.8.8:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 34.110.138.217:443 merino.services.mozilla.com udp
N/A 127.0.0.1:49847 tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.103:443 www.google.com tcp
NL 142.250.27.103:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.103:443 www.google.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 archive.mozilla.org udp
US 151.101.131.19:443 archive.mozilla.org tcp
US 8.8.8.8:53 mozilla-download.fastly-edge.com udp
US 8.8.8.8:53 mozilla-download.fastly-edge.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
NL 2.18.121.73:80 a19.dscg10.akamai.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 34.104.35.123:443 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 csp.withgoogle.com udp
NL 142.250.27.141:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
NL 142.250.102.95:443 ogads-pa.clients6.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
NL 142.250.102.95:443 ogads-pa.clients6.google.com tcp
NL 142.250.27.141:443 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
NL 142.250.102.95:443 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.102.138:443 play.google.com tcp
NL 142.250.102.138:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.102.138:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
NL 142.250.102.139:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
NL 142.250.102.139:443 consent.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.111.133:443 repository-images.githubusercontent.com tcp
US 185.199.111.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.112.22:443 glb-db52c2cf8be544.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
NL 142.250.27.141:443 csp.withgoogle.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 185.199.110.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 s3-w.us-east-1.amazonaws.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.103:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.27.138:443 ogs.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
NL 142.250.27.138:443 www3.l.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\288894d4-055c-49f9-9f9b-a02b489a61b7

MD5 7170ed3fa6505cd2a04165f48414921d
SHA1 c9d5b685204437a7e850c1e36699f5748f1caf9b
SHA256 5deb62903a31396bbfb38434778fcd471e4ee1aadee066776a0417c18f00333a
SHA512 e8d04181aa9edbd12c400636be170b9a3776e19fe10b1e642782e6dad0ea1e5a6cfd19e8b29e9558142f7c567a7e2d7e73256b8d80664e716a501c258a6ebd86

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\883eb807-eb2d-414a-88d1-a9b2316b4a02

MD5 c47713c0493c78b012143ffdc0823462
SHA1 742312fbc679050dd2080dc891249fb328c66415
SHA256 c0a548578193219b22c30b28084b66a0596146b3d473e2f3f8865ac2907b20a5
SHA512 0306a17bde27c931bd592770f502d139cd5d5fffc0dbcdf7ab00626d966856f26b54aaec3de30b168db29a0bb01d5b9f81e53c55dc9050bd052f2f7bd115f1a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\db\data.safe.tmp

MD5 47adcf3dfb9c2850941ba4b920f486f0
SHA1 fe47e55341411edfb1c85f6f6a52facc7d9e37ed
SHA256 7c8b9f24f215341355f3563890c239495cfae3ccd3910e464d8893478a405909
SHA512 eeb4dff01875662ce1ac2f6ced5d5fa63900e966cbf347188c0a276afbcd8924e00995df7df5f76838f5d98a6a66bc2e37400592d5072a8f797b50f9561796c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\f473b856-133b-41b5-a9b1-cff3b9c963e7

MD5 76aaee6f3eda0693ff7f80572def5782
SHA1 607630204ef05722b5c135c3672f7c298d977b4e
SHA256 d23a5422c12363784bda51c1515d2c8ab37b17d45aa7f4972616e371d8955b4c
SHA512 8ee03e3fa4d8e44ebf1a938a48c28267b306f9feb73c779889d038ecb4e78f8c5bffa175f6ed987c88789e9be9664d3787cb6510e3345d90758ebbe3d189b585

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\events\events

MD5 ac6d64ca4104241bcc6dd58ad1147af5
SHA1 2d57728288655216c5775204a4d75d9619518e20
SHA256 47bdc381508c8ae4e0a3623a3112a5ca0658d99cea9ad2e926ee09fd7aca8dea
SHA512 bd6b239f9cf58c461f3b9d90f713464f0492a9798e2242a5133c7431b792dda2079aada45c78d6cf9ff5057ef50ef7494a28b7c3e73c595336399f5d96e36c09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\db\data.safe.tmp

MD5 64e67e26c16e19976aa9dd0c35855e86
SHA1 37515d986dfbeafe24ec077bb76eaf3a5401d06e
SHA256 cfaa6722f1d7da1b9a940df91c9b29aa849d21c3544f14e2a3c9c0f27974a28a
SHA512 f18ad3ca202d44c04c11647c821c9849902d904ee94cbed098d18f623f83694b0f0fc192cbc24ebeebf3956089329f51bd8303fbedf3e496eaea7deae0ea1121

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\79090173-68a8-4335-8152-bd8a7bdd42a4

MD5 a37a6a2ee5df507ba199f698ef74b913
SHA1 f236380f7ceffcb1383bb60baa8e444bd9c4b5a7
SHA256 cbafb8cd7805714fea6b7f2944d1c8818439f504fd989ab7307cc8cfb24e3e5a
SHA512 bdb8b15c95fdddbe907028a33c727f2a50c5ab7750b8048ea1f200b812d8f531c8317a6cf5a95a67fa232d6b2fe3f3184bf74d7ccb4877ef191689d1bd712cb9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\55a7422a-6d90-4353-9984-ba14e676a57b

MD5 1f6b65ec012f44366ac8fd02cc70d0ed
SHA1 fffd71214baa94332cccb200b827533864e5cf43
SHA256 d9f0bbc09f1c6f6cc2ddbbbb7a9d458dd0814ac5ee199b78e871190340b4c790
SHA512 1b604da20ebae588b50750e685d9556a121c62e38200b3824938c24c8d1cb9e0c644479fcb029f766d304eabe0d9eedf8f1bf978f30a6723839e9210a57c8e38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\1c2a00b5-8fec-43be-a950-93acdcb59345

MD5 a8d533ba12e6cdd6b4dac2b88c01e969
SHA1 ae7a8d0f9ab12f29048d447fec8607e32bc03ade
SHA256 2df75f9010e2698b41c451d3f2aeab3b7fccb8a66fd3564e7a06d28fb09edf9c
SHA512 ab6c8aa3a478ac18a2c7b3ac15a4d6b055acfd38897edf881b892183b6fb6468f36c6555913ec0f277fa4a059586ff77e1a27e21e689ccd4167173cec72736e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\db\data.safe.tmp

MD5 b46b737a0af8c4186d49b68e476f80fe
SHA1 6f71dabfde4d93bef2cf2dfe973ee86d73688a57
SHA256 81b94c1cb1b9973ec889d6e918d4e580ec1b30981d19239b8f964fc06be7ec15
SHA512 87e605b7646a103288375472aacefaa7e5761be8cdf097666c6bda8bead620217d67eb9c4d561d8dc55b539a59768c0f8005dcea283f45703362ff0687e9ca48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\prefs.js

MD5 6799ce1374bba81adee62d58118741b8
SHA1 86069388c17fc8b05f29e789663b38efb27cee31
SHA256 f14dd957c1575c33e971f9f557c93ca3a6a3fc10c1c90b46871b389855178f44
SHA512 7c95b04514ea32c55c332500d81af2a1a2b864877988ced73608cf1ad47d15c90a441d651e304bd1bb508d1ba54dd4f57e40bf5eed239e73a684c0f580b7c5eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\AlternateServices.bin

MD5 353e7c8c74eb06ab9fcf9a34bc77458a
SHA1 ed54f59417813272899878ffa3f5033ae961211b
SHA256 8010740629be3824f4042d48eda6485b083eb60f308c617f8b25fa92cd3686eb
SHA512 2e6752e801c59559c52ea5541d1456d37425bf830433cd238e71a05cbf198e1ea092e9d78a09fa0237b0d7270dc8f2db5355a2abddf34445a98327e2ca33cf3b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\prefs-1.js

MD5 0431186d1dab172bcdd9ce2c804ac557
SHA1 78ae09d8536253d15148bae0f2d5c2c3a7d24b53
SHA256 cce28da67799380f2a516f7accd73b411a72da4df1ee21150115a6ada31dde27
SHA512 eb3a7ac4d9f5ea0e902f204ff883a401903d94ab106be6f6b30cdd3123b2c7f28b38796169326ca8131d537cba3f4e8f83109ce80fe17e8031892ddc12ab519b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 25e8156b7f7ca8dad999ee2b93a32b71
SHA1 db587e9e9559b433cee57435cb97a83963659430
SHA256 ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986
SHA512 1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\extensions.json

MD5 85ac4e9004ffe97d5bbf205b0456484a
SHA1 bff1ec9dfa4302c8ad54a923158f97979d0de5ed
SHA256 e82c0a1713450964b2a90fe953b50e517f9015cea2d04b8262c0bbfb6466bb5b
SHA512 0dabcf59fb0b7380036f825d53219a47c6755153c56eb3545c60a86eaf0a6b2bcb60432f56cc021c3a433b4293c9c2609b6ac940406bfb571f111d7c20c3de44

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 e690f995973164fe425f76589b1be2d9
SHA1 e947c4dad203aab37a003194dddc7980c74fa712
SHA256 87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171
SHA512 77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

MD5 ae29912407dfadf0d683982d4fb57293
SHA1 0542053f5a6ce07dc206f69230109be4a5e25775
SHA256 fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6
SHA512 6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

MD5 626073e8dcf656ac4130e3283c51cbba
SHA1 7e3197e5792e34a67bfef9727ce1dd7dc151284c
SHA256 37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651
SHA512 eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\B51AF969A252430696D37F2D385A47A961241ADF

MD5 7a7674bad19136b212ca39a1012cf91a
SHA1 bf9e2889dfe942682df1d80bd8c0367a385c8dd3
SHA256 ac5c50a8a2977edecc1074fa70c690b74d837c22997196dd3eab50a63a265236
SHA512 c4fcfa096778be66b2a869c44c12ba3a3f255bdcd5fe0df8b538806f5a4610a5aa65d86095fcc574907c3c0aaf60185e004623776c120ec41197ddf0e9e35d4a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\prefs-1.js

MD5 eb4eb31d424f923f1f8efba3cafa8219
SHA1 905ef03e31858a49f963e58d93656896179cb2be
SHA256 95eb7c589c31547126c20ed60526ce3b8e1f49ae89979a733ccf8182606d9c00
SHA512 c04170f6b40b42d385ad851e6b905a8f34e2b21f057e47c74c7664d75a607b24a9308faf0d29cb6a32d724f347bdee7e5212c7f534d7719b2a8f82950f1b70e7

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 bcceccab13375513a6e8ab48e7b63496
SHA1 63d8a68cf562424d3fc3be1297d83f8247e24142
SHA256 a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9
SHA512 d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

MD5 32aeacedce82bafbcba8d1ade9e88d5a
SHA1 a9b4858d2ae0b6595705634fd024f7e076426a24
SHA256 4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce
SHA512 67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

MD5 1b32d1ec35a7ead1671efc0782b7edf0
SHA1 8e3274b9f2938ff2252ed74779dd6322c601a0c8
SHA256 3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648
SHA512 ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\sessionstore-backups\recovery.baklz4

MD5 0ad1040e6a40572394d690936f212f7b
SHA1 8b80b7768fe3f039447f5ba9b98ec8cca54460a3
SHA256 100e488be98a6d91ce04c96ab13d9dd1f7b0dbf2ecbc1069721c7eaf64765cdc
SHA512 3755338ece704a0160ddfdb2b04ca6c6d3e980fce674c0feb6ca86360cd4821a36456236915cdaa98a566c118052846e177b03a2a6456a9af8473c58cfc12b2a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\AlternateServices.bin

MD5 c6c23faef45599261dbd394cf6c90bc1
SHA1 a7e21474041e91eced98efada15e4881ee4c60da
SHA256 34f631bb03adf75810da5b2db085fbe758277bbbf37be4b2af10f348e08ec25e
SHA512 6697e7f618fd7f42b5286c9fa0ec423b0f99eaa995193bf6326111998832b77821e010c32ee1dfbce544317cfcf3f1e1f400d62b067af277be7c208c910d3438

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\sessionstore-backups\recovery.baklz4

MD5 9b59abff4b25e8769b0dec243aeab220
SHA1 72cfccc624eccb7870ce767b1a74bd623398406b
SHA256 26d7d57eab6a89ab4605bfb4471650ff6db44e90824283b95b6553b4a822d173
SHA512 86b8dc376b1f1299f58026e288f67610e9737072d97e26c5358cd7c1dad28ca0ee1daae16d1fb3f035c20b5a979659266b27c5c27b25951717d82d10600eecc2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\events\events

MD5 c995755e2a1fd7fe46673f60efe2d545
SHA1 037b680ba7650c6b84eb458535b15b03829df1d1
SHA256 30549316408fe2957ae47f993cb7f05944ff250e237e5113acc7ea92844d7810
SHA512 db9bec6f4ae180ae337221568a69be4222c8cbb877952137156703f667d494ad37002a936685779152155164a3f391787224d2602f5c68b5b10ef72f05ccad21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 f72695216994f71ae4d2a0e0db657f2e
SHA1 d2523d4b8f24ca426926cec8e19e44c18436f94d
SHA256 7f22ba00db169658b9d95ddf5954eed1e06d2389fd60f0fa8c1d197566e60663
SHA512 20d43f2671ba4e36d516f92991329e745a539650267c3e55a3e4fc315be281dba5bf86c1f9d6cf3f4c323eb969674451da2b20018586cb7c633dc7fcc01f88a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\sessionstore-backups\recovery.baklz4

MD5 0d53d94dc3bb900368df7e40fbcd6d91
SHA1 6aadc8d26c509aec48c63aa3ee4e4c0508fe3cba
SHA256 6722fec249075eb7087410327c290b97296910b11d8b077b896ba4601518a042
SHA512 9d8cb2098fd348ce369db309c1ac630b951a3dbfb649ff9e027a1cda0c0f8d538bb7dfab6adb6936c65b79ee25ae585d96d81418da50422fb940516e707432c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\sessionstore-backups\recovery.baklz4

MD5 da610d0591b518a993e88b5180241db3
SHA1 f347481afc7deeba0fc987c6c3ef066bc333f0e9
SHA256 9f6b42023872c3b0f294189594eeab90f28ca5eb2e82e7792c9c79b6b820bc71
SHA512 2d4c604d4115c944a3e3bc15b4226a0701c4c2355670a7a8e54cd28889c0d74fa54daecf912a54f5da8a0169c0ca288206775e8c530d89940fcab27525505261

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\A5672C635BBD3D16BEEA7A7949182F31415C12BC

MD5 906b1b2a6330d2d7c3dec23c22fcee33
SHA1 65f27e28330d012f2af5f79a46b66b882ef0929c
SHA256 52bd8b10c6fdcd08cabbb9f73e46d840b5b328b4adcb4de2cbdfda18bcc0922d
SHA512 e954220fac5076e4397c4229d89c4337256b10c065582c7aec0afb73b3b36acbd7ba243a7289ea47af242f6b44ad9a3af7ea7b27c2b38290f3de368307ddb785

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\6A94013ADBD0D03ED9B4DBEA19DD1C8EE5130029

MD5 9923efe5b3366227dc2802a79afdf537
SHA1 72b56868886db82ebeea1294ea571f0756388a3b
SHA256 d7b5fae9809dea00822ef917dde1276d426b240e1747933f27f79ee5fa3d9811
SHA512 32e7eae053517fd70c42e898053e2aad193bac65d56633bc704f8b00365dbaa933fd2bd8e4c36b071677138eaf68015b6ad2cadbe793c28dcd36193767366788

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\jumpListCache\lLWF4OqB1bnXHKrvRJ5Ohc4Y+35Rt_j+IEVM47kqDS0=.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\C24E5D10C05C194EED50B1A198E1478F5ABE7A8F

MD5 50f3649b34005628ae9814e1a903e61d
SHA1 4a6fc2a96094a4d30ea9bfab18d0349963098a66
SHA256 9677a48bbab795348d3dea80d21ca75eef508a5858d8d4c407187ffd0cebab49
SHA512 dc3de2d70eaac26376cae2fd2b88cd90b1bcc5e4c179515f5763a39b831f71f76baabf73122643680e9fc9016126c74264d13d5d4ec9f1c0dea500d5ca190f82

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\A39B9C3E01E8F22B910C251645751CB4A569C35F

MD5 faf380b285baf7cc8d073056f88a34da
SHA1 70e2b77f90b1823cbe8d356f95e22c56c6833a90
SHA256 40159b49d214735bb0e8b1939110931c8d5a108fc8411878fede1641cefeb7d1
SHA512 2c179cac235602b8a08d0e5da1782794abcd2096988e2fb6fcf96269be1a2b4ded23d8f54d34acb63ba573b61a2e1893be3e70cceb6ba651f54d55ce34aef369

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

MD5 86e695028bd8ec8cd30df25f62fea5a1
SHA1 ab33a7f7be4d3ee95b40d95ccebe83cd3906864c
SHA256 ef8388f23cc4820d8ccd71554a1a62064c747a6f9362d03aaf7503d1d8623cc7
SHA512 0a042558abb88549fe7759870af5491cef7c9648470ed6f510ed7b76b9b1591ac5f0e08ccec5ed601abf12b83e492ab91e222fa131a5f23c55fb61f2d04efa47

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\9B4ADE18D4C6D4D7D38F8A06CC927B6E10CDF2A8

MD5 f394bc5500295a4b65c458dd1ecd8f58
SHA1 f514ee078bc550eba683a77d567f9f9db447f457
SHA256 006e27ece620c4851d5097c320394bb86bb2270d0a9bab972781a83fa21dc0ec
SHA512 2f05578894c3910980d1265660651b11638cbeca48512892089e554a57d2e52d1c636258e85bcf70105523e3240ddb62a3fc792656bbc6aa98b6a813dcddeb1f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\77356E8C69685CFB2FB73B368F2A9DFF2C714484

MD5 ab33b55401a65d9294c8efca042256a9
SHA1 852bf48fe132704e4b6d89681ad079e19eca1a36
SHA256 0b76189b0e3d4cb9f8a2171d243ab718c3a48acdcafc83b2a748f30ec841b4f1
SHA512 ff290b321c22ef8a3060dbc7fc169fbaae0f64b015e1b81e3ad0de5f4ef1f68abcf7b953d2a4370be5c74f004206681aaf1dca5ff45ce7e2777491e358a9f5b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\E2B13323F63A0E2EFF9C39711F74532619C05A3E

MD5 214dcead157aaee64911ea4d9c27e62a
SHA1 527e8d5470b8e0ade257d757320c478cb891607e
SHA256 bb354a47ffea274016f5ffbcacbd120c7c6bc9c7d3b61189fd51acadb5977ad3
SHA512 e6d29fbb281f7dc9c0d78878728d82ff01340921368cebb9220aa5466031504c7d469acccee4b8a631f1d24f5d0e280da73f41e027347cb3d1ecbf49d0f6f9ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\CE33589F55A3C382AFD7CD73A1CEA6CED3494049

MD5 309c70e630ad6772a0b54c1ace2d988f
SHA1 50a1187e37093d6105377f6a162cbecf49a28826
SHA256 305c7c0b68cc6a128e0a96d808db584abaebe66dd1fe262f120e62ba8004ee7f
SHA512 cd67ba7996ddab1ee637b1e6b3f8c6c4c198e1c46f1d668bce6a0a8b19eb693299ec35cb23df0b66795bfb8cfc61e917788855be6d38ad6fe59c76c9a985eafe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\AD7A44C3690B9E6AC4CDED26236FA3BC1F22D9EC

MD5 0e6e6d1b828bd0578552ba41cccbf01a
SHA1 d1fff02fb682e69bc66973cd5e9dc20ec4829105
SHA256 cdd372b990ddde93e9e3bd316eb797eba6712d3940f682deb153610d3381334c
SHA512 1779024073d654f1ffd85a14fcbac0bb3f57ad955e770cab4561710dbce0ee634171d906584cb08e55f9ab53f4cbae17340655f4c4c49dfdc2c77ef86d67d37e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\38B1180F534CAA5BD7FD7FFECC9088C3C07ABAD5

MD5 080f0f4e5772e199ebaba897630ec6bf
SHA1 752751d3d6c2c8287ad9dd151a6cf187fb96cddd
SHA256 fc89692a5264dba368c84fdad2fe18a32e5dbe1a921955290a9fc53d416f1814
SHA512 e2a6e80fc7f3a90fa534e98b16444b70a1a45f5c95035540d4718fcc0197534ef371ebe03423e40048f2cc70bf1e71bacddc302800ea4ee962acd89f99784a68

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\4B104C6AE7FD1382F2FF87C36C33D4082DFB3460

MD5 29079cfc4ebc003cd94259d57ab90d5d
SHA1 b50b424db13110c1a16e5fe799a9c91c490924b6
SHA256 a5c2006ff5040895892e2eb4e32b35bd4b3b2d33541c29fcba06d341f197a5c3
SHA512 f5586a6de3cc24530b98e93f332a96cf6482491f5dfbd18407b62ea84f041eeebdc9f42b163832756ea7b7f10f4230fb650ccfb6f0e1a05da2147406f316ce94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\9D033246B88529920FD93FDFF568F2C5FB4176D6

MD5 037a46071dd8dd255dd65a8e40e742af
SHA1 b73de30f35ab54d3e55b3abf8da6bf20a3e487c8
SHA256 1735cd85b0fb21168d04c1e46a89573fa7602b52c789c1898cda676c0d779389
SHA512 69a69ee8b0a8212c675d5944213fb3e57948f093d8de5ee1ce3d628c722412c99e2eece93dc77d043e1c79448a238dcd6f1a4e475fb563e0dd9a6a6249d971be

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\6AAFCB93FBA14ACE422ADA68B79A6F3C7D987282

MD5 2325c83ecd4cf3b0684085c95263a25f
SHA1 1d00bc21d010ba151a97a9b9e23ed6c9fa7cdb74
SHA256 461021c8a891ad020d6996485927897e94e3405c3e4c3c64b615c47e4a1ca7cb
SHA512 30db925ee90445e57a07b5f8a97edcfacaefb3eb1257aebf8b57f9b0fd8f5de5a187aadb3eb601da2a79731f0272a62d64614168606f9c45248cda7d7ee5c2c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\83DBA9711E264D0D1ADB30572DA724D1E6E3F98D

MD5 c38a82a30026425d8b534718460c675f
SHA1 f1e36d17a5b00a9b231389af4719a589be4199a7
SHA256 bc2028ed10537f7541e5e0f310b77e13d0358be388c712e5c30b11e4a16a9d28
SHA512 7c2fb3f94beb4f788792105265929eea3f22288412aed27adc080565519217b60c1bfb360f66b00c6fcdd5b70182e7909797c7e7534bc9d88ebc3d224c3fcbc2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\9B112700463100E12571CF6701E3E7B87EFC5AC4

MD5 c66a239be8b0b23ad5dc505d5c5c10da
SHA1 477386f4f9d24dd7b99208cc90576321b4253e05
SHA256 1c1032b3a58b96d50fd06dcfd3f4273b7c1fbecbfd3fa0355ced89c352fac419
SHA512 0e94f300d3041ba39e81840e7e8e129070337ed5aa1298636adb13c4133fd513215279825f0030508fa4c2f476946a9ba6b61266b94ee6629c29f0af00bdfe2e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\F2093F74FEC17377ADD0F6EB40A925F233BFD56A

MD5 8ea655ce07ddd6299d8e828567cfbe7a
SHA1 45de0261cc77de597540b2666274b5c446bc0bd7
SHA256 bcc4b76c6ae00c71c22944fa63efdc6f17b33e0dcc0ad701b2fb7d5f54a37992
SHA512 73f4a00c29ecaf0cb2073c87edff4d3a42abe728c6bf9d1e6554cd4e81d3dc1be95a163d76f8c72d317828516e00beb27f2d770346a89f8ecdc4c2fd81acf652

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\AC09D9320798EC24FC34C6936C60E698F3611531

MD5 a27610c318993c86365d56f9d1d01e2b
SHA1 0a7e7b20926dd3c8b4886199903481eec6598280
SHA256 f950f1a7fe214862d1ed1f6c106596bd110d9edc40a86fe150d680dd2dcfee55
SHA512 cebc766fbb8a25276e0d509efb42c22ebe450c970775895499452736b07e7db268ec4c353a7bdaef5976352f25189a1ee7974b38a77e8affaf899f180a545388

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\017BC7F2540A06AFE31D210041CD6C2730DD987E

MD5 958019db1db5133b51c355d0f791d375
SHA1 aee4735fa0c69991f798cbb9c036adbb4232d865
SHA256 a8b85b4b94f4ef4ca3b5dceafc7d6045fcd78f148a062f34b8056c361d565169
SHA512 6805869e8c1cc1c3a6d89369e5390209a7fa3d1b99d29e3076cb0ee29203b11863f72af22a122138c70ad4548c69e13dfc9098a7335d7a83256985753939625a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\A410AAB68B906EC221A0AA085692CDF035478EB1

MD5 85c82f184706c0d0db64470105858072
SHA1 68686e133447fb3eaf9554764c6fcaf6267bf9ab
SHA256 9b0056327dac90c308da3bcb55013cfb87dcd587f84f223e9ebbbb905a7a043c
SHA512 84f88492460e6c5bb748b5f4ba55581c035c1d8863af31eb442d991b38e9e7f03533cde4576efa8b47292a397e4d60160becddea1aef5c6c1e7a762c8698aed9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\3A5384920BC531A47388FFD7CABCAD92EB5EC8F3

MD5 bb1849ee1487c3e3a84269e90af02d65
SHA1 ba5a040a7649fe2ce959c2ae98a2dfad1a128fb7
SHA256 cd54ba70ecf2354b376e353d575b716e0a63243fb66815a6440b8bf8ed74d42a
SHA512 5c2ae105b8deb83ba42cdc52b79d3ae40c309e06cba4b09ef8c9d1ac42054eafcdb5f1db530f63154ae81a41c51960279e157bf68683295daf2cc276c64ac679

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\DA9269F9DB3781AECA8772E05F4053DE7FFCDEC3

MD5 a687733bcc6561697c668a3465ee9005
SHA1 b47d90080a15239f3a0d709fa345e2ed900b9d30
SHA256 28ac88dd5a5842a17fdda38c9a5f42055b4a580c497b7148c69b11d7c1fcf37b
SHA512 c8f1db1f79f2cd6a2febd176c7359247e86fd8c0fd672d38cd4974d221c12cb4326daf60cc190e498ab2adced27d13216ca63feb2b3d3dcb30404c3226885797

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\A0A347FE7DE940AE08279CE444460A0050584813

MD5 cddac71d838d07b6f8b9013714140cb9
SHA1 90af6a80f7b44cc7099e3de4cc3fe989698b705a
SHA256 1bcef9cd9b9a62472f89ac50e67d1d94eea0d4142ff3cae23946b483a7d05162
SHA512 78d67b8fcc6734374c699845a02175c00dfaa32a7f067c35ec4d9b9c44c6377c864a7ded7d2c34688f3ef337292d24d816dbc477fe30dd848997e164475bf04e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\3D16661C2CAB63AFFE5CB37C28999D601FFB9D83

MD5 04da72769df9620b84336402b7560374
SHA1 96165aac2afbcc38f4eabe49ab32bf15448985b1
SHA256 b5371edf7c0241e454771cd99e8a43fe35f301d4a0357d8ab79ffffcde70bf0e
SHA512 39bc7f5f5d02b960857cf11765bef12d115024e34cdf90dc2846564fdc41c14e34cf602dd500fcd805d06e52515d6fe83a60b861d242433fc3722ad7f6b754e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\EEE6FF1C7B5C761B885FA48C292ED38B7246D326

MD5 2032d6c9bec930a0005fa6c573725579
SHA1 b1eb5514ee2b78af60e1203b375fb9b66aeec656
SHA256 8e6814ea84a4908f7b1ba0f8d2030371417490498aec9d1daee3bcac8d081de4
SHA512 238531dcf5461b922621b5eb5436d7d886a030c40f952ec5fd5b120769075558346238d8c3d91ba98692655cb96c03ad715ead193c5d4fd3e2d388a91a3995ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\0182A8D98A2D20D87AC727A3442A5625E739E388

MD5 7990ad55ed585f46fca119df20457362
SHA1 983b55e0fa19d231d58e4b6d1a84d495695ed9cc
SHA256 afdd1d6ce33641cb2991595bcf1812c90c6f3c0db02470135aea2aeac1e9095c
SHA512 40fb89c372342b37633cc54e9d3a688faa0d9a8d14851cf1c2b57a001ae18c7c7753eb434c210fcc39d609a6777d75ea257723994c20939bcc2325c8fa966cdb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\6861C853182D152D10996A8B97C753363C7D2126

MD5 c1ad8f16ca1aed97e7a1fdc6449771fc
SHA1 88b12a7b3b24d103ce774b1ae1e2823d0381ab39
SHA256 b8e646c6061f50fe7446740abdd9f4d70f43d1a3f8cd4ea2aac1ea0e0f6b92dd
SHA512 0f9ca98512141b2d847b10a3bb2eb72f1d953d2c6b63cd92c463f552294ad1b5c84798bcd18fffe75b8be421d8b732adf9201caf0cc30c87aae6c784238f41e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\3A742D9D4015067ACCFCC0AC076EC1289E250CD0

MD5 d1e65436069a86087a89c2d5e8a87dbf
SHA1 42a5f0bc39805e38e23c74704c14d525447bc39d
SHA256 18c744f37e29ff3997bd7527cf5a0f5089c247f5d5351c5c418df42179f89d45
SHA512 8110a38d8e11bf64db1c2cd1edb3e75278ebc2e691ac53c59b4432733638b033c251895567b717e478624d9f92a79b8afd830f009ab633a767077cef45695776

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\15C1D0BF0B02995B5D25BDFC7B8CC1072DD50E84

MD5 b4f48f05805d0fce328a4031ca371339
SHA1 b51a2cca87beb6168846e94610705013c4b60ce4
SHA256 2b8f73a5586841a2908c4064765d85bf7bbf3cebd43c35ac5c04949d9ae3950b
SHA512 77b11f2193fd9d46500255ae8083c2f8adf0147007de52884520175c4a4be71f5e19eb62b844f60b25ab227bed4e8bbd8b6d9e9c83c748ff58bcb5efc473795a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\0F2EA82AE199294C988145809D7B049D811C1C85

MD5 35bdfe86a54b23762588674c0cc77384
SHA1 2c8b9fb0e39b1a01c2842e1be8f05ec95b565c6b
SHA256 475eccb57234b716cc59bace6fd50c83474183bb768bea1deec9b0ba8e6a47f8
SHA512 25a5112edd2343422429a50b1f0eb4e1e7bd871cdea7c96f926201de36af22d6fd57d403587d57831718bebdde97f99ccb87b3117ec35e36f5b1f4b5ee1475e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\0DB64A5B85A83046C0E867BB7B7675079AB58214

MD5 d306e2f9bba4072475db6cf41a9c92a0
SHA1 2009029906f0b27ae60c4a7d5f0c43c147e8babc
SHA256 efbb62053baa08727cae120aa2645d02a5138742d5f7184418323c5606cfd18a
SHA512 c901c9659b3a8789eabf549a4f66ff3d7c85b86e6a269824013630e068f5a35471ef8ae8074f3a1f63c14ef64d544537b269b9dca807852cbbaee5d884585d30

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\B382C5E4E84C52EFD7719E1B6E52E2E409FBAC76

MD5 9557ac0e858c55c63440d4e5fa094b25
SHA1 d649397f0baeabeeb7b3dea2e8c4e27e1ad0f7eb
SHA256 c4964a95d5a975ade209a925ff5e8ce06f4a6e8551a26962164188955f1ed9d7
SHA512 279cc0708f58afedbdfa203170fd3e4058c58a9bddb63886f0aa18607c1eedb0d065b5b42df5682758586d2a95ee676d88960f14d20fbd71e4cd617226d59c66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\5B2229BDB395F90BD36DEB8AC6207436CAB7997A

MD5 97f0ef7b25136267cade10529cfe1e04
SHA1 e16c18e27fe694d5596b2687863a502fe1c2f037
SHA256 b45d89e2a943e3b4a6e66d46d4883db7e7bce0af01ee39385ebba6a1e9fed663
SHA512 c9c90d88403fd8433322675b036604d1a03f7b2aa8e4f63417da4cf454d221268735d3b01eca60a45a14050722ca5a7af270c678ee7328f3e010f032a766dd64

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\B2C4C1955A47AA885AA4345D303DC056D151506A

MD5 4b2bc36f98555b71d9dbd1b05bb87d3e
SHA1 6180115b6576a45b3c5737eec74af65a7277e747
SHA256 8eca25b9515b8a10dcf2fd60f9c1285e4c17625c9af1bcce9a8b516022fa4c3b
SHA512 12710ddc72d98cdfe09c03dafde8ae795caddd13a5da178f36e3625124195c73af0d82266c792834c9d5d46644404d724ea0a5e1a2549496281c8b560a255f61

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\F006F841FACBA112F32A3FFC07A2F54F55179569

MD5 d0785e2ea210885deb7249a1fe869d9b
SHA1 6cc37ab500761a42611d6dfbf33fccd8a858f6d4
SHA256 c532999fac2ecc79927131373d44c0cef4b6e9493fe063ab00f76a82e91e11f6
SHA512 c86d09a033bf7c4c47dc9381377fdb3638ad64c06b524a5b5e1fed3f01fbf35f82885a8e43a3b523410766ec6a9cc1263ca58c265e71c9232528012f6e5ccda0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\452BF0273E91B1AEA3DF400669867B46E0B27511

MD5 957fcb4071f84bee7f77c6f40fee9fa5
SHA1 c91886d34b14732c40d4857d4464340a8748c85b
SHA256 ca51d327985a92bd5f26324c5c7cbef4910405a5657b6ec59dc1498d4339b262
SHA512 f579f7d42aad12221cbfdba3c4ae17ea64aac55078a725492b02fe0cdafccf2191e81b22df3db952ce18cd52dbcf58a6c4072b586b2fa415d63205369510a35b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\8C2C0BC97DE6B313E11C23586632C54149F3EE06

MD5 49ea092af75c51c8b00fce4c987e49f7
SHA1 75ad348ba12ab470d34c5b25add14d4918f9c6a6
SHA256 a1b1fa3f3965713d47825ba3ba4bce92639c6b52c9ac434750f6f775357ce871
SHA512 ef3a00b72fae8faf6033fe4eb6f486a4b290c1f031f290d82bd01a8788b9d0354432bbcd7aa5d10d95d8bf53d3741caac88593122cbe5bc1c20b5f29956446ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\EBC28C23A7F2183441DBAC8FBAA183611254988C

MD5 bc3edc411cdd8df7ba7e4c79ea8497ad
SHA1 891e40c7551560c459a0f730577f1982de7b4e40
SHA256 25de9a9f15ee23bf83a5d55d8fe4d64183845218ba5ccb483e2b8bca5c558fdf
SHA512 a72af2579a3ee5c69f062978b7868c3cfb6e871cb01d7c1cc878a11afb880eea3da27e3f12bd71d224a43c9ad322033fb897552f5f445cf37c711078e4f764df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\9D438CE6A6419BFDCA191E4DA745003C0518DAF8

MD5 f03e4609512964dbc13191481fe65dc4
SHA1 8188b597e5cff29b65dc6543657ae313d8220755
SHA256 2ed446d97d559f783b76c4b81ab66e3f1abe20919e2d2e5238e2c79da8af965c
SHA512 fa6c766b679f46a638b684bf2a929be905a4232edbdac65c8bc554649b1d01368491c6632cda0dc39a0d08f52dfd6e2b0b2e83f0c6e934b7baae5f3cc0b9794c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\0AD48CCCFED71D622CD5EA652F441003DD8917AC

MD5 c5efd244316e652bc285206c3fb85ff3
SHA1 fce3191095844936b5f66a69d8e2cd99c240b166
SHA256 9ab2e99b2d6e459ae27ec8815d3a6f52e237317d5017a2299a14834d98f8ccc1
SHA512 78f8991364cbdf66e8241763c3a8567b1b8ca0c2fc45f40424f7af7a0949c8cb7d2716d907538d6b8817f57f86af83a68592da238c38fd8dae683bbe7e3a7958

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\D954359A8744C7879D56DD1A89DC2D993E95BD09

MD5 10464ce273b223132facfcaf77483736
SHA1 9f20667dc4136b6bcf7b1569d18f05275f7c83d4
SHA256 6e08c9f27a512a39e48fd9d6bb5aa77a06bb1ec87257f668338005edc207df7e
SHA512 eed55fe430da01e2dcc32808fb27f49998e038cf429fee78cdc575268f7377e20a434efe50ffed5fc112f16c59c729e40fd75b676ceb229440321ced06cd213b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\5F2CF3A3D368626CD595FB99EFE5DB72A1BD0A3D

MD5 61136764e80a182dfbd8f85225cc1b14
SHA1 2b053c247a749ea2520a97154e96862f1ae91919
SHA256 7a8aaabca63f5a8951a0bb315008b2170393433e4d286bf5b225312ea20cb426
SHA512 3e157a9fb6ad8608227bd885a09298e4f583b7f7a8116e0a8331d4fb5178711fe97091dc4233cdb9ae59241e847d69344992121b14af23e5b4162454f67139a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\sessionstore-backups\recovery.baklz4

MD5 37a7569b467b2e947b9db57868f23e61
SHA1 2248236ef0a0eb58231d4cf01175c066a16b005c
SHA256 a6ccde33bd8bf83bc4ab4bdbd104430ede6b7546f69ab4682e0619e7c637cee5
SHA512 b30e144b46d89de143aa95a18646f059f7b16438f52debdacf65ed946f7fed8681a799a786b936a6825c5f7412f4d6c45ef43ad6cbe5eded130157f9f7b28835

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\db\data.safe.tmp

MD5 77081117d94316ec0adbc22bab214ab3
SHA1 7e55d595cc6e662d58ec905fc0bec20c4194f0b1
SHA256 ba0e5d530ed4702295c6af5b328b52f2f9dba4538f9e09693522f89b1f00eace
SHA512 e13aef9c050766a889d17aaf453e3537db852b1270e76c24db1c37c23d6fd244fe5ac60e3cd86f9e31b84581a42fcd894099aafef5bfb746552f6e7e69063fd5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\8d274d17-9ce6-4822-aab5-957217496509

MD5 b527418922dfe413aec98bf86b6d9a56
SHA1 fc40b76050c84d1a5dd8837b403beeddbbcb4ccf
SHA256 c6954336eea22224484a8da3ea3304d4e292599fa9896643b8084832f990a428
SHA512 b20277e92dc57a300efc7fedf3786887b5e17ff7cf5af0bc58c57cf0526a30d432c42418af8684fc8445c10c6b3b19127461127c82344259de874d995c48da37

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\33cec306-5b48-4e57-a01b-78d14e246b8d

MD5 d8231c5ba8ae3d20834b3cbd7aeeb6c4
SHA1 a4ea79faf985b021cd3bc16b0b24bf3002db497e
SHA256 900dbc41db8bc894403a46b516128372eca73ae1a67acc5163368de1a76cfb08
SHA512 5cb542fe2f92a67b3b6f500354cb6ead0cd8149010fd3abc2034412d6631056fb6d5c6d533e6b356a4a7ecc6ad35a3dfb88ea720065fd0817e4ceeb9f5d280bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\datareporting\glean\pending_pings\44b46849-cd6b-41df-b60d-ef3dc84ba4d1

MD5 6360890e32c29c750bf09d2da82c8f78
SHA1 2b2bf8a59be51a2426beb750cc790ea4abb85d2b
SHA256 70554e330a34082836863619384ac054307eba625dec361cb14b8f7620c7a283
SHA512 3477b414c37cc8f20c5466cbd498416e8361706294b60774277e81679769149d0317910f8d110835dd8a154f3154237b1cd60571df2aaa21f6153c8958dc125e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\sessionstore-backups\recovery.baklz4

MD5 d7266cb4ac924094ccd849918d56def2
SHA1 253866ae0c39dc51d4ba6e51e90ad89df8e89725
SHA256 5b0a2018a31a5a27b62380f1181162c8f4a9079eef36d4bdde26bdb1ce529525
SHA512 f9594daa11b369e0f7cbc172d896d7cd15fd81d072fe7563c238c5dddbf8c6d822c171c6aa8f7e93e29662c70592a78189e8c5b5d1fb0db662075f6aaebd9633

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fd4aazyt.default-release\cache2\entries\E2109732BB0DC5ADCEA298AC1A72E137C28A851B

MD5 43a784eac3689a49c7eb93420aa9cc3d
SHA1 fc3ab2c9d75ebd09b220e0b3e97b50da7e108faf
SHA256 c9240144ed9da9b7c92636bc86d680128e22c78aaf0163b8057753119b5c3290
SHA512 022d7bb7f73a9912250c3df8c77f3ad86f036e9eff91d9b8c25fe81ef1faca1d2180c5f6955549b2530cda1d8e0526fd3ae4a052c78a888860a2038f20bda836

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fd4aazyt.default-release\sessionstore-backups\recovery.baklz4

MD5 a4cfcc8587b1e731eb1fb66ed1a2c701
SHA1 9ba91f80784a96d729f78cc81d9760b3a846e3c1
SHA256 ba4f063a3f7563c48c094c11b905b811f89c2240e6514f9883c366ae0157fe8d
SHA512 a91b7b17810dc4d28109bc2681f7772159f4408472fab0c479128102bbf16817240a2b373e6a3dea5f5751e672d6029f30ccc42dab06a9148f994482164cfe34

Analysis: behavioral2

Detonation Overview

Submitted

2025-06-04 16:57

Reported

2025-06-04 16:57

Platform

win11-20250502-en

Max time kernel

0s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5720 wrote to memory of 2952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5720 wrote to memory of 2952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5720 wrote to memory of 2952 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2952 -ip 2952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 528

Network

N/A

Files

N/A