Analysis Overview
SHA256
37cd90d1f0591d1b80ac337fda767da566a41e86de8f1ebf9cf12419865563e2
Threat Level: Shows suspicious behavior
The file Screenshot_669.png was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: MapViewOfSection
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Checks processor information in registry
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 19:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 19:06
Reported
2024-05-27 19:09
Platform
win10-20240404-en
Max time kernel
128s
Max time network
137s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\J: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\unregmp2.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\unregmp2.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-0876022 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8e6db95969b0da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ea9af65969b0da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packag = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Screenshot_669.png
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.0.2142032419\681885644" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1da0d01b-c6e4-423f-89c2-54fb1a2ffea2} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 1796 1ba46dd8a58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.1.805141899\298033704" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc45cbc9-2165-4c8b-ba85-976678260f33} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 2152 1ba3bb72558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.2.2147028412\1079500831" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3024 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f225f387-3a60-479c-a146-e8fdaa5c784d} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 2996 1ba46d5cb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.3.1539832661\2038680017" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45052f5d-027f-4893-8b6e-7770c8c64151} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3536 1ba3bb62b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.4.1118984791\376083299" -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3300 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e85c8732-8a29-4102-ae7a-ae16c8aa0dbf} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3896 1ba4b3c4758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.5.1129974136\14621525" -childID 4 -isForBrowser -prefsHandle 4932 -prefMapHandle 4768 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a29e3da-3c6d-4482-9788-8825d00adcee} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4596 1ba4df9de58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.6.1246488677\663933885" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94b52b54-e648-46e8-866a-64aabee90801} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3532 1ba4df9e158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.7.1246496987\599212798" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22dbae7a-9f89-485c-a280-cd9cb8e064ce} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 5180 1ba4df9db58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.8.130921710\121774774" -childID 7 -isForBrowser -prefsHandle 5384 -prefMapHandle 5392 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bbe088e-0b20-4465-982e-66e50376dccc} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 5376 1ba3bb66b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.9.1308446641\2123261126" -childID 8 -isForBrowser -prefsHandle 4452 -prefMapHandle 4496 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3649397c-026e-407b-acfe-69317634391a} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4540 1ba46d0c958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.10.924717105\1049638565" -parentBuildID 20221007134813 -prefsHandle 5828 -prefMapHandle 5028 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f7ab4b-7d98-4b1b-a1c2-3e118c439bff} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4620 1ba4bed2858 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.11.462798372\920789521" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5840 -prefMapHandle 5852 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cebf709c-1c4c-4dd4-8fa3-6d62bf13bb7b} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 5944 1ba4c110458 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.12.118873210\400280486" -childID 9 -isForBrowser -prefsHandle 6104 -prefMapHandle 6100 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cacfb3f7-fc71-4f43-b5f4-967bb32662b0} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 6112 1ba4bb10458 tab
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\System32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.0.711185369\1095834317" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1692 -prefsLen 20871 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3237ea38-1f81-4b6c-90c0-332f623910ec} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 1796 29dd57b9758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.1.1445675566\2080464002" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 20952 -prefMapSize 233543 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2142d5e7-f7e9-4661-88fd-30e290767872} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 2136 29dc2c72e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.2.1585238565\1184136273" -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 3228 -prefsLen 21055 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca5d78d-0d93-42c2-9dcd-61eb8c195abe} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 3240 29dd8f9e558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.3.1748716395\1742114691" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a85e327-7b36-4462-86a4-983022f9536b} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 3168 29dd9ff6358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.4.2014976336\567643322" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0eb0ba9-0c3b-4d10-a73f-b4d59764c7e1} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 4132 29ddb3cf558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.5.1601636317\1392774316" -childID 4 -isForBrowser -prefsHandle 4500 -prefMapHandle 4496 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fabe7dff-ee1f-42d2-a8b3-d4de5e7702cd} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 4456 29ddb3d2558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.6.1302763117\384229563" -childID 5 -isForBrowser -prefsHandle 4608 -prefMapHandle 4612 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b384c7a9-96d1-4309-970b-d6e4e995abc4} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 4596 29ddb3d0a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.7.264903907\494217015" -childID 6 -isForBrowser -prefsHandle 4812 -prefMapHandle 4816 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b6ac049-6cb0-487b-91b2-de1c6adbddca} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 4800 29ddb3d1658 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49783 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.230.111.112:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 112.111.230.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49789 | tcp | |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 216.58.214.174:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| FR | 216.58.214.174:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 118.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redir.metaservices.microsoft.com | udp |
| US | 2.17.251.36:80 | redir.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | onlinestores.metaservices.microsoft.com | udp |
| BE | 2.17.107.65:80 | onlinestores.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | 36.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:50310 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:50325 | tcp | |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 9fcff1cd11de776f8071930e062a4f7f |
| SHA1 | 23ae5a83f330676392560da2681f98acd43bdba4 |
| SHA256 | 4c65f7ec9e0d653192a1ea56315db68cf2b5b432b5c599715bc2e330c9043d60 |
| SHA512 | 87fed97200e01a30c8e63a0dddb4edc95ecdf9472df18c55de2cdd16bca1ac20eba7e826939b9e98a4d07a79a3a7ffff68a6fbfc3d8a33da4ad2a8ef1494203d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\3a50357d-ffdc-4d8a-830c-2f0dcf998b46
| MD5 | 631264f3b45d70ba4d5039a25cf5523f |
| SHA1 | 02dae4add63f8e823aa99e8aace34170c1bde041 |
| SHA256 | 9805758a44828cfa7364ce00d523fc0340d79217630500c7051889ad6a8c854a |
| SHA512 | dd7eabe1bab3d5cfba27e6745e3900a0e24b36b75a47e2690575a9a76e3f0beeaf52956fe38da485c3370cb88a2f4fa7cda222462ccf9098cb7f97483fc0e3fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\9883389b-bce2-4321-a3c9-3ddc5565b319
| MD5 | 59f86240e182d6cb8251bd75d707d0bf |
| SHA1 | 95df80ada930ac638042c88d0593cf96d35f165d |
| SHA256 | d80c16b515e2f930a7285665887234c79e156a2eb7e0b5fdf7b7003b3abc33bc |
| SHA512 | 7ce074343d434413891ab041588d7cb84efb710f991cd1a7f1861ec55c9ac7414dae97f99ac0d91de6a6c4aa82bcb5c067bae0d9ecd5195f96cd3cc806b3712d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | f0140613bb83309e55ecc5bc69b6df0e |
| SHA1 | 42514dcacda926be0b9a5ea5ee2a58569702384c |
| SHA256 | ca418d968fd51fe17787ae7d38ec11d83601a19abc94c589e2ffd7040ae4a751 |
| SHA512 | 84a96e66bc39ca0e01f35ddca0f96ce17b5d0e454a942a091f5632b3efb042963c4fd908d30189091f6614d30a3e4755cd479a47ed1db71c3bf93360249b3731 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | a817af6d1f2010b2125ac7ad10f17d1d |
| SHA1 | 9d7648f8fd42d727be53810f99e326bc51ea4546 |
| SHA256 | 0e4d138643de853c0745bc3d23c5bebb8d644d0ef0523aaf9255af2ea820615a |
| SHA512 | ae8894761f8c0bd6f430935868be0e70749491c1bf72341366398865c01e498bfc48a6e5d61adb0b5d78de06ba0637b978573020b93c60edc14b6e210ffff0f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 637e42544bf4e4e5c858d87fceb302a2 |
| SHA1 | 1d747ea0d89437cd39d02c76ed70df3b7c505ee1 |
| SHA256 | 5a519846989ec4eed303d9fe8b5554410b502177bb6b4199c6cf25290a4913c2 |
| SHA512 | bde691d8015773707c4445155ba1ad419033c335bb11ca325b9c249e8aed83fefd096bab28806213ad368508e2a5be362c4a5a8038dae40246a8bf0a246cb8cb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | c44e440cc0a6c6e3d0180d143e544b78 |
| SHA1 | fa3e245256b750c1916ac0ab4dde550dba44952f |
| SHA256 | d05643ac29dd48f77bee2d66efb2ccc99d2266f6356f7b1bbc72de55ef01bb38 |
| SHA512 | 23bab00c3ec99c7749da70da3f456b7653305a5a40872971fd2e8c0805ea4e9f172f6f89dc5782c67e4f630a5dba5af2ea2c84d988437bd51bf8e430d2f61c4d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 08e0ecd7697ffefdfe4a90cdf45eb3af |
| SHA1 | ef9eba1483b74f7972f6bb222c771c9bd5130a34 |
| SHA256 | e88238ad174aede1cd7dde423927860341501fe567bd801b067c4c6143be103b |
| SHA512 | acce093493a29fe14318a38ed74c00510c3804e6b9ee1ed434eeda5e452689ebd65c49748d1ac7a84ceb7a502b173f35f8e6769868b966a8f74b4d5d98de0c65 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\cache\morgue\11\{bd17c7a9-6bea-4906-9103-9893583e210b}.final
| MD5 | 2a252393b98be6348c4ba18003cc3471 |
| SHA1 | 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598 |
| SHA256 | 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee |
| SHA512 | 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\idb\3265427339yCt7-%iCt7-%r8e9sfp2o.sqlite
| MD5 | 2a286d4b6d43df6aa5b27ba753a27083 |
| SHA1 | 2b3453f760c96a9b64a09083483576d3c37c7b08 |
| SHA256 | 5c21fed5eba985da547e6775ab4a3fcf540bbd36d01e53ef3792a893a8636a97 |
| SHA512 | a670973b4cdc57e40bd7011dacce9cc1547e2e4f79b34ca97d4e0d29cd88e3cdf6b3818b3b6be335bd250f13dbd2e0a58162e5e6ded16b1d26eed17ae1123fa7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4
| MD5 | 634c4b38460a8ffa3ea48360cdc1ec01 |
| SHA1 | 07fe78fbef8f615c744285c52962a2647252b66e |
| SHA256 | 824ea6e199b14d140493929ce5dbe82092f6721ef3a9f1c4c3df5fbdd5142041 |
| SHA512 | d116ce7f56469cd6c91a5a11198ef0f2bf461095f77ccb7f20a1f992a41d9335701bb4465b14142771a01873909ab6ae82b3846f65c2c95b5612992091e33a5b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp
| MD5 | 700fe59d2eb10b8cd28525fcc46bc0cc |
| SHA1 | 339badf0e1eba5332bff317d7cf8a41d5860390d |
| SHA256 | 4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea |
| SHA512 | 3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4 |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 308a73e186f10bb0fb97d842cccfb12d |
| SHA1 | 56589e38922f32ca1599e1807e76343edf5f44cc |
| SHA256 | 9de8dc3c6d2330ef1feeedbff656698ce2ae80b924633fe784c8582d9e343cc7 |
| SHA512 | 2abd28310750ea6bd9859852355ee6b364c3c4096d6edd8a466f5d26bb839beb2e5bcab81a1e4fc9eb06859279fe811475d3d53083ce977c28e58847e01339ab |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 98df921f667bf303621c789390ed9f2e |
| SHA1 | d9c82e51534cf1c2eb5a255286de6a09ca364d1a |
| SHA256 | 8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3 |
| SHA512 | 58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796 |
C:\Users\Admin\AppData\Local\Temp\tmp68671.WMC\allservices.xml
| MD5 | df03e65b8e082f24dab09c57bc9c6241 |
| SHA1 | 6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf |
| SHA256 | 155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba |
| SHA512 | ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99 |
C:\Users\Admin\Desktop\StartRepair.ico
| MD5 | 32f6d302dd0a4b736f592ab69738aebc |
| SHA1 | 7f2f7f50a45cab253fef265701c560896f014d4e |
| SHA256 | cf9726b559d375ddf1c8dc3fbe6f97cd6fd352c7050b2975a8571773e8d8d705 |
| SHA512 | 9c585bb0041cd9d56c4d358b3922117fbe25423b888fb3a6b54bb141f0b11aba90df33bab81aafabefe81a374e8804eada5e1ad99484c4ade284c7e9ef8c6e18 |
C:\Users\Admin\Desktop\SwitchDisconnect.pptm
| MD5 | 41c922e524bf33f91426616c4e898ee0 |
| SHA1 | 81bdea82f7ab62fd3bb039c7e001764048052795 |
| SHA256 | ff81c47a7401446a043907a10099f554851adb7306c2cabea1ab89f88791e4f1 |
| SHA512 | a051576de3be2a208c79812e64240c29ea8ce7a2a8d56d5b6e3159ef0bed2e83fb5c0edb180b93c4e2b92d5f221e8381090a47f0b3646e6b47020b05c99b250c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | ef7710d2d51bef422f4a1aa7426218c3 |
| SHA1 | 2a9cd72980b5fcd7dd76ba30d6f966b3725ccd6a |
| SHA256 | 41ebb5e7d9e46602420ed9d9e0206842b565e0f9bffaffedb11fe7a9b34c5c11 |
| SHA512 | 62bc8ef3ea11f142d82020f0eda04408a80324170ded5a46f0d9ff360b06ee0bbcef0e7e96676fdbe93113ca8b3f993f3e42301120b287cdbdaf9c4bcf6e3743 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\startupCache\scriptCache.bin
| MD5 | 83f257c1400d958be29329f7da8c3ebe |
| SHA1 | b22050c7cf522d5232c29e30715b76c08e4be168 |
| SHA256 | e8ac78cd24c344d73b6d77138c583efc721a9a2dc791f337d593c6123ef0bde3 |
| SHA512 | 42b2906e8d06d88b7647ab4c89bcfe701bae5ae21a135ee308eaea6c0306be6a019f715cd06f613f969d3723c1c10647a0ee9500257bb03b446fd1c33171b3db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\xulstore.json
| MD5 | 05e1ddb4298be4c948c3ae839859c3e9 |
| SHA1 | ea9195602eeed8d06644026809e07b3ad29335e5 |
| SHA256 | 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be |
| SHA512 | 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\startupCache\urlCache.bin
| MD5 | 7d0a6c9c1bf7c542de9c50793c00ac0a |
| SHA1 | ae53836b8f2451c63b1438a5811b4f0f6b497813 |
| SHA256 | ec8a26b5da6ff640f90dbccfe2daeb2f984f8caf4710df2d64bf7ac989a1441c |
| SHA512 | 05706e5b1234d657438d466962d69c96c5f39ca18ae591c0a0d682e571cd1cb26cf1fd85cab52ff28df59bf727ec1545be2871e1361bff30157558d324e96c83 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cookies.sqlite
| MD5 | 302115dabeca30b1db4cd9aa0914209d |
| SHA1 | c0551568e1a0eaf47648ed8a082944272f839713 |
| SHA256 | e629af49e28385f932d28f2c1b7c98977f4dc7c949e567aa168ea1da92af574b |
| SHA512 | e0abc35ca6979d3e6208693309636a0d03720a7b24e5416c2a91269a6327eb7a96e22e99240eb2f9466b535098c2531262b2db77aec1192d2059d134599d928a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json
| MD5 | 6b77a9f779399e95d1cee931a2c8f8ff |
| SHA1 | 826efd4feb0d50fcce5696111af7c811b81adcd9 |
| SHA256 | 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3 |
| SHA512 | ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\permissions.sqlite
| MD5 | 00e28365345074ccb475ee6b920ce17f |
| SHA1 | 04617057809d38820ca89ecc7f6d1052f095e280 |
| SHA256 | 4a435c8eff48fed75e9ad2a483df3d7c5cd3f7a22bd9a4d82570024a0a1124c6 |
| SHA512 | f0f58b99331a3580f6570342a82d851e7e14f2594dfac8227769383bb1fde22e9b85e35c6791ee473659ae0a958d5ae435b6af17a7970263ff0f31e794058b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage.sqlite
| MD5 | f3ef789d1431b684774ecbb5f4d9c0c9 |
| SHA1 | 9b7bbe31b5b25ca799fbb43e5aaf7da59a5a74b8 |
| SHA256 | 0ddbabf403e90454eb41b1aedcc2a0ff91d6190a8301949e510739de96f9093c |
| SHA512 | 1b699e89749a1b36df517b9e985e519f9f3c0815adf70d542dd2ac979305d4d65d4989a8ab4400a90e5f2f904312f23ab4ddfe9950d2e3bd7f848207e22e565e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cert9.db
| MD5 | 37610b8ae7d46b26250b4c5faafe3603 |
| SHA1 | 1b07d30b33b2025dc7f202c5423b841796a47fa4 |
| SHA256 | c40bdd555673eab6cd861bcd7cc3b0f47a1796e338ad0ceabe49dfdbb6978742 |
| SHA512 | d7dd264b3174f4f66d17ba43839a41f43f4cf10b1484b1e1cf350a8482f9dfd6c0a9345a320a735d3b33607e4bf9bcd132691b17f2ebca488d35278cce942cc3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\SiteSecurityServiceState.txt
| MD5 | c4c6d8ee5c78e0a6a368ca349e01a3b0 |
| SHA1 | efc5965e17a6dcd1954c2149b1dc5dddc0f1f637 |
| SHA256 | 6bebea058a08803e275b7e3435d41b8df7dcaae213690c4eef24b8f57c52adfd |
| SHA512 | 2c0f41fd9f8efa28f63f38a729ac9d6929b22eba3d38e7dadd4415531ec1e09a85f0f9f222625f1e1e19d95e793d4b44da97c18200731f5302eab47367928cd2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 1d6ec695ec51166f0f2be27dc58d271f |
| SHA1 | a0c551a10bf58fe4fb851d42df9bd02e5ae6e380 |
| SHA256 | 5480bd50f39b04454f2d02bd2717d004d798655e5f10585d2441f6c18c2a6d3e |
| SHA512 | 4a621d0f6bade8429e2b48bbb059e2e3885a9427b8e5b5621fe08bb0813c1b93f2ee2520976896929f720ebe412599463c25460469b27c607d282e14dd1f24d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 9a9033b42a7fcb91cb22143950a3ffd6 |
| SHA1 | db9d9e46d83a134c39c7ff7d6b07e89d09c763fa |
| SHA256 | 12575381a56277f506577ae73d3c4dd9f2615265bc2fc93a237d9ea5df2dfc59 |
| SHA512 | 1cdf900a2aa072ca849e85cf2308fb38e459e81768d6abddafb7648f471f282cf66f40c819b04e5a882d93b1f492486a915e1ec893a0d24eb43a303bf8afa717 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\favicons.sqlite
| MD5 | 2ab772b122b85998b6b33d6571a204ed |
| SHA1 | 7f90f82112d15ed4ddc7b31c18758e4a507afff2 |
| SHA256 | e088627b81f14b2ef39f8d156091fd47f51abb338a2fa4c0a64db03a53472929 |
| SHA512 | fa4dd83ee4bf7b81797cb40df100f1397c38d7846c60789075ee1a34c00909d3e27bd0b96f35a519f80d023673e5ef71e882b0eac763cd7701696a5b8dea330b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\places.sqlite
| MD5 | cb45818750ff0b6e49c29b6d85a2f98d |
| SHA1 | 9a705e54281466ceb8b1767efcf72a355ac02643 |
| SHA256 | 4ed4446577f044eb9fd6ebadf59f1bbeb57c51757f497fc63fc76cf1a4ccfa70 |
| SHA512 | 1b217b1c66cadc7c8debf690e2b980dd38abc06b5f18b1609b529319204f08e591bc9ea30de8a6cbebe3b72e96bbe10fa609021ecf91c4b4c59fa6967d53df0e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\AlternateServices.txt
| MD5 | ed4dea7d6ee28685aa96620612af1c3a |
| SHA1 | 5942a53ddc4748ce6e7c883a8cd267a4e433f243 |
| SHA256 | bcdfb03680242c6a3632e70bd5448166d278a281eaed05d3e33429c13e9c8ae7 |
| SHA512 | f6adb226b5218bb09fdaeeafbc2f18bb75361973cd68163bfd9ae9767d760afe8c4e5af587c9caac5b420d7a4bd873d4953db40b324b2bccf325c9599c1433fa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 156bfc99633d64f3dc967623fd824b04 |
| SHA1 | b3b348dcadfb68539ea65a1791045b973b36154d |
| SHA256 | 7c64fc4997de50c18337e79e7eba1b6588ca449a06bb8312dc5211bf4d52e078 |
| SHA512 | a992e4d7e5c08823555ade70bad2516307a7e0400c1a5da248f59273d966fc5608f245fe4b30b31667ba06f9b5df5d4ac70ff238580977bccf45939e1a8134f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\ec0e80a5-b613-4297-9f6b-fb365433fb2a
| MD5 | b85688d8c5f9f1873f08b70c8eb2b7c3 |
| SHA1 | 20849a3d50e36e5a8f4d1c2ba85f929172316a8e |
| SHA256 | 0676d574c2abd0a5dc10b0fdc1b05e855c51a58f60d89611bb087ee9bb127d05 |
| SHA512 | a8b62d7362027ee4062bc6bf18b68ddb9e0fade252bd7594890ecb5347812cf75bde7bfbfd8b0074d5d0259def6e7a5c49087a9f8ebfb4bfc0e7763bff47a400 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\e7ac4fae-1c2e-4756-8c49-b1a06af3aa9d
| MD5 | 5883e2c9de03e9724ac4c14055c179a0 |
| SHA1 | 6d70b4b6c40b6394f07206e228d41a066f4c7896 |
| SHA256 | 372d1920a05ec99f6e5813e216f5b153231ef1ac947112ea288b91d61d257610 |
| SHA512 | e541fd4cc3db9ed809a118bc5715ff121724f9bce8423bf387afb15b10f00a0f03b87e6e09fd091702a01a8e06214cec4edf3a364414bd6a6e475249911110f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\protections.sqlite
| MD5 | deeced8825e857ead7ba3784966be7be |
| SHA1 | e72a09807d97d0aeb8baedd537f2489306e25490 |
| SHA256 | b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54 |
| SHA512 | 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\events\events
| MD5 | 43fd170218cc927a3474d69fd69e45d5 |
| SHA1 | 867c5f23568101298fa173ccd586226ecaf70bec |
| SHA256 | 94b5429cba41fe6de17b87ccc59e76120aeaa1a644c0553879e6583736e04c97 |
| SHA512 | 039c7eb4cfca2175f4b159304a476b772c5ec933e91ecdccc90ae81635a90d844fcf6e38eb11a778ecc9e528a9b9ab00b11f69079e75e7f20789522011f16129 |
memory/6052-623-0x0000022E07920000-0x0000022E07930000-memory.dmp
memory/6052-607-0x0000022E07820000-0x0000022E07830000-memory.dmp
memory/6052-642-0x0000022E04AE0000-0x0000022E04AE2000-memory.dmp
memory/4356-654-0x000001D2A6080000-0x000001D2A6180000-memory.dmp
memory/4356-652-0x000001D2A6080000-0x000001D2A6180000-memory.dmp
memory/4356-653-0x000001D2A6080000-0x000001D2A6180000-memory.dmp
memory/4740-659-0x0000026B31130000-0x0000026B31230000-memory.dmp
memory/4740-666-0x0000026B419E0000-0x0000026B419E2000-memory.dmp
memory/4740-674-0x0000026B41C00000-0x0000026B41C02000-memory.dmp
memory/4740-672-0x0000026B41BE0000-0x0000026B41BE2000-memory.dmp
memory/4740-670-0x0000026B41B20000-0x0000026B41B22000-memory.dmp
memory/4740-668-0x0000026B41B00000-0x0000026B41B02000-memory.dmp
memory/4740-664-0x0000026B419C0000-0x0000026B419C2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1edfb9a182c23c867632563c13be6b0b |
| SHA1 | 4e9305d2d8b0c9420bab3ec238ed246804933a46 |
| SHA256 | 22ebe0b3c7bddb34389dcbba048cf93739e5cb6f190b640eb57d638d43dd2bab |
| SHA512 | f02030a9200c0c96f5b0eb53c7c5976e4f0950e2f5dbb56cc57f026a56f71e7e857ab8e10941436b1d26994920f5563f438015cd458b3e1b8fcb089ce4dcb0a2 |
memory/6052-699-0x0000022E06B20000-0x0000022E06B22000-memory.dmp
memory/6052-702-0x0000022E04D10000-0x0000022E04D11000-memory.dmp
memory/6052-706-0x0000022E04AD0000-0x0000022E04AD1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF0D1D22F016C415B2.TMP
| MD5 | d147dc1e7531b845694a0366ace1f4e7 |
| SHA1 | 0c3120ce43d7f950f4589aedf7ccc810e468c892 |
| SHA256 | 99d264af5289dd3ea2d9ac547b6e19636d4711a07f0c53ba284cde06a71a8aab |
| SHA512 | feb7904e6f5e528bc323fc5797da923fadf77593dc6c8730cbf72bf1616b02cf960fab683fb5e5e91ffacc57a00383ecf6a1ba0432cc1127fac353f6103e6f0c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | 8e9d0368b34aa5d4b726fafb2b5dd314 |
| SHA1 | da2808cc67f999a62b1f1adcdc7e34e1b4074028 |
| SHA256 | cdfb708756a2cafc5aa8d79c089e3f8a5c75dd9daefe509be6824bbbf7a86f0b |
| SHA512 | f4b9c5b317bb654cbfcdb70c9faf036601f0324b09cfb2c5dfecae8e4bb4eda7d26212148944625a26a2b1244b80c3eb16ad57f5fdac04f7d115897f589c4c6b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | 857c213810c165965e6376b414286559 |
| SHA1 | c0b96d99f585f620b3d071258f80d73d15b82f76 |
| SHA256 | e46ff7abcbc5a5ef3fa29aee6077fc78d09884154206a49f3c6d8f0a7d48f166 |
| SHA512 | 95297ce24c035ff4287c63ebb7367ce18e9d3a38fe3a82e1ce374b00d13aaa9a77e9b51cfac1f79375be8bfa4b741edafd738a724e91d1dba62bc755a08d77f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d0fde98af85e77f7f2f63b37174e2a54 |
| SHA1 | eda5d4f3474c3a7496c3d6d50dbf6ec35caae7b2 |
| SHA256 | 621a7f71287fb1c13caf48b8cfcb8dd12aa5b0420ef20a217b2022c4261807fc |
| SHA512 | 5dd120c327e80104e1f5419003dabae7ebb04b1aa536f3f001b6e39db2f865846a489fb5e95ee75348ce25e033f05c5579c74c25f30bb8392a27d943555b5f7a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4
| MD5 | 1aef34c490c564b2a5859ea059de9d04 |
| SHA1 | 262cd41d3b97cee3bf44ec83c2ba1995afb18069 |
| SHA256 | 6157da92aa50a386bf00c779b8e8379d34572d87b2138f4d9e280692d1a88dda |
| SHA512 | cf310a7f26a4cd9407a1937cfd538820d86c8c7ba13ec2f29c9bea60621f2a56cc93afd46009650ffdc52954d3f7e66efb0ca4d4daa9438e92f2750a0866cfdf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |