Analysis Overview
SHA256
886a78f6d4a3bb1667c7d8ba553487a9d42fc38188253d3604cfe5c0743b636b
Threat Level: Known bad
The file Auora.exe was found to be: Known bad.
Malicious Activity Summary
Detect Umbral payload
Umbral
Umbral family
Drops file in Drivers directory
Registers COM server for autorun
Reads user/profile data of web browsers
Modifies system executable filetype association
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Detects videocard installed
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Views/modifies file attributes
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Runs ping.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-20 17:24
Signatures
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Umbral family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-20 17:24
Reported
2024-04-20 17:38
Platform
win10-20240404-en
Max time kernel
693s
Max time network
698s
Command Line
Signatures
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Umbral
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Auora.exe
"C:\Users\Admin\AppData\Local\Temp\Auora.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.0.287739424\1526139595" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5bbcbca-4b7a-473a-9813-bb5a4fc7e28c} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 1796 15b347d8858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.1.1937405023\1905143001" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bb3fb24-4e22-4961-a5e8-d43b9222d0ca} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 2136 15b22472858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.2.45660742\2121742018" -childID 1 -isForBrowser -prefsHandle 2772 -prefMapHandle 2860 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {daca326e-977d-4445-9a8c-e3e7aa1503aa} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 2688 15b38ac8858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.3.512322442\1432680055" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc55d969-669d-4d1b-a1dd-e439c3ed1188} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 3484 15b22462558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.4.828976096\744920070" -childID 3 -isForBrowser -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bacbd67-56cc-4191-844e-ae9290659876} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 4428 15b39b96258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.5.1127200955\2083534621" -childID 4 -isForBrowser -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9650b71c-f24e-4641-aa06-f478e2a02d8c} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 4968 15b22461958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.6.810400788\1944488681" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d06e078-140f-4244-879e-e3e890d19c66} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 4988 15b3b465f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.7.927535438\349274209" -childID 6 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e80c88c-5a95-4919-9507-495e4e459b8b} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 5292 15b3b4d1858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.8.1560701118\1256214177" -childID 7 -isForBrowser -prefsHandle 2640 -prefMapHandle 3920 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58255705-8c89-4cf3-b795-b816ab07e8ff} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 2636 15b3ae4fb58 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x398
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.9.1140612609\1409687776" -childID 8 -isForBrowser -prefsHandle 1604 -prefMapHandle 3900 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99155365-b5b8-4764-a7cd-4ebafe700310} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 5836 15b38aca358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.10.74645171\486493461" -childID 9 -isForBrowser -prefsHandle 5196 -prefMapHandle 5208 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f72526f-bff3-4ecf-b23b-7eeae99712b0} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 5272 15b2242f358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.11.111892798\352709960" -childID 10 -isForBrowser -prefsHandle 5992 -prefMapHandle 5196 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86799cd8-eb33-4a66-b10d-7e80b1cdfb59} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 6020 15b3a54b258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.12.1022128033\665934639" -parentBuildID 20221007134813 -prefsHandle 6456 -prefMapHandle 5992 -prefsLen 26777 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {247ea450-68e4-4859-b5e4-fa2bf5ecc725} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 6464 15b3cdb8458 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.13.1645099042\847835183" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6592 -prefMapHandle 5888 -prefsLen 26777 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86e962ae-6332-44a7-9d39-ff62a5242115} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 4988 15b34cdc558 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.14.1466813492\2102856470" -childID 11 -isForBrowser -prefsHandle 5748 -prefMapHandle 6232 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07328fdc-f220-4d35-ac45-e89b7d70b237} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 5544 15b3c8acb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.15.1847473473\1345485951" -childID 12 -isForBrowser -prefsHandle 6260 -prefMapHandle 6156 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5924367-6d67-4a82-99dc-deff865b050a} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 6016 15b3b4ce258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.16.248360949\542399363" -childID 13 -isForBrowser -prefsHandle 5840 -prefMapHandle 5900 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84f80bac-f8ad-4674-9abc-da18ee4c6d66} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 4800 15b3b466b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.17.1512283719\1957040906" -childID 14 -isForBrowser -prefsHandle 5172 -prefMapHandle 4340 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9d55f1b-5848-401d-8597-5b37abf9b480} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 1580 15b3ae51c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.18.318658048\934546482" -childID 15 -isForBrowser -prefsHandle 6928 -prefMapHandle 6988 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44529f53-7e96-4b14-8306-171682b58510} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 5172 15b3c844d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4928.19.1387597453\1136511683" -childID 16 -isForBrowser -prefsHandle 5748 -prefMapHandle 11180 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ff27e2f-6691-4d74-b744-7e1a07c1df39} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" 6820 15b34c7a758 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.0.1050860695\1260587820" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1576 -prefsLen 21569 -prefMapSize 233863 -appDir "C:\Program Files\Mozilla Firefox\browser" - {961f9daf-8977-407b-9e00-7eb603efbf74} 688 "\\.\pipe\gecko-crash-server-pipe.688" 1664 21828206558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.1.1280758534\24845955" -parentBuildID 20221007134813 -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 21614 -prefMapSize 233863 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63bce091-6e18-43cc-bb33-21f54b37f4ce} 688 "\\.\pipe\gecko-crash-server-pipe.688" 2004 218160de458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.2.678662415\1165562979" -childID 1 -isForBrowser -prefsHandle 1000 -prefMapHandle 2764 -prefsLen 22075 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85b78cbf-54a7-493c-bc25-21e616981dd8} 688 "\\.\pipe\gecko-crash-server-pipe.688" 2776 2182825ee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.3.2105000056\527653851" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 27253 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97cf6c01-5a37-4418-b215-b9f5dde82176} 688 "\\.\pipe\gecko-crash-server-pipe.688" 3576 21816061f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.4.1378638368\1923735800" -childID 3 -isForBrowser -prefsHandle 4428 -prefMapHandle 4424 -prefsLen 27312 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc91f855-f73d-43e5-88c3-9b20eb0834df} 688 "\\.\pipe\gecko-crash-server-pipe.688" 4440 2182b996f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.5.1014411575\527870864" -childID 4 -isForBrowser -prefsHandle 4616 -prefMapHandle 4744 -prefsLen 27312 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66c7077d-e0d3-475a-99a2-70cb00824942} 688 "\\.\pipe\gecko-crash-server-pipe.688" 4704 2182e890158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.6.995176716\1745668456" -childID 5 -isForBrowser -prefsHandle 4900 -prefMapHandle 4904 -prefsLen 27312 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d19e7ba-8e5c-47c6-880e-3909345fadae} 688 "\\.\pipe\gecko-crash-server-pipe.688" 4892 2182e891058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.7.1648612238\2111138985" -childID 6 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 27312 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9390bf5d-f2b3-485f-86d4-9a75a0df6ba9} 688 "\\.\pipe\gecko-crash-server-pipe.688" 4876 2182e891958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.8.1136613753\1692945692" -childID 7 -isForBrowser -prefsHandle 2396 -prefMapHandle 4292 -prefsLen 27321 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e689a8f-64bb-421a-b998-01e97df1b667} 688 "\\.\pipe\gecko-crash-server-pipe.688" 2436 2182cf54d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.9.566033679\612173572" -childID 8 -isForBrowser -prefsHandle 4792 -prefMapHandle 4796 -prefsLen 27321 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f2131ea-6565-4091-8f89-95c558341ab8} 688 "\\.\pipe\gecko-crash-server-pipe.688" 4848 2182e755458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.10.1937166477\1676663246" -childID 9 -isForBrowser -prefsHandle 3948 -prefMapHandle 5900 -prefsLen 27321 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f27130-fa59-4ed6-b28f-52f50487bf6a} 688 "\\.\pipe\gecko-crash-server-pipe.688" 5848 21830ba4458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="688.11.1214419542\697296369" -childID 10 -isForBrowser -prefsHandle 4648 -prefMapHandle 3576 -prefsLen 27321 -prefMapSize 233863 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74556a2d-2dff-4096-9734-adbdb09227af} 688 "\\.\pipe\gecko-crash-server-pipe.688" 5952 2182b996658 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:49803 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.233.67.78:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 78.67.233.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49811 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:80 | discord.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:80 | discord.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 18.165.160.37:443 | assets-global.website-files.com | tcp |
| GB | 18.165.160.37:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | d3vmvmej3wjbxn.cloudfront.net | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 18.165.158.198:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | udp |
| GB | 18.165.160.37:443 | d3vmvmej3wjbxn.cloudfront.net | tcp |
| GB | 18.165.160.37:443 | d3vmvmej3wjbxn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 37.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.158.165.18.in-addr.arpa | udp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | d3vmvmej3wjbxn.cloudfront.net | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | 175.5.18.104.in-addr.arpa | udp |
| US | 104.18.5.175:443 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | d1r5qv5z4elg7c.cloudfront.net | udp |
| GB | 13.224.81.122:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| GB | 13.224.81.122:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1r5qv5z4elg7c.cloudfront.net | udp |
| US | 8.8.8.8:53 | 122.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.136.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 142.250.65.99:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 99.65.250.142.in-addr.arpa | udp |
| US | 142.250.65.99:443 | id.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.18.125.91:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.18.125.91:443 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.18.125.91:443 | newassets.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.18.125.91:443 | newassets.hcaptcha.com | tcp |
| US | 104.18.125.91:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 91.125.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 104.18.125.91:443 | api.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 104.18.125.91:443 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 104.18.124.91:443 | imgs3.hcaptcha.com | tcp |
| US | 104.18.124.91:443 | imgs3.hcaptcha.com | tcp |
| US | 104.18.124.91:443 | imgs3.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 104.18.124.91:443 | imgs3.hcaptcha.com | tcp |
| US | 104.18.124.91:443 | imgs3.hcaptcha.com | tcp |
| US | 104.18.124.91:443 | imgs3.hcaptcha.com | tcp |
| US | 104.18.124.91:443 | imgs3.hcaptcha.com | udp |
| US | 104.18.124.91:443 | imgs3.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 91.124.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-25glene6.gvt1.com | udp |
| FR | 173.194.190.134:443 | r1---sn-25glene6.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-25glene6.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-25glene6.gvt1.com | udp |
| FR | 173.194.190.134:443 | r1.sn-25glene6.gvt1.com | udp |
| US | 8.8.8.8:53 | 134.190.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3vmvmej3wjbxn.cloudfront.net | udp |
| GB | 18.165.160.98:443 | d3vmvmej3wjbxn.cloudfront.net | tcp |
| GB | 18.165.160.98:443 | d3vmvmej3wjbxn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d3vmvmej3wjbxn.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 18.165.158.198:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| GB | 18.165.160.45:443 | assets-global.website-files.com | tcp |
| GB | 18.165.160.45:443 | assets-global.website-files.com | tcp |
| US | 104.18.5.175:443 | global.localizecdn.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 98.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| GB | 13.224.81.122:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | d1r5qv5z4elg7c.cloudfront.net | udp |
| GB | 13.224.81.122:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| GB | 13.224.81.122:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| GB | 13.224.81.122:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| GB | 13.224.81.122:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| GB | 13.224.81.122:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1r5qv5z4elg7c.cloudfront.net | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 142.250.178.14:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 142.250.65.99:443 | id.google.com | udp |
| US | 142.250.65.99:443 | id.google.com | tcp |
| US | 142.250.65.99:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 104.16.113.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.113.74:443 | static.mediafire.com | tcp |
| US | 104.16.113.74:443 | static.mediafire.com | tcp |
| US | 104.16.113.74:443 | static.mediafire.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| GB | 216.58.213.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.113.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.213.10:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| GB | 3.162.19.176:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 176.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.71.232.169:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 44.239.212.98:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| GB | 18.165.160.116:443 | static-cdn.hotjar.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | analytics-alv.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 18.165.160.116:443 | static-cdn.hotjar.com | tcp |
| US | 8.8.8.8:53 | analytics-alv.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.38.181:443 | analytics-alv.google.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.232.71.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.212.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| GB | 54.230.10.10:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 162.159.134.22:443 | device.maxmind.com | tcp |
| US | 8.8.8.8:53 | device.maxmind.com | udp |
| US | 8.8.8.8:53 | 10.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d-ipv6.mmapiws.com | udp |
| US | 172.64.145.79:443 | d-ipv6.mmapiws.com | tcp |
| US | 8.8.8.8:53 | d-ipv6.mmapiws.com | udp |
| US | 8.8.8.8:53 | d-ipv6.mmapiws.com | udp |
| US | 8.8.8.8:53 | 79.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:51249 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:51265 | tcp | |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| GB | 216.58.213.10:443 | ajax.googleapis.com | udp |
| GB | 18.165.160.45:443 | assets-global.website-files.com | tcp |
| GB | 18.165.160.45:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3vmvmej3wjbxn.cloudfront.net | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3vmvmej3wjbxn.cloudfront.net | udp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| GB | 13.224.81.45:443 | assets.website-files.com | tcp |
| GB | 13.224.81.45:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | d1r5qv5z4elg7c.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1r5qv5z4elg7c.cloudfront.net | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | 45.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| GB | 142.250.180.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
Files
memory/5116-0-0x000002367A500000-0x000002367A540000-memory.dmp
memory/5116-1-0x00007FFE42B00000-0x00007FFE434EC000-memory.dmp
memory/5116-2-0x000002367CA50000-0x000002367CA60000-memory.dmp
memory/5116-4-0x00007FFE42B00000-0x00007FFE434EC000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\b410456f-9d02-4e58-ba35-9c713c784586
| MD5 | 8ef6f860dbe9379e5a1b01ae14245193 |
| SHA1 | 25e5f21dab19d66448de7290795091acd90815b2 |
| SHA256 | d1e3c38183bc07a2a65a12de8bc7cf94649cc5bca185cd2bca986f7a351831ae |
| SHA512 | 0295c02a3428a90e8fba511b785346bcb5e410ac32aa5b3200b8449a8c761ba4ddf9e795156e65470c0fcb6ca50732191478c74c753bd16dad87af7bd5201d8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\987a6275-cc8f-4845-88ec-5e18e276a6ba
| MD5 | e6d1539891931d27f0e829389b571089 |
| SHA1 | 247fd8eafd5afe6d3c66a27e892aa198cc0bb176 |
| SHA256 | 78612c900d25ac92f0f42a28d334a2f0061ecc95bd76c0109bd334864b2a59b6 |
| SHA512 | e71cd010c923da9919db6ca873a2d4de42ed8beaeabff53dad7e37a26024f942819cda8b2f0dd6553e6b3f42423a85257c1caa52f2690216f20871722af47cc0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 933c1079fcbdf8635bed434e401bc6d8 |
| SHA1 | 1d5de56b0b6215532a44126fa98fdf368c7687cc |
| SHA256 | e7d4bba01d9029931c1e7bfeb4804ed361af7350afb45dcba3f829c48e471d56 |
| SHA512 | 8a53cbf1dd0886a2b2d7bbc19b87449ab7de4df0bf002e83c5608d0c9cc10eb224936f37809588385c98500286675eea6bef75e0ec8a03b9fb2603e08fd56e3a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | 9bdfdafff74fc7edc6ee246575224257 |
| SHA1 | f1f5403eda1f31addeca0beec855121740b806a0 |
| SHA256 | fcc72c45f183fc091b538817d6dc359dc8fca4d053397fed26259158393953c3 |
| SHA512 | b1c7d2058b4f30c0ff8ea551830ea30b69bc0b6df980c8d288595fc2f49ddd64c6ade90cd669264da82d9b3ed845e140ee45d90b9f2e3bbaf77e583c4e2b7627 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2fd62445bb47fc742a6f101871112593 |
| SHA1 | ba38d49f854bc66381ddf5abc3cd48330a8c39a3 |
| SHA256 | 7112cb785739df5912c180a52b81c607eb1e24bb241fce09db42265c25a9c5d7 |
| SHA512 | c277d712d0db8773af2f828efc38a9f532c7cd1f3a2b4a6b35da6c20ca27784d9f90237f233c672f4cb56f8418b4e33f6fe262ee066c3865b06c595f3a547a53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 71f9e0eb39c879261cd6155660c4785b |
| SHA1 | 385403b75d2a0c3c81d3622d1c4c38b7881fddd0 |
| SHA256 | 5f9e614c51d25e8c6de97a3563457e56e2360654e942f26756eb41b1f3b801ae |
| SHA512 | a3f55cfe1689f4ba0ca804b403eaadfe82cfa5fd0553ecce0a7117fade02d2e5e774f95606c453772d9bffbfe0ee36d296d4f2e204dba065d3dad0860f0db543 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 81c71073f0bb0aaebf8627d6e743eea3 |
| SHA1 | fd13d82682ab3154c0b0a22a19ee18ab34508137 |
| SHA256 | 77737bc23c79f87b653280f0300cd39496548b7c5620cfd86df4e17d5d43a0f2 |
| SHA512 | 60952c9930d260acf347667849a4354d664da2820eef055195ccc69ae1bab880142938b27f59ddd1b12c69608cba0de586e3a541ca3236e7d655371475039a8b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0a1e7137df815380c026cd4eaf7424be |
| SHA1 | 7cebe0a8a530f3fb66a78a3ab43f20f54f543454 |
| SHA256 | 01463d8f50ba94f8b499a7fdee06f17f4699f808e1b0f63928e6a12ef7f17051 |
| SHA512 | 2f522931b20bc5fd573963b550155284e22fd19f2330878b8dc7c448fb81198528b6715dd3d14ed3854a737d2397d429cf1092981fcefd658513c3246fea6c47 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\3C037406957C6A3957979D98A58F5D96FF6B1489
| MD5 | 191bbcff9abf92bbd7c8d323ba30051d |
| SHA1 | 568af6fba4a1c81729f605da55f7f06b3cb1c1fb |
| SHA256 | 12f03d8ca6f1464a1dc6984fd8f6fd1f62fde16c30d8c740dbcd117305fa87bf |
| SHA512 | ecb5d006eff3972eaa996b456d3cc767af2bc13fd9c38f5f9d4216ea16a3031a966f266b9adb55ce33218832b7ef8f72c2ac38a0795e1431103e6351fb433045 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\2C4BAA6F19DAD1966BACFFE00E8A81C718359637
| MD5 | fdcfac42b81a5729e0df7290020941dc |
| SHA1 | 4c083fe02fbda2f6fa80883c4af0057e26e9a51b |
| SHA256 | 9fd11dddf6bedea2564df47e37d47ce8ffa30ae6b3e712dae5e1d8002fc61720 |
| SHA512 | 7108b9710deee2b11448faa75ca778fccbdb276ae31c5f90e7ef2c2bed02653d3a543c4d508adae4a16c0dde35d02240a65d67c8b6c5981a2de6a775c9947370 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\3CAD2CD1EF7885339466EE1E33B4195A7CE143B0
| MD5 | 206f1b3049481f723aa1f4e1d56527ae |
| SHA1 | 81ad3d25a4d329ec52e9ddc844a59ad140d1c08d |
| SHA256 | ab853bb83be43ca725558c867161d9c99b7b81cac85b20ed1bb24c0e11c9b56c |
| SHA512 | 487e4080e6b569257c5709d804a07fa73e7426622949bb21afc53b85c5378662314b320bd6f88fefedb544b9a0000976641c8d86c9f7517f3e37cce9491a3a0d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\061B792D9B30F6ED7B292275DD42C089C0282250
| MD5 | dd886e4b59f8e94339283b4b86e9fff7 |
| SHA1 | 349bdf6395587342665b863c61f97ffa29dc5d17 |
| SHA256 | 488440126393c23bdbb0b9f505766a70412eee21ef23c856757ac4835b9655bb |
| SHA512 | 21429a57bc3a52e86a198c2f268ae9163b9dc7a4cea46658eb9a1ff50ae2c81f2b30ae87f8c5fad79c8d5ab342805b632c3a8b9552f650791c0e7a311a276f40 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\2622
| MD5 | 2bff91286611a4a5035a128dea00ba3a |
| SHA1 | b8f37e856ad3d77b879c8cad8d4b433e94468977 |
| SHA256 | 9a9a6639223ab6ff942abcb670e7ee20c41301d0cb50dff1e84cb822a9b12daf |
| SHA512 | f2391017acdc8da77f0d9c03698261cdf6c8dedcdd32f0c26ae683080178dbed3075a07bb002584972219cc6c0faa0498199f7e4997ff3d88eb390d884391744 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\BAB1932D66403DE14FC0FF7F43E7FE17B97F75CD
| MD5 | 15407b26a89f5cfe843f096e0821ced8 |
| SHA1 | b8096a796503def005f81ea429932e9272622043 |
| SHA256 | e362fbf146b0aca290257f68b66aef7f40f5748b9bfc55c18057a0a26d02c39e |
| SHA512 | 9e251d462b4cccb1956d7bf677f99385d34872ecb2c13bf6a55a215bf527c875428c38ec9bd4bbf55485cb9309dc435020dca4910ac8bf66b1b0e6414174debc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b26f1ef1643b2c7f8c9963f1a92ac0a0 |
| SHA1 | 26e7283e3bb69cad487611def6cabc228411391f |
| SHA256 | d9a4614119dd69d74502380865510a44c5f08b8b63d92f8dc3b312b244bc2a91 |
| SHA512 | e751ffddd20d4925a2b5bc86986f77e0fbfb4454900b5ac05282a11f1aebc09b4d91322ddcfc00e12ae04c9cacd9046045ea0942fa439da81065de54902b5461 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 63c3bc3ff8bd85e6d6167878e18ce7bf |
| SHA1 | 8405aee7aff53589779b52c3f9b7fedeff6d3096 |
| SHA256 | 32b802f8f05341a79ea82a1e68bc6c446689a48829e93b09a89aac4855259198 |
| SHA512 | a824dfabdda4a0a73ca90d84a0740fed586e5e359cbdd26326a6842499c7feb26eb5995c51214d1f65dfa1f617c3eb071eb19ac8331b8abff782cb9581315bf4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b72e719f482c9f8a78e2456fb9dc116e |
| SHA1 | 94d6cf458a7fbcc359783bc5cb3267a379351884 |
| SHA256 | 3abc6cb7543c93abff91d39953922d4aa652b25f827eb03fed1560bb94d011f9 |
| SHA512 | c1c2f0591eb1a1259f22cc8a93b8a30687cd5aa128c43400778e23b2032afd36381e54f450c08f3433822947dd6ddd1d68e683a8acc0dc6b6c6fa3455f7dc1d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8b2bd31fc5563119ddea8c1250dc82c8 |
| SHA1 | 515daabea0b9a4a409650bffb62702fdb08ae614 |
| SHA256 | 28cae224393e8d5e54745c59ec63e8c4fcf516300bd54152b7b88c56a8ecca0d |
| SHA512 | ac61d2dbd48705d6238065437fe5954a4ff2c777e138911f93af3a6dbf077434e61651e11927576beeb067023185344c7c13639fdf0a5b62a72571f61de5e316 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9db62596521457741b9c7d22a2fa8e78 |
| SHA1 | 4c2b0069e619ed88825063d3f49e908c3d503452 |
| SHA256 | 9cd399905460d6f8ec92ed372aa90ff18cbd66efb2f0a4483432dae43bc62b54 |
| SHA512 | 6c85a64229bfa426a82a18f6cb951f6c4c7caa4bbd4119e8535a818bbcdcb67f92e2eb117be34aa4cb680b86c9f61046c94959d34cbc3ab48575530c5ca2b1a0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 19d11aabe6720425ce43a7a977d1f378 |
| SHA1 | 4a6ea02f70ec69bb9972b3ed8b09930c1ab0be46 |
| SHA256 | 66399db8411e01591ecb85e927d8fc315a4ec828272f511702876dd1d974f736 |
| SHA512 | 99234ebf8e29ce4be27cc5149ab41ed9b3d43d747256dd0b46a7eff63e579cac53306681ad7cfa7f1733507436e34bd0cf5c47f05b20657b3961b1c95905eba7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\2B4B12B638E65D0AC06FE6B401B5F1FBC7E157E5
| MD5 | ebeb730efda02a875ac0010dc64b18ff |
| SHA1 | 5d8ebdb910ddd1a9ef050cc909f855ddfd1ab698 |
| SHA256 | 210ad66094121cd2a76fdbf55d1355ebd72c1f8b89a0106a5148bf447e3fc7b4 |
| SHA512 | 49e5f45711fdc22eb2a41f623083be702bc3b4cc03037bc0a5f4744d4b7b0d350e24e0315f1de32ff5042e10b2c778f724fbb55b6c7325a91de7cc231da01339 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 291bb43e3d16fa858c070f95cfb6102f |
| SHA1 | 909c5704f2c56908c86cfe464ca5115457f1a78f |
| SHA256 | 50cf9e0aa7d6611d1f884d482530844b2b42b0ca40002bc9eba09324158e890b |
| SHA512 | eee414ff98718355a02e223c9b5d5d5f1dc3c0236fb759c6b6887438ca5a55db0e8de8308edf9aa9efb6fdbee3b6042dc81784da677399aefa1b85883eeb595e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\4AB13E7BE0AA664CC52D0EC9F0FD7BFA963ECD1F
| MD5 | 8cd1f5c7f7f051584022037e618c6af1 |
| SHA1 | bbb2614b6f20b9bbbe92efac8b6aed95cb008425 |
| SHA256 | d342035182c2d0df43681352def0ad5c89f1c94973049cceb18f1ac6cdc67a0e |
| SHA512 | 48a8d251c2753068f7a517ea1462d52cd6a05d19e6b169ffd4b3222b0e08deee4702ff16ed7532b56cddd0002d3c8180f68c93dbab3ba1ab76af9672522d9001 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 10cfd3bca308ef9ac994b623d9bd7a1c |
| SHA1 | 72e640c7c8087a9c183c0dbfaa3910f1691088bc |
| SHA256 | 8ae84320993e7ec12e22480d65bd71f6f2c256d2925048914d18a03bc054bd71 |
| SHA512 | 7ed5782651d162addc827bf18f2079502663d481bad9def49cd8f3bfb2b2b13d9dc8ead74db52e52ae076fd652dc38ac05d045d53b90241eadc55953640b593b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\6dfd08b1-305f-4e68-aeb0-f7b8a958915a
| MD5 | 64b71d42400107d8aa71e65936361882 |
| SHA1 | 41227a62439772192d78f58fdd5bdca84442ae05 |
| SHA256 | acccdcb42f51a3e526bed19bd8098283667682a703a29cd7d04634c1aaa19a26 |
| SHA512 | 54ce05a81052b38b61177e0a23a6baa8a6b5154b9d81c554a9038f629816684b5d1ce61da977b105a184a5beb4d9a75473f63cd144ccd8ed21ee407f479acfc4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\4133685d-7ed5-4b7b-bf51-50f15bc2ac39
| MD5 | 59ad10ce8cac4821d25e60932888af3a |
| SHA1 | 07ffbb1ee53a59a959a98b363f9879baad5010b1 |
| SHA256 | 75157fb07d2df9c704a4ef68999f2b83e8035c58b80e87e2208fac9f4ad2c939 |
| SHA512 | c84acb1661162dfd7230cd4372a33be6e6fbddabe7458c66ca449b8ca69b66682e5aa457f3686002643314c011f5bdae64ad6a8bf277bf4297c490e59b0fb985 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | 89c7934d69713fa54ae494f80caf3123 |
| SHA1 | 49e5552c74312d5c1fab9b25260bb8099ff0a495 |
| SHA256 | 111e118e657075bdf3c52b5a7726daf84034fdb8b5b47dd3ba584f0c1824850f |
| SHA512 | f430cc54537d5a66cda0a196313cfb3805f75407ebf307fb1053eac76f7a4f58b20f43aaec8238454a4bfb1d7853771c3cbeca7b4059fb9a8dd3cf2c4cbd9ee4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 7d7da8aee16c945c7ff57b0a79146dfb |
| SHA1 | 6007a250aabd6274df60773c1ca8a7037e499561 |
| SHA256 | d5ed83d8fbc2448a4ee117b3de5e996f622a363457700a335aaf956d14afcac7 |
| SHA512 | cbf592cb706c7b9011de88883c2147808dbee6229b864334dfce154e479927ed5724df4ccb91823d57efd66193514c163d0940c126a4ee978af9998797e681f9 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | c105863a2696a94d69624597d8b12112 |
| SHA1 | b0e1446dc3ecc81d876772acc23ce0e99aa46b78 |
| SHA256 | 9754499625eddef8c6280d8fb8bac45d65b4b5c0e2c9c6aa669e0ada16b6e429 |
| SHA512 | b3bd43cb8c454104f1c3db774d7e122933dc669f0ef98b7e7a453a30b7c83554cc3e8d80557c40f494af4bdddd4763f1c1d8576c57ab027585663dded984075a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 69ac5146310f1c9371a49e51c9411bee |
| SHA1 | 63541d15ca25c210c8f1eec17ae3342decf44a38 |
| SHA256 | e2d6c9cccbcd8fd24d56e104f70c71c844bbb39281770c80067a1cb8beeaa978 |
| SHA512 | 684db1724a71bf4bc67bc6713c12a9053b066b49cd052c16539aac99eb871c5feecf63aa9219ba49af66ec54610418fe0e16fd6600e3e93cfd4e0bffac3498ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1c46d4f23b26955b30faa91b8f763822 |
| SHA1 | ba699b4ac409c5d172ce13f4cc7644ef069749ed |
| SHA256 | 8ce4941a0490fff21e16b6a37007de40f50fee96b923c895b009eb6a5be0b2b2 |
| SHA512 | 3ad15d5151930d3bffb6526ded999827991b9f04ad22f5982d0c4d1204aabffeed6589fb51b8c52094672f082a31bd632f9e4fb8854335afeff1f8a839989582 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4a5b52e0d5de36f6fd5d50f7fffbbf51 |
| SHA1 | fc56b8fb071a814c17e9590b95fc9d348364a37e |
| SHA256 | 9b2b80473d925025622d4233eb2919e895e09c8312278b72ea3a5df81d0aaf40 |
| SHA512 | 30386cfe8a0b573102505acc859f228174f8e212a4115be15c95e1630f920076eb05ac08b70559554e233c12498aade2db22868704e9e2b73bddccd447c4101e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\2AC78448C65FB1371AF3C5594A3F20C6CAB997BB
| MD5 | 0f625c01f5a1502187fa794aa7c6c896 |
| SHA1 | a0f5c35c773c9400a1cbc10f245c6f300a06677a |
| SHA256 | 3fbe3e6828b4bef602097c1991ae086434d627a81c3a1415f29ce311a1ad0d96 |
| SHA512 | 521a6d595aa61f88662ef3de76927ef2a4e24ce5c1dcd53831b6f191e308bea6d2ca872c1ed1c9cb714676193e705eaf1c0134d28d6d435b44f51d07b2a640cb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a13f94531d156235dbb75da9427f86c5 |
| SHA1 | cfdb09bf1d51929739eb8595a2a6d71e7d3841e5 |
| SHA256 | 94e3d6a81547c7cbd50f8ef90c52c9465593c79737b8ca99fcdadb8b1ffb95bb |
| SHA512 | f80da07d8c3d4be79a52256b3aa2f507245a6bf844c1d1b8e07b16558de966042c97ddb09b52e685e39dd099455f6f5d23be2b82b376aae818d67e64136c27ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4
| MD5 | 70987ea3031dfab60fd17503c937da49 |
| SHA1 | 589637bc2beb628a0c398509802fa7675ff714b9 |
| SHA256 | 322da43c0a98884a85bf1ab41f7ccd3cf330f3e85eea84b1df733e3ab0830252 |
| SHA512 | 63e5604e2809fd3c9a2852d7688a42d63ca219b5b88d62d06e3d526f113b204bb32bc4502ea02d03efdc60c670fd967d0e44cce587a8bf473a9c998c60d29893 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | 740ad3f426a6803b531352c863a5915a |
| SHA1 | 74a561d77dc590d6c478fc7b54a6f1c81fa13dd8 |
| SHA256 | 0cd67040d5b89552587eaa282e4510d06eebef25e35405f0061335946f15e47e |
| SHA512 | 71913e11f2579831cc57fe21b903096e748780a5c90edd34d16e20efd5d13f651a4352705ead357c6714c3e5d7d71558393742c21306cc3acff8fd1ee39f001c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\xulstore.json
| MD5 | 7dfa04d227c3fd5dda151b730a9a33d3 |
| SHA1 | 99a67e864dbb3d2bbc35f61e6852a42bfa420350 |
| SHA256 | 735f6174ca9446c1b6dc3121b0a8b8aef95c57809d29498449eb811e36beb8c4 |
| SHA512 | 9a3d76450352489140fe851db3998aa9639befcfb40c5deb6258183594e42c4a87f148291e2e60d0733c8e1c758f2444cb6d5e5eed08010558934fb19238e777 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\startupCache\urlCache.bin
| MD5 | 7d0a6c9c1bf7c542de9c50793c00ac0a |
| SHA1 | ae53836b8f2451c63b1438a5811b4f0f6b497813 |
| SHA256 | ec8a26b5da6ff640f90dbccfe2daeb2f984f8caf4710df2d64bf7ac989a1441c |
| SHA512 | 05706e5b1234d657438d466962d69c96c5f39ca18ae591c0a0d682e571cd1cb26cf1fd85cab52ff28df59bf727ec1545be2871e1361bff30157558d324e96c83 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\permissions.sqlite
| MD5 | 04c83ef85c6328135c8c957b3e525c79 |
| SHA1 | 35272fd20e7fc8ed10f4f17b5775a8af9405c13d |
| SHA256 | 80e2c05fbd167fa4be8f485dd5a17a175c66730892648d8a75932a2f079de1a6 |
| SHA512 | 32b6afac0fbca308f02f0638364078591dde7bad0f480c79c7a846d9c7f227862a7e9d76885466e70ed633c91b523829ce328ce067194d2788b70b3c710d71e4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\index
| MD5 | 2ed2873c360446b66433bad99341bd84 |
| SHA1 | 57d907215f44076dfc03dc6f0db12aa0b0bd4e96 |
| SHA256 | 1f3640d51558ff939876972bae1d1b534d92fed6796f428025961a18ced0d802 |
| SHA512 | ffe3d10de66dc1d53a60217788e5c97dd7c8002e5cf1eb022e43cf2992c127a93a699e6b8e90e5a4b26378f5dff7fc918704014075a25e2a2c5f24044a4b2c6e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\index.log
| MD5 | 81a32c3ffa1a6301f9d5aae46a9c0468 |
| SHA1 | 0c6533bc84f20f6c2dff9688f102589e6e60442f |
| SHA256 | a03dfce0c0a6ffb0e2b5d3125002941955caad0fe004643ad600b99210f871e7 |
| SHA512 | ee5ed737fe0abf21346da5cb26fa405e3c9d8df3ed49197b990807d49b7e63c6bba534b1e0427077ee0aee77c5894686db8a7e6236ffb4fdc3450e889ffd4f9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cookies.sqlite
| MD5 | 455ece1f57256c6a35e9637162896fee |
| SHA1 | 381cf6fe4ea621565017b5050711e202c2ff2c3f |
| SHA256 | 848ee66decf6931423bafb7efbdbbbfe1dd4b23cdf8be0bae712fbfaffde91b6 |
| SHA512 | 2d7173a7bca9810ba35edae81d4136b76547dbd86ef5afb31188de7a2caa56bfa5943a1665a3b5c1d28c06e6a7b0f29a07d02453b783eb09da8ac1bc25fcace4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 07eeced89c653e9d842f6ef2d5d4429c |
| SHA1 | 6a6bd5b80feeb0c5d4c36785bac5b7b0abccf1ea |
| SHA256 | 874cd825cefa50f069889c979e734ce21cfb453f43258cdde292bec3e00fc1d4 |
| SHA512 | 09cd72f31c07b5d9087e3ed9b713ff8af1e94dbf43838233521cf5ff4846728d8d765a30a877aa18582f00a59856f95faefa30413a26b0dc347c69358c061f08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage.sqlite
| MD5 | 655bedb1012aae029d035551a583dc91 |
| SHA1 | 22612c364a04a084e7b512dec99fa25f688f35c9 |
| SHA256 | 7dbc488e9863cac91390a35edb72b3c15dd098acded542b0c8fbceda149b0479 |
| SHA512 | e48f3016d60228f700970826dd969dc87b1c43d2a35a3bbe2132132465e4398694436c6457ecf647dc897f3191785e09b61bbbd5e54c75084771bab53e8663da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\SiteSecurityServiceState.txt
| MD5 | eab0c72a017ee94399398438d549e729 |
| SHA1 | e82bb33f77c475613ae25ec56cd4127932861aa5 |
| SHA256 | a3f2cc9dc131dbfe30b6c3ba9b6617b70358cb815136436453b2a56c0b1d8544 |
| SHA512 | cfe7b9ff4f2a939c4cdf6bdc166843e5f9c83e7938d23f51d9fcf53ba74f291d353e35b900684a5ef9129ec68c4fa46d970438fda927df0473f8b126db982bcc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cert9.db
| MD5 | c2f98149b1110410f7dfe5461dc3b72a |
| SHA1 | 43ddea531652643c050db05a0b1d4f328e08aa83 |
| SHA256 | e823cd3c732c546cc0f06645c5ad4ebdc229d93fcf13f4bc8f933e6cf157ad4c |
| SHA512 | bad7e990775640a18194a35e54421bbe840a09ba4168f03439521ca3591bc5260c89f9b549e7b5038b2e596fca9d8a9319c1b8836c4ba35c5391a2c62d8628db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 9263b9b06eefe294065798b70575f703 |
| SHA1 | 64e288c2b1fee90c484f9fc7c8051539523c1741 |
| SHA256 | 2614e0c8696f80df661634089483218238bab946f2733a5fc2367a47a519fcad |
| SHA512 | f3fb321ecfab8c79540907c06bfab57735b6d2e4561905995c48a2ed0b342e54791e3273f6be47a71a037fde55a4c9a369dfe279af4958abfac3e86a0763bb37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\AlternateServices.txt
| MD5 | aef68dc79ad5f70453e819d30936df47 |
| SHA1 | 3c87b9aae70e43e2fe100652ecf0a434e3ccd979 |
| SHA256 | a3f1c921d7e88e956d9fb7f77ae707cfecfc19881fcf51a7416d866d7085ed22 |
| SHA512 | 24d890ab4a6846f8c61695b0898736bb2303980ba62725598d3a4e1f27c951f7b484f2813d3745499e6e655b99ab00fb3ff49340bff422de45ceac8cdeccd510 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | e621015a7d7167e049a7ef87dda33011 |
| SHA1 | 1234452007601e23d40d3c647a56574a2895e3f6 |
| SHA256 | 1199eb773ddfa7cd77cb035cd9c0a8eff00da79e1a25035c9d97e539a91551ed |
| SHA512 | 426749ba23184955c21b0b326a0e84c657bfa2485fdf8896b0165132ae6d39a224c103299267835ecfe7bb95c9f71e510f5b746553dab355289854566d127166 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\99ac3cb9-1625-4fb6-9cda-9a7907c267a8
| MD5 | ea332702ac77b01d07e6ba79874082bf |
| SHA1 | f120e16bc85167fbc6158d085988c333501ab7d9 |
| SHA256 | c2374b6eac7164cd6e89ee476e595d6ace8f311f9843d8abd7aa6bbdff0b7856 |
| SHA512 | 0ace09cb2d00fa615ae9283bc25b92cc0fe9ee999024712a04ea06cc5107ff1b90679b7f0c3358403f22ad48226ae92a19b228d7bebeec7405595ffd538ad030 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\protections.sqlite
| MD5 | 49397db0486dc59d607907a086f40c9b |
| SHA1 | 08742ce9db9569062def08e99eea8470702feb7d |
| SHA256 | 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4 |
| SHA512 | fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
| MD5 | 2ea2ccf63de3d34426c417b56347b7c4 |
| SHA1 | b19ee7f5154ed2539a005e6c908e98a438c08810 |
| SHA256 | 534ef0de00680b072ecb7f15591d698fecaafb159768f8cac0ce71db9fa06b97 |
| SHA512 | 38800c8ae5d5425d1404b0ba8cf5fa8f7a54914090f43f56ef1fc8c30110774b70a693b7880fbcc2145e508a05b15db3720f85cb09eff7b8aef01d93d89b9cb9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 3c72727fd0fc8de571e094da4f685470 |
| SHA1 | 47c0226d0981872d6887651c4397ead77babb064 |
| SHA256 | d8fba2fbe034c5f37cbbe06804ed0fb617571ba2885ac451826706168a1f14b1 |
| SHA512 | a5e2ea28f717d5615e044da6061938a647671913a32c652c42379959e16623d0b7fb7f8561a0a31eb927e001bac5c86e452e2d35c6bb65aac19a21ad0c7a32fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\2bab1ed5-ea93-488a-a84d-95d0ea388459
| MD5 | 527c3e897f5c94616015c24cfd318b59 |
| SHA1 | 9c9e09a0784c48fe270e11f3f13327c331f91a24 |
| SHA256 | 14276ce9ffb9c2e15fe8eee3b5abc26f5577ce44906047abb070247f2261e114 |
| SHA512 | 4b5c4f77ae68a6d46e46f8f9caaa5c15bd36f85bfadb304c47f9c49566bf1ebf0f0f497414b029d81d57b8005e1b2c757c478b74451d4c91ed3e875f34be6484 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 938e7f54c40df127540e51199854b02b |
| SHA1 | 1fd615bb19b0bbddb4446215e4e870aee7b06bf5 |
| SHA256 | b79416fbc2b22d9e4b5351cf5ad48a541f578509732cb516e61ef77e944a9e5b |
| SHA512 | 842ca44de8f250baccdf025b2d77e844bc713bff4ae5d6ab925fae724bb9e358cfec86d4bfdafdb1cc6b9bd095623c198eae83a9906e08c2f80402907bfd0cbc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\events\events
| MD5 | 0b571fe4d2dd5a25afffc796fe7de526 |
| SHA1 | 8b1037aff2b837bff10f538093ac6597f462d63e |
| SHA256 | cc2e7766938fc213cb36cc97a6995bbc89c7f57a63e1f6ad148fe7156ca161ed |
| SHA512 | a9ff887374851afd9b30ec136f5db4e0f3c9049b5baac1230eabe917bea8f44aa925eb17fe5ea2b76f6ea580b96c6d8f13165d630f1f5c017a5f2af23b771917 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\places.sqlite
| MD5 | 1dc027911fa5ed2799c3bd9574828f32 |
| SHA1 | c8d67b3eb8125ff93ecd86dd2e205cb064e502fb |
| SHA256 | 66bcda557f57e1acfccaf41edb885c4b3382152b246e765d338bebff338ecf77 |
| SHA512 | 3fcea581581196f289f6e4d776e116cd8ac8ba70865049fbb53bfaca2d12ccb238912113f3a31f16495f6a5c92527084f58ea167ab649379345488e8bd261130 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\favicons.sqlite
| MD5 | a57de717ccf5f96805087e7e19fd6ff2 |
| SHA1 | e27a714bb3c511af9a83c42513f2275b73a971de |
| SHA256 | 263f5c71e0b843120939c52b76f087c90bc2c9687feb25c617e19a482bef4af9 |
| SHA512 | 66bdc27d997124b08f4006161ce35eecce64ac1746e50bb40dc0116636c5908da8a3fe6ac6f4cbd79975a7292c14667f2bd29a3121304d606e5ab6817bdab514 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\48B1BC74DCBB3D86B7BCC76C756CF86C957C604B
| MD5 | 1702f194dcb78ac7b3c88fd279842da6 |
| SHA1 | 95a861a19b0e4efb012927c856bd582a5226eae1 |
| SHA256 | 9c83c23ab7f6143dc298a325a749f12554e524bb21d1f161ef66aa043550cbfb |
| SHA512 | 7072b45184ab0e1fc414e35679e8c083e630ed0cfa4ba4ab632a779344927deff382c44985b88ab9c4c183d073d0c4870a85fbcf1dd82b5697ac3bc5495902d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 76bc4136575ed2751fe9316353699be2 |
| SHA1 | ee9ef5a7091e6649f6fefc49355832b9c3fadc85 |
| SHA256 | 08930deb2b7cd44f7ba9e9cb7ffe37ec280ec175ce874d96bec5b5c35b12f6e6 |
| SHA512 | 27c077707fcdaa4ca419e7840e9c9925ff2cb7337524d93d60095a63ec9f1c29d858d195b43ac8a9807cceacea23510cd93718df23139ad5a2f894505cf3643d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 849b26c50dcf14d008c275d645443990 |
| SHA1 | 9e0fce4d7e9b30190d6820ede6d51ea4c9c3497c |
| SHA256 | 9d997393b614dce27a643c7d2765e99cc4f0dd7adaa6889e005a88dee5eb310c |
| SHA512 | 76c37ceb527b3684ba4b4d8db55cd7d15d65bf4919e9ad4e49f482329b7fccda8e639b60160372f9276d24d63124913b93d881da30b7ef95ca207df8defa0734 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 26854e668a6b4fc70cb48b3040ba041b |
| SHA1 | 2aa965cc84e6b139abe2d59ceb131df757672fcd |
| SHA256 | b64d5297dcb97efaa04ec7f02aeb51c6ef95acb50377af567be3d8147703acba |
| SHA512 | 5c4215e01ed7426af96952629e41751ee38948e05bb2bf1b1f8388385b100c29297f675f13152a6460d3af74e960e67bd1c3b0ca0ed05d0ac7a3b79864147af2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\23B62947A253F1EE3B8C1BAC3AA2BB7D17B5AA37
| MD5 | d321bd242f9903aefc98583fcbf58828 |
| SHA1 | c54a4c77c06f4c9ada62001cfd6b901eecb7595d |
| SHA256 | 44e92854fdf410d08c816191e833c14be560acdc72c2d6a17ed0c77902885dd9 |
| SHA512 | 1ae8e3bc4b35773f945cc4ca31eae3482381006780854094a99fda8150068cdfe8d45ffa9bf18d486e9e6850745dc3ddc1688fd217174beae581e732c12e7a10 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++discord.com\ls\usage
| MD5 | 2c82ed5aa0b78e9fd8b9f3c55d5181d7 |
| SHA1 | c1af525b16e8b9fda5bbdbc0bc4571709ee49e86 |
| SHA256 | 3104fe7d1fdbe90217153fee7df9bf5710b54ba52fcc824f7fc33385c4a67e9a |
| SHA512 | 124c331622d9f5baff64472926f21e5d2dfa057078bbe4b612567a272e465e422dbe77baf2d4ba9121b04420b2ff0572e30f38d4b2fa159fca0fa50ad30e75ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++discord.com\.metadata-v2
| MD5 | 11ad0ca058ecf25214e75d67eea49c58 |
| SHA1 | 157b280d05d8eaae3eb839867b92b8ab9503998c |
| SHA256 | d4820c2824a80bc37bb7538c73b102dcd6792d89aef54649b6382ac348436606 |
| SHA512 | 2cadc8f33c48d721b2bc5368f2f09838854bc7cbb5fe188913eede3c8f5ef381c99bebad7d39fc32b4de01269accd6399185de47293396eedb25f1d38f85fa3f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.mediafire.com\.metadata-v2
| MD5 | 98dcf2946cd7451ccfd436f91d73fff3 |
| SHA1 | 9c80fbc084b382f62fe8cd0213f94861f998c1d5 |
| SHA256 | 30e57caab0448eea5e24ee642a5e796042b474b004dd14d7d6313d89bcf70e7c |
| SHA512 | fd78c8c208e9f9654204ac85ca41022e0889a2ae2495f19b7005beb93ba50c1dbba68252b256dc7e681253f2f5529fbb48f9c6419882d05b4a157234a78c73c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cmediafire.com%29\ls\usage
| MD5 | 4c428e195a2fad0b912480f1aaa48bf3 |
| SHA1 | 52a8ec75e9ebe26a80438cfa5b234ccd96f24621 |
| SHA256 | 330e0baa0683f9a1187cfcee449c80c8d142c70ed58f6ed5bff634f23f399a8d |
| SHA512 | 795d309afb1c8bd2bb3ffa40ad5632fca3a1a8926143a1592a051ec8667bddcb21d0540fd33a898e4f28bfd65e13ae96693d96b11c13adcae09ff1f415a13ef2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cmediafire.com%29\.metadata-v2
| MD5 | 7f55bf805d9e9cacf88171cebf25a396 |
| SHA1 | fcf4b39863ca3fb3c92d25508a92c529d03471ec |
| SHA256 | 8c71a1916173dde4086331c911afd19d32a206e75657877bd87e09754b23d4a9 |
| SHA512 | 111457a0152aaa6966d07ecd1dafbfd0bfba0c6370088b4deda5230e041d231085d57e90119d28afd2602a6b84578843d34c8c8fdccb2815211446ce22fb0a67 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\F7A7E74236F6C480FD83B367204B1A57D1026A6C
| MD5 | 9e948c0b12caf42b1cbbe92b73381268 |
| SHA1 | 803d57fd7b8c67828e50d5125a6682b967354945 |
| SHA256 | ce0a2cccd43a5bb3293a0e0dae6cb0a3f064700d6db178b79c09a6139ef09766 |
| SHA512 | 1c63c3fcb3aed8d0fd7b42b28ccc889176960cc46892f805e793fb4bbe6bcb27ba455f078f672b9791597fd97c9e71dd4439625a52001c1e7615b4c947711306 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\900FBFE87B1218F351BCB8D705AE443ADBBF5DFB
| MD5 | 446f3bf0bc08fc35fb4098cecff0d62b |
| SHA1 | e3cb0a20dd2d59b52c47afa768cb3df189ed4483 |
| SHA256 | 5abf7a3421137bdb593c19cad0f5625a02bf634b3fd114c42c5a2680f96cd89a |
| SHA512 | 3bb6b56394e76d897a694b54f6bd9ea521579ee814cbc988c1eba8d35b978bf60ac359939d78db5260600631e6a5998864045803da903b46c70af4d6af3d7454 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\A7F7359EA34B730A16B8D8B0F850E5E530DEA758
| MD5 | cc996c8dd93b3664b2adea2d66384f34 |
| SHA1 | d8a1e8eb1b6218535c36313dc0923a9ede3e1545 |
| SHA256 | a38d2f51338a88dbfc898f5d3568f1fbab0119d2653319dbd9620a4e2059d221 |
| SHA512 | 9af2f10796665da6ffd77fca847b94d34c9cec451f45fae84643be49cd699602de412dc5f3a95cfe047a238c426fdbdfa262e83ec4c2122298aff4e6fe8b1b79 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\158AD7C983028871B39A364A7FFC89B40959B3C7
| MD5 | 440ff2c843b84c6ce4bc51962c33d3cd |
| SHA1 | 2b1aa6347558ccd8c0aa6dfdf469238b1fcb2baa |
| SHA256 | b9746836c2ddf72a7a972f9d916613bd410013600d93cc52c68a80bc65c99bf8 |
| SHA512 | a60ef79ac508af20a151acbc79c2b4e93b83ade65deb797b3d4a44f602c3b5a870627e41347a2ad6eec94c1b1cf69ebf173d2251f2a3540c4d30e5208d1e5228 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E5E6326F948929DE089F4BB1580A84A65963AC14
| MD5 | 7b06e246edbb712558ae6220da480236 |
| SHA1 | f1b5adde8e53c10fa8d75d87b040e021dd780617 |
| SHA256 | 5a48c32f4e2883c67e47e16b0876d9e65d24fbc255727ce9e4cc58d5d6c0342f |
| SHA512 | 0358c01e3adcffacfe9a0fd2f9be5f902ad4876e0714637a3a987d47fc6c5538ca7854677dfda403518e07841a7fa9dfb98a2ab8e9c8959e4f7774b800e13ba0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\2856425DA9EF269054023A68477763CB10D76EE6
| MD5 | c73acb49c5582cca0bfadf2e04c2367e |
| SHA1 | c337de0a7f114b3a328b64325d78b9095d9d94b6 |
| SHA256 | 023ca3f29f2bbf23c1ab8571acb46f88803250031201eda26e9d93642db0d790 |
| SHA512 | a09e81b4000adce02e79162d71ee665665ba24db42dc6101bbb28de64874d592f5861c8d93ef237de3cc76436efc55b12d8517f2f910f9af33c943891d8c073a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\0002B2381D3A1F000DCE1061B3B9F1B6652C3EA8
| MD5 | 2024c82f39e2edac969f5d0348da8822 |
| SHA1 | fca1f88739ea761938d604c8bd53bdbf39e0fafd |
| SHA256 | 111d765fbf03c1c3fbbfe6201ba4365b98dfa276887e83bb4a383007671cf5d8 |
| SHA512 | a7490d2216b05c710c71391a9cbdc6d7e058d6f18e1391855d437e311db0589d58041c0b3bf9d5c17f86436801f198d506f9a14c2ecfcf75fc4f12883a945b6b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\9EDE65DE9EA3E2E7938CB73264D5AC3B428558F4
| MD5 | 8bf07f4490f5864b06aa4badbefd758e |
| SHA1 | b9dfeabfd03ba322494ebc2030d5343c9fbc80e1 |
| SHA256 | 994a34981ccbcefbd1d7d1825199b9af7e80e58d0e918a51ba3dc80490fb7306 |
| SHA512 | c9c3fc230b46c00342581a3fb3a910afe1a7e90ce13e1617fcaf58d0821f22dc607b3005c93ad746c6d50370ad3cc12846f985803c4b9794c22ebac68832bd8b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\8BD89F356F1FBB3CD03E50A248150834CC46F598
| MD5 | bae4ed2468d2ef56bb0592970850b288 |
| SHA1 | 0fbbad182fcb739255c4f9c700c23e3f1c2a94ac |
| SHA256 | 50066e54b6312a7f7002faebc262e543b27a4f191e2c04985687e26cfd386d21 |
| SHA512 | c539011541b37c2c1fd84c2c202d4f958bc17b723affe6ab7260a34c2babce0e52bf8549cdaedc941bff4618e35b7c6387448c306495769a08dce08015801a37 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\72A08381E9E827A11B49C3CF07FA81F329F5F862
| MD5 | f7e871aa4e04a9f8b1621bedbe4648cb |
| SHA1 | 669484f7c0325ccb719523608efaa7c68df474ba |
| SHA256 | 8911f15733a829173c4c309d4f74de79f5519b8bcdb3face4a8d29671e396cb4 |
| SHA512 | efcc87bf3cf099343a2aec6d8f0b541a1784c585170f7cdbf98fcead92e940d3d4ab0aac823326dfb475d469dce5fc7e905b63cc1d884817c379b61849932e17 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E88DE502470FD31E64115CC94E96561BEC8B166F
| MD5 | 33184afd2e5e9b123d56b6208d60b1ab |
| SHA1 | 3e291c56e4e5889de47e0ecade2d382765079ff0 |
| SHA256 | a1c0839e24169f362a00f58604b7b1441b6b6c9299eab1b3e63aa38f54d50ff7 |
| SHA512 | 7fafa9d4dee9d99ba38a051b494243a5b51317728f7baa855ba80323b05fd7ce7088e9cc349417d992ee1b4cb01c283c8aef8e11a04e29b9aa657d6d4db506e4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\71B38826CBB38D4B67D21952618CC7AADD8620CE
| MD5 | 30dc28de472b1d313e9c2c901161ad13 |
| SHA1 | 45684cfd912d0e910898d4d6817d7e0007cfc77e |
| SHA256 | 843fa33eb9a7289a818eaceb720c255c4711274610695e5cea0de211f00fdc67 |
| SHA512 | 8fb9e73e87d1629babe64491db58b0938fb6d6228002d58dbf29f786fcb9fd115407ae114c85d72ad61baf1d482527e825aaa898a5a9b8d520a8a604fbb74d51 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\F11245EB3A32C7C4503066EE915EB570A0C0F5F1
| MD5 | b3c3062c22a7c591613bfabf22a3bfdb |
| SHA1 | e77643bc4b145840b6942bd3fef99423eb3f27a9 |
| SHA256 | 75e7c1a6ba8bf865636b488c2df027f3116379d7b4fb4e72ffe8112d1da6ecc3 |
| SHA512 | ef8dea54dc5e43573b7b62e6f258fc1a6078aa28b883a41f2c3421a22e1cec587053a0616c78228536c8711dba1497044abda2821a97a70f8d97b327cdfe285c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\FD1E4A06BA076A282C36B61C8AB1514F69A49C0F
| MD5 | 2add35bf26dc7dc8fa89b07605ac75f9 |
| SHA1 | 2b4e551f53265d44bca14eac997857d681527553 |
| SHA256 | 17f0e2c298477420dffe41f87369f0f59286fdebb4a1347f9e915078b71b3727 |
| SHA512 | 85eaca5fd3f31f2a8bb48bccede2b33979b128906ff40fdfa076907e09eb2de464b4064e242d4bfd865c25cd875ee54695325267f43912760858606d1249b1eb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\D589493B32669A64F15AD72A940799E03BD11B70
| MD5 | 5d3553b7577efe7491aa2b2e19e6c2cf |
| SHA1 | bc0ff4f033ecb3f7b11b6b37d09baae90e85ed65 |
| SHA256 | 7b3a2fe4567893c8b139b1f9d9f8c1e569d4ca77dc3d8b66020b2f11f90381c9 |
| SHA512 | bb697c1427540896c5a07b902cc10d851816187af9ea77ba181e454da8f57b113a1c897bb9c01d681c4fb57fc7fd272c2ad0962855ce0617c42f7ed0434fcc34 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\619A564A33795F7DF5E789140FA4F92709D55373
| MD5 | 36a58cef5eb7296fdfec7817f2e2a7b0 |
| SHA1 | 064c7b75e64c62c5a3e31b768910e778a24470ae |
| SHA256 | f4b2ac5bdd67c39b69d059894b44a84e9905c4c45a94a970db0b827a5ba20c48 |
| SHA512 | a4aa7b8f7bec2b0627e3d53aa2ae0c0c512b59acf796f015b5c468d3682f4b50a8e2d9ff654b470c4c2f37f3a3d92701f5285a5c7044b276fe6a1bcde741117a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\3A5E7B231D9E677D2C296D968A601E675EBDB376
| MD5 | 892f2ddc7f4182e4dc7460d430cf970c |
| SHA1 | cca403b2ea2a581ab65473d46624bb613b1b4b35 |
| SHA256 | 5557ab9ef79f143c56d644b5c8e3b257f37a95f7f7652c1136521fd5748dbea6 |
| SHA512 | ac98ff136965f298beb5b135a831b922eba31cb66bac1c092357c9c698fd8ad6d7418520e7828a1f43f0b0b74a997a2a741b2745b9b16c750ef4943571f315a5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\81F3AE44C123A9246482811B129CD90660347DC0
| MD5 | 052c0c212d9861ec67ffa6fecc1c2a5e |
| SHA1 | 6e6495c20ccd0b875a186f055813508a7d06b830 |
| SHA256 | 180308d44161dc877d641ad67e5deb74a0c97306b7f7882dcefa4dd9c7393028 |
| SHA512 | 546e11bdf327d6f3a56b4423ed14696167a541e5b53c5f9b6216c7be5a7cdd64f2298fb50e103cdce7aafafc417b7f0b7280c3ae7497002b1f5d2a2fc7763db5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\BB09B5C01DC42876FEAC8D1B5ED711F0333ED40E
| MD5 | 5744c25c5f2254901deb7654ae49bd92 |
| SHA1 | df8726f6eed2d2141c0d0e4512442be70e09ab04 |
| SHA256 | f830d82d8e32f37994bad4d9f8447b09cb27d714ea7d2e1d04c11e4b0dbc85cd |
| SHA512 | f3be9dcb81ff759d2f8c3027ed62ff18bf517965dd411444677f9501f92a3dcc45793e1ee0c1c5d53b8708912f458eb26d3320a676b237c4b934e8405e120995 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\62AA83B82F0F7302EB55A9D7994B8F3E5487D921
| MD5 | e864a99d45bb1259396fba79ab108d87 |
| SHA1 | efdf2ce05fe0b10d9d54af2003c5ea726e6988e5 |
| SHA256 | 48a1fb0733116f89bbdd351eb2b37d58abdde71edc6634f443b0d51c46451790 |
| SHA512 | 3df1f0b8c3c8840940b89934d81c8d69e27524cd9f795c0cad601e46eb77c46f69bd724d8644cfdceccef3e42dcae3487abe36544b1206d88e19856cdd41356a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.google.com\ls\usage
| MD5 | 0bf7ca950cfb7d099873904c3f22aac0 |
| SHA1 | ca2ce4e66008cd2ea1190172aacba3eb11748373 |
| SHA256 | 52d35ddfa1efed8b2b2c794b8787d2bba8986abb604e585f7b9dba374459881e |
| SHA512 | 2b77fb0b9763c80c7fd15606c4c0d3533d52d954596526ff734cc744c9c0bd9323903fb2029c479de73685a737ace5a69dad17741941e23405da06dfff9350c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.google.com\.metadata-v2
| MD5 | 3586d2be5b8a706ed3bf669b9c8dd5de |
| SHA1 | 59d7419fcb80d42dd33e015d85d30b3ebf7d3ee2 |
| SHA256 | b386281d0cda3bb2ddf701ae5d958bf5c9f26c116ca57b5034dc81e653c7654c |
| SHA512 | 4c88c563b2d9d6cb815d3273db4b7eb04ba3fa7e40a76306b32b8ce5686edb8f0857ac784991a922e7eb2f5951325e891ced4d60911be18a392c71f8f2433bc0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 73613b0ddd35e926f57da16b5f816e94 |
| SHA1 | 3d4cb7895640d06949107d2110fe277bfef1a822 |
| SHA256 | ffc2a15c22361fc2189876c5848c37bc19ef86a2b2bd19a4de92ed232a3d9ed0 |
| SHA512 | add64af07a99eb35e2f2ab6b38600310655f043d8bc8ab398ace653190e4563a14ee5a4c81b73ad4810ce972525f16a34378dd468397716e0718735330ebe6a5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\7943793AD6EF12CA229A1DF7A721B44C210BBC82
| MD5 | cb5681784e976e3b9582cced278dc927 |
| SHA1 | ca8acf909f227d66ef26d90040479f093be43747 |
| SHA256 | a16255289325ce65ac2975952caf1b1798d5b45709eeb5cd6ce1f3f3f480ecbd |
| SHA512 | ff39c6b9a9a0febb8fc3591d7532c1b5f84241b157ad476777bc6f7b5eb4f59eaadd41e6ed65669d51d677863f55cfe4c702d24e238805806de25c6a8b625407 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\F7A7E74236F6C480FD83B367204B1A57D1026A6C
| MD5 | 5e52ab61535d02fcc90114c24cd4d9e7 |
| SHA1 | a8158d9fac9d79811e5fe510b22154a938386022 |
| SHA256 | f98f8116cd11852a12e88c5a1e74fc60ab5eb426e65e48262b4439d65ce10558 |
| SHA512 | 042ed55825eb5f2260aebad202e76026bd7f3e5d92e54e9729c704fdc4bfa4c44cf15bbc6dcb1d151553176f3cb81cd4a08af75b8f0b0e8ba57a408b91f4ad6a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E5E6326F948929DE089F4BB1580A84A65963AC14
| MD5 | f9266921ad74c1327fff4628d9a208f1 |
| SHA1 | 76102166cf485ae1af3bb2ec3532e212439f4f82 |
| SHA256 | 4378f5f93396208116b0d9fa441e5178c526c0c4e7a765a51d38adccdeea2ace |
| SHA512 | d1f93808e44df60ffa9abcd19e868fda523282260ae8e989329fdcabec59a090d07069e14e4717348d26bb09bd11b169ec4bd9cee8e448c78e0ed881b12cffb0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\81F3AE44C123A9246482811B129CD90660347DC0
| MD5 | fa8a9bbd30daa9e319f2fb73097ab3fe |
| SHA1 | eb6365e566b39a4ca82636eb975021e48912bebb |
| SHA256 | d4279da67cb2e018edba67588343da623c3295fe327d58f2f84ff2507daf3721 |
| SHA512 | ff386264d63df2ac154ba4850e5d7c4222cc4d72f29415cdbda096aaf0ef70baf51b587951d615fcea38226f987cc54b7b6e96c05980ec1c897d8708c997d246 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\BB09B5C01DC42876FEAC8D1B5ED711F0333ED40E
| MD5 | 0a4830d7457ab4b9d2aebc636a71e614 |
| SHA1 | afa91ba9049839cfb7fe455fad24cb6f8da8bf08 |
| SHA256 | 95d6b59d78aa3cf1c2a4d445fb2a05e821d14299e0eb9e8253c1985fb8c8ad49 |
| SHA512 | 987f2fc5d7bee0453c52a7a759e712f984667c35f7ef52050e630f6c2525234339dbd2f00833eacacf6b261ea081fcd6fbed2ae7886c71f872feec37b3a9673b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\0942A70BFC6BC63E8192E982FABD5C46F9458AAC
| MD5 | c3c132c6066bfe097c4a56e5aa8e290b |
| SHA1 | 153e3cb797eb32c3631d1056ee740e4c9f8f0767 |
| SHA256 | 6f8dfda76ca2249aeee90e298d2f668f3ba209d6b95ec38f23325ac57ddf4447 |
| SHA512 | a0b015f0f0c9e2d300ba5f30802c56bd54a70ec290cc48e2ad4cbb5b2b72030bcbe9254950883cbb51033a4cdc5912fe98da40d92955b4206f5a58a3562caa03 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\13920
| MD5 | 3f7d2e964e9523abae573eb35393cd18 |
| SHA1 | 85d692c2f7a3ccf0c90897b9e21ee38cac8d0b03 |
| SHA256 | 733653a282c2d163bc48613691acc41d57171b86bc169ad9564e1b5d298ae129 |
| SHA512 | a26ad75d214a3a322cd1300b2150c416a27872c98d57a0b5293f8e4612679ab1043e3817f450b61c76749f9ca49783555f075c571f05de4135a18891d25eb1f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\A7F7359EA34B730A16B8D8B0F850E5E530DEA758
| MD5 | 03db5518eb2d7e14e3416d9018cae5b4 |
| SHA1 | ebf2a5dbf333f1e0942f46b6cbe7c1209500cfe5 |
| SHA256 | 550fd24e1728d96c40364526d2bd445ac9f14aa99f61e26c4885617d7886a599 |
| SHA512 | afcea26105cba366ed609747dec7187216d153fe21e54995f678ab7b308f8428de29b3b2d67df966b419806d147556de7d31b96223cec21bd208f3ff060430c7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\D589493B32669A64F15AD72A940799E03BD11B70
| MD5 | 050b26df9a50c6bb426740777a584db8 |
| SHA1 | 14724fbea7f0246274c79040ea28f1edce555081 |
| SHA256 | e651676261370860ed9f04238a6168f32490a4f29f5895fc90d5b32def96438a |
| SHA512 | 260c6ad2ba22627694bfdccdf4abcbfc167f69d21e95398bdd1f1378f04ae9c6c811e22d731dbb320fe8f670ee0acea48d7df9613ae86b60d91a385fd606d4b3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | f098353731101d545c35ef0fe5e7da72 |
| SHA1 | 4f9451d00c1ac84aa99b53bcc226e2cac64c2727 |
| SHA256 | 323726c06739a5d342c5a834044609e0a846aade00a52de600f5fb8b395888c1 |
| SHA512 | 6a407d5a8aa5c460c2c7d419028309618a68d3fe4a5a1996b664ec850337275fac7030c213364663bb15935200f8c7decfbb45b996c75f40e1384b7dc5b748e4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 83f3449fb50ca564a9f4a0665bccd031 |
| SHA1 | cc1d970f84c48535183f3086c5e3ad96a57e842e |
| SHA256 | afe899bd56fef4bc87d04cb776d209f77f28eef161cf4e93172394b5b88af74d |
| SHA512 | 7e6eb55ceeff10828b9a7a56db2b5db4d31dab109376ba1f57147724e959367b296ab8121bd1e8724020f6e62fb2f3761383f2ae2bc017d7e74ca62fcd9dbf04 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\crashes\store.json.mozlz4.tmp
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d0387d10f144124dd96bb679872984dd |
| SHA1 | 0c912fee5248788d4a05ba9c7333df3c7cb3493b |
| SHA256 | 9701a4d9b72997572b7d623093ec4fcbdd00a5ee28ff618d1fc2fc98cf082a4a |
| SHA512 | f6a032f75c5132c95238b280aebf649adfcfe9db7969a1965579ec803d3ec1df58f72f79182ec7be0ce66f82cbe0eff9ff936b59adf350551016dd880070bd39 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4c4c44d653d26c6419245eb3b98164ab |
| SHA1 | 6e9de416715166549dc4cac7f0f3ea86f87e84c2 |
| SHA256 | 41e8f6cedfd2d99b01a4888187996994ec29e134ccea4beedaf060bab9673c2b |
| SHA512 | c894d5a4d0ff9cec731516b0ae8546d536dc775bd5d3f15b0599c96c2f326c36c43f3f75ec3178d99b537f199aa7ad428a2778c0bb92532872f92184e603b21d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 12f624be21b48fcc5af85abfa13c93ff |
| SHA1 | 939105c81b85e4d3f9fa8e8755d2a6b5b6cfefdc |
| SHA256 | 20d963f6ab8056db386daa7c140dc02a4ee360e693c92f53357cbdba49206244 |
| SHA512 | a26ac8b2a359686cfbcfaa71d2a1207210a3ebf3e853b5905e95429dfe6dcef9456e857d06a3de7d50647f1d1fb93369aac221fc3116af6a00d5ab45e74aa279 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms
| MD5 | 3915702a6ae7c60d71a16c652690a08d |
| SHA1 | b70c909cff9f5b7bdaa3b5377f067f200fba67d6 |
| SHA256 | 7d1287368f52fa22832f426d9f4423f89c90c6cd6bb7fdd62384c8d937e424c9 |
| SHA512 | 48a5dec0f4be88d3c64ef5c97edc7f99597cd33f86eb72a9a656c4b5fbc462f9cbcde3abd8360bfec8732e510c4d5721853315abeda44b6eeded17ce0421a75d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 22d292440e0baee087d5e1548d8dcd1f |
| SHA1 | 5e5aa1dbed985529ec7c55b36235dafcbf7dc9bc |
| SHA256 | d12b89558144eb13148d94303818fc91bbad99c4977c34c89822c5e3dd03a070 |
| SHA512 | 0a740214982453c8892a9f5ebc778816d90a423376885463983ef72a3ca60f4cc18644e2790b3ce38969306fa0ad212314a5a23783839512185949f16fb9016f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\jumpListCache\aIJ838KxbX4qpTln8T3QRA==.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ee708d1c7f7922ffa8d6cb82585476e2 |
| SHA1 | 45e05558fe69336c599e49b30dcb26a5abe80e6e |
| SHA256 | e5c8fe33b1426cd45a69dda31c4e8959c01189851c1b867a734b65b6502396d2 |
| SHA512 | 864d0c79612a5ad51f360f0f71d0ab6373689c07b5fa2feccca03a6602ce66c812e1482112697937f8b158afb598407b050231d4ecfde65b7002ec90916757a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7d797dd5efca20d6aa4017bbad29cfba |
| SHA1 | dc0736535c95f5e5e05ffffb553ee7bfd16c6340 |
| SHA256 | 52153fa78eff476d28bac68c684eecd24627ab4be10d9facc04525c69d40e02a |
| SHA512 | f6d212a391fd0af8dd144139a5142bc44e1237c63da9a86a0131a54d7903b0c1856a7ba272ff4e9d50dc3d6e7cb48c54c9cc808f86692d913930c2ac7ed843f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8ed99c45cfc4f33628e252e1c96d0463 |
| SHA1 | 01ca57894c4f09adf3c329cd29380916210a7c22 |
| SHA256 | 9efb43e3ed3d84a3b62c24a1965841bea0a6b34435a16433d93092d79dc0600d |
| SHA512 | c27d35f7cf32f24b7e78045a4c97c8df239a01fd55d5ab7942b7cfa5a06d90d96a7a27d9edb4ec7ce227e61572e368444edc1980ddac4c1675c25bb77a4aa676 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 7ed1254ef23fd72a2e8ec7b928c6e178 |
| SHA1 | d1b3126b6a7a3732926261212c8fc3d6a35fd897 |
| SHA256 | d829d70620b6b1dd51c9a8ae3abda85ed30f974797712278577da3a71bb23851 |
| SHA512 | 4fcd703529d5b883c5a01dfaf8719b688e4eb3031d12e1a4057a619d42fbabfebea496583527f84ec046e868f7299580d85d1f120ec179f375fcaeab94bd5dc8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\targeting.snapshot.json
| MD5 | d2b0c9d2b8a9a9e0fd497bb4b74f0e28 |
| SHA1 | 33f3b30639a13a6513b81b3c78a0586e06a652ac |
| SHA256 | ef322b0546afcf1061c395b45e13fbd0d0bf3e7e9ac33450ba58616d21aa1880 |
| SHA512 | 8863b9e28bf3c0114398a35a7f7dcc664552bbd14f10cc0c0dc1966b150d9f46d3b47ee934c612258fc31e79674495f4cf3032d42b35c48b644d12c5b62631e5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\xulstore.json
| MD5 | d4672542ca89f43f07e294bbd3429e74 |
| SHA1 | 7f37ce3b5f59ee5a7624462e3640050ec0264e34 |
| SHA256 | d778d507a0069608bb5a7748649f12cfe71040e2da18501f6ad952454c751d18 |
| SHA512 | b5a3955b3f7baac350be05a6e24de104ce2a3dcd6cb479d199793cec415507e87e7edd52d99a3dde8f615b0c60c6fffb16b9bdf2b1ac8e561cdab7b6a3d3a7c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | aa0c80df61a81a954c2cfa04799390ab |
| SHA1 | 7cfb62e4453cf18a2002f524505eb087331aed7e |
| SHA256 | c750ca15e1abd5ce86fa8d8b131be808923c91a0352e837913cc678d64c8d156 |
| SHA512 | 7c25883acb8dbb85a59dfbe8122a7e94c3e5d127d3f1e84ac7f36871058ad4d1949139e5cae58f3058e0370f3a1f4196f5df48c300e9ff13b91e658142c81821 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-20 17:24
Reported
2024-04-20 17:36
Platform
win11-20240412-en
Max time kernel
600s
Max time network
601s
Command Line
Signatures
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Umbral
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\Auora.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /autoplay" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileCoAuthLib64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe /cci /client=Personal" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\OOBERequestHandler.OOBERequestHandler.1\CLSID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy\CLSID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\ = "IFileSyncClient10" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\OOBERequestHandler.OOBERequestHandler\ = "OOBERequestHandler Class" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\odopen | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ = "IGetLibrariesCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\ = "ILaunchUXInterface" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\ProgID | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32\ = "{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\ProgID\ = "StorageProviderUriSource.StorageProviderUriSource.1" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\TypeLib | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\OOBERequestHandler.OOBERequestHandler | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\ = "IContentProvider" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_CLASSES\ODOPEN\SHELL\OPEN\COMMAND | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\SyncEngineFileInfoProvider.SyncEngineFileInfoProvider\CurVer\ = "SyncEngineFileInfoProvider.SyncEngineFileInfoProvider.1" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\OOBERequestHandler.OOBERequestHandler\CLSID\ = "{94269C4E-071A-4116-90E6-52E557067E4E}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\ = "IAlbumMetadataCallback" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1} | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\ProgID\ = "FileSyncOutOfProcServices.FileSyncOutOfProcServices.1" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\VersionIndependentProgID\ = "BannerNotificationHandler.BannerNotificationHandler" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\WOW6432Node\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\ = "IFileSyncClient5" | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Auora.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Auora.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Auora.exe
"C:\Users\Admin\AppData\Local\Temp\Auora.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\SYSTEM32\attrib.exe
"attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Auora.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Auora.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" os get Caption
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\System32\Wbem\wmic.exe
"wmic" path win32_VideoController get name
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Auora.exe" && pause
C:\Windows\system32\PING.EXE
ping localhost
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Files.docx" /o ""
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gstatic.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| NL | 52.109.89.19:443 | roaming.officeapps.live.com | tcp |
| N/A | 239.255.255.250:3702 | udp | |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | 225.88.219.68.in-addr.arpa | udp |
Files
memory/4144-0-0x000001417A320000-0x000001417A360000-memory.dmp
memory/4144-1-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/4144-2-0x000001417C800000-0x000001417C810000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i1utdhdr.byp.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1708-11-0x000002012A4F0000-0x000002012A512000-memory.dmp
memory/1708-12-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/1708-14-0x0000020111EE0000-0x0000020111EF0000-memory.dmp
memory/1708-13-0x0000020111EE0000-0x0000020111EF0000-memory.dmp
memory/1708-17-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 627073ee3ca9676911bee35548eff2b8 |
| SHA1 | 4c4b68c65e2cab9864b51167d710aa29ebdcff2e |
| SHA256 | 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c |
| SHA512 | 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb |
memory/4088-19-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/4088-20-0x000001A2A5B70000-0x000001A2A5B80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d0a4a3b9a52b8fe3b019f6cd0ef3dad6 |
| SHA1 | fed70ce7834c3b97edbd078eccda1e5effa527cd |
| SHA256 | 21942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31 |
| SHA512 | 1a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b |
memory/4088-30-0x000001A2A5B70000-0x000001A2A5B80000-memory.dmp
memory/4088-31-0x000001A2A5B70000-0x000001A2A5B80000-memory.dmp
memory/4088-33-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/4144-36-0x000001417CAE0000-0x000001417CB56000-memory.dmp
memory/4144-37-0x000001417CB60000-0x000001417CBB0000-memory.dmp
memory/4144-38-0x000001417CA60000-0x000001417CA7E000-memory.dmp
memory/4144-47-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/3408-50-0x000002D735B40000-0x000002D735B50000-memory.dmp
memory/3408-48-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/3408-53-0x000002D735B40000-0x000002D735B50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6bddc96a32b9ed8fc70b141ccf4a39b2 |
| SHA1 | 0f33c0699da40a5eadcec646791cf21cdb0dd7c6 |
| SHA256 | cb3853abe77eb0da8a1caccb49e97a573b6f35570722eb759116a645d724c132 |
| SHA512 | e41f1597b4129b759e4199db195df1c24e47cc47dc9850fab2d48e44bc3d37dc3658fbfbb62332a0b93c552587d7fab09de1634f605faa2209b8470c2a6eaca6 |
memory/3408-64-0x000002D735B40000-0x000002D735B50000-memory.dmp
memory/3408-66-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/3920-72-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 57083a8e45ebe4fd84c7c0f137ec3e21 |
| SHA1 | 857b5ea57f7bcf03cadee122106c6e58792a9b84 |
| SHA256 | f20102c4dc409cad3cdaf7a330c3a18a730a9d7d902b9fbee2a84186cba93d40 |
| SHA512 | 4bbc21c07c05ee1f783242f0fb59324d5ff9ae18bdf892f02980d582fed83380888eeba58e1a6a321507cfd5d4fe82a328a0d3482b29633be4e3ebbeac636f87 |
memory/3920-76-0x0000019FAA020000-0x0000019FAA030000-memory.dmp
memory/3920-78-0x0000019FAA020000-0x0000019FAA030000-memory.dmp
memory/3920-79-0x0000019FAA020000-0x0000019FAA030000-memory.dmp
memory/3920-81-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/4144-84-0x000001417CBB0000-0x000001417CBC2000-memory.dmp
memory/4144-83-0x000001417CAA0000-0x000001417CAAA000-memory.dmp
memory/4728-87-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9db2bc0a0bdfa296036c380393d879e6 |
| SHA1 | 671288bb74f568effac2199c9213cf7e23a31ef9 |
| SHA256 | cce5cc392ad9a82edd35129076da6bb2c3ebe85e158efef8ee7740e9e722c678 |
| SHA512 | a1331966d5669c465ccbfbb588d8e09d295aba56be1e0bc895966da28916bdfb2e3333e24f48a54c68f3c3af0f78ec70cea1e07ec2e2647e154d7dfc4d412fc7 |
memory/4728-97-0x0000024150740000-0x0000024150750000-memory.dmp
memory/4728-99-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/4144-104-0x00007FFD72150000-0x00007FFD72C12000-memory.dmp
memory/1532-105-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-106-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-108-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-107-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-109-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-111-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-112-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-113-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-110-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-114-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-115-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-116-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-117-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-118-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-120-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-121-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-119-0x00007FFD50E10000-0x00007FFD50E20000-memory.dmp
memory/1532-122-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-124-0x00007FFD91DD0000-0x00007FFD91E8D000-memory.dmp
memory/1532-123-0x00007FFD50E10000-0x00007FFD50E20000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 35375f95b1430c8b11ebeb931fba0dda |
| SHA1 | 5122d139ac357db969c191b941bd479ceb9dc59f |
| SHA256 | fd5691afe44306226fa973037fe144c3214867067cf88cb2285394888d959d5b |
| SHA512 | b9043a4d4470ac90f83244a81fad5de8944b83ba1e8ab6bbc7d29fb216c2ded74bf1c7b1ca8c84535b989075660e83f676e273a1b524f9e5dd8e04fee412cc6b |
memory/1532-158-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-159-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-160-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-161-0x00007FFD53030000-0x00007FFD53040000-memory.dmp
memory/1532-162-0x00007FFD92FA0000-0x00007FFD931A9000-memory.dmp
memory/1532-163-0x00007FFD91DD0000-0x00007FFD91E8D000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 8cb702e0a6e0514253e5a293ec06bfb0 |
| SHA1 | d221ec5cfc1f7808827533afc50993f54ede59f4 |
| SHA256 | 6712ceb76d7b598bd73e7cf6eacddab62a67ed8e0febabf9f4fd26f94f5d9532 |
| SHA512 | 70e0c03e124823cb0826c4f9236dcaee883d732b8062f8ea4e26ee3b70142f69164dcdbcec74c1b1ca3cf07cc05055156b3a8b192b10759d00a18e272a3332a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 002a548bd7311e3171689d577cd2ea34 |
| SHA1 | 28439cbee475bed74fa2054c74bc18a879622b97 |
| SHA256 | 0057b81f3c09f24f605b25d130a90b6ea4c3a60c00afa8950fafa122c54af55c |
| SHA512 | 46963e6cbd0bedd8f6a406e40908128f2204889fd2d5e3a87ad3e1cdd868d691ad5f6af5648394d1bfebb1f9c8c649645fd9d9fb120718d30078de0e58f8da6f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\20OIFLVL\update100[2].xml
| MD5 | 53244e542ddf6d280a2b03e28f0646b7 |
| SHA1 | d9925f810a95880c92974549deead18d56f19c37 |
| SHA256 | 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d |
| SHA512 | 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
| MD5 | af28f927a82be941b0508ae0c893f364 |
| SHA1 | d0babd73a22a6e3ccadd024409abe1c9a432da1c |
| SHA256 | a7c2a643c3dc4d5754c47ed84b1e33b769a663f96ac580930a3c8715c4b5a4ea |
| SHA512 | 12d508e5b434f14c62ed2e6bf285f37c6bd123f5405f854160ceef9a8c0bc51479f91aeda37b65d96aed96665fd3ec37b924b3b2ac2867c6a3a4902a33e3499d |