Analysis Overview
SHA256
f62c275d44091d35cd9e2a8619ebbfb49961acd5204fa5fa5e8383d9e9d8de36
Threat Level: Known bad
The file Modifier.exe was found to be: Known bad.
Malicious Activity Summary
Process spawned unexpected child process
DcRat
Modifies WinLogon for persistence
DCRat payload
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Checks processor information in registry
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 09:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 09:23
Reported
2024-06-17 09:29
Platform
win10v2004-20240226-en
Max time kernel
218s
Max time network
236s
Command Line
Signatures
DcRat
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" | C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe | N/A |
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\reactorsvschost.scr | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Componentwininto\portdll.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\reactorsvschost.scr | N/A |
| N/A | N/A | C:\Componentwininto\portdll.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\firefox.exe | C:\Componentwininto\portdll.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\firefox.exe | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Program Files (x86)\Internet Explorer\de-DE\StartMenuExperienceHost.exe | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Program Files (x86)\Internet Explorer\de-DE\55b276f4edf653 | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Program Files\Microsoft Office\PackageManifests\61a52ddc9dd915 | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\0fc223bdacedc3 | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\9e8d7a4ca61bd9 | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Program Files\Microsoft Office\PackageManifests\msedge.exe | C:\Componentwininto\portdll.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\GameBarPresenceWriter\0fc223bdacedc3 | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Windows\ja-JP\firefox.exe | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Windows\ja-JP\0fc223bdacedc3 | C:\Componentwininto\portdll.exe | N/A |
| File created | C:\Windows\GameBarPresenceWriter\firefox.exe | C:\Componentwininto\portdll.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Users\Admin\Downloads\reactorsvschost.scr | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\reactorsvschost.scr:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Componentwininto\portdll.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Modifier.exe
"C:\Users\Admin\AppData\Local\Temp\Modifier.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4304.0.1614109535\2121935669" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fab37487-b0b8-4f09-b304-423b5c790184} 4304 "\\.\pipe\gecko-crash-server-pipe.4304" 1980 2a0e61d5158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4304.1.432515589\1804718382" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf5ef71-232f-466a-ac90-69b2a0d44651} 4304 "\\.\pipe\gecko-crash-server-pipe.4304" 2380 2a0e5b33858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4304.2.1744439834\891071075" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07377ffb-e673-4a8f-aa68-96bc7b123021} 4304 "\\.\pipe\gecko-crash-server-pipe.4304" 2984 2a0ea0bb058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4304.3.1215706712\1577709086" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1445a7aa-95df-4074-a27b-4961b7d2da48} 4304 "\\.\pipe\gecko-crash-server-pipe.4304" 3620 2a0d2570158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4304.4.714442798\2018080043" -childID 3 -isForBrowser -prefsHandle 4336 -prefMapHandle 4332 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a8c0e12-e762-4250-b158-9d07258f6e00} 4304 "\\.\pipe\gecko-crash-server-pipe.4304" 2800 2a0ebdc0158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4304.5.1371249268\1375558289" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4652 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2aff81c-5c56-430b-8936-3cd44f43238c} 4304 "\\.\pipe\gecko-crash-server-pipe.4304" 4792 2a0d252d558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4304.6.1312319711\492821188" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ca99dd8-ad51-4576-846f-560d22bf5d47} 4304 "\\.\pipe\gecko-crash-server-pipe.4304" 5212 2a0ea346e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4304.7.1275210420\587574795" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5c5e6ac-2f9d-443e-aa96-67acd41a88cd} 4304 "\\.\pipe\gecko-crash-server-pipe.4304" 5400 2a0ecad7958 tab
C:\Users\Admin\Downloads\reactorsvschost.scr
"C:\Users\Admin\Downloads\reactorsvschost.scr" /S
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Componentwininto\nK5ZF7jSeUHtsQHqCmNmgBBJa6muo.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Componentwininto\E4gQqg8h.bat" "
C:\Componentwininto\portdll.exe
"C:\Componentwininto\portdll.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\StartMenuExperienceHost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\StartMenuExperienceHost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\StartMenuExperienceHost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 10 /tr "'C:\Windows\GameBarPresenceWriter\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 7 /tr "'C:\Windows\GameBarPresenceWriter\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 13 /tr "'C:\odt\cmd.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmd" /sc ONLOGON /tr "'C:\odt\cmd.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cmdc" /sc MINUTE /mo 13 /tr "'C:\odt\cmd.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\dllhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\dllhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Recovery\WindowsRE\dllhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Internet Explorer\de-DE\StartMenuExperienceHost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files (x86)\Internet Explorer\de-DE\StartMenuExperienceHost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Internet Explorer\de-DE\StartMenuExperienceHost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\odt\explorer.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\odt\explorer.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\odt\explorer.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\sihost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Recovery\WindowsRE\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 12 /tr "'C:\Windows\ja-JP\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Windows\ja-JP\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 9 /tr "'C:\Windows\ja-JP\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sysmons" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\Templates\sysmon.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sysmon" /sc ONLOGON /tr "'C:\Users\All Users\Templates\sysmon.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sysmons" /sc MINUTE /mo 12 /tr "'C:\Users\All Users\Templates\sysmon.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 6 /tr "'C:\Program Files\Microsoft Office\PackageManifests\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office\PackageManifests\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 6 /tr "'C:\Program Files\Microsoft Office\PackageManifests\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 7 /tr "'C:\Users\Default User\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Users\Default User\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\conhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\conhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 14 /tr "'C:\Recovery\WindowsRE\conhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Users\Default User\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 7 /tr "'C:\Users\Public\Downloads\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Users\Public\Downloads\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 9 /tr "'C:\Users\Public\Downloads\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\sihost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 12 /tr "'C:\Recovery\WindowsRE\sihost.exe'" /rl HIGHEST /f
C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe
"C:\Program Files (x86)\WindowsPowerShell\RuntimeBroker.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "portdll" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "portdllp" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "firefox" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "firefoxf" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "StartMenuExperienceHost" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "StartMenuExperienceHostS" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "firefox" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "firefoxf" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "cmd" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "cmdc" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "RuntimeBroker" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "RuntimeBrokerR" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "dllhost" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "dllhostd" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "StartMenuExperienceHost" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "StartMenuExperienceHostS" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "explorer" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "explorere" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "sihost" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "sihosts" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "firefox" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "firefoxf" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "sysmon" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "sysmons" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "msedge" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "msedgem" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "firefox" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "firefoxf" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "conhost" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "conhostc" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "msedge" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "msedgem" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "msedge" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "msedgem" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "RuntimeBroker" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /delete /tn "RuntimeBrokerR" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F4MZx53eLu.bat" "
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49861 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 52.33.96.36:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.96.33.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49867 | tcp | |
| US | 8.8.8.8:53 | a0996725.xsph.ru | udp |
| RU | 141.8.192.103:80 | a0996725.xsph.ru | tcp |
| RU | 141.8.192.103:80 | a0996725.xsph.ru | tcp |
| US | 8.8.8.8:53 | a0996725.xsph.ru | udp |
| US | 8.8.8.8:53 | a0996725.xsph.ru | udp |
| US | 8.8.8.8:53 | 103.192.8.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.242.123.52.in-addr.arpa | udp |
| RU | 141.8.192.103:80 | a0996725.xsph.ru | tcp |
| RU | 141.8.192.103:80 | a0996725.xsph.ru | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 142.250.185.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 142.250.185.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| DE | 142.250.74.202:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
Files
memory/4212-0-0x00000000002B0000-0x00000000002D3000-memory.dmp
memory/4212-1-0x00000000002B0000-0x00000000002D3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\5f1193c5-e877-4e76-85aa-3704fb1bbce7
| MD5 | f3116ece21ab7c42eb86558e120599f3 |
| SHA1 | f35286bd9d090a6c52172774ef3b54aaf5dc1728 |
| SHA256 | c0e7932d0b104d4bd05721e883b4f95105081508330cce4f86f2fe7fc5be44dd |
| SHA512 | d2d52dd2b6f4a49cd765583bb948f3c68e557e4fdab7d630743db33b46b49ddbcd94b02aa557bd1e24e8e76dd30ebfee6bc049383747bf89623fb26c8e14b355 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 98ab764d019a19df08f081a32d9e8ee5 |
| SHA1 | 5708d8baaa206acb5cd83ee32cdd720fa885809c |
| SHA256 | 6d5eead3888d8b6fa024dc7759630ea2cb7484673cf9919ca89ac2cdbe0eafcb |
| SHA512 | 42f617d220bd3991d79672e6b6ea5e42bb29f60925f23d6854ba528e7ec49263b538e6a8448a32abbf44d3a2e50d4ddde76fdd878727e8d57b16a1871792ca85 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\f15565d2-521a-4b39-b4ae-82601473d565
| MD5 | cb5341db9adb82eb19417f5037e5551f |
| SHA1 | 71a8252c08afc43d05f539d5cc9a1b0486f73f44 |
| SHA256 | 058c28ab957d2b8131cc867ae8438f5f165f4b59a1377a38bc1ecb5426063285 |
| SHA512 | e176ea43fdc09a4304f2a04ae96c47bf46cde4bc130eae3b073f4931bd5c2720d4cbf2636900d9542828716c9250d0a1daaa7964511de4d847ee8e50f3612594 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 99422b4fff4ba9c87c35cd0246431ff2 |
| SHA1 | 63985dcf6402d02a47ed9c83e91c996a24211e1f |
| SHA256 | 6e94aa2bc7ea113f90e5e8ee91a4c2cb227a87c53e0b6158b0f64c9d67fbaf26 |
| SHA512 | 03158de2e55e35d208982cc4bcd00bbde0d2ca71986540dc6e409bb510f3a5bb9027956d848ca848c09c987f346209bb6d80cd144efc013061aeb8352b9f06cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 89fb414d778d11d3a12991de60301815 |
| SHA1 | 1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7 |
| SHA256 | 935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be |
| SHA512 | 49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | dddc45392ebd49ed39389224f873e5cb |
| SHA1 | ca21554c2e9238902bd657ccb4fc755835f0d214 |
| SHA256 | 15fae9ced465122eba39d298ade20c9766ae4a463e97b6ca11dfe92c70418d17 |
| SHA512 | 56765bb98afc58a525279d410050d3fc626ef004d7e6de5bb4eb0822b601e99e5a2d5676388088934157adc6d12ca4aad8939ec210beb2ce97c88ed59d7b5a3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | a463c268f158fcf9ddab73b7b38f8214 |
| SHA1 | d6c06ab6c223f88219bd5861fa884787a947e98c |
| SHA256 | 408738c728984ffce72da035066be0b2a617f79c64f86980736685f996cc9560 |
| SHA512 | 0f3ef5d0365e648c0fa14f620cef3201fe8d92b71548fd1ebdc8740953c0781d5d83bb785bc2962431b224eba336c2bc488d80171abf1d08a5e9f7915c8e7771 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fd0fc89aa29d6378a1ff323c52740a1e |
| SHA1 | 98c0f11254cf56af6280ed53efdaa0b2d462bb23 |
| SHA256 | a837867c350ea20d4bfba3e47f0f4f59d38fde10c80c2fc43c5fad60a8f84678 |
| SHA512 | 2d14e52129c41d4e2d004a4bb46d0d9be63183394bfc69a7fbf568a039d579b3786c36d11a0cb6b37624738375337528bd256009c85359f5d1cc47f3ac5dd9fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 9e9135839afebe5013377d078f6c0d84 |
| SHA1 | d50d15b9602f8a25371eebed9779d5fc4de9b90a |
| SHA256 | 77b7c55d62152b4c3a1e70213830f4583167db7d4988cd6b38d967bb513cf31d |
| SHA512 | c24783667fe4c2580cbb3940b523b64a287430b5ce545f019ca184107eb1f48c2f3508f7a2f916d573049e154a2be50f749f1f8744eda2c7896d63d29713e4c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8f8c875b2d7195e0202a39bce39e7f8d |
| SHA1 | 05b778bd510b85568c063f982e585b7965c87b33 |
| SHA256 | adb7f9aba282d556ce98cd4cf5796188de500b2be898681f1d4a260158f2dd0e |
| SHA512 | 2ce4d83e052b6ffb34c7e383d2dbc6292eb29497f403518ac2b0bb407897b3101e387fe5f738c46cc386195a846d3e577cc12fc89e5dfae76abd0320a096c5df |
C:\Users\Admin\Downloads\reactorsvschost.40FmP8mZ.scr.part
| MD5 | 37538031f35c40c916ba8df9610fc401 |
| SHA1 | d24979d41ab6898c5d1a766a266e66ac5059dc8e |
| SHA256 | e7de0a0276caa77b30a2ed2b23659aea9b162f8c3a35e26154a0b977c470aaf9 |
| SHA512 | 4dbdd17d348a71fa61a99993c9c8dc8fa8f1220f042947c558a240d5b6d63b71c7ac4db7e5aef14f8578ae71f11f1959beb80e820bae0d7fd3641ffa4a6548c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | fce6fcb3daa9ccd94ca9922e3981efc7 |
| SHA1 | 542f603c873f0640bef7bc9ce8add183e99d851c |
| SHA256 | 8add90d9aa7065079522cedbdad3959d83ba4e3e2db63bb2bb436d127e50940a |
| SHA512 | f012059a7471df565c53d0410a34cf4c390501ecd446313bb8b78a1362e1a2083a53b9ba9afa0fdb6a109e7433a814e8bb90e847fd68907eba02c9687f3483f4 |
C:\Users\Admin\Downloads\reactorsvschost.scr
| MD5 | 2cf19a7172c5544d5bc225bfd0bde74b |
| SHA1 | dccafba9469e32ddb407b3172079580eada4344e |
| SHA256 | 0ca8e42511ef25e1d999c13310b9fa6e5f3c991c31736321a27aba7dd9557fc8 |
| SHA512 | 57160b44271c2b3280fe456614f156c144ed396bb4ed5e738fa09e0c50412826c89929c1e3d5a6c85fb9cdd734854d15d011d196a3466d633813d151b2e9339c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 71f7836a74729a66c5c9ed5f8da3a9c0 |
| SHA1 | 124c3e364829a6c7dcc7850b9375d1d1dc44d9f7 |
| SHA256 | 05201b2267e9390857b4587d3ed1ce8a5e2edb573ff6342a6c47785d2b3bbfc5 |
| SHA512 | d442c5c7b40223d1413b5debf9f569be211a22206657e0cf3c482e841b01050ae197901af8ddad09cbbb1b9fc01cb382c516e81aaf96fd414dd143b2ddd33de6 |
C:\Componentwininto\nK5ZF7jSeUHtsQHqCmNmgBBJa6muo.vbe
| MD5 | acd9d8df3cd0c1de1dc877c5147d0442 |
| SHA1 | fae97db0064992c8df92da802d2787ce2166c323 |
| SHA256 | 663c2dd32850522640e1ec3e683cd3ea17fea7a3ea8a6f3ccf88018007234d91 |
| SHA512 | 2ececbbba4371d57691ddea3ff06852246c3f033d4b273bd3fd3d638d55f6c4454bd4b933bb6ecfdebf50b63705ad7a4673c70c6f66672d349da2e24bee83d5c |
C:\Componentwininto\E4gQqg8h.bat
| MD5 | d10870e64c9b54a51cc81a794913b78c |
| SHA1 | 167e51475403b634373d82f8e4e8063b62a1ee4f |
| SHA256 | 8b39e6151b04adba2e3b9572365883eb2730866ee19774f736cf7a9b36a58445 |
| SHA512 | d80fe54f2ac893dccf4c1e049a207f7e92cfb45f3a0519c89e68dfdc7e754f039ea03dd5061ff550c0d2464959c483601e72c3eb33d2a8a1e147c9fff9216d8b |
C:\Componentwininto\portdll.exe
| MD5 | 82664052d6ab25f66adea9a4bbcc0c1c |
| SHA1 | d748a7249b1768beac55a55651441bb8ae866915 |
| SHA256 | 11230616449a7d7d397f447d891d320f136f59c24282415a462922d4ebf0410a |
| SHA512 | fcc11b8e76e846712e63499fe3f38d439eb0a01bc3ec4312f5a2bcc5d47389c3abaafe62149939890fcb7767da800aaa5018add30185ce8dd9a9d7d55b47b511 |
memory/5152-192-0x0000000000850000-0x0000000000926000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 21279adac8d74cffaa581177fe5d56ae |
| SHA1 | b5f8d89d89d54e82ae7dd4c6b53143aeaafaa1d8 |
| SHA256 | dd1cae8a96e7f3ac830370d3df7d8ae4f3539f737773a8ee4cac40c039a9c4b2 |
| SHA512 | 2e6ad657ec9e08dfd8bd86275e87bfff99642fa24250fce89cc11388c6c5082b544c0e00c143aa86b886d34c5b7b182bf6c5ef3b3197a4fcf8cecac19258da00 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | ac466eac240970b8f1d36b676ba84394 |
| SHA1 | bede39947b2df2689b6eca2235209b2bf0857246 |
| SHA256 | 4a94296049c1c6336905b502523027c1a7e276ed5c9ae739e4801044d9e13efa |
| SHA512 | 81100e47a384c11eaf1238f663f6ffc4261e7fa56396fc6eb51caedfc0b2c87cbdf5e4f9b99ce466537b14457c0b1877899c198c4fc21f7728aebe2c5a39ecde |
C:\Recovery\WindowsRE\55b276f4edf653
| MD5 | 435b3cc0ba656fcf6e9de2a0d45310ee |
| SHA1 | 584ca64ce92ca968f51e3c64eb340dea0c5c79d8 |
| SHA256 | d4189b592cc64633b74e2751d43e40875cbb5fd610364608176bbb35b7e09988 |
| SHA512 | 1091e4d7aa7c29d1f9bd073fc7f8f1a5196b20288f394bb22e9c2b42a782e6fa9bd0efd6b837c5f9b12f366bfb657e8c20dde214f753db7b1b7f2af20246d7e8 |
C:\Windows\GameBarPresenceWriter\0fc223bdacedc3
| MD5 | 490e76b62deb920946445afbf8a23e49 |
| SHA1 | f79b333a61295564a4c875db5a7226ef2a803a6e |
| SHA256 | 09bbd7c48dc051d3dd6f3eaedb7b1b09a605f748ef86406b4adfe383b93a8b5b |
| SHA512 | ad8423f55bb3f48fe8549f40d3c1dc96bbddc23d2ecb4855491c7aa56d434b9bc53b6e4f209065b012d97916307582c1e49abf5f633bc0b239c936f3d0f5ad2c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\odt\ebf1f9fa8afd6d
| MD5 | baff153e6695fe53905fd96e9a07ab40 |
| SHA1 | 3415ba0ee50b374c00c23cf7684540a654735206 |
| SHA256 | de4798d1824b93dea5c961c0d5ac237adc402733c01e11098ac44d89f88eca2a |
| SHA512 | b564d8ba07648c477cdd422d48a25b8bb6316cf025326e7c26b95a96d19fd7fe8ea724cf0fd646ba0fc71581a4a93fdb682037baa7a7d49f08f2cf1ddc3a7f8c |
C:\Recovery\WindowsRE\5940a34987c991
| MD5 | ae3aa0e8bfb9aa2bb3c6a258b12780db |
| SHA1 | 51eb919048ae7a23f5f51615f8d4d92eb9036614 |
| SHA256 | f4d38e0978772aa97d1ce04e381735385578063cc74350abce780dd36b6a4c5b |
| SHA512 | c8f8b072f7be440d2f253bf0ce3971fc80e0547b26b4fd5ff8e27a220833bcf4df3001d896a0c82b9a81d321ccc51daf4cf76d2a8ee598ac4561c6a7c7b3ec41 |
C:\Program Files (x86)\Internet Explorer\de-DE\55b276f4edf653
| MD5 | ac658bff7c4cf679c2d71f26b40ffc34 |
| SHA1 | a335a1b8489cab1f389dd083a0cae834dbb9ee2d |
| SHA256 | 35df1ed05e9a9cb221559192b1913865f69ab4e7bb88a12ec19b5f39f7e61983 |
| SHA512 | ade3b373514d4dd455c5f98c03f8b9cac8cb966d13541061b13fb1d5c0eee222b37ae5e63b1fbb92c52583155b052211d2897836ad6dc3f6b8a6ec52dc11c533 |
C:\odt\7a0fd90576e088
| MD5 | fa09aad4273c88f6d8e831fc4769037f |
| SHA1 | ada91c5239ea02b49d8298414cde70adff9e5115 |
| SHA256 | d6f37046f59e891cf63b400eb511c20fe07076bb0612121d7cd34eb538e4baaa |
| SHA512 | 2e0685b14bd5a15c26ce410fbe1c5253873efaa1643c371b4a68f4fb40988a361179ff8b3a043644e17778574294bf64c075fed1b8e40810b7411486eab5e2dd |
C:\Windows\ja-JP\0fc223bdacedc3
| MD5 | 71027b4eb7add8097147a56de141de3e |
| SHA1 | 294fffd2336e48411f0bfaaf9d0ac8d9503b6390 |
| SHA256 | 3549ba0b151a4fd6b330df1c024c5684f25b9a9dbc36721e1dfdbea7a59a2eaa |
| SHA512 | da70fb9c13969561e3e2aa9c001b337f734171c2a226364bf989c8e50e4375191a6ae568e4499f6968aa6295d9d54944539867d187b6b6a0f78dd9c001dd4c8d |
C:\Program Files\Microsoft Office\PackageManifests\61a52ddc9dd915
| MD5 | cdd87fb8df1cdebac6b63ced038db727 |
| SHA1 | 36bac72e9f2d3bc12a817d825ad0fc40a3eca0c8 |
| SHA256 | 6e4eb0d3c554e4b429134e0432cc4e26dc5443424052d611076dd72cdd62581a |
| SHA512 | fd538da1317606e7d21641dc8fa6e7dc3a375f9833b2a0f8a82a6cd46600fc15a9096702517e042982121b20a43f4a83ebd4844d93d5439a9f491fd06bd083a9 |
C:\Recovery\WindowsRE\088424020bedd6
| MD5 | da6e43b3b67b2e962e690a297c67437c |
| SHA1 | 37238ef53b641dbf754e6510c500ce0b38d64f76 |
| SHA256 | b937e55d04b22e5cb981df1b942af89e1a11479e7d356d572f91d7a785612f48 |
| SHA512 | 24bce5c64a4105802b7b422f0d232dc66aa2c43661a1936783ab77118f6a6fec14e8b2839f2c369475fd8f0bfd7010189f29402b47b41bfcbf1b51a842d1fb89 |
C:\Users\Default User\61a52ddc9dd915
| MD5 | cdc41f87a97a4140d11b8f02ea91b0fd |
| SHA1 | f91b76bc7b17f68258910dbc83635fd250e1ff1e |
| SHA256 | 48ff9ce75388f2d8d16e30b46c672fe0343f0eadb8eb10cff4945098c8c7bcbc |
| SHA512 | 3c3e08445514d608f8325a51b418681fdc79cd911081fc1f4b427f1db2f60e7695fab131be6d739f0d9ba802c432b2e978746d9f6ed1d572e7e038fd502a91f2 |
C:\Users\Public\Downloads\61a52ddc9dd915
| MD5 | 6f6a8706ec2bbe89d4d128bd0c7ab337 |
| SHA1 | 28da25759aaea1a5a6be233c34d582255a5564be |
| SHA256 | bbaa7e8b59efbb3ecf434f9d0c497df916a2cd074ac35f0da3d665db8d3d4a36 |
| SHA512 | a0381d2ad1b07adb2933f83af67150d1c76682b0fbe11e16b42262b201313e913b3f88682c635332cbea7889ee7ce5e817b95fb86d7569ee3c0f2da2d6f19833 |
C:\Users\Default User\0fc223bdacedc3
| MD5 | 79fb58899ae42dddd4552c99d22803d9 |
| SHA1 | b4b9436c2e5e404fca0ee7c7c7c2e90ee74d6fb1 |
| SHA256 | e7e4fce0f9dddd870683e220440e6a1beed9be22c8f3553d1195db753c6896d4 |
| SHA512 | efe901a027a13f394dff5b122c69ded77efcbcc5a5d16bc7a72b4b2c21cf6e2053dee18b610877a19682986743190d7237101bfbd72b8dd2986c63407a0d1b31 |
C:\Users\All Users\Templates\121e5b5079f7c0
| MD5 | f869c8e32ced7abfcd59b05b50266b01 |
| SHA1 | 026443bf962ba26c5a28909849d320fd2358a07b |
| SHA256 | 795d800e5796bda55f63efcc5890fd3b9a221115ba688d21c78fea4edaa18300 |
| SHA512 | b3435ba2b415df3a7ca7e16f1f483c2a7cff07fbd2c2b670c18b32b4e39791d36b250b94500a939fab133bc77d9c06924e46ad552f8f0370e2dbc72809ebff24 |
C:\Recovery\WindowsRE\66fc9ff0ee96c2
| MD5 | feeba02038b3c9a40c3be9bf20c28ac8 |
| SHA1 | a554ab1c153c821d0f672434acbd5d74313302df |
| SHA256 | 94eb3b0b2364a5f2aecbefc025c419b3dd310e0e0a21cba482c65e05e4368ad7 |
| SHA512 | 1b5d8467951bd6d87874c0aa05fbe8fdbb430651603db2420934b877c1939bf5dd6862e01d8e4c6a5a8abe1712bf13d4cfe3277bd27555598a3c47c6306cbe09 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Local\Temp\F4MZx53eLu.bat
| MD5 | d0551c6a7100da4b70bdc2e67a550442 |
| SHA1 | dcca7c4f5ae819b746094c222ba8553af47722f8 |
| SHA256 | f94e3d06bb47fe485ca598538ab8ffb9d715dd3d904e2ca2cc841933225e6d0e |
| SHA512 | 70a4fb9ea2f939a0e7017153252c6b6243e9de74d5d867297a5fff3d6690ab078551e1a3ab2549d69a0b8f39791a7bcdb53544ebb03f177a87b6c51dac6c1998 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\0fc223bdacedc3
| MD5 | f11a22c518ce889f159f124a338e0146 |
| SHA1 | db06fcd0a8c51e833593e42387d31e6c441953e5 |
| SHA256 | 02921703be253273b8303d8ad9ac673896fbf77135260cd3115adaa0b4663847 |
| SHA512 | dba20934b7ab500caf0c0def1c59d9fbd4a26ff1f0ff60511083d2891520f8c2d72d8cb45ed87ef780613add66e56a6adbe15788cbe300d32be60be645aa9189 |
C:\Program Files (x86)\WindowsPowerShell\9e8d7a4ca61bd9
| MD5 | 91e9b34aee6a8c63212838b7879c6f0b |
| SHA1 | d94611a92f4b2390e80db030f13c67571164c2ac |
| SHA256 | cc2636dd296adb5c1ba33bfacd0f8b8e5acb8a79f0c70fb26382dbc6be0d7d3f |
| SHA512 | 800e719fa2da8e8eb5c085187d72d2d7a5213c15345848b2f5d476ec1e6d7f03e39a8c0f5fd8e607dd0aeebbecd5659f9da1164b5d0159bdc8513dbae06cbb39 |