Analysis Overview
SHA256
8c9f450453ece5ce1a01b2867c7e4e85be29ae8ef4430c095019d87d40361b96
Threat Level: Known bad
The file PS5Emux_v1.1.0.zip was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Themida packer
Checks BIOS information in registry
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
NTFS ADS
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies registry class
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 11:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 11:02
Reported
2024-06-10 11:48
Platform
win10-20240404-en
Max time kernel
2699s
Max time network
2700s
Command Line
Signatures
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2576 created 3400 | N/A | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | C:\Windows\Explorer.EXE |
| PID 2576 created 3400 | N/A | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | C:\Windows\Explorer.EXE |
| PID 2576 created 3400 | N/A | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | C:\Windows\Explorer.EXE |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "424782958" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a036d2a27bbda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 70279c8f59bbda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "424799555" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\PS5Emux_v1.1.0.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\installer.zip
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.0.1362229611\2067093121" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3ec9c0a-5969-47df-a65a-76f346190c06} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 1784 1aa790d8d58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.1.141213498\1045293520" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3501a295-067b-404b-9898-00bf15531086} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 2136 1aa7900a258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.2.2005470433\435042749" -childID 1 -isForBrowser -prefsHandle 2684 -prefMapHandle 2672 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d01a3a8-8f02-4f81-ae55-8a5f5a5fb4c0} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 2688 1aa7d29ac58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.3.112993536\114274111" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b0d4304-e2dc-4ea1-95fc-0ca462ddd491} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 3524 1aa6e061f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.4.1444741014\1947383502" -childID 3 -isForBrowser -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {005b39e1-9d5c-4f8e-88f6-109d48f8a2d1} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4092 1aa7f0c1e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.5.738339743\1687025953" -childID 4 -isForBrowser -prefsHandle 4876 -prefMapHandle 4872 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e8d16ea-dec5-4068-84fe-b658984d38d3} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4888 1aa7f914a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.6.152115006\1081603173" -childID 5 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25068084-0274-4d0d-a3a0-2c7ce64599de} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5108 1aa7ff12a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.7.1754048219\1968505025" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6ee493a-8b18-46ec-a401-9ea54d50d5fb} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5216 1aa7ff11858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.8.73512044\686000419" -childID 7 -isForBrowser -prefsHandle 5464 -prefMapHandle 2716 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecc3ff33-1050-48cd-b24e-f3f11d948235} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 3048 1aa7d28dc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.9.336359825\934797098" -parentBuildID 20221007134813 -prefsHandle 5780 -prefMapHandle 1548 -prefsLen 26786 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2862bc6e-a515-473b-8964-6f99858127fe} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4772 1aa80e7fa58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.10.1516918296\1842355595" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 26786 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eccea4d-6745-426f-99c5-c6ea95d26a53} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4672 1aa80e80058 utility
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x244
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.11.1847276172\557045104" -childID 8 -isForBrowser -prefsHandle 5760 -prefMapHandle 6092 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c34466e4-0750-435a-912d-3d03e7187292} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5012 1aa81836958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.12.1232037655\1148561348" -childID 9 -isForBrowser -prefsHandle 5324 -prefMapHandle 5332 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {670614b6-a198-4794-b15a-33d11172b88f} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5320 1aa82525a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.13.667299404\1005674351" -childID 10 -isForBrowser -prefsHandle 6860 -prefMapHandle 6712 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ef7fc61-baeb-4a71-b518-cddf939995b0} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5340 1aa7f30bb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.14.255970986\1337315728" -childID 11 -isForBrowser -prefsHandle 7040 -prefMapHandle 5452 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c2f33b3-930e-48c9-b609-a544d169d7bc} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 6860 1aa83103b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.15.264250758\1914418623" -childID 12 -isForBrowser -prefsHandle 5364 -prefMapHandle 7144 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5e07fbe-b2a4-4c6e-8ea2-9088d26da84b} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 4972 1aa83206a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.16.785779392\260302397" -childID 13 -isForBrowser -prefsHandle 5320 -prefMapHandle 7140 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ac88bd3-5275-4b26-9d5f-e9da3da053ac} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 6772 1aa836bcb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.17.1192960735\1289120262" -childID 14 -isForBrowser -prefsHandle 6148 -prefMapHandle 6712 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96e8b4d1-c128-4bb2-9c8a-af7a189f8205} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 11288 1aa82569258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.18.915840476\708316111" -childID 15 -isForBrowser -prefsHandle 7296 -prefMapHandle 7380 -prefsLen 26786 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e30d8730-b031-4e46-9e2a-a34c0511da79} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 7328 1aa8271cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.19.515879692\289546119" -childID 16 -isForBrowser -prefsHandle 7172 -prefMapHandle 7392 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5b7d17c-33cc-40f7-a595-6caec65755f8} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 7412 1aa836bc558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.20.438871351\1121128234" -childID 17 -isForBrowser -prefsHandle 6052 -prefMapHandle 6048 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3e9dbdf-0122-406a-8fc8-5c95d946d536} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 6572 1aa82d9cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.21.1278678332\1423834212" -childID 18 -isForBrowser -prefsHandle 6680 -prefMapHandle 6768 -prefsLen 26795 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0bbb948-d8d5-4e87-88ee-b865ce278900} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 6908 1aa6e05fb58 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\installer\" -spe -an -ai#7zMap196:76:7zEvent17034
C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe
"C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -WindowStyle Hidden Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -WindowStyle Hidden Add-MpPreference -ExclusionPath @('C:\Users\Admin\AppData\Roaming\SystemCacheUL', 'C:\Windows\explorer.exe'); Start-Sleep 15; New-Item -ItemType Directory -Path 'C:\Users\Admin\AppData\Roaming\SystemCacheUL' -Force; Start-Process 'C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe'
C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe
"C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /delete /f /tn "System Cache Cleaner UL"
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /create /f /tn "System Cache Cleaner UL" /xml "C:\Users\Admin\AppData\Local\Temp\mlnpptvckigg.xml"
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.22.1131961349\2146119121" -childID 19 -isForBrowser -prefsHandle 6136 -prefMapHandle 1456 -prefsLen 27587 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d331591-24df-4209-9fcb-304b952cdf8a} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 7136 1aa83507658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.23.230416125\1282000252" -childID 20 -isForBrowser -prefsHandle 6768 -prefMapHandle 11040 -prefsLen 27587 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fadca812-10a4-4c6d-bae6-a1d195dd2657} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 5764 1aa830acd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.24.345642396\1088103729" -childID 21 -isForBrowser -prefsHandle 6728 -prefMapHandle 6804 -prefsLen 27587 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b69b61fb-5e88-4c26-a16f-b515a3e3fc8d} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 11168 1aa6e065c58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| N/A | 127.0.0.1:49757 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49763 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.133.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| BE | 88.221.83.224:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| BE | 88.221.83.224:443 | e86303.dscx.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | 224.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.224:443 | e86303.dscx.akamaiedge.net | udp |
| BE | 88.221.83.224:443 | e86303.dscx.akamaiedge.net | udp |
| BE | 88.221.83.224:443 | e86303.dscx.akamaiedge.net | tcp |
| BE | 88.221.83.224:443 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 2.17.107.99:443 | r.bing.com | tcp |
| BE | 2.17.107.99:443 | r.bing.com | tcp |
| BE | 2.17.107.99:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 2.17.107.122:443 | th.bing.com | tcp |
| BE | 2.17.107.122:443 | th.bing.com | tcp |
| BE | 2.17.107.122:443 | th.bing.com | tcp |
| BE | 2.17.107.122:443 | th.bing.com | tcp |
| BE | 2.17.107.122:443 | th.bing.com | tcp |
| BE | 2.17.107.122:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 122.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.107.17.2.in-addr.arpa | udp |
| BE | 2.17.107.122:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.67:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | psemux.com | udp |
| US | 104.21.44.72:443 | psemux.com | tcp |
| US | 8.8.8.8:53 | psemux.com | udp |
| US | 8.8.8.8:53 | psemux.com | udp |
| US | 8.8.8.8:53 | 72.44.21.104.in-addr.arpa | udp |
| US | 104.21.44.72:443 | psemux.com | udp |
| US | 8.8.8.8:53 | d1rozh26tys225.cloudfront.net | udp |
| US | 3.164.160.179:443 | d1rozh26tys225.cloudfront.net | tcp |
| US | 3.164.160.179:443 | d1rozh26tys225.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1rozh26tys225.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1rozh26tys225.cloudfront.net | udp |
| US | 8.8.8.8:53 | 179.160.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | droitthemes.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 8.8.8.8:53 | droitthemes.com | udp |
| US | 2.22.144.96:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | a1988.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | droitthemes.com | udp |
| US | 8.8.8.8:53 | a1988.dscg1.akamai.net | udp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 192.250.235.16:443 | droitthemes.com | tcp |
| US | 8.8.8.8:53 | 96.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.235.250.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| FR | 172.217.20.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 192.0.77.48:443 | s.w.org | udp |
| FR | 172.217.20.206:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 192.250.235.16:443 | droitthemes.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uy.basesfiles.com | udp |
| US | 172.67.196.87:443 | uy.basesfiles.com | tcp |
| US | 8.8.8.8:53 | uy.basesfiles.com | udp |
| US | 8.8.8.8:53 | uy.basesfiles.com | udp |
| US | 172.67.196.87:443 | uy.basesfiles.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | 87.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirectboss.space | udp |
| US | 172.67.173.150:443 | redirectboss.space | tcp |
| US | 8.8.8.8:53 | redirectboss.space | udp |
| US | 8.8.8.8:53 | redirectboss.space | udp |
| US | 172.67.173.150:443 | redirectboss.space | udp |
| US | 8.8.8.8:53 | tomatoesmoney.xyz | udp |
| US | 104.21.26.230:443 | tomatoesmoney.xyz | tcp |
| US | 8.8.8.8:53 | tomatoesmoney.xyz | udp |
| US | 8.8.8.8:53 | tomatoesmoney.xyz | udp |
| US | 8.8.8.8:53 | 230.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.173.67.172.in-addr.arpa | udp |
| US | 104.21.26.230:443 | tomatoesmoney.xyz | udp |
| US | 8.8.8.8:53 | funfilenow.com | udp |
| US | 8.8.8.8:53 | funfilenow.com | udp |
| US | 104.21.57.223:443 | funfilenow.com | tcp |
| US | 8.8.8.8:53 | funfilenow.com | udp |
| US | 104.21.57.223:443 | funfilenow.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 223.57.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yourjsdelivery.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| US | 104.26.3.174:443 | yourjsdelivery.com | tcp |
| US | 8.8.8.8:53 | yourjsdelivery.com | udp |
| IE | 18.202.12.61:443 | nostop.go2cloud.org | tcp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | yourjsdelivery.com | udp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| US | 8.8.8.8:53 | 174.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.12.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | appzdownloads.top | udp |
| NL | 185.66.140.194:80 | appzdownloads.top | tcp |
| NL | 185.66.140.194:80 | appzdownloads.top | tcp |
| US | 8.8.8.8:53 | appzdownloads.top | udp |
| US | 8.8.8.8:53 | www.litespeedtech.com | udp |
| US | 8.8.8.8:53 | appzdownloads.top | udp |
| US | 8.8.8.8:53 | www.litespeedtech.com | udp |
| US | 8.8.8.8:53 | www.litespeedtech.com | udp |
| US | 8.8.8.8:53 | 194.140.66.185.in-addr.arpa | udp |
| NL | 185.66.140.194:443 | appzdownloads.top | tcp |
| US | 8.8.8.8:53 | appzdownloads.top | udp |
| NL | 185.66.140.194:443 | appzdownloads.top | udp |
| US | 8.8.8.8:53 | d26h1wdc757l2w.cloudfront.net | udp |
| US | 8.8.8.8:53 | softappsbase.top | udp |
| US | 8.8.8.8:53 | softappsbase.top | udp |
| US | 104.21.45.193:443 | softappsbase.top | tcp |
| FR | 3.162.40.71:443 | d26h1wdc757l2w.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d26h1wdc757l2w.cloudfront.net | udp |
| US | 8.8.8.8:53 | softappsbase.top | udp |
| US | 8.8.8.8:53 | d26h1wdc757l2w.cloudfront.net | udp |
| US | 104.21.45.193:443 | softappsbase.top | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 3.165.112.10:443 | dst36t2kjn7gi.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 3.165.112.10:443 | dst36t2kjn7gi.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | 193.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.40.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.112.165.3.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | rapidfilesbase.top | udp |
| US | 172.67.141.15:443 | rapidfilesbase.top | tcp |
| US | 8.8.8.8:53 | rapidfilesbase.top | udp |
| US | 8.8.8.8:53 | rapidfilesbase.top | udp |
| US | 172.67.141.15:443 | rapidfilesbase.top | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| DE | 23.53.40.162:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.40.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 172.67.1.225:443 | tinyurl.com | tcp |
| US | 172.67.1.225:443 | tinyurl.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | rapidfilesdatabaze.top | udp |
| NL | 77.81.121.24:443 | rapidfilesdatabaze.top | tcp |
| NL | 77.81.121.24:443 | rapidfilesdatabaze.top | tcp |
| US | 8.8.8.8:53 | 225.1.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3nxbjuv18k2dn.cloudfront.net | udp |
| US | 3.165.112.51:443 | d3nxbjuv18k2dn.cloudfront.net | tcp |
| US | 3.165.112.51:443 | d3nxbjuv18k2dn.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 24.121.81.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.112.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.200.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3srxd2wvksmqd.cloudfront.net | udp |
| FR | 52.222.153.171:443 | d3srxd2wvksmqd.cloudfront.net | tcp |
| FR | 52.222.153.171:443 | d3srxd2wvksmqd.cloudfront.net | tcp |
| NL | 77.81.121.24:443 | rapidfilesdatabaze.top | tcp |
| NL | 77.81.121.24:443 | rapidfilesdatabaze.top | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 171.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d2lmlpk6xgu7kg.cloudfront.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 3.165.135.182:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| US | 3.165.135.182:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| US | 3.165.135.182:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| US | 3.165.135.182:443 | d2lmlpk6xgu7kg.cloudfront.net | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.135.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| NL | 185.66.140.194:443 | appzdownloads.top | tcp |
| US | 8.8.8.8:53 | appzdownloads.top | udp |
| US | 8.8.8.8:53 | d26h1wdc757l2w.cloudfront.net | udp |
| US | 104.21.45.193:443 | softappsbase.top | tcp |
| FR | 3.162.40.2:443 | d26h1wdc757l2w.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d26h1wdc757l2w.cloudfront.net | udp |
| US | 8.8.8.8:53 | d26h1wdc757l2w.cloudfront.net | udp |
| US | 104.21.45.193:443 | softappsbase.top | udp |
| US | 8.8.8.8:53 | dbpi3ta9j96li.cloudfront.net | udp |
| FR | 52.222.196.139:443 | dbpi3ta9j96li.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dbpi3ta9j96li.cloudfront.net | udp |
| FR | 52.222.196.139:443 | dbpi3ta9j96li.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dbpi3ta9j96li.cloudfront.net | udp |
| US | 8.8.8.8:53 | 2.40.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.196.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 34.214.162.142:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 142.162.214.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
| US | 8.8.8.8:53 | dst36t2kjn7gi.cloudfront.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\4c6c6470-64a1-434a-b2b8-256640715084
| MD5 | 4ed02d7e968b367c7e056508c1ba37d7 |
| SHA1 | 7f9b44f00fe1bfcc2c20cce48a64371d180342e9 |
| SHA256 | 43da881587480ccc52afd2cc1694fc647fb5d8803ea4e064a3cbb3f321b7fbd1 |
| SHA512 | 276ad64f6de1a0b01c3b19e9a5b6ea75a94f3c6878ac5a4c87da0b83eea87bd515a4893750cc0d98e041b1420cce95d5cd3c72717b018705d69ea8540f9ea2bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\e769a6ae-95fa-434f-8af2-4109e7f0039e
| MD5 | 61f6fa07bdbd3cfa23b65f9e85e15594 |
| SHA1 | da63ec5e0fef9a9f60c2bbd1c83fa33446c8ca0b |
| SHA256 | cb9c682f225be897e00b394af64ae0ed63b619b0d080a3f99042935e7620091d |
| SHA512 | 52e2a5efcbe49295d13f8475cbf13e03772052fff84eb4e4584be6b5a2a664caa7f5dc7a9c9d7abd086a51fdcaf3a3765ebb6220f341286a4b0be1e004df2ded |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
| MD5 | a87b9945db2351b20a75dbbcc02be7f7 |
| SHA1 | 4f9084e3d6136d80444229c4dcef5ee2a046cd4f |
| SHA256 | 66420d36160202869eca9c238fa2a3eee5501e80a6541de4680396e7cf1a93e9 |
| SHA512 | 84b59f7d02823fa6bb15f7a18e7585125719341a2cbcdb3300069027f376e9360f774497d6b6f60b54795b2ff2b83e4c7d391d1a7c4b55d77ded40ab55160c1f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
| MD5 | 24c101f9f066282fe8c0bb6e0d35144f |
| SHA1 | c002037a71d0deaf7d66ff4c4bf5730942c65c76 |
| SHA256 | 6616d1cfc6ed516f59989c9609619d6916d71aedcf097a08598ba0f0df3b7bad |
| SHA512 | d383f4a3c0fa513d54745bdd29071c3dc6dc3d2925bc36a967eb67b99787fde289aa35c6b754774c9417307eabf4ce7dab336760ad1f17a3ac19653468033a98 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 731c0e733fe1e3123d366af7c8e578ae |
| SHA1 | 9756304ea773dd9cd96e5996dc79de2ed6a9ae9c |
| SHA256 | 8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359 |
| SHA512 | d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0acd94ee6d60b9ea46f2936e61ca5342 |
| SHA1 | 6991095e7fb62ea4a02edaaae59e6caff599f294 |
| SHA256 | 02d55d79869c8c47358afb0e40d620fcb20e9949b9deb64b8df7e65423df2d9e |
| SHA512 | 85c624c6436b89cb5cb632e9f6c3d15b0f46112528a88ad6999744cdc37283f5c1fd93119a9f16e3b4977fe68d76fd440c83c70729a9ebdebb114fdd5bca8264 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
| MD5 | 8660235cb8ea7f1b0c0595254cb69889 |
| SHA1 | 0de51bc0aaca6ee573fe80d471d1de454d7e2d0c |
| SHA256 | 2d4fa737eafe37c47f8afd5bb6f8952f578879e6df302e391083124838439a91 |
| SHA512 | dfc82da3b4662e05a84ab02326a08aea622d336cfcc6527ca0667b79e3c26faa5023b1f84c40f74c6acfe7889a02c79a0ac55fbc494ab51840e0ff76af15b6fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | 63bb4f2868779aa5e9a6e7e16cc7fbb1 |
| SHA1 | 891a402b79c2f264438d20456e1fd2f8ad7d76ba |
| SHA256 | abe10878926306bcce095cccb45431321275952e2451b9c01b23074b18a8c303 |
| SHA512 | 6c56769a612dde1b49b37886c8f9bd4e0165e2e789fda09965960af1d611960ba032f5f357bd59d722c250941a6e2cce6e9756260de780c3a107babad4de58f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d22dd2f480e53f906043a245a711cc84 |
| SHA1 | 5e3190d05463a1062a986a5e9bbef67be8814957 |
| SHA256 | fd4cc24ab1c4e4d41359efc88899ac36373c63cd7f53d3f3c308d710f3d412d0 |
| SHA512 | 802fdefcf5617bf24ac66faf7bcf7346d1cb3c96dc12e9f65b93e6922b123c15f27e4799c388a3772b9953a9d0323bcf140a606f8aadc5fbdd56efb42063c8a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 365b08f1e8625ea7259739ad28cc7a02 |
| SHA1 | 12b896d6aab881586808d3c8e69fba6079da0f6d |
| SHA256 | 3e4c9fd5cf4f998004f6aa00baaba06319bb123e02034edb2288eec1bbecf9ce |
| SHA512 | 5c968ed04e900cfa23af2ab33dad473297af7e6f81fc4cae83f37aa500ca0c13d485573990f05a7409f792b0bf4964c92b307464d11991f903a4c22465061dde |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\7DEABB98080B97238B6EDD3960FC69AF88DF65F4
| MD5 | d766827ef39b12a5382145b74955f553 |
| SHA1 | 1a56bf624156fc22ad58f1f471614b28924abc2e |
| SHA256 | aec8cad5f47ddf46e5a6dc8d6bef5d718bdcbc104c688a77eaa5ad407ceeda4c |
| SHA512 | bc1f85dd14f1838fda99a47bd0a79af1f6dd248f12b902b4cf3e3a1511597f802a53449d5cc030f5537266e81a828258950ada477fd521357b1bee44a6c95b50 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ca0713c8ff8d595ff6731b225dde9c9f |
| SHA1 | a9507df592455674e8fe2c994889926a453e7200 |
| SHA256 | 68928e6fa26d2bfcb87dbf335cc3a3a0740e250832b0eb4eada45742f3c830e0 |
| SHA512 | fc17ed7ed5e9990ec9cecfb108d4ff48b0f4235485c0a17a2cd9e1c59757bf652cce9824cc70a1fde88edf26ccad45d4d8360238b7d70a89f247e94ed706a51a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 92e1995c35a8a4172fc4016891b8d20c |
| SHA1 | 12fb478004e893e9b1906df8d7e7fd741848c9d1 |
| SHA256 | 20b3e9d5568cd14bd4fc5ce54aec7bc81ca90a924c2693b4004fa16b0bdeb350 |
| SHA512 | dbf9bce8aab1a8ce6837b3497728518700357a70c488d92bfc81c5006ff8cecc4299fa68e9f6a45c0b42ad3236165374df6a904d33af56fe99447bac435f6422 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d3759ad5beed7a7e0bf9fc61b0427334 |
| SHA1 | 7dfafeda4b3a145325de0883577178535161eb0a |
| SHA256 | 63445ca8507d04b6857c7937d062e1e49290cc73eecd3e0b1f19110af8932fa5 |
| SHA512 | d5ee5bf7ef26c08351645a214fe1ff035d8268912fc076acc5c42095751fb6734d493ddd24cce37a90cbc8c044cfe288bbaf475485147df7f1e63545f46853bc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3203f5d4b33c1b25981df10a130e9103 |
| SHA1 | 8d32a976d795d550d8e7fac9f62522230622b23e |
| SHA256 | ebbef3fdef19dffa402a1341f2743e979473e9df702847acb2b9a647bdd86060 |
| SHA512 | 1b10bde5b6030a68581ad7a74c3f1feb99dbefdcc4b8abe2ea4585a164abcc097193aa1c40af771a2c9267c02d5e4d01a1dfc7cf99f55bb87e633f91e1d7b313 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d319f6cd8e075a873beeaf45e3618b52 |
| SHA1 | f97633bb72d76e12e6897d9695073052c37bb73f |
| SHA256 | 7933141a683e1e288b3b81be0127e884201300402ca4dbd48490f716401d40ff |
| SHA512 | 9f4c51de176a4f80ff17f7f5638c541c73e132ad5c3c489d38c9d6332f8f83bf6023adead0669755114d2979b9f7dd77d81f819c21c8619a84cee37ce83c3a6f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 38e818f3b5501637a886595d02b836e9 |
| SHA1 | a04fcf3b06e46fbeab4f3e8c0972d5c9d20d0448 |
| SHA256 | fbf56d5d42752a3d320096a7796760ae026247a1de86c604a3e7ff8dee93d9ff |
| SHA512 | fdecbe9c29822e1ccc4c477e247b406dbab2b701cc15d052c9814b3144608ab9f3a0d09cda664178763d1e34ec09e87e569e83f94af1aa5e470863dc1a2e4694 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8d24dd67c69db47d4c018eb27c135c88 |
| SHA1 | 41bb7cae908a373f5bce0f7e14752320191a937a |
| SHA256 | 33973a7593c2e6745c9e5776ff07a6dca35fa5045bda645551e0ad47a7aad8a9 |
| SHA512 | 3894b37c2ea90733ca4ec94ea4961a99d9e523028a6afe280afda507fb35a8d28d6844d9b9330f7c8bd5bb32738fbf8bf7e8640af4abdfc3bc68804158c3f7ee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\38A6CB8D25230C87E5E55B25EDC698E3C2C80BF3
| MD5 | 8339026f0265ac9d7075555f39fb1505 |
| SHA1 | 47c32850be109377ef0acb745fd39bb87273d7b7 |
| SHA256 | a37b555b19e430010325abf0c2a5413e5f16d774b5df8285f42c7de9c336f4ef |
| SHA512 | 2f8e0ec66f6d105ca5c602cbcd738939d227de3b1d499c3b6a970c1fd55eb8d1e75645a2f29a323349b8fd39e7a0ee5091c8aec0f566eac16c592a1d7f7ec27a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | afe754b904dd7c8e9303cff6b2e64474 |
| SHA1 | ef76e6c5e6fde61c6f8770d23d27cfb8710d6a37 |
| SHA256 | ae5d7cef71f61bd8950c220d05a025aa08f2725add2b6eaeba92163930c7e68f |
| SHA512 | afc29ac14df602538e8f6f746be3e87cfb2f57f1b7724eacf2445de17fae79eb03f896363ba5384bab69fb93e1b959b3b5b5e0d29a1c8e50a0221dc9b0421720 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2b40e5a8782e0019f791ad2f80bb9d36 |
| SHA1 | 2eed962de67c455aa1812b6ea8dc154c688c20d3 |
| SHA256 | 46f3e4bcf2d41cbdb3e7a434afb480304989a784851d21274cb20458691210c0 |
| SHA512 | 12a6f4e6554bf882f1932969c6f85dd9240a1e378ffb27b0d5466915c22a2c189278dc0ea66e1e459dbbd1aef53ce9dfa4c3ce5ae0632b1743c57340a9fe6bcd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6245741c5a9e1304959b026cb770ae0c |
| SHA1 | b8ebaa4a2e7d65af26c9641164cd60515cf6f807 |
| SHA256 | 5b6c9607e1f2052f854fa1d4c537471d71e6be00f509ffcaad1744006a6549e1 |
| SHA512 | 6511f62db2892212d6c9061ab34220c5e7937203ed698f3e49b0db5cf0c9c12a3fc1f2310b606f5fe5b9290e43bf0020069da455a266fdb8066d08c2f6389192 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | aef6bbf34bd3a938a6070056bb7e47f8 |
| SHA1 | 036f89290e94c5f05ac1bac4effce93734e2cf7e |
| SHA256 | e73337b5c00e80b873796b5a9c0d8e231306bef9d14ce5ce47886a3b7e6b6a44 |
| SHA512 | b1f6339c2ada56de316508c5d49fca38106f90b5d943ffd1233bd68ceb8233382b2888be78b4001b986a46e7bb73d715b20d780c3271d5893ef93c15555d1335 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cpsemux.com%29\idb\2171031483YattIedMb.sqlite
| MD5 | 1271e78109c5a79d66460634e5f1ca1e |
| SHA1 | e3df576dfba6a69127e1da541de0e4a7cf6e6c27 |
| SHA256 | 5ce110a24bf06e3567a53cf1b435e0e73472e2bed0f3d8c2cc224afebb4ae917 |
| SHA512 | ad3810ba3c368cdfa9ba6149d350c443f29e2bcb8872f2751ea8dcc81c435080b273b6b66d7a8f94be3c4acdf3caecb509a8bede36432e15b169a9824805bef8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a48badcb1d5e7b71eb93343fdc1eca59 |
| SHA1 | 5eed5b082fbc15ec9cca2660ea6c19f81f1f9804 |
| SHA256 | 47e422edfaad0e02f63b0c22affe7f8cd170854875f74bcdc45641ce950a40b1 |
| SHA512 | 6f3528815247ef57d47dfded6e7124a737d50140bab1969451fc7936c5042d95d17b1cd71d79628f84f6c8172ae1a261e159068426c62cac04233e1c80d12067 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\15947
| MD5 | 3605d24cb40ccb9f5b4a50ed825786a4 |
| SHA1 | f874551c576d8bec6b109a6bcdbbe0266dabf577 |
| SHA256 | 4762d9c2d4267ee1588d98c9f1325105e3bf28eba4cf5e71694b208d8845f06b |
| SHA512 | 3d36ed88cb582b825e4667a83c8f8e8ec9078b9d39a3085d162a0ce7a3a00702068e30fa748a8b16da3c81dee9df237d9b8fb556add12e037ed89e43eeec77df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6b296e47ef837d042c98332bc885ab6e |
| SHA1 | 985ed4c654a1a8196cfa1d4f2877d9998ead7a8d |
| SHA256 | 1197a14ae1a560639f3e76d7a7623d0c1aa96a8c1e53eb8f784b334f145d898f |
| SHA512 | 72b2ad864768d84905a0b90b63327960ce540af6e8d2c6f2e08f7864ad12038dcfd2176dc2f4d128c465068e6e801298c03e701dfcdf94dddded14f44e2c7919 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\4776
| MD5 | 609e35115b298c4eb0c2d7ca5624312e |
| SHA1 | 0a325e59ec2abfb54eb787e2ecccedad5c6ca8cc |
| SHA256 | a31de12e967b05814dc68025a5b860e326c958549044b1200f582a9eff69fe7d |
| SHA512 | abfaaff68107be4e19c6e58294d316195e510cebe20103d600cb1f5e2b6468e0127904fc939df1a2f8df6438634c49ab66cf9d5d3aff30bfa7cbce596915121a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\731AB9BBC17AD9A6C011E97903A259D942F5D10D
| MD5 | 449a73e176dd72c5a59f67a47ff786d1 |
| SHA1 | d4bf383eea37fd9294957bec6b9ccd176ea14327 |
| SHA256 | 63d234cec5ba3903ef78feba804d7056c95947b6133e03998e604a5fbd31a0e9 |
| SHA512 | 78a7ab2387fb37a998f9ead1ec001f2aab67f8becb1f53e95543b948480efb23e7bd4071b7b60cfb42d7ef07a3382ac2fd0c288a05000cb33931bfe59658fd0f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 05228e4c3afd483e93d39621eb3b8fe2 |
| SHA1 | 3fedec1f4bacc63552d9321f5d98e65b7f7df215 |
| SHA256 | a47c6ae64c71a74811c54f6b606532f0377443eb0afb9247b2aa6fade12a422f |
| SHA512 | 0e6fc7788d6a9bd4d9dfc2eea2cc215c64cf634cac6ab3f6f6d9fb5dff86d841fd6b1e3195c26d6a4085c8dd8ebfcca6dedea0cb77a24e37407ac330dcd82ff0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 761bbc3a6c8bb080e3aeecdb0016ceee |
| SHA1 | 2bcf670799980f7b595cb9081def11034f6b3267 |
| SHA256 | 7ea8c0340dea44f2db4629b0e857d39990343b34946a37d67370dd791725e11f |
| SHA512 | 91a117f748da202884f134de7be27ed7cab33d6858085ca13c870672bdbd54c1f482412d214450221b19636a858dc5f56bfbd3338fd744b1ef4c0235b839c92c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e056b282f055bbd007a66137b9b44da2 |
| SHA1 | fbadce4a1b2952eba2dc780d58f586e8beb90c1e |
| SHA256 | d4549d9b79783ad6f8e65f21b83b4912a9ced669371b8c9cbcaf383518029262 |
| SHA512 | a6469091626ce928474f77d4ab6f21ed94418fc7f3f24e510a87826597bcbe0c43a9419d1dedc7b260eaae2a921dfa67b835cb4b2e79a599e9f30c0cb3f4d19e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a9b02de1f95122ea4a9513caf66163d6 |
| SHA1 | 1e75552bed724249b21d36b20bcb2b651eb2de4f |
| SHA256 | ea94fad87028d93b89cbb97ab89c173431f5fbe843a4f01feb27831fc4630afe |
| SHA512 | 00926046d2aa6c8753653e0978616eedd8df818ec43e0ee6324fa441556a2061684f63771488862c75fd4c89eebabbdbb84cd0b33cd75458927d309bad807b4a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d5e0a6cc1c8363d3bbe22783a4aa54c3 |
| SHA1 | eb99ceed7f9831a4a2643cdfa81d8025dde00543 |
| SHA256 | 87407b48ceb19835a9c412deda3501df373e86339522b61ecfd553705bc2312e |
| SHA512 | d1c268133676ef75755a475e2b8b2043a88251ea6e4902e2149b7d11e5c96d9bdaaac50e698155caa5e27a2231fea7d5cab2b6a553cbce860285efbc2caeda35 |
C:\Users\Admin\Downloads\PS5Emux_v1.K1J31Wyc.1.0.zip.part
| MD5 | 48f286657c7576a5915a2b23f7971e45 |
| SHA1 | 23b013cb870906ed46420cf7aa00f2d45374c13a |
| SHA256 | 8c9f450453ece5ce1a01b2867c7e4e85be29ae8ef4430c095019d87d40361b96 |
| SHA512 | fdc64902098a92377bbcd508f38ff48d89cc43f9512446fff131b2b2f493614c9e262601f35f5f1585b3224e4952dd5db60008131e28109007515c465bcbadad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3f0e806bc6d5b9f30ef79760c96243c1 |
| SHA1 | b7a17532eb994a95f1d7ca487b16db7e70fc8ce2 |
| SHA256 | c2448b4152693362fda120add55289230ff549d66181bd029d295ef013aaf18b |
| SHA512 | 1c941c0a3ad48353c93e0251f7abc896ed0950d29cd6500d4384fe9977a26a71f7287db70b2c211a3ed00430c90df951c220825f619c238ce4405dfcbb10bc63 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\cc59da4b-5775-460b-bb07-9243aa3ef275
| MD5 | 71fd4b8bc2c04a94fb4f7c20973c0e2a |
| SHA1 | 0500742038f3f4aa36a21ddcc80f5894c450b402 |
| SHA256 | da2012e4d0248284c752e2139d44b33950d683ca1f90a04a8190f1a1c0da4ffb |
| SHA512 | 4acfd60a07408e830fc5715d1e34ef81aa516a32ad56f24c04a466a46f2604679f5082441daa2d739aaba49f1dac8770caf4b9e87a7d7174bb58450e36dd3592 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\5c74ee9d-0b9d-4253-9b1c-d8afc45c0e78
| MD5 | b85b539c84aefd5fa4d1f5957612bad7 |
| SHA1 | 2c839470361f3df3ebe52e20d6f5d4077e96e12f |
| SHA256 | 61b7d031fc679002ce9ca766140e87ac1d64e30065cea5a4fdc260aeb6cf09af |
| SHA512 | 9ccbb5cee19088bf1ca88540283d49e22be1cf036da07d33cbbf1d24408c4c6cbc10fa54c8f4b406ae8394f1ae899a7aaffaddd738cc7b2ff394c9a2d7f87cdb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 75597bb67b40d9f411d26c5e05a12d61 |
| SHA1 | de6c6d3c20734d7547f5e124f9daa925f4a19fc6 |
| SHA256 | 951024d45bd0d5d7f061d6bdeec672490d830ffbd47b5bb049eb98b1864d89ad |
| SHA512 | eec6afe220e9769c1bb14429c36bdf3ef748d324147b8f72f70f7f71c8f0a056c9a55a277802c6bdeed0d5c0914f745317d12fa7680989c84503f8b1097341f8 |
C:\Users\Admin\Desktop\installer\installer__v417\Installer_x64.exe
| MD5 | b88f9da07e9db76d6c3c13b6647ef812 |
| SHA1 | eb82a09cec84bd4bd4b8f9efba867874379f7fb6 |
| SHA256 | 38d694c615a2917192a85d18d5c422c3beb5388ade76c90c610b8390657a8125 |
| SHA512 | a9b5cbf4f860a1e31433b08df719e2e36d5b9ba937e626706f604a3abdf4edcf9cd742f439cd42b15a10313381cc00cf07c4e545ad557ff7de7aa5159a350010 |
memory/1116-1379-0x0000000000400000-0x0000000001B34000-memory.dmp
memory/1116-1381-0x0000000000400000-0x0000000001B34000-memory.dmp
memory/1116-1382-0x0000000000400000-0x0000000001B34000-memory.dmp
memory/2288-1387-0x0000025EF9C60000-0x0000025EF9C82000-memory.dmp
memory/2288-1390-0x0000025EF9E10000-0x0000025EF9E86000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bdbgcnep.u5x.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 7033adcdceef2520521477b094e52cc7 |
| SHA1 | 6dbdc3aba745a40a79f2eb659f2b427aaf5ff62e |
| SHA256 | bb10a63597ebc56a9c5e558c7b5bed8c1dde4856f7604ab987998d10eda3ac4e |
| SHA512 | af9249bd6a64e28d1b03ce962618ce2a7e5a55dc57d1dbc8efcf2e4142e74f40e58b144952981c3a86771a9fd207e73986130edf7b7dfde2495347e284e8287e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 85176890c08c69e44f08e05bbcff7ece |
| SHA1 | 245ecc7270af2ee9ea07a07a57dd8aadc6dc84ce |
| SHA256 | bcaea9f062d3dfd77dcf93743eba2f4db9172e83af1682464725e31491d454b6 |
| SHA512 | 13116c3f761b0f6cb510d418044ce2747d9c1d927d3da417e8b03a091614ee81fe427d4c98b329a415c7b34746c61840bf6d197f36ed38a98c3bc2645539f6c5 |
memory/1116-1485-0x0000000000400000-0x0000000001B34000-memory.dmp
C:\Users\Admin\AppData\Roaming\SystemCacheUL\ul_plugin.exe
| MD5 | e4b2755d21e7004b06f97d95caaed96c |
| SHA1 | 2161ea7d12e695e2facd545fb166d7fdddcf9c63 |
| SHA256 | 129b9788f393fbe39a5ed5f8e36d76c5968ae03f333744036c01373a250049f3 |
| SHA512 | e301e0365776ad77f2211defe0f6609d7a8fc4fa69198d777bb6a098caf0efa02d551c8424f7973bb031ad6cedd79dc348bedeccc927f6f94ad28ef31e8c0e47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
| MD5 | 674b801ca2f022c116f8c68ca78909bb |
| SHA1 | 8026fc6f40166c6a03c5fd822bafc2722a094b82 |
| SHA256 | 5c5fe1266e66a555b6634cf1850225750651b13d12137a0c450456854a89c3a2 |
| SHA512 | 70d5cf6ce3907a8c0fd48114314f72ae9aae0b3426297bb5e85d84c24f9793a10f753949351be5d5c8a49929e720896337898dac7cfa4c2b8c63ca40e7c94765 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
memory/2576-1521-0x0000000140000000-0x000000014130F000-memory.dmp
memory/2576-1524-0x0000000140000000-0x000000014130F000-memory.dmp
memory/2576-1525-0x0000000140000000-0x000000014130F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
memory/2576-1570-0x0000000140000000-0x000000014130F000-memory.dmp
memory/2200-1587-0x000002469C020000-0x000002469C030000-memory.dmp
memory/2200-1571-0x000002469BF20000-0x000002469BF30000-memory.dmp
memory/2200-1606-0x000002469B0E0000-0x000002469B0E2000-memory.dmp
memory/5492-1628-0x0000016CA8500000-0x0000016CA8600000-memory.dmp
memory/5492-1635-0x0000016CA82E0000-0x0000016CA82E2000-memory.dmp
memory/5492-1633-0x0000016CA8220000-0x0000016CA8222000-memory.dmp
memory/5492-1631-0x0000016CA7EF0000-0x0000016CA7EF2000-memory.dmp
memory/5492-1651-0x0000016CB8AD0000-0x0000016CB8AF0000-memory.dmp
memory/5492-1656-0x0000016CB8F00000-0x0000016CB8F02000-memory.dmp
memory/2200-1666-0x00000246A2DF0000-0x00000246A2DF1000-memory.dmp
memory/2200-1665-0x00000246A2DE0000-0x00000246A2DE1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1SX7W4I3\favicon[1].ico
| MD5 | 5ebc9d0732a2e6b21b9b95b64aa2399b |
| SHA1 | 5303612966345883f0516a8f9124abe0dbd253d4 |
| SHA256 | 2b26a70e98855bd9c6af91f25161295b577638e7fce541b6a03c994b77bffeef |
| SHA512 | 364b8d5afbd22dfc99bc4c6c228dac2098f4645e6e3e5c086e50b8f46def249de700548f2cc8bfebdeecd2c7bfc5581eb68290a2cde04051b4d30db8d2602526 |
C:\Users\Admin\AppData\Local\Temp\mlnpptvckigg.xml
| MD5 | 746c2aec8d3a35e86e765367fd56c871 |
| SHA1 | 2605f20796b0de8d768497e8ce8d33ed0b21d1c6 |
| SHA256 | 23109dd0db8959760ff9c26e42f3d45f20b9e3560f9b638551003eb7e509d7f6 |
| SHA512 | e26dd98b53dff63d585e87098e063852b621126c1e235a451490a1025004f34508e9b65b0b365e48dbcfe8f6d7c7dc1f9f4d437758934e43a77e3ed5753ca7e7 |
memory/2576-1679-0x0000000140000000-0x000000014130F000-memory.dmp
memory/5492-1681-0x0000016CB8FC0000-0x0000016CB8FC2000-memory.dmp
memory/5492-1748-0x0000016CB8D60000-0x0000016CB8D80000-memory.dmp
memory/5492-1752-0x0000016CB8D40000-0x0000016CB8D60000-memory.dmp
memory/5492-1764-0x0000016CBBE10000-0x0000016CBBE12000-memory.dmp
memory/5492-1766-0x0000016CBBE30000-0x0000016CBBE32000-memory.dmp
memory/5492-1772-0x0000016CBC080000-0x0000016CBC082000-memory.dmp
memory/5492-1770-0x0000016CBC070000-0x0000016CBC072000-memory.dmp
memory/5492-1768-0x0000016CBC050000-0x0000016CBC052000-memory.dmp
memory/5492-1778-0x0000016CBC210000-0x0000016CBC212000-memory.dmp
memory/5492-1776-0x0000016CBC1F0000-0x0000016CBC1F2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\check[1].js
| MD5 | 69d77690ed201acd0627e99dd35c96eb |
| SHA1 | 05ffc794be6dae3836ee5df72d82d917323b2941 |
| SHA256 | 577d248638c57941b7e35d9a19ef4b5d88d52482f6e59254142d4266c57bad38 |
| SHA512 | 06aaf36275b0c4de82580319878333d973d3cd464f4c09df4281551f4381940dc792eb28c2c84b3a94196b53edf41751b01976ad77c5e393c0b62574c4b214bf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | fd0a6a4abe369e8b518741237831d36f |
| SHA1 | 21247855b91ce0ae2d2705160eb495ba7708b2e7 |
| SHA256 | 71897f51caf10b6a9e9fb4dbb7d5f10c028cc30f6338863f1df108305bbda5dd |
| SHA512 | c839be4be8a072b6fe0ecab3dd4be5e61c1eb5bb12f7e1bf44f5511e58f3ea6ffa147f864d70cf87aca9baa78476c10448e8fe5de1658141678583783b6dd1b3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5QL2I3FQ\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\DED89E1CC2A37D548B56A97822731AC6E227DDA0
| MD5 | 298e59946d1ce6957d533dfdea32a054 |
| SHA1 | e0ac2cecebd023cea3be26fedafc6089425e7993 |
| SHA256 | 82a6864c7188abf6b4b7aee73b9340a732fa8073a61ec0d62d4fac55e24dc51e |
| SHA512 | af7ef5ae620bc3fb621089ec912c1f704e2d72cfad392bf3bf15052988ced83ab731c90727fb86758a163ce80f4dcf1e1efa39edc86a02ee2f04455443f5cc67 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\xulstore.json
| MD5 | 1995825c748914809df775643764920f |
| SHA1 | 55c55d77bb712d2d831996344f0a1b3e0b7ff98a |
| SHA256 | 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776 |
| SHA512 | c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\E69C0DAD52D3DAEE219A02A48B61673ECE2D778A
| MD5 | 5f65a05b11bdfc99ae85735093ff15f0 |
| SHA1 | c9b9a01f1b7a909de1c36677b4b3c459f1315a28 |
| SHA256 | fd7c0952b146ca05a72fef53973182ef71dfff3fbd39d3175385368bbcd8f34f |
| SHA512 | de65adbbba9d558f8681015fc4e7ac0eb44a8d3e07ec6b3e71e31455ea819b492877f1c3fc39261407dd7d601e6929b0d9dd4ff32d84e23e42f0377a8a9011a8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D1D6620007308F36E74DD68A7D3D58082CCED17B
| MD5 | 366896c91dc746a5c0607a721976fdf3 |
| SHA1 | f81b11dfe3582b4bf08c811d4d0c4c22f33cee08 |
| SHA256 | 3d32ef832d2f3d4b6026cdb1d26db3bd6f48f576f814c7340fefeaef787f7357 |
| SHA512 | f43677c77162d13fb3725403eedd6000e8494fa3042af82eb846fa4066c10d082df293c2f89ab0d867a85c812b27e0aed992fd541d4c63afc8eae03a757a8eb8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\348007BE108E559EBC068338FEB65CB5050D7052
| MD5 | eeac69b7c15e37d7440da9adf02c7ab1 |
| SHA1 | 0606dbd7febafd24099e9a86dd5c1f8bd12da267 |
| SHA256 | 414e52dc4d9c46d8e462543a848479c144b6728f60b886f8a968eaae6a93fafc |
| SHA512 | 77062e96ede0e46299d28e7e08fa6cd2f5824ba786efb7410c6801978d87ddb8092dd7ee624a78ccb1bac18ebefb5e5270462484a3a1faa08d302892a9d0a38e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6A33F9EDE71B3EDF0A208B91591192DE6B827E6A
| MD5 | a403c2948aa2a901899e5f82fdd0787b |
| SHA1 | 03f2c80cfe0e040e8e8a18428f6eded14c6ea8fb |
| SHA256 | b4c3d743c852ccd50a9654544497a62034554a359a6259c20d6d08eed4960d44 |
| SHA512 | e4224924629e3f3ffe3d66d94f0977e95a168ba17db847544b6b66f46f32712bce445aa725e8d372eda37cb054defe9af21ca1acfae0a8693c1c5bc64c04a469 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D113C1A91C9A29B1A40A4DF4BDA149B112750A9D
| MD5 | ca032a9d40dbccbf1d5001db0d419e19 |
| SHA1 | 7a40512fd300ab631f0afc1ef475b37e4691f894 |
| SHA256 | aac466174d525bc270cac931fb38888dc40c330633992eb905626dedc048bcf0 |
| SHA512 | 0b0f338d82198d1888783f133c5ca72e5328d56f9f601e03be4797385f8ae5bec71f553cc13bb88bb373e1ba1ea9689704ac7ab60b5eccae0b8da2b31e77691f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6927E73ACA6916AEAEFEAE344BB7A2D30259F5BA
| MD5 | d5b757013c80a6d3bcf26d85d8eed9d1 |
| SHA1 | 42f474b53568851d10f7919c4a78ac8a4215668a |
| SHA256 | fb764559c9c9ff1e3f06120a32eb42ee7eb14aa0e029f60c2d3fdc358b8f6457 |
| SHA512 | 7dc9c4b8b4d2781425d8b5d146cfe57e3980ec2f36b94764b74424a597f454d777d5e4739b8f3ae37241a2b4ed0476d9820151494fa5a0775d845113efb9497b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\BA85C2AEBD1841FAF28F052A34E2ECEDDC4B9C59
| MD5 | 49091eda7c0d1c4446688f0824ca9525 |
| SHA1 | c0627289a3a7a1612ea55e5d9f785d39a99ec0c0 |
| SHA256 | 96261ed9bcd37048ae7092bdec5c0c089162b7bef1d1da0a3023245d6b42bf3d |
| SHA512 | 81ae5a59258f1030fc49a4e416b5f4a6cfffc4ebd3dc6325fd4c2be5bc9c8f6a31f5557d61890e35f1eda4cd0fdac8bf2a661423695f791eb91f121fa8c55e56 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\5D2265A595C97C6B3D254AB4F2A5A957FCD5E88B
| MD5 | af0aee7526a7f20a67f6b373c5aabe4a |
| SHA1 | e71cd3e2eb166aca47856a8b2d82eb766839a1f9 |
| SHA256 | 76a8dd9324e383ab3d7cd08831d8e92ad0fa5aa0e500d557a5810e170a1f4bfb |
| SHA512 | eeb2268182f3d52e7d72fc870e532545ba1390c581adae801d96732805ab7793670a1baf9ed322539777fd097c39336fb6c47fbf9e1c1d7c4751e7521f937c23 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\05A78C590E745F2FCDDDFFCDDDEA6CE1D12565FF
| MD5 | a33ce1fddd56457d8923fa1bd07d8aab |
| SHA1 | efc64723c6eb94057f6db1db06687d95710e47df |
| SHA256 | 3abeb8ebc6bec341bbdbabcae5dd8b43c15bfe493d77376508e40b76f6a221c8 |
| SHA512 | e7ee4ad8a1b77454cf9df3482034b2643ead0c48307172e0b5e9b9caf85a9e8c4437c040539dda92abed3c96a600d0acaa5d4a389b0e908014946f39272f6681 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\48218383B5816AD64963401416B5810CF014141C
| MD5 | 1875c8b59317c81801e9f2c4db1af85a |
| SHA1 | bf3a67db7254742a24b3246ca7059d3a4c7fa184 |
| SHA256 | bf535676378d0f8a3b1de491345c6a54572f8f4e6bca01c1f87667c29ebd7494 |
| SHA512 | 17768731e7981c557b8ab0143476c794083d4f1b7659f150d18d8f903aa6d1750a14be698c8890ab31c38721dc68f5b8d3c83a00f351c3cd8ceea9d655c3198e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D2B2052D98EAA066F0CA06E3ACD5103FE1465DA1
| MD5 | 21c42b8367c26cbd1910dfcea97a7a2b |
| SHA1 | d234ed5e129783b306d18fe9e4f999c78fa4defe |
| SHA256 | 065695d7b1b08e484af13e527b6f394eaa4bb3e78bb1d018b84826638fa0c48d |
| SHA512 | 064682e3d15c1caa206d57c0ceffebbce237f60fd8146bfa1223396173d617ec9988ddf0d7e3f6c4e16d0d54e1b0be75ce9044953257abe82683a1c5233f8337 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\BBA484D5E02ADE67CB5F53197B3382F9A91D28BD
| MD5 | 2a86a2d1bcce95af34cca9808c81470e |
| SHA1 | 34f89997c3c187ac5ea5357c1ce9965eefef7b11 |
| SHA256 | 24b4fec9a68d5eb7f02c70e48496dab2a1445bedb252645a98f87f431b6a93a8 |
| SHA512 | 6d86354b3433e6e61507fc22d9a2deb4a6e2b9531e9516c41d0d7b31135668fa213495f3c255c09fd8109e9418dc3dbae55c9438e864999473a1dffa2fe80afe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\8E26CB6D0ACE7D99FC6524F8C44CE3C71D420FD8
| MD5 | bf089a49211ec79070eb59903ddc1b46 |
| SHA1 | 2e474a2075255d09ec1febc8c9f875c281ccc025 |
| SHA256 | 0fa38fb0d4171045208cdf895b1044c1208f0c8d4098af5311423eeab8e4a356 |
| SHA512 | e3e07979d4a10c3b08afd1dfef7158a943b913816b09762ad29e28b13a75acaae03aae63afcc587c37e7113b003da2b377f3dfda06c66f478165686420ca287a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\57C532E6495ECB8DD31A502F89D28223CA93A0EA
| MD5 | 697f4b8eb7500d9141c60612d67eed92 |
| SHA1 | 1d05d7191f47e646942cd933f716bef9566f94f9 |
| SHA256 | 5ac0472c9aab7653a6d9853c17f88a64a576aa820b66af660ae8767a8a286765 |
| SHA512 | 71deb5a84c3b976d6c620c7de30e01672ae1c07dc32c8f5abaecc61e98335f30d848cf636842b44be2c01683e533ab44b2dbe503649a6303fe217747c8abdb0f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\CAFA946926B7A720E5943F39831368D9EFCF2283
| MD5 | a9436ba709563c0e8edf15bdadcb694c |
| SHA1 | 22f6f1e330c704e3d6bafaf37ec5ea927d5cc2dc |
| SHA256 | e0cd3b4fc7e6613c0bfae1694ba6fc05de525a74e8db9f1cac234864630bbc56 |
| SHA512 | 4e745928704127082466b57cf0cba99c5f6940fc52bbcf4fc1aff21198e3d9a0a05e5775bd3a86d0197297b16783e758dde11d335e499a0e889e389dc8f9ff89 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\2B7A7C355A415CE6FB08C7F62CFC8C5B73C0683B
| MD5 | faac56e6f8c2b243ded66db51cc69ddb |
| SHA1 | 1341948a98738d375d4444bf2df257a03c6f8028 |
| SHA256 | 4fc57bcb72c14d9c4f76aa23a32cf6d79ea14ac588465969c073766057173a55 |
| SHA512 | 31098294bac2f231e0e0fc63b8e8d8f1610ff3b9ac85edf377ab4a5d413f483ba08fee9f9a6a6e235f3a61361a2d7445ae42298cc47c8155864cdb8cb9c98d10 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\852176C4FE89E7A06090C8D447EDA5639705965D
| MD5 | 4392c2e1feaae0506141f247f68071b2 |
| SHA1 | ea3b339c016bf3430f88181a3f59ac99538acb9a |
| SHA256 | 94ec26072c8e3c4aeca118d66dc7bc458f644851d8fb6d7c06e24eda7c54f3dd |
| SHA512 | c77045b94bba0e11f319eb3ce8dd8079636b4eae50b2c6fa31aaf3e842c63d0420a4236f17dc10fb8cd00b15018574409f7f01657cc21bbbe75ce1713d11efa3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\ACC63D42EF1D2D7C1DFEE17640FA2ED2795AFBF7
| MD5 | 26e2cbf8bd0d9d68db2d34f9b78bebb3 |
| SHA1 | 15c7a48e3130fc9e88e7359d7cbb62922b69c52b |
| SHA256 | eb5879af39016e84852e4956975e24725c9b8e69fcff76b1d44bdd0bbe04a931 |
| SHA512 | 232f944d8858f13999569e28cd901c587139daa680b46533caedba5c79f29377ed22636332556414cc1f3e0e4c6095b7aa942a967f0d726e78bdeb515722415b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\069C2DA77C1CFB563298A8513641F2A6FF9C5A0F
| MD5 | c65197b1ca884623b7dfaa93225c1445 |
| SHA1 | 68769962344d2ee622bc54b2b419f8a7664bf907 |
| SHA256 | b9434f3185b7717890d94025d07f50067240f9d8182b11569b0b7a03889ed352 |
| SHA512 | 8735e605fbc2ea6b2babbb5b257fcf59581dad90655a090e77880534e9dd393464c08436e9b7080180b71f0d54962d54a037ef777d62bc533318a5aa8557b75a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\targeting.snapshot.json
| MD5 | a94616c229269d15ee8ecc5bcb4b61fe |
| SHA1 | cf33c19a2cf0b56f580e1e3b85bde0d0ae22e61d |
| SHA256 | 5dd8882d901e22fee71a7b7aa9e8a02274d0e16489cfed846290dc8e649d28da |
| SHA512 | b4c487b1a7fb2be5813b555fe341974e7ded4c0a52d0f5174e72b81754370c895bc6ee872a42e102d71f724610837e48c965188bb3fcee46ff85c0aea2cd36b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\extensions.json
| MD5 | f704f322de2c5d7b3ba6ec295b19b177 |
| SHA1 | 3b74b99b2bc344c5e499fae2ca23434d0617a63c |
| SHA256 | 5afcd2b734fe57dea06d25bea3d960d85b7ca06e635681cec46b1a45e9e82910 |
| SHA512 | e65b2129fdc1d42498545ee5fc93472db6b63eb30a30459fc2311b24219aa2f73015af8ecf6f279a2711fd9aa9aea955b15e3e3222437b13bd0fa7c88e984a51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | 6517546bd5116b566b7cd999cc31d855 |
| SHA1 | 141cfa9e319340350a3c90465365d9dfc4841219 |
| SHA256 | f397d54d29f93b6987f47732dffd88cab5a7503660eb23d699f927d0b0d3119c |
| SHA512 | 4588560b291d66691d7d344afa1fa4997c0a7c86c519667f8fea51f9fd539c5abad1e02a02de45fbfc790aa4697b7f02dbb499337fb9c832367231d2a347f24d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-06-10_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4
| MD5 | 838d93fe7f64f4f752cc6aa88379ef54 |
| SHA1 | 55f0a2bd40fd96e3a319f886a58891fd9d416c0b |
| SHA256 | 1b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d |
| SHA512 | 8a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\SiteSecurityServiceState.txt
| MD5 | 37f9085166d95ee302ac0e83538cb844 |
| SHA1 | 53293ca13f582cd5448bec878a4f79aef7b78afb |
| SHA256 | a7cca19aac869bfe548388e96f4bc2a70a81adf2795ce76a30a16a41b012f8cc |
| SHA512 | 8dbb3aef61ff1d7fbeea67594f42ba24ba683926cc65bc99ab1cb560d70f335e757ba38d662e37d6d0fecb297a87ec61842a2d8c33b87b9557f22c5adb0b2789 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\AlternateServices.txt
| MD5 | c4de4eeff810627ee232f27efc8e34bf |
| SHA1 | 38af7d7b39ca838d7f59c8ae0ec156114b1d8cb1 |
| SHA256 | 2942bd6c1d6dac9bf59456e659c608b6818e37f23ee10b78b50bec7fe5fe375a |
| SHA512 | 3ded63fd04cd8a47b9a29ca0013a1a6acc52d5b8dde9b59bce55e752338bbdef3018a40c1b9b87840ac211a3472b5c66c3151141c01005f2497d5e80ec3796bf |
memory/5492-3024-0x0000016CBA4D0000-0x0000016CBA5D0000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\9373
| MD5 | a7c9e8b69466900f8f99ff7898e081fb |
| SHA1 | 56a01e21784b17cb164c24f09bef2846cf818624 |
| SHA256 | 944b3258c61ada8d3b1f4501a86b10bdeb0ab89447214688a4693e5eb82d0584 |
| SHA512 | 77532ba04022aacbda79672c891fde4f8c76439dbab8311df13f510fcca536a5848ec51f02197890f4a9d3da9edd6ad13c502e1aafaa411529b48d079b5c4b17 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\12903
| MD5 | 43589df73a053f8f7bdf23dd31665dde |
| SHA1 | 4d93d589a7aa8a6f227611e2dfedecfe6a923b51 |
| SHA256 | cc12a157265941d2b24316c28e8b3233a609a527f492108f01c07643a28e71f6 |
| SHA512 | 47c8745d229d4911e0f0ccf1e2e644412d85d153f53ac2622be140b7190899c2155ad3b8c772f8a9f530453e72fdeeeba5de457dcb5fdf6fa7456e7b921c2b4a |