Analysis Overview
SHA256
2ea41158b61647dc95aefa204acf601aa924e5a6227e1857bef5b2b59dc65668
Threat Level: Known bad
The file latest-x64.7z was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
Checks processor information in registry
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-06 17:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-06 17:39
Reported
2024-07-06 17:44
Platform
win10-20240611-en
Max time kernel
248s
Max time network
279s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\system32\SearchIndexer.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.gif = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000bb23ede4cbcfda01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.raw = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f8d8a2f9cbcfda01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice\Hash = "gn0F5WqCqyI=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.MOD = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.bmp = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice\Hash = "M95HC0pZGxs=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice\Hash = "LMXtguhTrmw=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice\ProgId = "AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice\Hash = "y7v418Cmx+M=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice\Hash = "1x0Ooix5fpk=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jpg = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001d6d4fe3cbcfda01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000629f8e5cbcfda01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\Hash = "Prr8ScDWTLI=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.pdf = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.HTM\UserChoice\Hash = "FFeTbYSKKr4=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000400000005000000030000000200000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\latest-x64.7z:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.0.54333381\860364394" -parentBuildID 20221007134813 -prefsHandle 1348 -prefMapHandle 1336 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84a3d17f-3f62-4d48-8299-a5e39a7fc157} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 1412 17923104858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.1.615283032\764605898" -parentBuildID 20221007134813 -prefsHandle 2552 -prefMapHandle 2548 -prefsLen 20926 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f2f488-e88b-46cc-b88c-c333e49ca81f} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2564 17916e72558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.2.702987592\1908524043" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 21029 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1664592-6360-40ee-ab15-64b46c1a6f7b} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2856 17925ff5758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.3.1419169631\1323436497" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3472 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {343fd5d9-4ddf-4dae-bc71-442e0fbeff44} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 3496 17926e58e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.4.501326920\390299804" -childID 3 -isForBrowser -prefsHandle 4156 -prefMapHandle 4152 -prefsLen 26349 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63132fae-37d0-4916-a84a-786847e12b1d} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4168 17927cb6258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.5.1917211897\1865538562" -childID 4 -isForBrowser -prefsHandle 4524 -prefMapHandle 4528 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7cee4ae-dc72-4c85-b3d2-e5d7fa83bfc3} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4844 1792852a258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.6.1410779660\721861218" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4952 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0df1d012-26a9-4fde-8ac1-720e020232fe} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4944 1792852b458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.7.945451999\312559577" -childID 6 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c50e0c66-cbf9-4042-9900-d86eb18a3f2b} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5124 1792852ba58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.8.37912494\1350282710" -childID 7 -isForBrowser -prefsHandle 1892 -prefMapHandle 5464 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4f4faba-b9c4-4221-8e82-bd76a835b669} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5524 17922361358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.9.1384098459\757091360" -childID 8 -isForBrowser -prefsHandle 9580 -prefMapHandle 9568 -prefsLen 26608 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73c3681f-cde6-48f2-a9dc-3a07f486b880} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 9700 1792a05fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.10.1522672919\1909330852" -childID 9 -isForBrowser -prefsHandle 9560 -prefMapHandle 9536 -prefsLen 26608 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {611bc405-c943-4ba5-9d69-779be4331dfd} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 9420 1792a1c0b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.11.221245229\1957846456" -childID 10 -isForBrowser -prefsHandle 9436 -prefMapHandle 9372 -prefsLen 26608 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08f3a74c-3219-470c-b243-1ee5b0598650} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 9504 1792a1c0858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.12.1851451058\974169414" -childID 11 -isForBrowser -prefsHandle 9380 -prefMapHandle 9376 -prefsLen 26608 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d839e899-8dd2-44be-81f4-84b27aa78942} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 9392 1792a1e5058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.13.676557344\1358710551" -childID 12 -isForBrowser -prefsHandle 9620 -prefMapHandle 1856 -prefsLen 26913 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73ab181e-e2cf-49e3-9e94-b4cd346cb235} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5396 17922361f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.14.1986800447\450002996" -childID 13 -isForBrowser -prefsHandle 9780 -prefMapHandle 9180 -prefsLen 26913 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a402789a-e385-4665-867a-57bd960c9355} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4544 17928c7b858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.15.387560930\1856545510" -childID 14 -isForBrowser -prefsHandle 5316 -prefMapHandle 8396 -prefsLen 26913 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33eaa7c2-eea1-4ab5-ab73-cd41b93aab60} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 8452 179295d6058 tab
C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
Network
| Country | Destination | Domain | Proto |
| DE | 147.45.47.36:27667 | tcp | |
| DE | 147.45.47.36:27667 | tcp | |
| DE | 147.45.47.36:27667 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| DE | 147.45.47.36:27667 | tcp | |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 44.238.192.228:443 | shavar.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 228.192.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49973 | tcp | |
| N/A | 127.0.0.1:49980 | tcp | |
| US | 8.8.8.8:53 | send-anywhere.com | udp |
| GB | 18.165.160.68:80 | send-anywhere.com | tcp |
| GB | 18.165.160.68:80 | send-anywhere.com | tcp |
| US | 8.8.8.8:53 | send-anywhere.com | udp |
| US | 8.8.8.8:53 | send-anywhere.com | udp |
| GB | 18.165.160.68:443 | send-anywhere.com | tcp |
| GB | 18.165.160.68:443 | send-anywhere.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | wcs.naver.net | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | a385.d.akamai.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | a385.d.akamai.net | udp |
| GB | 92.123.142.146:443 | a385.d.akamai.net | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.142.123.92.in-addr.arpa | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| GB | 142.250.187.238:443 | plus.l.google.com | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | wcs.naver.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| KR | 110.93.147.30:443 | wcs.naver.com | tcp |
| US | 8.8.8.8:53 | wcs.naver.com.nheos.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| KR | 110.93.147.30:443 | wcs.naver.com.nheos.com | tcp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 8.8.8.8:53 | wcs.naver.com.nheos.com | udp |
| US | 8.8.8.8:53 | stripecdn.map.fastly.net | udp |
| US | 151.101.0.176:443 | stripecdn.map.fastly.net | tcp |
| US | 8.8.8.8:53 | stripecdn.map.fastly.net | udp |
| US | 8.8.8.8:53 | d10lpsik1i8c69.cloudfront.net | udp |
| US | 8.8.8.8:53 | d10lpsik1i8c69.cloudfront.net | udp |
| GB | 18.165.158.47:443 | d10lpsik1i8c69.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d10lpsik1i8c69.cloudfront.net | udp |
| US | 8.8.8.8:53 | m.servedby-buysellads.com | udp |
| US | 8.8.8.8:53 | cdn.carbonads.com | udp |
| US | 8.8.8.8:53 | send-anywhere.zendesk.com | udp |
| US | 8.8.8.8:53 | send-anywhere.zendesk.com | udp |
| US | 8.8.8.8:53 | d2yy6p64xsttp1.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2w5yq7htjp2h0.cloudfront.net | udp |
| US | 104.16.51.111:443 | send-anywhere.zendesk.com | tcp |
| GB | 13.224.81.16:443 | d2yy6p64xsttp1.cloudfront.net | tcp |
| US | 8.8.8.8:53 | send-anywhere.zendesk.com | udp |
| US | 8.8.8.8:53 | d2yy6p64xsttp1.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2w5yq7htjp2h0.cloudfront.net | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.147.93.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.158.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.51.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | settings.luckyorange.net | udp |
| US | 8.8.8.8:53 | settings.luckyorange.net | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | settings.luckyorange.net | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| GB | 172.217.16.226:443 | www.googletagservices.com | tcp |
| NL | 157.240.247.8:443 | scontent.xx.fbcdn.net | tcp |
| NL | 157.240.247.8:443 | scontent.xx.fbcdn.net | tcp |
| GB | 13.224.81.4:443 | d2w5yq7htjp2h0.cloudfront.net | tcp |
| US | 172.67.75.100:443 | settings.luckyorange.net | tcp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| NL | 152.42.150.143:443 | srv.buysellads.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| NL | 157.240.247.8:443 | scontent.xx.fbcdn.net | udp |
| GB | 172.217.16.226:443 | www.googletagservices.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.150.42.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| NL | 157.240.247.8:443 | scontent.xx.fbcdn.net | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | srv.carbonads.net | udp |
| NL | 152.42.150.143:443 | srv.carbonads.net | tcp |
| NL | 152.42.150.143:443 | srv.carbonads.net | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | b8da4961e2af83593601113347ba89a5.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | b8da4961e2af83593601113347ba89a5.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 142.250.180.1:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 151.101.64.176:443 | m.stripe.network | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d4a553n24khrv.cloudfront.net | udp |
| GB | 54.230.10.17:443 | d4a553n24khrv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d4a553n24khrv.cloudfront.net | udp |
| US | 8.8.8.8:53 | d4a553n24khrv.cloudfront.net | udp |
| US | 8.8.8.8:53 | 176.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 52.27.171.251:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 8.8.8.8:53 | 251.171.27.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | send-anywhere.com | udp |
| US | 8.8.8.8:53 | cdn-18-192-233-49.send-anywhere.com | udp |
| GB | 3.162.20.76:443 | cdn-18-192-233-49.send-anywhere.com | tcp |
| US | 8.8.8.8:53 | d15yqkye9igzm6.cloudfront.net | udp |
| US | 8.8.8.8:53 | d15yqkye9igzm6.cloudfront.net | udp |
| US | 8.8.8.8:53 | 76.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 216.58.201.97:443 | cdn-content.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 216.58.201.97:443 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | send-anywhere.com | udp |
| GB | 3.162.20.76:443 | cdn-18-192-233-49.send-anywhere.com | tcp |
| US | 8.8.8.8:53 | d15yqkye9igzm6.cloudfront.net | udp |
| US | 8.8.8.8:53 | d15yqkye9igzm6.cloudfront.net | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 104.21.41.37:80 | extract.me | tcp |
| US | 104.21.41.37:80 | extract.me | tcp |
| US | 8.8.8.8:53 | extract.me | udp |
| US | 8.8.8.8:53 | extract.me | udp |
| US | 104.21.41.37:443 | extract.me | tcp |
| US | 8.8.8.8:53 | 37.41.21.104.in-addr.arpa | udp |
| US | 104.21.41.37:443 | extract.me | udp |
| US | 8.8.8.8:53 | id.123apps.com | udp |
| US | 104.26.15.12:443 | id.123apps.com | tcp |
| US | 8.8.8.8:53 | id.123apps.com | udp |
| US | 8.8.8.8:53 | id.123apps.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 12.15.26.104.in-addr.arpa | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | s87.extract.me | udp |
| DE | 162.55.236.39:443 | s87.extract.me | tcp |
| US | 8.8.8.8:53 | s87.extract.me | udp |
| US | 8.8.8.8:53 | s87.extract.me | udp |
| US | 8.8.8.8:53 | 39.236.55.162.in-addr.arpa | udp |
| DE | 147.45.47.36:27667 | tcp |
Files
memory/1592-0-0x00007FFC5B563000-0x00007FFC5B564000-memory.dmp
memory/1592-1-0x0000000000A30000-0x0000000000AC8000-memory.dmp
memory/1592-2-0x000000001B7E0000-0x000000001B86C000-memory.dmp
memory/1592-3-0x00007FFC5B560000-0x00007FFC5BF4C000-memory.dmp
memory/1592-4-0x000000001E0C0000-0x000000001E1CA000-memory.dmp
memory/1592-5-0x000000001BB50000-0x000000001BB62000-memory.dmp
memory/1592-6-0x000000001DFB0000-0x000000001DFEE000-memory.dmp
memory/1592-7-0x00007FFC5B563000-0x00007FFC5B564000-memory.dmp
memory/1592-8-0x00007FFC5B560000-0x00007FFC5BF4C000-memory.dmp
memory/1592-14-0x00007FFC5B560000-0x00007FFC5BF4C000-memory.dmp
memory/2768-15-0x0000022C98C00000-0x0000022C98C10000-memory.dmp
memory/2768-31-0x0000022C98DB0000-0x0000022C98DC0000-memory.dmp
memory/2768-47-0x0000022C9D260000-0x0000022C9D268000-memory.dmp
memory/3848-53-0x0000022AF9CA0000-0x0000022AF9CB0000-memory.dmp
memory/3848-55-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-58-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-60-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-61-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-63-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-62-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-66-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-69-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-70-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-79-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-78-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-77-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-76-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-73-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-72-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-71-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-80-0x0000022AF9CA0000-0x0000022AF9CB0000-memory.dmp
memory/3848-81-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-84-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-85-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-86-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-88-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-87-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-91-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-96-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-98-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-101-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-97-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-95-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
memory/3848-94-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 826341e1f7318803e550b3abfb518e14 |
| SHA1 | 444b719bfe3eb17206bdec8d31af1d2458671d78 |
| SHA256 | a3f3cc0c2ab90022495e758819411efebd0fc7c43d746e1c73b0ce18e2d363fa |
| SHA512 | 3a5984294ab9dccd0baf86d59566f49e0637e5f2cacba440cb6fd0d4e193d20ec7f71b1232b3a596928084d0c310a1a1f8855f36457f6f96c6010c17d0997064 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\de35faa2-4893-4531-9b71-25a5d325a330
| MD5 | ce55d352e33db89cfcac3f53cf79ff59 |
| SHA1 | 6946d1b88c5feb39afb98180611eb1e03b1a17d0 |
| SHA256 | f3ae51c939ed32dd407bf90a5c77d9b7d52986cd489513fc2e9a5737fca1dfb0 |
| SHA512 | c28f0a69af5ecf0ce75aa4166214433be53d0f3f6422d08458721fd3d27f66fec51f036cf2913adb7675c827f2748c8ab896e082d315fdf9740ca416f48c1f9d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\4104454f-e104-4a14-894c-6cd04c8568e4
| MD5 | 3a657057864b3f8cec59445e4cf61696 |
| SHA1 | 773c77f6c73dcd6e69a72d93ca91620a85a95e6d |
| SHA256 | 471aa5419c9355c9f3eeb2c5cac0643c9ea7004ff985720a346b1b4e6e05863d |
| SHA512 | 0749fc96c650916d232b098fe1f18b3bd87c8b2f88798e27ffc86c25e73be07556c60a5f69e2f2e5ba031200c1ff0547c44fd3408b30f206551bbff312b312e9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 4bd1f2524ef26f167562a9dd83beeb98 |
| SHA1 | a9e4333107f6074b46978676a1a2a9ada13d2590 |
| SHA256 | fc2a3f8b1d5d0fd888dd2bf05b96568109e16fefa6fe46007508306abd45ff96 |
| SHA512 | 83cca187cf539b487b45bb2c5e3f9e7dab0e057b882369378d3ef1fe530a9e786d55a55c9117c6153fd3c7f22287f8f022ff2ae3d36e8f5c0d80a31cf5a0d03d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 95c10f00c374ed8770787b786aee967d |
| SHA1 | 18724a816dbc666eadeadf55aa47347070f36732 |
| SHA256 | 506468ad4c3538bfe444c2267c34fac0a45c4105a9173839a6c11ec2094c7513 |
| SHA512 | 70d32d2f3b156daa2896a15c7998dd4d3b2354149b6285453eeb4b961367d0c80290ed6610148e72aaf6765430aed631129296c9f31b3417be22953f7726f25b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 14af3819c879daa73187363b42d26926 |
| SHA1 | e71a7c0751eb9749057b47046b0dadab1d68f402 |
| SHA256 | 0624967842d594857b7b0bc361998cd65ec88f3fb34cd0cbe8fd9bfd9e26030b |
| SHA512 | ac9031aac2f200b3716eeddffeb10556398bdfa4d6078ab74a968ba08b2af80bb0139854848987cc107d9241c2df3eadae87b361a1460f0ff9408068209d64d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 9472bbeb3c424a43086ca3003d16e581 |
| SHA1 | 737eeb6933bddd769f8f932d466f5e5b0e3e85fd |
| SHA256 | e9b554f61984d5ab201160ccf93274092581220338e81bc8fbc625cb2ac31588 |
| SHA512 | 6ccf889a7b93052f789f633199897c90ce0044d5233b43f71db2fbf1c82f41a325993915f8ed3c55833abc4dbb133ce041e37fccdf0c7c58d9c4636b116805e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 47ca4f688012724d39fb1a0bd5d71420 |
| SHA1 | b4b32782669c947e44143ea77d0a0a9c5d0d2275 |
| SHA256 | d7cfa80efd2fed2a26193d25c550f4e8f93db47ac43363de8e22b463388e37fb |
| SHA512 | 52e025dc46048a582f13a121d8892759d078878dae99c5f273134e08ca2db38d0d31bc4164bb0e42a43a9291682e54d0808079da45bbf5bcbafe640bd681b01f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\C79080D6B96DE2577C1D688BA27AD43D8D789F0D
| MD5 | 809536a8ae3e1caa3c887d6a35ca740f |
| SHA1 | b7801f10897ce605c84c3a0d6f0a6bb661604fe7 |
| SHA256 | 03e0c3b3a33b08af5378e2cee2f449ebb032be237a55574a00f95654c05b7486 |
| SHA512 | 626d4b0802b68db8c9cdfd57939b0b56d876ce8f90edb82806eb2e4104c3e8d53e82372f1dd2757bbb5370ff52408b18a3f93ec32e331543ebbefb8e94d4b290 |
C:\Users\Admin\Downloads\latest-x64.cElTbOxY.7z.part
| MD5 | a761f967991aebe5144c77407ab7970e |
| SHA1 | be809d819119e1aab35e5c543eba93ae0bfd05fa |
| SHA256 | f5d4edeaf4630e630de34676c3d0119080ee9fbaceb6b35e4892b8d19bb5ec47 |
| SHA512 | f429521413ec66123583e7e75eaf88bf8447cbb661967b5eb55f6bbc9c515ac1cb73bb7ba0a66ddae1ab2bc44ded8ac2962fb134a98c66dedbde95a7634f5879 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d85836a6df33fe65668710c04e567d2c |
| SHA1 | 1757ea2ed75fcf78862e9643645b201e1c611560 |
| SHA256 | 4b307403357ce7d091781924d9bb97fe281552f1b8dea1604dc79f3465f81b1e |
| SHA512 | ae0d576b9f7ad099e46476fc863970f3a0791fd6fa4d472ab36c29ae241fa96e44351e82a5bf41f6679aae4191b81ff00b8a759206668bea37713669d585935c |
C:\Users\Admin\Downloads\latest-x64.7z
| MD5 | adc1be79065a9a8f212be9d7bcef2ef4 |
| SHA1 | ee24d1a31288e4d308634cb5af6251e32fba8c4f |
| SHA256 | 2ea41158b61647dc95aefa204acf601aa924e5a6227e1857bef5b2b59dc65668 |
| SHA512 | 993644f25bc10fb9a04f9e6a6ab0958feeb888f7dba0a38f18fb3a324330bbd7998a320dd82dda6c6c0c8d7754c332cac2cdfa6ac74ec4c6ccaba9c25f77a528 |
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp
| MD5 | f62df3c6890148b7b91eaf4a2c158879 |
| SHA1 | 38c58aef696230e5d53fab0a3ad3008c4f1a8e0d |
| SHA256 | 064285fbec6daac5c4d08331eb5581e633ffed3e63f90fd95c45a03dd53f699d |
| SHA512 | f8788e1a9706cb4966e41d740f25acc095c0b81442969474a32a0e98769c57fda961d25ed63a792522335d651a501e6ad1f0799c76790c599922926aa4324556 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a18b5d3d295bc7e5bcb887add7ffc72b |
| SHA1 | 5508dd98152b2e14730c422f4ec3d516d34ec535 |
| SHA256 | a8cd270b2d027bd33e85d9e2c4828b2f2e477ea8c7053a81ca49d606b4295e47 |
| SHA512 | 86d6400dc1dd35319b41d07c69703f32a2c0f8c1d23fe1e9c1b1204cf85aefab92b2fcf259a36bde1ca8e7a09339a3c008333306f876f4faeeeb6f934c8f2566 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d505d25f9bb9ae1d0a7d3953b438d4f8 |
| SHA1 | 8f631e778ae489404159fbddcd0736172e18ad11 |
| SHA256 | 4d9fbe4f476afbf98eb45e68af2365b67416d02076ffe124c8620845968c7bc6 |
| SHA512 | e04966025f6df5913b9b3d34bd8028004e1d52a30d2d96062c09d6cdf6cb76bba2a30a6b6dbaf6f00146829d9058148ce94d1c3906f952d4e02751360d63d262 |
C:\Users\Admin\Downloads\setup.n-werVR9.exe.part
| MD5 | 33283aba67f95c2610a1b3dca12064f7 |
| SHA1 | 19b4771469e3b8b0d02e5cdff1e3984a0d67e495 |
| SHA256 | 370943a107203d68454cdb1b7d9dd46430b7587a7e487aea8d43fb40adbbb771 |
| SHA512 | 4cbdd69030aba5d77cbcfaff8f8073237603d7db6713877f87f0e0e68f8d59ed30b7e545a3f39a98d9aa6a39f8b78ef342e991f4e7f4b6322b66c6dc77962900 |
C:\Users\Admin\Downloads\setup.exe
| MD5 | d514bd9fff9f7ccb2180d3ac7ce0e32f |
| SHA1 | ab6c7a7f24e7c4f673a3ae67dff2d3507cd52eb0 |
| SHA256 | 3ca04ad50b4f41756bf91bce1162e408a7da7b6b5cca4331d3fcb51e8009fc6f |
| SHA512 | fe7c6e0eeae066cebafae70a26c1e83effb8ae60a626fed39717e04b7528e1353a6a8c8c8686fe616c21ea813e89462102e071dc25c2001b2747196997109cdf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c3d9885ed7e90e510d5cab960284eae9 |
| SHA1 | 1dfef380707968c793cfc5154916b26c45e81844 |
| SHA256 | aac6be0be1d719d3117d41abd363b02c74c93f9d2ddcf5314a224bec94db5c18 |
| SHA512 | 738067926a8d11e2d3c29016eec3a1b27068b2e399f88a3acac9736fe34db11908e3bef9ac7bab2beb65aa81d22d92aab6571654473d49235ddf256b17b1f3b4 |