Malware Analysis Report

2024-10-16 07:01

Sample ID 240610-m5gztsha38
Target PS5Emux_v1.1.0.zip
SHA256 8c9f450453ece5ce1a01b2867c7e4e85be29ae8ef4430c095019d87d40361b96
Tags
evasion execution themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8c9f450453ece5ce1a01b2867c7e4e85be29ae8ef4430c095019d87d40361b96

Threat Level: Known bad

The file PS5Emux_v1.1.0.zip was found to be: Known bad.

Malicious Activity Summary

evasion execution themida trojan

Suspicious use of NtCreateUserProcessOtherParentProcess

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Executes dropped EXE

Themida packer

Checks BIOS information in registry

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

NTFS ADS

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Creates scheduled task(s)

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 11:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 11:02

Reported

2024-06-10 11:48

Platform

win10-20240404-en

Max time kernel

2699s

Max time network

2700s

Command Line

C:\Windows\Explorer.EXE

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "424782958" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a036d2a27bbda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 70279c8f59bbda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "424799555" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\PS5Emux_v1.1.0.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4836 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 1924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 1924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3596 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\installer.zip

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.0.1362229611\2067093121" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3ec9c0a-5969-47df-a65a-76f346190c06} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 1784 1aa790d8d58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.1.141213498\1045293520" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3501a295-067b-404b-9898-00bf15531086} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 2136 1aa7900a258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.2.2005470433\435042749" -childID 1 -isForBrowser -prefsHandle 2684 -prefMapHandle 2672 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d01a3a8-8f02-4f81-ae55-8a5f5a5fb4c0} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 2688 1aa7d29ac58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.3.112993536\114274111" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b0d4304-e2dc-4ea1-95fc-0ca462ddd491} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 3524 1aa6e061f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.4.1444741014\1947383502" -childID 3 -isForBrowser -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {005b39e1-9d5c-4f8e-88f6-109d48f8a2d1} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4092 1aa7f0c1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.5.738339743\1687025953" -childID 4 -isForBrowser -prefsHandle 4876 -prefMapHandle 4872 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e8d16ea-dec5-4068-84fe-b658984d38d3} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4888 1aa7f914a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.6.152115006\1081603173" -childID 5 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25068084-0274-4d0d-a3a0-2c7ce64599de} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5108 1aa7ff12a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.7.1754048219\1968505025" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6ee493a-8b18-46ec-a401-9ea54d50d5fb} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5216 1aa7ff11858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.8.73512044\686000419" -childID 7 -isForBrowser -prefsHandle 5464 -prefMapHandle 2716 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecc3ff33-1050-48cd-b24e-f3f11d948235} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 3048 1aa7d28dc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.9.336359825\934797098" -parentBuildID 20221007134813 -prefsHandle 5780 -prefMapHandle 1548 -prefsLen 26786 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2862bc6e-a515-473b-8964-6f99858127fe} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4772 1aa80e7fa58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.10.1516918296\1842355595" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 26786 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eccea4d-6745-426f-99c5-c6ea95d26a53} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4672 1aa80e80058 utility

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x244

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.11.1847276172\557045104" -childID 8 -isForBrowser -prefsHandle 5760 -prefMapHandle 6092 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c34466e4-0750-435a-912d-3d03e7187292} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5012 1aa81836958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.12.1232037655\1148561348" -childID 9 -isForBrowser -prefsHandle 5324 -prefMapHandle 5332 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {670614b6-a198-4794-b15a-33d11172b88f} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5320 1aa82525a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.13.667299404\1005674351" -childID 10 -isForBrowser -prefsHandle 6860 -prefMapHandle 6712 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ef7fc61-baeb-4a71-b518-cddf939995b0} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5340 1aa7f30bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.14.255970986\1337315728" -childID 11 -isForBrowser -prefsHandle 7040 -prefMapHandle 5452 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c2f33b3-930e-48c9-b609-a544d169d7bc} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 6860 1aa83103b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.15.264250758\1914418623" -childID 12 -isForBrowser -prefsHandle 5364 -prefMapHandle 7144 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5e07fbe-b2a4-4c6e-8ea2-9088d26da84b} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4972 1aa83206a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.16.785779392\260302397" -childID 13 -isForBrowser -prefsHandle 5320 -prefMapHandle 7140 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ac88bd3-5275-4b26-9d5f-e9da3da053ac} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 6772 1aa836bcb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.17.1192960735\1289120262" -childID 14 -isForBrowser -prefsHandle 6148 -prefMapHandle 6712 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96e8b4d1-c128-4bb2-9c8a-af7a189f8205} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 11288 1aa82569258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.18.915840476\708316111" -childID 15 -isForBrowser -prefsHandle 7296 -prefMapHandle 7380 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e30d8730-b031-4e46-9e2a-a34c0511da79} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 7328 1aa8271cd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.19.515879692\289546119" -childID 16 -isForBrowser -prefsHandle 7172 -prefMapHandle 7392 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5b7d17c-33cc-40f7-a595-6caec65755f8} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 7412 1aa836bc558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.20.438871351\1121128234" -childID 17 -isForBrowser -prefsHandle 6052 -prefMapHandle 6048 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3e9dbdf-0122-406a-8fc8-5c95d946d536} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 6572 1aa82d9cd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.21.1278678332\1423834212" -childID 18 -isForBrowser -prefsHandle 6680 -prefMapHandle 6768 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0bbb948-d8d5-4e87-88ee-b865ce278900} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 6908 1aa6e05fb58 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\installer\" -spe -an -ai#7zMap196:76:7zEvent17034

C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe

"C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -WindowStyle Hidden Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -WindowStyle Hidden Add-MpPreference -ExclusionPath @('C:\Users\Admin\AppData\Roaming\SystemCacheUL', 'C:\Windows\explorer.exe'); Start-Sleep 15; New-Item -ItemType Directory -Path 'C:\Users\Admin\AppData\Roaming\SystemCacheUL' -Force; Start-Process 'C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe'

C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe

"C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /delete /f /tn "System Cache Cleaner UL"

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /create /f /tn "System Cache Cleaner UL" /xml "C:\Users\Admin\AppData\Local\Temp\mlnpptvckigg.xml"

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.22.1131961349\2146119121" -childID 19 -isForBrowser -prefsHandle 6136 -prefMapHandle 1456 -prefsLen 27587 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d331591-24df-4209-9fcb-304b952cdf8a} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 7136 1aa83507658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.23.230416125\1282000252" -childID 20 -isForBrowser -prefsHandle 6768 -prefMapHandle 11040 -prefsLen 27587 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fadca812-10a4-4c6d-bae6-a1d195dd2657} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5764 1aa830acd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.24.345642396\1088103729" -childID 21 -isForBrowser -prefsHandle 6728 -prefMapHandle 6804 -prefsLen 27587 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b69b61fb-5e88-4c26-a16f-b515a3e3fc8d} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 11168 1aa6e065c58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
N/A 127.0.0.1:49757 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 44.232.194.163:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49763 tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 156.133.100.95.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
BE 88.221.83.224:443 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
BE 88.221.83.224:443 e86303.dscx.akamaiedge.net tcp
US 8.8.8.8:53 224.83.221.88.in-addr.arpa udp
BE 88.221.83.224:443 e86303.dscx.akamaiedge.net udp
BE 88.221.83.224:443 e86303.dscx.akamaiedge.net udp
BE 88.221.83.224:443 e86303.dscx.akamaiedge.net tcp
BE 88.221.83.224:443 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 r.bing.com udp
BE 2.17.107.99:443 r.bing.com tcp
BE 2.17.107.99:443 r.bing.com tcp
BE 2.17.107.99:443 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
BE 2.17.107.122:443 th.bing.com tcp
BE 2.17.107.122:443 th.bing.com tcp
BE 2.17.107.122:443 th.bing.com tcp
BE 2.17.107.122:443 th.bing.com tcp
BE 2.17.107.122:443 th.bing.com tcp
BE 2.17.107.122:443 th.bing.com tcp
US 8.8.8.8:53 122.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 99.107.17.2.in-addr.arpa udp
BE 2.17.107.122:443 th.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.tm.ak.prd.aadg.akadns.net udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.akadns.net udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 e-0001.e-msedge.net udp
US 8.8.8.8:53 e-0001.e-msedge.net udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.akadns.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.akadns.net udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 psemux.com udp
US 104.21.44.72:443 psemux.com tcp
US 8.8.8.8:53 psemux.com udp
US 8.8.8.8:53 psemux.com udp
US 8.8.8.8:53 72.44.21.104.in-addr.arpa udp
US 104.21.44.72:443 psemux.com udp
US 8.8.8.8:53 d1rozh26tys225.cloudfront.net udp
US 3.164.160.179:443 d1rozh26tys225.cloudfront.net tcp
US 3.164.160.179:443 d1rozh26tys225.cloudfront.net tcp
US 8.8.8.8:53 d1rozh26tys225.cloudfront.net udp
US 8.8.8.8:53 d1rozh26tys225.cloudfront.net udp
US 8.8.8.8:53 179.160.164.3.in-addr.arpa udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 droitthemes.com udp
US 8.8.8.8:53 use.typekit.net udp
US 192.250.235.16:443 droitthemes.com tcp
US 192.250.235.16:443 droitthemes.com tcp
US 192.250.235.16:443 droitthemes.com tcp
US 192.250.235.16:443 droitthemes.com tcp
US 8.8.8.8:53 droitthemes.com udp
US 2.22.144.96:443 use.typekit.net tcp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
US 8.8.8.8:53 droitthemes.com udp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
US 192.250.235.16:443 droitthemes.com tcp
US 192.250.235.16:443 droitthemes.com tcp
US 192.250.235.16:443 droitthemes.com tcp
US 192.250.235.16:443 droitthemes.com tcp
US 192.250.235.16:443 droitthemes.com tcp
US 8.8.8.8:53 96.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 16.235.250.192.in-addr.arpa udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.48:443 s.w.org tcp
FR 172.217.20.206:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 192.0.77.48:443 s.w.org udp
FR 172.217.20.206:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 192.250.235.16:443 droitthemes.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.179.66:443 googleads.g.doubleclick.net udp
FR 142.250.75.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.230:443 static.doubleclick.net udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 uy.basesfiles.com udp
US 172.67.196.87:443 uy.basesfiles.com tcp
US 8.8.8.8:53 uy.basesfiles.com udp
US 8.8.8.8:53 uy.basesfiles.com udp
US 172.67.196.87:443 uy.basesfiles.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 87.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 redirectboss.space udp
US 172.67.173.150:443 redirectboss.space tcp
US 8.8.8.8:53 redirectboss.space udp
US 8.8.8.8:53 redirectboss.space udp
US 172.67.173.150:443 redirectboss.space udp
US 8.8.8.8:53 tomatoesmoney.xyz udp
US 104.21.26.230:443 tomatoesmoney.xyz tcp
US 8.8.8.8:53 tomatoesmoney.xyz udp
US 8.8.8.8:53 tomatoesmoney.xyz udp
US 8.8.8.8:53 230.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 150.173.67.172.in-addr.arpa udp
US 104.21.26.230:443 tomatoesmoney.xyz udp
US 8.8.8.8:53 funfilenow.com udp
US 8.8.8.8:53 funfilenow.com udp
US 104.21.57.223:443 funfilenow.com tcp
US 8.8.8.8:53 funfilenow.com udp
US 104.21.57.223:443 funfilenow.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 223.57.21.104.in-addr.arpa udp
US 8.8.8.8:53 yourjsdelivery.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 nostop.go2cloud.org udp
US 104.26.3.174:443 yourjsdelivery.com tcp
US 8.8.8.8:53 yourjsdelivery.com udp
IE 18.202.12.61:443 nostop.go2cloud.org tcp
US 8.8.8.8:53 nostop.go2cloud.org udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 yourjsdelivery.com udp
US 8.8.8.8:53 nostop.go2cloud.org udp
US 8.8.8.8:53 174.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 61.12.202.18.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 appzdownloads.top udp
NL 185.66.140.194:80 appzdownloads.top tcp
NL 185.66.140.194:80 appzdownloads.top tcp
US 8.8.8.8:53 appzdownloads.top udp
US 8.8.8.8:53 www.litespeedtech.com udp
US 8.8.8.8:53 appzdownloads.top udp
US 8.8.8.8:53 www.litespeedtech.com udp
US 8.8.8.8:53 www.litespeedtech.com udp
US 8.8.8.8:53 194.140.66.185.in-addr.arpa udp
NL 185.66.140.194:443 appzdownloads.top tcp
US 8.8.8.8:53 appzdownloads.top udp
NL 185.66.140.194:443 appzdownloads.top udp
US 8.8.8.8:53 d26h1wdc757l2w.cloudfront.net udp
US 8.8.8.8:53 softappsbase.top udp
US 8.8.8.8:53 softappsbase.top udp
US 104.21.45.193:443 softappsbase.top tcp
FR 3.162.40.71:443 d26h1wdc757l2w.cloudfront.net tcp
US 8.8.8.8:53 d26h1wdc757l2w.cloudfront.net udp
US 8.8.8.8:53 softappsbase.top udp
US 8.8.8.8:53 d26h1wdc757l2w.cloudfront.net udp
US 104.21.45.193:443 softappsbase.top udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 3.165.112.10:443 dst36t2kjn7gi.cloudfront.net tcp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 3.165.112.10:443 dst36t2kjn7gi.cloudfront.net tcp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 193.45.21.104.in-addr.arpa udp
US 8.8.8.8:53 71.40.162.3.in-addr.arpa udp
US 8.8.8.8:53 10.112.165.3.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 rapidfilesbase.top udp
US 172.67.141.15:443 rapidfilesbase.top tcp
US 8.8.8.8:53 rapidfilesbase.top udp
US 8.8.8.8:53 rapidfilesbase.top udp
US 172.67.141.15:443 rapidfilesbase.top udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 15.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 142.250.178.142:443 redirector.gvt1.com tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
DE 23.53.40.162:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
FR 142.250.178.142:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.40.53.23.in-addr.arpa udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 tinyurl.com udp
US 172.67.1.225:443 tinyurl.com tcp
US 172.67.1.225:443 tinyurl.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 rapidfilesdatabaze.top udp
NL 77.81.121.24:443 rapidfilesdatabaze.top tcp
NL 77.81.121.24:443 rapidfilesdatabaze.top tcp
US 8.8.8.8:53 225.1.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 d3nxbjuv18k2dn.cloudfront.net udp
US 3.165.112.51:443 d3nxbjuv18k2dn.cloudfront.net tcp
US 3.165.112.51:443 d3nxbjuv18k2dn.cloudfront.net tcp
US 8.8.8.8:53 24.121.81.77.in-addr.arpa udp
US 8.8.8.8:53 51.112.165.3.in-addr.arpa udp
US 8.8.8.8:53 154.200.245.18.in-addr.arpa udp
US 8.8.8.8:53 90.193.84.52.in-addr.arpa udp
US 8.8.8.8:53 d3srxd2wvksmqd.cloudfront.net udp
FR 52.222.153.171:443 d3srxd2wvksmqd.cloudfront.net tcp
FR 52.222.153.171:443 d3srxd2wvksmqd.cloudfront.net tcp
NL 77.81.121.24:443 rapidfilesdatabaze.top tcp
NL 77.81.121.24:443 rapidfilesdatabaze.top tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 171.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d2lmlpk6xgu7kg.cloudfront.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 3.165.135.182:443 d2lmlpk6xgu7kg.cloudfront.net tcp
US 3.165.135.182:443 d2lmlpk6xgu7kg.cloudfront.net tcp
US 3.165.135.182:443 d2lmlpk6xgu7kg.cloudfront.net tcp
US 3.165.135.182:443 d2lmlpk6xgu7kg.cloudfront.net tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 182.135.165.3.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
NL 185.66.140.194:443 appzdownloads.top tcp
US 8.8.8.8:53 appzdownloads.top udp
US 8.8.8.8:53 d26h1wdc757l2w.cloudfront.net udp
US 104.21.45.193:443 softappsbase.top tcp
FR 3.162.40.2:443 d26h1wdc757l2w.cloudfront.net tcp
US 8.8.8.8:53 d26h1wdc757l2w.cloudfront.net udp
US 8.8.8.8:53 d26h1wdc757l2w.cloudfront.net udp
US 104.21.45.193:443 softappsbase.top udp
US 8.8.8.8:53 dbpi3ta9j96li.cloudfront.net udp
FR 52.222.196.139:443 dbpi3ta9j96li.cloudfront.net tcp
US 8.8.8.8:53 dbpi3ta9j96li.cloudfront.net udp
FR 52.222.196.139:443 dbpi3ta9j96li.cloudfront.net tcp
US 8.8.8.8:53 dbpi3ta9j96li.cloudfront.net udp
US 8.8.8.8:53 2.40.162.3.in-addr.arpa udp
US 8.8.8.8:53 139.196.222.52.in-addr.arpa udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 34.214.162.142:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 142.162.214.34.in-addr.arpa udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\4c6c6470-64a1-434a-b2b8-256640715084

MD5 4ed02d7e968b367c7e056508c1ba37d7
SHA1 7f9b44f00fe1bfcc2c20cce48a64371d180342e9
SHA256 43da881587480ccc52afd2cc1694fc647fb5d8803ea4e064a3cbb3f321b7fbd1
SHA512 276ad64f6de1a0b01c3b19e9a5b6ea75a94f3c6878ac5a4c87da0b83eea87bd515a4893750cc0d98e041b1420cce95d5cd3c72717b018705d69ea8540f9ea2bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\e769a6ae-95fa-434f-8af2-4109e7f0039e

MD5 61f6fa07bdbd3cfa23b65f9e85e15594
SHA1 da63ec5e0fef9a9f60c2bbd1c83fa33446c8ca0b
SHA256 cb9c682f225be897e00b394af64ae0ed63b619b0d080a3f99042935e7620091d
SHA512 52e2a5efcbe49295d13f8475cbf13e03772052fff84eb4e4584be6b5a2a664caa7f5dc7a9c9d7abd086a51fdcaf3a3765ebb6220f341286a4b0be1e004df2ded

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 a87b9945db2351b20a75dbbcc02be7f7
SHA1 4f9084e3d6136d80444229c4dcef5ee2a046cd4f
SHA256 66420d36160202869eca9c238fa2a3eee5501e80a6541de4680396e7cf1a93e9
SHA512 84b59f7d02823fa6bb15f7a18e7585125719341a2cbcdb3300069027f376e9360f774497d6b6f60b54795b2ff2b83e4c7d391d1a7c4b55d77ded40ab55160c1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 24c101f9f066282fe8c0bb6e0d35144f
SHA1 c002037a71d0deaf7d66ff4c4bf5730942c65c76
SHA256 6616d1cfc6ed516f59989c9609619d6916d71aedcf097a08598ba0f0df3b7bad
SHA512 d383f4a3c0fa513d54745bdd29071c3dc6dc3d2925bc36a967eb67b99787fde289aa35c6b754774c9417307eabf4ce7dab336760ad1f17a3ac19653468033a98

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 731c0e733fe1e3123d366af7c8e578ae
SHA1 9756304ea773dd9cd96e5996dc79de2ed6a9ae9c
SHA256 8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359
SHA512 d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0acd94ee6d60b9ea46f2936e61ca5342
SHA1 6991095e7fb62ea4a02edaaae59e6caff599f294
SHA256 02d55d79869c8c47358afb0e40d620fcb20e9949b9deb64b8df7e65423df2d9e
SHA512 85c624c6436b89cb5cb632e9f6c3d15b0f46112528a88ad6999744cdc37283f5c1fd93119a9f16e3b4977fe68d76fd440c83c70729a9ebdebb114fdd5bca8264

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 8660235cb8ea7f1b0c0595254cb69889
SHA1 0de51bc0aaca6ee573fe80d471d1de454d7e2d0c
SHA256 2d4fa737eafe37c47f8afd5bb6f8952f578879e6df302e391083124838439a91
SHA512 dfc82da3b4662e05a84ab02326a08aea622d336cfcc6527ca0667b79e3c26faa5023b1f84c40f74c6acfe7889a02c79a0ac55fbc494ab51840e0ff76af15b6fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 63bb4f2868779aa5e9a6e7e16cc7fbb1
SHA1 891a402b79c2f264438d20456e1fd2f8ad7d76ba
SHA256 abe10878926306bcce095cccb45431321275952e2451b9c01b23074b18a8c303
SHA512 6c56769a612dde1b49b37886c8f9bd4e0165e2e789fda09965960af1d611960ba032f5f357bd59d722c250941a6e2cce6e9756260de780c3a107babad4de58f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d22dd2f480e53f906043a245a711cc84
SHA1 5e3190d05463a1062a986a5e9bbef67be8814957
SHA256 fd4cc24ab1c4e4d41359efc88899ac36373c63cd7f53d3f3c308d710f3d412d0
SHA512 802fdefcf5617bf24ac66faf7bcf7346d1cb3c96dc12e9f65b93e6922b123c15f27e4799c388a3772b9953a9d0323bcf140a606f8aadc5fbdd56efb42063c8a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 365b08f1e8625ea7259739ad28cc7a02
SHA1 12b896d6aab881586808d3c8e69fba6079da0f6d
SHA256 3e4c9fd5cf4f998004f6aa00baaba06319bb123e02034edb2288eec1bbecf9ce
SHA512 5c968ed04e900cfa23af2ab33dad473297af7e6f81fc4cae83f37aa500ca0c13d485573990f05a7409f792b0bf4964c92b307464d11991f903a4c22465061dde

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\7DEABB98080B97238B6EDD3960FC69AF88DF65F4

MD5 d766827ef39b12a5382145b74955f553
SHA1 1a56bf624156fc22ad58f1f471614b28924abc2e
SHA256 aec8cad5f47ddf46e5a6dc8d6bef5d718bdcbc104c688a77eaa5ad407ceeda4c
SHA512 bc1f85dd14f1838fda99a47bd0a79af1f6dd248f12b902b4cf3e3a1511597f802a53449d5cc030f5537266e81a828258950ada477fd521357b1bee44a6c95b50

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ca0713c8ff8d595ff6731b225dde9c9f
SHA1 a9507df592455674e8fe2c994889926a453e7200
SHA256 68928e6fa26d2bfcb87dbf335cc3a3a0740e250832b0eb4eada45742f3c830e0
SHA512 fc17ed7ed5e9990ec9cecfb108d4ff48b0f4235485c0a17a2cd9e1c59757bf652cce9824cc70a1fde88edf26ccad45d4d8360238b7d70a89f247e94ed706a51a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 92e1995c35a8a4172fc4016891b8d20c
SHA1 12fb478004e893e9b1906df8d7e7fd741848c9d1
SHA256 20b3e9d5568cd14bd4fc5ce54aec7bc81ca90a924c2693b4004fa16b0bdeb350
SHA512 dbf9bce8aab1a8ce6837b3497728518700357a70c488d92bfc81c5006ff8cecc4299fa68e9f6a45c0b42ad3236165374df6a904d33af56fe99447bac435f6422

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d3759ad5beed7a7e0bf9fc61b0427334
SHA1 7dfafeda4b3a145325de0883577178535161eb0a
SHA256 63445ca8507d04b6857c7937d062e1e49290cc73eecd3e0b1f19110af8932fa5
SHA512 d5ee5bf7ef26c08351645a214fe1ff035d8268912fc076acc5c42095751fb6734d493ddd24cce37a90cbc8c044cfe288bbaf475485147df7f1e63545f46853bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3203f5d4b33c1b25981df10a130e9103
SHA1 8d32a976d795d550d8e7fac9f62522230622b23e
SHA256 ebbef3fdef19dffa402a1341f2743e979473e9df702847acb2b9a647bdd86060
SHA512 1b10bde5b6030a68581ad7a74c3f1feb99dbefdcc4b8abe2ea4585a164abcc097193aa1c40af771a2c9267c02d5e4d01a1dfc7cf99f55bb87e633f91e1d7b313

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d319f6cd8e075a873beeaf45e3618b52
SHA1 f97633bb72d76e12e6897d9695073052c37bb73f
SHA256 7933141a683e1e288b3b81be0127e884201300402ca4dbd48490f716401d40ff
SHA512 9f4c51de176a4f80ff17f7f5638c541c73e132ad5c3c489d38c9d6332f8f83bf6023adead0669755114d2979b9f7dd77d81f819c21c8619a84cee37ce83c3a6f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 38e818f3b5501637a886595d02b836e9
SHA1 a04fcf3b06e46fbeab4f3e8c0972d5c9d20d0448
SHA256 fbf56d5d42752a3d320096a7796760ae026247a1de86c604a3e7ff8dee93d9ff
SHA512 fdecbe9c29822e1ccc4c477e247b406dbab2b701cc15d052c9814b3144608ab9f3a0d09cda664178763d1e34ec09e87e569e83f94af1aa5e470863dc1a2e4694

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8d24dd67c69db47d4c018eb27c135c88
SHA1 41bb7cae908a373f5bce0f7e14752320191a937a
SHA256 33973a7593c2e6745c9e5776ff07a6dca35fa5045bda645551e0ad47a7aad8a9
SHA512 3894b37c2ea90733ca4ec94ea4961a99d9e523028a6afe280afda507fb35a8d28d6844d9b9330f7c8bd5bb32738fbf8bf7e8640af4abdfc3bc68804158c3f7ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\38A6CB8D25230C87E5E55B25EDC698E3C2C80BF3

MD5 8339026f0265ac9d7075555f39fb1505
SHA1 47c32850be109377ef0acb745fd39bb87273d7b7
SHA256 a37b555b19e430010325abf0c2a5413e5f16d774b5df8285f42c7de9c336f4ef
SHA512 2f8e0ec66f6d105ca5c602cbcd738939d227de3b1d499c3b6a970c1fd55eb8d1e75645a2f29a323349b8fd39e7a0ee5091c8aec0f566eac16c592a1d7f7ec27a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 afe754b904dd7c8e9303cff6b2e64474
SHA1 ef76e6c5e6fde61c6f8770d23d27cfb8710d6a37
SHA256 ae5d7cef71f61bd8950c220d05a025aa08f2725add2b6eaeba92163930c7e68f
SHA512 afc29ac14df602538e8f6f746be3e87cfb2f57f1b7724eacf2445de17fae79eb03f896363ba5384bab69fb93e1b959b3b5b5e0d29a1c8e50a0221dc9b0421720

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2b40e5a8782e0019f791ad2f80bb9d36
SHA1 2eed962de67c455aa1812b6ea8dc154c688c20d3
SHA256 46f3e4bcf2d41cbdb3e7a434afb480304989a784851d21274cb20458691210c0
SHA512 12a6f4e6554bf882f1932969c6f85dd9240a1e378ffb27b0d5466915c22a2c189278dc0ea66e1e459dbbd1aef53ce9dfa4c3ce5ae0632b1743c57340a9fe6bcd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6245741c5a9e1304959b026cb770ae0c
SHA1 b8ebaa4a2e7d65af26c9641164cd60515cf6f807
SHA256 5b6c9607e1f2052f854fa1d4c537471d71e6be00f509ffcaad1744006a6549e1
SHA512 6511f62db2892212d6c9061ab34220c5e7937203ed698f3e49b0db5cf0c9c12a3fc1f2310b606f5fe5b9290e43bf0020069da455a266fdb8066d08c2f6389192

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 aef6bbf34bd3a938a6070056bb7e47f8
SHA1 036f89290e94c5f05ac1bac4effce93734e2cf7e
SHA256 e73337b5c00e80b873796b5a9c0d8e231306bef9d14ce5ce47886a3b7e6b6a44
SHA512 b1f6339c2ada56de316508c5d49fca38106f90b5d943ffd1233bd68ceb8233382b2888be78b4001b986a46e7bb73d715b20d780c3271d5893ef93c15555d1335

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cpsemux.com%29\idb\2171031483YattIedMb.sqlite

MD5 1271e78109c5a79d66460634e5f1ca1e
SHA1 e3df576dfba6a69127e1da541de0e4a7cf6e6c27
SHA256 5ce110a24bf06e3567a53cf1b435e0e73472e2bed0f3d8c2cc224afebb4ae917
SHA512 ad3810ba3c368cdfa9ba6149d350c443f29e2bcb8872f2751ea8dcc81c435080b273b6b66d7a8f94be3c4acdf3caecb509a8bede36432e15b169a9824805bef8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a48badcb1d5e7b71eb93343fdc1eca59
SHA1 5eed5b082fbc15ec9cca2660ea6c19f81f1f9804
SHA256 47e422edfaad0e02f63b0c22affe7f8cd170854875f74bcdc45641ce950a40b1
SHA512 6f3528815247ef57d47dfded6e7124a737d50140bab1969451fc7936c5042d95d17b1cd71d79628f84f6c8172ae1a261e159068426c62cac04233e1c80d12067

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\15947

MD5 3605d24cb40ccb9f5b4a50ed825786a4
SHA1 f874551c576d8bec6b109a6bcdbbe0266dabf577
SHA256 4762d9c2d4267ee1588d98c9f1325105e3bf28eba4cf5e71694b208d8845f06b
SHA512 3d36ed88cb582b825e4667a83c8f8e8ec9078b9d39a3085d162a0ce7a3a00702068e30fa748a8b16da3c81dee9df237d9b8fb556add12e037ed89e43eeec77df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b296e47ef837d042c98332bc885ab6e
SHA1 985ed4c654a1a8196cfa1d4f2877d9998ead7a8d
SHA256 1197a14ae1a560639f3e76d7a7623d0c1aa96a8c1e53eb8f784b334f145d898f
SHA512 72b2ad864768d84905a0b90b63327960ce540af6e8d2c6f2e08f7864ad12038dcfd2176dc2f4d128c465068e6e801298c03e701dfcdf94dddded14f44e2c7919

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\4776

MD5 609e35115b298c4eb0c2d7ca5624312e
SHA1 0a325e59ec2abfb54eb787e2ecccedad5c6ca8cc
SHA256 a31de12e967b05814dc68025a5b860e326c958549044b1200f582a9eff69fe7d
SHA512 abfaaff68107be4e19c6e58294d316195e510cebe20103d600cb1f5e2b6468e0127904fc939df1a2f8df6438634c49ab66cf9d5d3aff30bfa7cbce596915121a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\731AB9BBC17AD9A6C011E97903A259D942F5D10D

MD5 449a73e176dd72c5a59f67a47ff786d1
SHA1 d4bf383eea37fd9294957bec6b9ccd176ea14327
SHA256 63d234cec5ba3903ef78feba804d7056c95947b6133e03998e604a5fbd31a0e9
SHA512 78a7ab2387fb37a998f9ead1ec001f2aab67f8becb1f53e95543b948480efb23e7bd4071b7b60cfb42d7ef07a3382ac2fd0c288a05000cb33931bfe59658fd0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 05228e4c3afd483e93d39621eb3b8fe2
SHA1 3fedec1f4bacc63552d9321f5d98e65b7f7df215
SHA256 a47c6ae64c71a74811c54f6b606532f0377443eb0afb9247b2aa6fade12a422f
SHA512 0e6fc7788d6a9bd4d9dfc2eea2cc215c64cf634cac6ab3f6f6d9fb5dff86d841fd6b1e3195c26d6a4085c8dd8ebfcca6dedea0cb77a24e37407ac330dcd82ff0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 761bbc3a6c8bb080e3aeecdb0016ceee
SHA1 2bcf670799980f7b595cb9081def11034f6b3267
SHA256 7ea8c0340dea44f2db4629b0e857d39990343b34946a37d67370dd791725e11f
SHA512 91a117f748da202884f134de7be27ed7cab33d6858085ca13c870672bdbd54c1f482412d214450221b19636a858dc5f56bfbd3338fd744b1ef4c0235b839c92c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e056b282f055bbd007a66137b9b44da2
SHA1 fbadce4a1b2952eba2dc780d58f586e8beb90c1e
SHA256 d4549d9b79783ad6f8e65f21b83b4912a9ced669371b8c9cbcaf383518029262
SHA512 a6469091626ce928474f77d4ab6f21ed94418fc7f3f24e510a87826597bcbe0c43a9419d1dedc7b260eaae2a921dfa67b835cb4b2e79a599e9f30c0cb3f4d19e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a9b02de1f95122ea4a9513caf66163d6
SHA1 1e75552bed724249b21d36b20bcb2b651eb2de4f
SHA256 ea94fad87028d93b89cbb97ab89c173431f5fbe843a4f01feb27831fc4630afe
SHA512 00926046d2aa6c8753653e0978616eedd8df818ec43e0ee6324fa441556a2061684f63771488862c75fd4c89eebabbdbb84cd0b33cd75458927d309bad807b4a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d5e0a6cc1c8363d3bbe22783a4aa54c3
SHA1 eb99ceed7f9831a4a2643cdfa81d8025dde00543
SHA256 87407b48ceb19835a9c412deda3501df373e86339522b61ecfd553705bc2312e
SHA512 d1c268133676ef75755a475e2b8b2043a88251ea6e4902e2149b7d11e5c96d9bdaaac50e698155caa5e27a2231fea7d5cab2b6a553cbce860285efbc2caeda35

C:\Users\Admin\Downloads\PS5Emux_v1.K1J31Wyc.1.0.zip.part

MD5 48f286657c7576a5915a2b23f7971e45
SHA1 23b013cb870906ed46420cf7aa00f2d45374c13a
SHA256 8c9f450453ece5ce1a01b2867c7e4e85be29ae8ef4430c095019d87d40361b96
SHA512 fdc64902098a92377bbcd508f38ff48d89cc43f9512446fff131b2b2f493614c9e262601f35f5f1585b3224e4952dd5db60008131e28109007515c465bcbadad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 3f0e806bc6d5b9f30ef79760c96243c1
SHA1 b7a17532eb994a95f1d7ca487b16db7e70fc8ce2
SHA256 c2448b4152693362fda120add55289230ff549d66181bd029d295ef013aaf18b
SHA512 1c941c0a3ad48353c93e0251f7abc896ed0950d29cd6500d4384fe9977a26a71f7287db70b2c211a3ed00430c90df951c220825f619c238ce4405dfcbb10bc63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\cc59da4b-5775-460b-bb07-9243aa3ef275

MD5 71fd4b8bc2c04a94fb4f7c20973c0e2a
SHA1 0500742038f3f4aa36a21ddcc80f5894c450b402
SHA256 da2012e4d0248284c752e2139d44b33950d683ca1f90a04a8190f1a1c0da4ffb
SHA512 4acfd60a07408e830fc5715d1e34ef81aa516a32ad56f24c04a466a46f2604679f5082441daa2d739aaba49f1dac8770caf4b9e87a7d7174bb58450e36dd3592

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\5c74ee9d-0b9d-4253-9b1c-d8afc45c0e78

MD5 b85b539c84aefd5fa4d1f5957612bad7
SHA1 2c839470361f3df3ebe52e20d6f5d4077e96e12f
SHA256 61b7d031fc679002ce9ca766140e87ac1d64e30065cea5a4fdc260aeb6cf09af
SHA512 9ccbb5cee19088bf1ca88540283d49e22be1cf036da07d33cbbf1d24408c4c6cbc10fa54c8f4b406ae8394f1ae899a7aaffaddd738cc7b2ff394c9a2d7f87cdb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 75597bb67b40d9f411d26c5e05a12d61
SHA1 de6c6d3c20734d7547f5e124f9daa925f4a19fc6
SHA256 951024d45bd0d5d7f061d6bdeec672490d830ffbd47b5bb049eb98b1864d89ad
SHA512 eec6afe220e9769c1bb14429c36bdf3ef748d324147b8f72f70f7f71c8f0a056c9a55a277802c6bdeed0d5c0914f745317d12fa7680989c84503f8b1097341f8

C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe

MD5 b88f9da07e9db76d6c3c13b6647ef812
SHA1 eb82a09cec84bd4bd4b8f9efba867874379f7fb6
SHA256 38d694c615a2917192a85d18d5c422c3beb5388ade76c90c610b8390657a8125
SHA512 a9b5cbf4f860a1e31433b08df719e2e36d5b9ba937e626706f604a3abdf4edcf9cd742f439cd42b15a10313381cc00cf07c4e545ad557ff7de7aa5159a350010

memory/1116-1379-0x0000000000400000-0x0000000001B34000-memory.dmp

memory/1116-1381-0x0000000000400000-0x0000000001B34000-memory.dmp

memory/1116-1382-0x0000000000400000-0x0000000001B34000-memory.dmp

memory/2288-1387-0x0000025EF9C60000-0x0000025EF9C82000-memory.dmp

memory/2288-1390-0x0000025EF9E10000-0x0000025EF9E86000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bdbgcnep.u5x.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 7033adcdceef2520521477b094e52cc7
SHA1 6dbdc3aba745a40a79f2eb659f2b427aaf5ff62e
SHA256 bb10a63597ebc56a9c5e558c7b5bed8c1dde4856f7604ab987998d10eda3ac4e
SHA512 af9249bd6a64e28d1b03ce962618ce2a7e5a55dc57d1dbc8efcf2e4142e74f40e58b144952981c3a86771a9fd207e73986130edf7b7dfde2495347e284e8287e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 85176890c08c69e44f08e05bbcff7ece
SHA1 245ecc7270af2ee9ea07a07a57dd8aadc6dc84ce
SHA256 bcaea9f062d3dfd77dcf93743eba2f4db9172e83af1682464725e31491d454b6
SHA512 13116c3f761b0f6cb510d418044ce2747d9c1d927d3da417e8b03a091614ee81fe427d4c98b329a415c7b34746c61840bf6d197f36ed38a98c3bc2645539f6c5

memory/1116-1485-0x0000000000400000-0x0000000001B34000-memory.dmp

C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe

MD5 e4b2755d21e7004b06f97d95caaed96c
SHA1 2161ea7d12e695e2facd545fb166d7fdddcf9c63
SHA256 129b9788f393fbe39a5ed5f8e36d76c5968ae03f333744036c01373a250049f3
SHA512 e301e0365776ad77f2211defe0f6609d7a8fc4fa69198d777bb6a098caf0efa02d551c8424f7973bb031ad6cedd79dc348bedeccc927f6f94ad28ef31e8c0e47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 674b801ca2f022c116f8c68ca78909bb
SHA1 8026fc6f40166c6a03c5fd822bafc2722a094b82
SHA256 5c5fe1266e66a555b6634cf1850225750651b13d12137a0c450456854a89c3a2
SHA512 70d5cf6ce3907a8c0fd48114314f72ae9aae0b3426297bb5e85d84c24f9793a10f753949351be5d5c8a49929e720896337898dac7cfa4c2b8c63ca40e7c94765

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

memory/2576-1521-0x0000000140000000-0x000000014130F000-memory.dmp

memory/2576-1524-0x0000000140000000-0x000000014130F000-memory.dmp

memory/2576-1525-0x0000000140000000-0x000000014130F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

memory/2576-1570-0x0000000140000000-0x000000014130F000-memory.dmp

memory/2200-1587-0x000002469C020000-0x000002469C030000-memory.dmp

memory/2200-1571-0x000002469BF20000-0x000002469BF30000-memory.dmp

memory/2200-1606-0x000002469B0E0000-0x000002469B0E2000-memory.dmp

memory/5492-1628-0x0000016CA8500000-0x0000016CA8600000-memory.dmp

memory/5492-1635-0x0000016CA82E0000-0x0000016CA82E2000-memory.dmp

memory/5492-1633-0x0000016CA8220000-0x0000016CA8222000-memory.dmp

memory/5492-1631-0x0000016CA7EF0000-0x0000016CA7EF2000-memory.dmp

memory/5492-1651-0x0000016CB8AD0000-0x0000016CB8AF0000-memory.dmp

memory/5492-1656-0x0000016CB8F00000-0x0000016CB8F02000-memory.dmp

memory/2200-1666-0x00000246A2DF0000-0x00000246A2DF1000-memory.dmp

memory/2200-1665-0x00000246A2DE0000-0x00000246A2DE1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1SX7W4I3\favicon[1].ico

MD5 5ebc9d0732a2e6b21b9b95b64aa2399b
SHA1 5303612966345883f0516a8f9124abe0dbd253d4
SHA256 2b26a70e98855bd9c6af91f25161295b577638e7fce541b6a03c994b77bffeef
SHA512 364b8d5afbd22dfc99bc4c6c228dac2098f4645e6e3e5c086e50b8f46def249de700548f2cc8bfebdeecd2c7bfc5581eb68290a2cde04051b4d30db8d2602526

C:\Users\Admin\AppData\Local\Temp\mlnpptvckigg.xml

MD5 746c2aec8d3a35e86e765367fd56c871
SHA1 2605f20796b0de8d768497e8ce8d33ed0b21d1c6
SHA256 23109dd0db8959760ff9c26e42f3d45f20b9e3560f9b638551003eb7e509d7f6
SHA512 e26dd98b53dff63d585e87098e063852b621126c1e235a451490a1025004f34508e9b65b0b365e48dbcfe8f6d7c7dc1f9f4d437758934e43a77e3ed5753ca7e7

memory/2576-1679-0x0000000140000000-0x000000014130F000-memory.dmp

memory/5492-1681-0x0000016CB8FC0000-0x0000016CB8FC2000-memory.dmp

memory/5492-1748-0x0000016CB8D60000-0x0000016CB8D80000-memory.dmp

memory/5492-1752-0x0000016CB8D40000-0x0000016CB8D60000-memory.dmp

memory/5492-1764-0x0000016CBBE10000-0x0000016CBBE12000-memory.dmp

memory/5492-1766-0x0000016CBBE30000-0x0000016CBBE32000-memory.dmp

memory/5492-1772-0x0000016CBC080000-0x0000016CBC082000-memory.dmp

memory/5492-1770-0x0000016CBC070000-0x0000016CBC072000-memory.dmp

memory/5492-1768-0x0000016CBC050000-0x0000016CBC052000-memory.dmp

memory/5492-1778-0x0000016CBC210000-0x0000016CBC212000-memory.dmp

memory/5492-1776-0x0000016CBC1F0000-0x0000016CBC1F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\check[1].js

MD5 69d77690ed201acd0627e99dd35c96eb
SHA1 05ffc794be6dae3836ee5df72d82d917323b2941
SHA256 577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38
SHA512 06aaf36275b0c4de82580319878333d973d3cd464f4c09df4281551f4381940dc792eb28c2c84b3a94196b53edf41751b01976ad77c5e393c0b62574c4b214bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 fd0a6a4abe369e8b518741237831d36f
SHA1 21247855b91ce0ae2d2705160eb495ba7708b2e7
SHA256 71897f51caf10b6a9e9fb4dbb7d5f10c028cc30f6338863f1df108305bbda5dd
SHA512 c839be4be8a072b6fe0ecab3dd4be5e61c1eb5bb12f7e1bf44f5511e58f3ea6ffa147f864d70cf87aca9baa78476c10448e8fe5de1658141678583783b6dd1b3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5QL2I3FQ\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\DED89E1CC2A37D548B56A97822731AC6E227DDA0

MD5 298e59946d1ce6957d533dfdea32a054
SHA1 e0ac2cecebd023cea3be26fedafc6089425e7993
SHA256 82a6864c7188abf6b4b7aee73b9340a732fa8073a61ec0d62d4fac55e24dc51e
SHA512 af7ef5ae620bc3fb621089ec912c1f704e2d72cfad392bf3bf15052988ced83ab731c90727fb86758a163ce80f4dcf1e1efa39edc86a02ee2f04455443f5cc67

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\xulstore.json

MD5 1995825c748914809df775643764920f
SHA1 55c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA256 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512 c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\E69C0DAD52D3DAEE219A02A48B61673ECE2D778A

MD5 5f65a05b11bdfc99ae85735093ff15f0
SHA1 c9b9a01f1b7a909de1c36677b4b3c459f1315a28
SHA256 fd7c0952b146ca05a72fef53973182ef71dfff3fbd39d3175385368bbcd8f34f
SHA512 de65adbbba9d558f8681015fc4e7ac0eb44a8d3e07ec6b3e71e31455ea819b492877f1c3fc39261407dd7d601e6929b0d9dd4ff32d84e23e42f0377a8a9011a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D1D6620007308F36E74DD68A7D3D58082CCED17B

MD5 366896c91dc746a5c0607a721976fdf3
SHA1 f81b11dfe3582b4bf08c811d4d0c4c22f33cee08
SHA256 3d32ef832d2f3d4b6026cdb1d26db3bd6f48f576f814c7340fefeaef787f7357
SHA512 f43677c77162d13fb3725403eedd6000e8494fa3042af82eb846fa4066c10d082df293c2f89ab0d867a85c812b27e0aed992fd541d4c63afc8eae03a757a8eb8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\348007BE108E559EBC068338FEB65CB5050D7052

MD5 eeac69b7c15e37d7440da9adf02c7ab1
SHA1 0606dbd7febafd24099e9a86dd5c1f8bd12da267
SHA256 414e52dc4d9c46d8e462543a848479c144b6728f60b886f8a968eaae6a93fafc
SHA512 77062e96ede0e46299d28e7e08fa6cd2f5824ba786efb7410c6801978d87ddb8092dd7ee624a78ccb1bac18ebefb5e5270462484a3a1faa08d302892a9d0a38e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6A33F9EDE71B3EDF0A208B91591192DE6B827E6A

MD5 a403c2948aa2a901899e5f82fdd0787b
SHA1 03f2c80cfe0e040e8e8a18428f6eded14c6ea8fb
SHA256 b4c3d743c852ccd50a9654544497a62034554a359a6259c20d6d08eed4960d44
SHA512 e4224924629e3f3ffe3d66d94f0977e95a168ba17db847544b6b66f46f32712bce445aa725e8d372eda37cb054defe9af21ca1acfae0a8693c1c5bc64c04a469

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D113C1A91C9A29B1A40A4DF4BDA149B112750A9D

MD5 ca032a9d40dbccbf1d5001db0d419e19
SHA1 7a40512fd300ab631f0afc1ef475b37e4691f894
SHA256 aac466174d525bc270cac931fb38888dc40c330633992eb905626dedc048bcf0
SHA512 0b0f338d82198d1888783f133c5ca72e5328d56f9f601e03be4797385f8ae5bec71f553cc13bb88bb373e1ba1ea9689704ac7ab60b5eccae0b8da2b31e77691f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6927E73ACA6916AEAEFEAE344BB7A2D30259F5BA

MD5 d5b757013c80a6d3bcf26d85d8eed9d1
SHA1 42f474b53568851d10f7919c4a78ac8a4215668a
SHA256 fb764559c9c9ff1e3f06120a32eb42ee7eb14aa0e029f60c2d3fdc358b8f6457
SHA512 7dc9c4b8b4d2781425d8b5d146cfe57e3980ec2f36b94764b74424a597f454d777d5e4739b8f3ae37241a2b4ed0476d9820151494fa5a0775d845113efb9497b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\BA85C2AEBD1841FAF28F052A34E2ECEDDC4B9C59

MD5 49091eda7c0d1c4446688f0824ca9525
SHA1 c0627289a3a7a1612ea55e5d9f785d39a99ec0c0
SHA256 96261ed9bcd37048ae7092bdec5c0c089162b7bef1d1da0a3023245d6b42bf3d
SHA512 81ae5a59258f1030fc49a4e416b5f4a6cfffc4ebd3dc6325fd4c2be5bc9c8f6a31f5557d61890e35f1eda4cd0fdac8bf2a661423695f791eb91f121fa8c55e56

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\5D2265A595C97C6B3D254AB4F2A5A957FCD5E88B

MD5 af0aee7526a7f20a67f6b373c5aabe4a
SHA1 e71cd3e2eb166aca47856a8b2d82eb766839a1f9
SHA256 76a8dd9324e383ab3d7cd08831d8e92ad0fa5aa0e500d557a5810e170a1f4bfb
SHA512 eeb2268182f3d52e7d72fc870e532545ba1390c581adae801d96732805ab7793670a1baf9ed322539777fd097c39336fb6c47fbf9e1c1d7c4751e7521f937c23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\05A78C590E745F2FCDDDFFCDDDEA6CE1D12565FF

MD5 a33ce1fddd56457d8923fa1bd07d8aab
SHA1 efc64723c6eb94057f6db1db06687d95710e47df
SHA256 3abeb8ebc6bec341bbdbabcae5dd8b43c15bfe493d77376508e40b76f6a221c8
SHA512 e7ee4ad8a1b77454cf9df3482034b2643ead0c48307172e0b5e9b9caf85a9e8c4437c040539dda92abed3c96a600d0acaa5d4a389b0e908014946f39272f6681

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\48218383B5816AD64963401416B5810CF014141C

MD5 1875c8b59317c81801e9f2c4db1af85a
SHA1 bf3a67db7254742a24b3246ca7059d3a4c7fa184
SHA256 bf535676378d0f8a3b1de491345c6a54572f8f4e6bca01c1f87667c29ebd7494
SHA512 17768731e7981c557b8ab0143476c794083d4f1b7659f150d18d8f903aa6d1750a14be698c8890ab31c38721dc68f5b8d3c83a00f351c3cd8ceea9d655c3198e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D2B2052D98EAA066F0CA06E3ACD5103FE1465DA1

MD5 21c42b8367c26cbd1910dfcea97a7a2b
SHA1 d234ed5e129783b306d18fe9e4f999c78fa4defe
SHA256 065695d7b1b08e484af13e527b6f394eaa4bb3e78bb1d018b84826638fa0c48d
SHA512 064682e3d15c1caa206d57c0ceffebbce237f60fd8146bfa1223396173d617ec9988ddf0d7e3f6c4e16d0d54e1b0be75ce9044953257abe82683a1c5233f8337

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\BBA484D5E02ADE67CB5F53197B3382F9A91D28BD

MD5 2a86a2d1bcce95af34cca9808c81470e
SHA1 34f89997c3c187ac5ea5357c1ce9965eefef7b11
SHA256 24b4fec9a68d5eb7f02c70e48496dab2a1445bedb252645a98f87f431b6a93a8
SHA512 6d86354b3433e6e61507fc22d9a2deb4a6e2b9531e9516c41d0d7b31135668fa213495f3c255c09fd8109e9418dc3dbae55c9438e864999473a1dffa2fe80afe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\8E26CB6D0ACE7D99FC6524F8C44CE3C71D420FD8

MD5 bf089a49211ec79070eb59903ddc1b46
SHA1 2e474a2075255d09ec1febc8c9f875c281ccc025
SHA256 0fa38fb0d4171045208cdf895b1044c1208f0c8d4098af5311423eeab8e4a356
SHA512 e3e07979d4a10c3b08afd1dfef7158a943b913816b09762ad29e28b13a75acaae03aae63afcc587c37e7113b003da2b377f3dfda06c66f478165686420ca287a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\57C532E6495ECB8DD31A502F89D28223CA93A0EA

MD5 697f4b8eb7500d9141c60612d67eed92
SHA1 1d05d7191f47e646942cd933f716bef9566f94f9
SHA256 5ac0472c9aab7653a6d9853c17f88a64a576aa820b66af660ae8767a8a286765
SHA512 71deb5a84c3b976d6c620c7de30e01672ae1c07dc32c8f5abaecc61e98335f30d848cf636842b44be2c01683e533ab44b2dbe503649a6303fe217747c8abdb0f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\CAFA946926B7A720E5943F39831368D9EFCF2283

MD5 a9436ba709563c0e8edf15bdadcb694c
SHA1 22f6f1e330c704e3d6bafaf37ec5ea927d5cc2dc
SHA256 e0cd3b4fc7e6613c0bfae1694ba6fc05de525a74e8db9f1cac234864630bbc56
SHA512 4e745928704127082466b57cf0cba99c5f6940fc52bbcf4fc1aff21198e3d9a0a05e5775bd3a86d0197297b16783e758dde11d335e499a0e889e389dc8f9ff89

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\2B7A7C355A415CE6FB08C7F62CFC8C5B73C0683B

MD5 faac56e6f8c2b243ded66db51cc69ddb
SHA1 1341948a98738d375d4444bf2df257a03c6f8028
SHA256 4fc57bcb72c14d9c4f76aa23a32cf6d79ea14ac588465969c073766057173a55
SHA512 31098294bac2f231e0e0fc63b8e8d8f1610ff3b9ac85edf377ab4a5d413f483ba08fee9f9a6a6e235f3a61361a2d7445ae42298cc47c8155864cdb8cb9c98d10

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\852176C4FE89E7A06090C8D447EDA5639705965D

MD5 4392c2e1feaae0506141f247f68071b2
SHA1 ea3b339c016bf3430f88181a3f59ac99538acb9a
SHA256 94ec26072c8e3c4aeca118d66dc7bc458f644851d8fb6d7c06e24eda7c54f3dd
SHA512 c77045b94bba0e11f319eb3ce8dd8079636b4eae50b2c6fa31aaf3e842c63d0420a4236f17dc10fb8cd00b15018574409f7f01657cc21bbbe75ce1713d11efa3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\ACC63D42EF1D2D7C1DFEE17640FA2ED2795AFBF7

MD5 26e2cbf8bd0d9d68db2d34f9b78bebb3
SHA1 15c7a48e3130fc9e88e7359d7cbb62922b69c52b
SHA256 eb5879af39016e84852e4956975e24725c9b8e69fcff76b1d44bdd0bbe04a931
SHA512 232f944d8858f13999569e28cd901c587139daa680b46533caedba5c79f29377ed22636332556414cc1f3e0e4c6095b7aa942a967f0d726e78bdeb515722415b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\069C2DA77C1CFB563298A8513641F2A6FF9C5A0F

MD5 c65197b1ca884623b7dfaa93225c1445
SHA1 68769962344d2ee622bc54b2b419f8a7664bf907
SHA256 b9434f3185b7717890d94025d07f50067240f9d8182b11569b0b7a03889ed352
SHA512 8735e605fbc2ea6b2babbb5b257fcf59581dad90655a090e77880534e9dd393464c08436e9b7080180b71f0d54962d54a037ef777d62bc533318a5aa8557b75a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\targeting.snapshot.json

MD5 a94616c229269d15ee8ecc5bcb4b61fe
SHA1 cf33c19a2cf0b56f580e1e3b85bde0d0ae22e61d
SHA256 5dd8882d901e22fee71a7b7aa9e8a02274d0e16489cfed846290dc8e649d28da
SHA512 b4c487b1a7fb2be5813b555fe341974e7ded4c0a52d0f5174e72b81754370c895bc6ee872a42e102d71f724610837e48c965188bb3fcee46ff85c0aea2cd36b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\extensions.json

MD5 f704f322de2c5d7b3ba6ec295b19b177
SHA1 3b74b99b2bc344c5e499fae2ca23434d0617a63c
SHA256 5afcd2b734fe57dea06d25bea3d960d85b7ca06e635681cec46b1a45e9e82910
SHA512 e65b2129fdc1d42498545ee5fc93472db6b63eb30a30459fc2311b24219aa2f73015af8ecf6f279a2711fd9aa9aea955b15e3e3222437b13bd0fa7c88e984a51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 6517546bd5116b566b7cd999cc31d855
SHA1 141cfa9e319340350a3c90465365d9dfc4841219
SHA256 f397d54d29f93b6987f47732dffd88cab5a7503660eb23d699f927d0b0d3119c
SHA512 4588560b291d66691d7d344afa1fa4997c0a7c86c519667f8fea51f9fd539c5abad1e02a02de45fbfc790aa4697b7f02dbb499337fb9c832367231d2a347f24d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-06-10_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4

MD5 838d93fe7f64f4f752cc6aa88379ef54
SHA1 55f0a2bd40fd96e3a319f886a58891fd9d416c0b
SHA256 1b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d
SHA512 8a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\SiteSecurityServiceState.txt

MD5 37f9085166d95ee302ac0e83538cb844
SHA1 53293ca13f582cd5448bec878a4f79aef7b78afb
SHA256 a7cca19aac869bfe548388e96f4bc2a70a81adf2795ce76a30a16a41b012f8cc
SHA512 8dbb3aef61ff1d7fbeea67594f42ba24ba683926cc65bc99ab1cb560d70f335e757ba38d662e37d6d0fecb297a87ec61842a2d8c33b87b9557f22c5adb0b2789

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\AlternateServices.txt

MD5 c4de4eeff810627ee232f27efc8e34bf
SHA1 38af7d7b39ca838d7f59c8ae0ec156114b1d8cb1
SHA256 2942bd6c1d6dac9bf59456e659c608b6818e37f23ee10b78b50bec7fe5fe375a
SHA512 3ded63fd04cd8a47b9a29ca0013a1a6acc52d5b8dde9b59bce55e752338bbdef3018a40c1b9b87840ac211a3472b5c66c3151141c01005f2497d5e80ec3796bf

memory/5492-3024-0x0000016CBA4D0000-0x0000016CBA5D0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\9373

MD5 a7c9e8b69466900f8f99ff7898e081fb
SHA1 56a01e21784b17cb164c24f09bef2846cf818624
SHA256 944b3258c61ada8d3b1f4501a86b10bdeb0ab89447214688a4693e5eb82d0584
SHA512 77532ba04022aacbda79672c891fde4f8c76439dbab8311df13f510fcca536a5848ec51f02197890f4a9d3da9edd6ad13c502e1aafaa411529b48d079b5c4b17

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\12903

MD5 43589df73a053f8f7bdf23dd31665dde
SHA1 4d93d589a7aa8a6f227611e2dfedecfe6a923b51
SHA256 cc12a157265941d2b24316c28e8b3233a609a527f492108f01c07643a28e71f6
SHA512 47c8745d229d4911e0f0ccf1e2e644412d85d153f53ac2622be140b7190899c2155ad3b8c772f8a9f530453e72fdeeeba5de457dcb5fdf6fa7456e7b921c2b4a