Analysis Overview
SHA256
48263729135489ce33976907d5aae647d902df2d9c18a49ebc75f0254a876f58
Threat Level: Likely malicious
The file download-page-for-spotify-premium-mod-for-pc was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 14:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 14:41
Reported
2024-06-12 15:12
Platform
win7-20240611-en
Max time kernel
1799s
Max time network
1685s
Command Line
Signatures
Downloads MZ/PE file
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\download-page-for-spotify-premium-mod-for-pc.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ee9758,0x7fef6ee9768,0x7fef6ee9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1552 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3484 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3804 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3784 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3508 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3768 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4212 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3692 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=904 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3564 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | spotypremium.com | udp |
| US | 172.67.154.98:443 | spotypremium.com | tcp |
| US | 172.67.154.98:443 | spotypremium.com | tcp |
| US | 172.67.154.98:443 | spotypremium.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | download.spotypremium.com | udp |
| US | 172.67.154.98:443 | download.spotypremium.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_2652_VDWAEAQQJBFXACJD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Temp\Cab368D.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar3904.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1e0fc426d499a64733c898934e516ac |
| SHA1 | 0177ca4429e648a3b5611c5232b42d3451d452c9 |
| SHA256 | 9cc88e298e90b89a9e4411c0dd90a0d1c01b88c8a72157528a48aa23002f1f65 |
| SHA512 | 8142a514a909fa807ee008328dd251e00bd32bc0a546dc51ed26cb0e386ca0b5872e5bfa9136f4cbbb94fe1d2717a54fbd051dd926f223e7ecb13c533c46527c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5c2227b898ba5efb90d0effc75901fc |
| SHA1 | 7cd4db2464e1609e9ffa1903f68b6c3582db665b |
| SHA256 | 369b06e18375eb44e2fe19108cbff18c7eb80ba32ff8ecc039af97c6ffef0b18 |
| SHA512 | 9ee25c0cb1bfdcd93fb4e950b3db4a154d0e610c0931b59edd261771ebe11a315cd471e460561c8361082888b2a7cde76f067bafeabed0eed4935258f310ccc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b464f12086ab04ecff789d0158ab7063 |
| SHA1 | 033eb55f5851bf39e10d8d1c1a585664031d8eba |
| SHA256 | 8a87a360d984aab9fa6e25e17348685e7329c103e3020c4aa9bc59516bbfb1e7 |
| SHA512 | 4d4ef360911480ddfb8cc676ed14dbe7b5f3ad5f77d28b71f7821ed070cb933547583e69477b3f293324032ed333f9c5e9714b93b31fdc62dde7a67f690d53a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e0212ce961aa846eedc57fd0c6e4c8cd |
| SHA1 | a75ccf22199bb63cc27fa04684b34bb7b70284e7 |
| SHA256 | 939bda9d34600a5b9b580eeaf0ff0adccd724b104cfa361702cfec5ce7c59029 |
| SHA512 | 301d555d039d5783347cb1dd66654bcb75dbc9fdab4e6a9f1410191c3e5511732c837c6a1d31611caa3832dbdb616f95e3125ed4c37d87937b98385d3a9f2f85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\83ee090f-7e2e-4f42-a199-1f4a761ac18e.tmp
| MD5 | 60113a94c68857bc4ecac5d484c4cd02 |
| SHA1 | e0bd6457ed62dcef4e916c57203483678516dcad |
| SHA256 | 8bbc370b9dc188c9c0e350e3da057f56fcda9d738c3a521f601b034facc02a38 |
| SHA512 | c932b91acea49df6daa3431b10b8a35b176b70e2281df800ad17944bc5c5a3e644cb5c7ef9893abdae187211e8d3b91651a227460b1078adcd10d22a84950de2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 0488e42e4d9207a1021437a335350467 |
| SHA1 | 99c2423b06c46abb3ee7fe1f310e49c956a51759 |
| SHA256 | 1a1139c9b2853517676ccaf4881a9d83577d1f8322ffd886c93a8a955efd380b |
| SHA512 | b03a9662a3c9edd2b5ac10fb56c4e5e26edc818f26070e33976c12eb72f4d6ee93e6f87e9f5c6447a1141e3fc72244634260c260aef250a06e1442d6bb7df5b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 19956a7aeb6f98342f5e5a85b89ffbb6 |
| SHA1 | 72d86b298e8938755041ce946c35a7fc8c5d59aa |
| SHA256 | 00f849a6edb2d0d006f366d6abecdcaf454497b06763ca4b72d8a195265e8fb3 |
| SHA512 | 8ab574532428fcb81a6c697b7e4bb76dde192bda234ae62e52236e595f739f443562f2f764a5d6902b96ad466a9d0a5ea8d9c10c555939c1b3825bf87fd5bf07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 04ef4248f2489f59d9cf674e925232e3 |
| SHA1 | 26edd54c71841c845d77e9738a85a938a1231a8e |
| SHA256 | 41d53ac5a17ad29c993db515f06ce0af5027280fde4182f2778301c1fdc385e6 |
| SHA512 | 0a0f5484d8ecf02251b291341cb0099fb3626cf569debb0cb886c08f8abbaba6070565d3f99eaf61544f67dbd0b541e0ab083312092664202d641b4622d10ce9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 444398b2ca8e64d20efd5197e799b238 |
| SHA1 | e4c6cb0acb42f35e4bc80763592e4e590a5f2cf9 |
| SHA256 | 75d0252b0e1b18614297fbc7cdac45d074d51d742ebc7273866510dc0d0bd97c |
| SHA512 | 7e45f1550b217e608ee2b5b82616dc8ef24158bbfa15d5f17bfe2a4645d0b695e641696ef8943d3d7f55fbc9628cb925dc9a56b9c6af46615195b1ee01e2ca68 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 14:41
Reported
2024-06-12 15:12
Platform
win10v2004-20240226-en
Max time kernel
1801s
Max time network
1803s
Command Line
Signatures
Downloads MZ/PE file
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626769516323939" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\download-page-for-spotify-premium-mod-for-pc.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b759758,0x7ffe8b759768,0x7ffe8b759778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4824 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2496 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=824 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.0.348665175\811413574" -parentBuildID 20221007134813 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a684a4d0-b4e2-4e06-93ef-4822957ed016} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 1972 2dcea6d4458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.1.2042420897\1452674762" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cfcbe17-07b1-45ad-bdd1-1dc11b0abf60} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 2364 2dcddc75e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.2.262264877\797180581" -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3be87fc9-d7ee-4627-aa05-9c6e3e9d1879} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 3280 2dcee5cbb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.3.510135415\1122818912" -childID 2 -isForBrowser -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8388c89f-9444-43ec-9303-fc2a75623d96} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 3852 2dcddc65b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.4.334932114\203777557" -childID 3 -isForBrowser -prefsHandle 4180 -prefMapHandle 4140 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a68733fb-6658-4ed6-aa23-19b50f0bf400} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 4192 2dcef494358 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1856,i,7278778424156623730,8211313076079793330,131072 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.5.1210223973\1522819627" -childID 4 -isForBrowser -prefsHandle 5000 -prefMapHandle 4940 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00cc02ce-51f4-4cf3-ba1b-36c353d90563} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 5004 2dcf09a9e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.6.1721487834\1687851476" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {438ac52a-c237-49b1-b8c9-1ff81ce8fbf4} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 5132 2dcf0ac2b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1388.7.519339020\1487781555" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04282b1c-ba30-43b5-ab5a-5f0051c85dc6} 1388 "\\.\pipe\gecko-crash-server-pipe.1388" 5212 2dcf0cfba58 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4944 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | spotypremium.com | udp |
| US | 104.21.48.168:443 | spotypremium.com | tcp |
| US | 104.21.48.168:443 | spotypremium.com | tcp |
| US | 104.21.48.168:443 | spotypremium.com | udp |
| US | 8.8.8.8:53 | 168.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.spotypremium.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c77.gcp.gvt2.com | udp |
| IL | 34.0.72.251:443 | e2c77.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.72.0.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49973 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 52.42.69.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.69.42.52.in-addr.arpa | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49980 | tcp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| BR | 142.251.135.35:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| BR | 142.251.135.35:443 | beacons2.gvt2.com | tcp |
| BR | 142.251.135.35:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.135.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.79.70.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| BR | 142.251.135.35:443 | beacons2.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.180.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.162.46.230:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 230.46.162.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
Files
\??\pipe\crashpad_3400_KEVJDYUMSFFVRCLQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a28a5abd0c42d022971544bfa53f1339 |
| SHA1 | fb95724dbc52afeb84e508ae93943f29f359c4f4 |
| SHA256 | 9cc339bc0b3b570e11727102581aae8424a1b704aca52210a12fa254f4cedd99 |
| SHA512 | 48222e1396e20d88931736013cf66a43f15fe37ea6bbadd873e03b24f3f1855ff379cd51cec693143478a353865ca28fc10df1af8b3f946069d1b021a8d189c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ff55f6138a93c46840d45157646ea4e5 |
| SHA1 | 6f64e6b562ab4796e24daefe98ced9e6081de13f |
| SHA256 | 1dd5939c8b5a80639b672edd0da56150e4ed18a15ef97962a106627f48d080f4 |
| SHA512 | 71413b26c9be8ae3d92f2bff496e1a58b0371e0ddeb593b1dc33357cbcb888c2f18034cadde1253ac2a440c480b867dbb85a5db0b812d1175e96989c3cedc5de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e1dd9556d557ecc2aa201af71303870b |
| SHA1 | 2b32ccc28dda12e1fc2cd184060c77218b916c50 |
| SHA256 | e6a8620557cdfb709ef03780ed9b5888e0e2b0d3f87cc555f41de03703014659 |
| SHA512 | e97d83f55df48b95d26485d5e4b82d2ab1b70fa272033875f33a6405f7be46321e7f3f5730d8635ed37f358005e6575e7206f8bca8ab57037d46ae2bdf536003 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 89e7d2322ed39fcf8a7b7b81d81a9b33 |
| SHA1 | d5f8ca75b184aefbbf4ff8a5eec6464421533b89 |
| SHA256 | d45ef82a85f8bd5f3366c063374c3e6961974e576ec6bee3dfd837b6d7a8c165 |
| SHA512 | 180bd3a04ec876772565abce6390cf1c2e65fdbd99e8ae208bbfe17a325375fb7538fe94100c3fd1ce31faf4ca55548bddfda19e48555a23263d083bbdcca175 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a7974c78b8563d616dd78533483a0229 |
| SHA1 | 91b502a09c8ab40faf303c4cfcd2a2011694da5c |
| SHA256 | bde81854bce4b90b2e37452df4602cb1d8004c0d9634338912caa769f4e6a27f |
| SHA512 | 1a34c9ea6c9b8d97ac0ad05360e661ce8a3340bb867b89715d7fcb004f8c866721ce214d640e72cdf2c9bd4145061f217c51d0828b0390db434c63224e7af7b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dcb872226f5f154e84a5278e846045b9 |
| SHA1 | 2cd114903972e2bf1aef75a5dd83056582ab3983 |
| SHA256 | 6e12aacce3d55553b54766622be506d208b25ef7ce0d9bb8d3e4bd252366779e |
| SHA512 | 8f89400b1984023fcc615d08670918d855595c901bb5777ee9272e5b05df1ea4fa76f5b2cc1acbc69d47ea6d2ce63c706d415908fc09a11d3b86d4b7a7123691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 379c4d9ee97f56f8913baac76bf14948 |
| SHA1 | 3cdf4c4cdf2d0e5a0fc64067ba2a34de50c84ed5 |
| SHA256 | 6b19bd06d8e2fa8efb796bee2f8307c5e2ae1a8a528de18438952d896146e792 |
| SHA512 | 75da481d44383721be118663b7dca23ac837f3683eaa6e4a349ba5ddc1f7501dc587fbc8270fd968113fd63b6f6595b18a4d0cdafa762cf2dcb4b5416e993307 |
C:\Users\Admin\Downloads\Unconfirmed 794603.crdownload
| MD5 | 0488e42e4d9207a1021437a335350467 |
| SHA1 | 99c2423b06c46abb3ee7fe1f310e49c956a51759 |
| SHA256 | 1a1139c9b2853517676ccaf4881a9d83577d1f8322ffd886c93a8a955efd380b |
| SHA512 | b03a9662a3c9edd2b5ac10fb56c4e5e26edc818f26070e33976c12eb72f4d6ee93e6f87e9f5c6447a1141e3fc72244634260c260aef250a06e1442d6bb7df5b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 700043ab8ae0e6fcee39b59cc529df03 |
| SHA1 | d1c8542f6f1ba3d1e9657c2d7296f67b2eccf53b |
| SHA256 | 994513b360e16d8059bbbdb7f2db4ca8cf8a58034c54e815c84219002fc382ba |
| SHA512 | becc7b773653007f2d24ea9803730f48d330164ea1eba73c9d5f82263d55d62dfdddf620bc1699dfdb4da22625a58458293276d72dbfd3988009812115d7dd1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5982b3.TMP
| MD5 | 3e699de99f7711a045e70d3b9fed31df |
| SHA1 | ba5793ce342f4ee7b2152d72d2932003c637be91 |
| SHA256 | a82bbdd9b99e81b5f3eda798b81f9b9827a18cec00800c9d185e70ce547b77b9 |
| SHA512 | f32cd819e66dbaea34272ee5e1c3d5c7bad22e77abd4acb3d2dd8abf08c7d0071a64f5b76329eec5db7ab0d91b8144e2bffe502c55422237944b6268b59b6113 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\a2019546-699d-40c6-9fd6-134de5aa0364
| MD5 | fd5fbc3afa5d1942cd7f171543769e0f |
| SHA1 | 634c05259230e479608056a1803f7cd7b98ca408 |
| SHA256 | 360cb5fbbf363d371a4ccb72e995acb47e5ed4303d7cb1f692ca6e8930d0f8ec |
| SHA512 | 1725a759db016ca9d3f7108a5de5ece829ed6fae848f7a7230f66553fa17599e11ae8130f4e0bf268468d3902a2ee551a0de94f126c41ad7f58bdc4ce980e0e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\0ee6b3c2-f6dc-4615-8ac7-e81e40f549d6
| MD5 | 2cf58aa14da5b34f9ef498a9019410b3 |
| SHA1 | e14f6cbeca6b2dde7342cee1bdc2892e43501f98 |
| SHA256 | 15df4c9b6cd9c3d5a44e71f0dee371ab33264b1ae8fdff022d78721345503a77 |
| SHA512 | 6063ab709f819be685daaabd746d5cadf991655c71911c379d2447ddfd9fc6ddba8ad40ab7f670f6bdc47b74271ba50331a9467b1e85301e99a3000327ecc1a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 30b50d5e05de999e517745bcba845de3 |
| SHA1 | 8f33c0b63d640ec876245e481624aa65e0e1edcc |
| SHA256 | 466e523ffd01c68b61c5e7561e765ad2708121621592bb8695393ae1347d3e37 |
| SHA512 | c2f79b0ce95f235ec97d43172696446e3ba723fc762292b9a6a7892d253204381ad33345e0e86e8e5dddd01568388a9a1f7169f8d95c6fa0739768a06d81f3d9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 89fb414d778d11d3a12991de60301815 |
| SHA1 | 1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7 |
| SHA256 | 935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be |
| SHA512 | 49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 889bdcd43aa126e29089b60aec27b819 |
| SHA1 | c04ffc34101bed28ace1941ee78e2e31db366959 |
| SHA256 | 20e6f8d0b08063edd700aa54ac47301cae1a316c3358ae6b51c5bde3e43102b7 |
| SHA512 | 82d7b2a0c4ba0dd6d5c2df2cdca0cdedb7345dd8dd6ccdfd09d9a820c4c8a9b11169eb5ea3a3a1c6322a21bc50c8f8148c8a6cbb699337c7f9587dc8ea32975a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 5dda303f9db7e4886af98302de1d487e |
| SHA1 | 5cf2bbe474a825db31ea996eaacbcc4fd0734b3b |
| SHA256 | 35dd21b46f039287a5a0006154330d9999f8fb8cd76e05bd136a612d5eda6eb7 |
| SHA512 | ec91d77fed60bb64ba43aca6b31945ac2afb28658e32449d5e5003fa967b3f3acf84d93138ff9f0c51b7f04902aefb54c0ff8c0a67a9dae34224ec7b3a902b5f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | da7ef008eefcc981c7a8befc8510f0d7 |
| SHA1 | da7b5f7d6e1fd327875853055813d2e1face753a |
| SHA256 | c2fbddc20b65b758c96fa47d0231e93e791f393ce2fdf8480143a239ce187108 |
| SHA512 | a31b56b14883079d280fab6bc4521052c73bfbc78277a0f6dbf7f28c88bd1647b3af671a6253abc601d3bdbe038c5d338ee7083006cdc169333e92728ed6c569 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 1613b5e728677b648e61806404c7fc45 |
| SHA1 | c57356b8ee8ae9885c1de9ce766d7d75267954ec |
| SHA256 | 52fbc466eb07fccf0e87b16ed1111e3503187dc42b82ad89c2fa00cea0067f7e |
| SHA512 | 787c41c0b7f186ae896307125d2243b68419b06f3aa17776c8852a7bf11975a0850fd405dd5592b05fa16f4a00c3d49bde5b9e65b5ce200fbfae0003678787e4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 32ff9f7d204ad3305fc3e94c944fa12e |
| SHA1 | af0aded6d5adfe0144fea605728db012456e8a52 |
| SHA256 | 6739a8ceb0ad0ad14325e7c80dd24b33de46b7bc7614a2403230a132db9e11ac |
| SHA512 | 687545f754d57ede1659b73dc36d00d20d8e12004e2bc6e5a1e2fd77af610d3ab2ed1dc6db6c441c88e7cea0602378e6a5a752ea92c79439773c237f2a986b34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3cc6c16fe9e430d895faf5fa45c40849 |
| SHA1 | 235c3ecd1fc3ce551c441e4db19001228393f26d |
| SHA256 | d7642b6d561994b29bcfc1dc61c7c48b445d99575a5e13f53cfbf4f976bb3574 |
| SHA512 | 8a233542254b0369d2f1227f87da085cddef4fa6de7eba66199b0a98f98d1ed788695c1d52de49c3b294ce357a738e9e7db300ec446e9bef3f5e60b9b1e797b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 48ffb62071758f8dc9eb12f57f03e716 |
| SHA1 | 29f6de136bdde258cad307328d1d1df50d86ab18 |
| SHA256 | 43a28ef5b2349239e62dd61a2c6d403a270736c653eb72161cc20519e6ea2427 |
| SHA512 | 63f38e0b80210370999a50c706b99faf99fcf34ab811840ed87c813103d551823b4b909e969ba40f4a5e49f0a4c1bbecad7e9d1384111ffe9338a7bb63030d78 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 342e705b186df30f3dcd512a70be3ff7 |
| SHA1 | 3973926c6b9ec48c93a9a8cb863a97f8480b3cc8 |
| SHA256 | cebf63575a087ce34c9fa2fb8ae87ad7327936bddc2479681ace96708f48a380 |
| SHA512 | 4847f9e9843d3b4a3027fd2c23f4755e48caa9b1a347ef0219536c7137a57daf3ebcfa9d646aeec38068d689b1dc5ad399e50b98a2b670ff80877c8ddc135fe9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json
| MD5 | 45faba2946cfe3dc4634444fa40c89dd |
| SHA1 | 1fc9b8ea4d625b6148c7f1613c6141b4b74d9c15 |
| SHA256 | cbeeebf88bb6f4ebbd5cea91b83e6a9683fd65925f6925208320371aeef215a8 |
| SHA512 | 2d29ec5cdadc836823e4e906dc59d2d7af90c4d9bd4420901d1dbbad99f86ff37ebe58b436d12f809728e641b8064e063611a7333f17eee3ec5262af0ebb68d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json
| MD5 | f1427594d91e06d87267868c2e86c64f |
| SHA1 | 391252fce02a4e9588e36f0093e5ad13bd753e44 |
| SHA256 | 679d460e974420e6498409221c5a460c9f085f20ace01f518681867a8b6a0957 |
| SHA512 | 413646805d8982a434229adee4cec139fd54e86a3216a360fd0a19df69178104130419320169fc4ae02082f167660866c12d3ec7a177267e533f594fee9f37f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bac4a1dc2a57053fb526ef19ff2ea342 |
| SHA1 | 359edea7c5c455f34c2beb50737d23d45bf07fdb |
| SHA256 | 5e60117f34f4bf63d608a89c26318fa3efbc813b5659af6276484d321466f522 |
| SHA512 | 86fc1789f79021504a0edde07cc33df413ca2606890816fcd10c88983d6dceed35fa886e1e6360e4d5b59a1407957e41511c9547633fb6800dd26a903046161f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | b20f643e3dd67ac99fea020ef8bcd968 |
| SHA1 | 7944ed8f71e87bb74aa1f99cf5bfaaf08696cab7 |
| SHA256 | 3c7177d740286e328a9e084b3a782fde473c959af0837d4dbb10588b11db3247 |
| SHA512 | 68783b7bb776650fda8474bdd49de1b592ebf82edff4fd746566e1c078f6c59c27dc06c04fec6ac30ffc2492f1d56dc9e5bc945e68b21a0ccf1279d1915c3e56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\bookmarkbackups\bookmarks-2024-06-12_11_8isp+gHyP3QyHg7eXV012w==.jsonlz4
| MD5 | 4f250385aeaa84a357a344af5ad6354a |
| SHA1 | 4f1ca11ca083ed02b315c489223a20017a6ecbc4 |
| SHA256 | 1496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264 |
| SHA512 | 16e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 7277fb2055d2b52129cde080dcca6938 |
| SHA1 | bdbdd63397d6f9e5ee95f6496926db48a7307b21 |
| SHA256 | a8a680e17d769dfe0a23b2f1cf049a810f900083571f1994bdf24018d0e7cb73 |
| SHA512 | f23176907bada31945ca61c89609f1bfc0f06cdb7cdcff831f0cf0bcd50dc73de6f32414c2c031f69b2de2eb6703fc2809244178a46b41955e6a6d35cb467713 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\extensions.json.tmp
| MD5 | f7016d8a2229e3f56d1e6d90b11654f8 |
| SHA1 | fd5b74a4a1c3da00e7489da745fc77af3f2b70dd |
| SHA256 | 3c2e04a2ecb5f25269a5a123019dbcb32be9131208a02b28e1222508871522be |
| SHA512 | 9f7a14a5f58230dccd61b1fd9583fb995d57b004aef7dfd2bd1778865b5fc60a0a6a0fd6b35f31992d7de41e69b915a252b8419b50bf4e4a8e5bc0e28fdcec65 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 2d4d8de45561b25c19e13e6abe1c5548 |
| SHA1 | f99d4d53652df82c6c075e226a440f5d36dcd6d4 |
| SHA256 | c2b2666c3aacafd4d087c1f950b2c8d32571ce3a4b93ab536f94780b53f240d0 |
| SHA512 | 3e29a7b16327ca55e3310aecb2dcbb1e7c375994912b35eec848c3ef547c5441218a4b0e716a274c27cab0b5cdc3b2b8ca188e4cd70ef3701f97efbc5bd111ef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\29612
| MD5 | d7bb6be784920864627f0ecf6dac604d |
| SHA1 | 740c25c465491a6472e859ebddc5f21e8bf9402f |
| SHA256 | 66f9b8113ef5635bd3735b04c0ce04615800e218be3153571e91ef83e1a50d4a |
| SHA512 | e4e05a8b953e341811a1eaea6e157e4cdab5e103605a442bb2a78767bc34b1e9262623b3673f7c2ec907b5e56e71310fbe55672484b04bf29cd0115d70bab787 |