Analysis Overview
SHA256
60ccfd2af3e5f68d1b1fa36140e97a65411f0ce26da19768933cd5128fe342fb
Threat Level: Likely malicious
The file fnaf plus restored.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Checks for any installed AV software in registry
Legitimate hosting services abused for malware hosting/C2
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Uses Task Scheduler COM API
Checks processor information in registry
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:42
Reported
2024-11-10 01:45
Platform
win7-20240903-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe
"C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:42
Reported
2024-11-10 01:47
Platform
win10v2004-20241007-en
Max time kernel
269s
Max time network
271s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\WaveInstaller.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WaveInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Luau Language Server\node.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\KasperskyLab | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\KasperskyLab\LastUsername | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\KasperskyLab\Session | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WaveInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\WaveInstaller.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Luau Language Server\node.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe
"C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55cf3f9e-9955-450e-8eca-ee11e2d56bba} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47109e2c-ad0d-473b-b723-f0938b4ba0fb} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2968 -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2868 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49bb3281-c9d0-4ef9-99c2-14e02e83f824} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3784 -childID 2 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3157e2-af96-4fb5-b03f-cca97fb158df} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4980 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {321c1ad8-0c4e-4f48-81fc-62a6da517afb} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5280 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {049a2633-13d7-494d-b00b-b7fb6f1090a9} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4928 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71286dc2-d6d3-41a6-8de4-54d8e5f56f2a} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5268 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1b44ed8-28aa-45d4-923e-ff0123a7db9c} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6156 -childID 6 -isForBrowser -prefsHandle 5948 -prefMapHandle 6148 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f77685-d2c3-47bc-82ed-8c16b18a4de2} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -childID 7 -isForBrowser -prefsHandle 5872 -prefMapHandle 5880 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4960a1f0-87b0-4d2b-b34e-e238a709f09b} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 8 -isForBrowser -prefsHandle 4772 -prefMapHandle 4156 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {434f48b1-bd8d-4966-b114-6268560abfc9} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4596 -childID 9 -isForBrowser -prefsHandle 6896 -prefMapHandle 6860 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8198ce95-dbdd-4e1f-8754-001167d1ba75} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6856 -childID 10 -isForBrowser -prefsHandle 6836 -prefMapHandle 6844 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f978ee-6450-4932-a58e-6314bf9a20f7} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6256 -childID 11 -isForBrowser -prefsHandle 6328 -prefMapHandle 6344 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d582ac7b-aef9-4bb7-bce6-7c72e36c32e1} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -childID 12 -isForBrowser -prefsHandle 6456 -prefMapHandle 6452 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd84271f-ce8e-45ae-90fe-f6e549b5287d} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 13 -isForBrowser -prefsHandle 5448 -prefMapHandle 4244 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {479bea34-0ad8-4dbb-9209-644a2946cc74} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4452 -childID 14 -isForBrowser -prefsHandle 4172 -prefMapHandle 3712 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b6c4181-09e5-4a25-8460-1a2d6831857b} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4176 -childID 15 -isForBrowser -prefsHandle 4576 -prefMapHandle 6460 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc122993-de96-458a-8760-99030069e3b7} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7308 -childID 16 -isForBrowser -prefsHandle 7400 -prefMapHandle 7396 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e6dc7c1-a855-444d-8dc4-d4b3a2e3e026} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7684 -childID 17 -isForBrowser -prefsHandle 7604 -prefMapHandle 7612 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f59f476-7142-497f-9cc4-8bf7bdc5259b} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
C:\Users\Admin\Downloads\WaveInstaller.exe
"C:\Users\Admin\Downloads\WaveInstaller.exe"
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=3992
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:54035 | tcp | |
| N/A | 127.0.0.1:54042 | tcp | |
| US | 8.8.8.8:53 | 65.204.21.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | arceusx.com | udp |
| US | 172.67.169.25:443 | arceusx.com | tcp |
| US | 8.8.8.8:53 | arceusx.com | udp |
| US | 8.8.8.8:53 | arceusx.com | udp |
| US | 172.67.169.25:443 | arceusx.com | tcp |
| US | 172.67.169.25:443 | arceusx.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 172.67.169.25:443 | arceusx.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.178.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| GB | 143.244.38.136:443 | images.dmca.com | tcp |
| US | 8.8.8.8:53 | dmca-images.b-cdn.net | udp |
| US | 8.8.8.8:53 | dmca-images.b-cdn.net | udp |
| US | 8.8.8.8:53 | 25.169.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 216.58.204.65:443 | googlehosted.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 216.58.204.65:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | tcp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spdmteam.com | udp |
| US | 104.26.6.193:443 | spdmteam.com | tcp |
| US | 8.8.8.8:53 | spdmteam.com | udp |
| US | 8.8.8.8:53 | spdmteam.com | udp |
| GB | 142.250.178.14:443 | www3.l.google.com | tcp |
| US | 172.67.169.25:443 | arceusx.com | udp |
| GB | 142.250.178.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | dmca-images.b-cdn.net | udp |
| US | 8.8.8.8:53 | dmca-images.b-cdn.net | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | waveexecutor.com | udp |
| US | 172.67.159.100:443 | waveexecutor.com | tcp |
| US | 8.8.8.8:53 | waveexecutor.com | udp |
| US | 8.8.8.8:53 | waveexecutor.com | udp |
| US | 8.8.8.8:53 | 100.159.67.172.in-addr.arpa | udp |
| US | 172.67.159.100:443 | waveexecutor.com | udp |
| US | 172.67.159.100:443 | waveexecutor.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | 46-105-201-240.any.cdn.anycast.me | udp |
| US | 8.8.8.8:53 | 46-105-201-240.any.cdn.anycast.me | udp |
| FR | 46.105.201.240:443 | 46-105-201-240.any.cdn.anycast.me | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| GB | 142.250.178.14:443 | www3.l.google.com | tcp |
| GB | 142.250.178.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 240.201.105.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.240.56.149.in-addr.arpa | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| US | 172.67.159.100:443 | waveexecutor.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | www.nuget.org | udp |
| US | 172.183.192.203:443 | www.nuget.org | tcp |
| US | 8.8.8.8:53 | globalcdn.nuget.org | udp |
| US | 152.199.23.209:443 | globalcdn.nuget.org | tcp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | 203.192.183.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.getwave.gg | udp |
| US | 104.26.3.170:443 | cdn.getwave.gg | tcp |
| US | 8.8.8.8:53 | 170.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| NL | 18.239.18.85:443 | clientsettingscdn.roblox.com | tcp |
| US | 104.26.3.170:443 | cdn.getwave.gg | tcp |
| US | 8.8.8.8:53 | 85.18.239.18.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\b602185f-0ec5-4fd8-a328-a874c68accd7
| MD5 | 80f5ba69534aaf27846eec38d7052c75 |
| SHA1 | 6909faae95ffb47b02f4697b68fc62d26601793f |
| SHA256 | 6585be0dbf699fc077c542dbf3a98ebe465afebacb7e51186a232b97f51a0b24 |
| SHA512 | ff7e8cf45638d9584c00d27fe0acf619e29dc418fc611ee682a1f73c688560cc8123f500c6bccc8c4cec50c683891fb2fd100e7dff072109e7e8d31a3000b405 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\fb2d409f-e005-4ed0-9400-be0e692978ee
| MD5 | 62208780c18354865f58f86a67bff58e |
| SHA1 | 460fa142437bb97286de5262ffa5910c0a23c9e7 |
| SHA256 | 92b829d67aee88adbb34eb8707967be380b04f1c392faebc72f1860a21151bb7 |
| SHA512 | abd46ecb1bab16541b342c80d8db3b57515d7c470ee417d48e526742ff87de0ae1610f9e711cb9fb0be0fc775b725b5c53f8257b08dcaea8d9ca71387d454342 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b8ecfc8a5713b0f5e4b0520bc157fa51 |
| SHA1 | c1d3cf2e2789b46326ba175e122ccdc22151b452 |
| SHA256 | 7628d319345668b3513bb08eb77fc4cb92385878ff36a70b3eccfa0b97277e8c |
| SHA512 | e2b41cdb8d1720cb00eb5c28db6e207916db8be76f13bb672f9b84ee4713c979fa73781d9c6c1fc40951b4db2bf69ef3bcae67bf0b185ded82d58def17c1ff1f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ce83bceb6e080e1192bae2b362a246de |
| SHA1 | 1cd46714a37f8b1e23b75444ed2ebb9f1cfdffa8 |
| SHA256 | 87b19911f946c4140b01f6026cbd40ed455d42f2c51e0befbca509e9fd499759 |
| SHA512 | 8eafa7b704a32f615ac09be254ee89eba9277565524cc15be25c959d0e09344a296c4f29c7617e798c47d946447a1f38484940f1de2e2be4ea394fc78e691ed8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a5a948a8a78889767828138d7313bbaf |
| SHA1 | 5eea307189916da291827711363c78bf3a44d892 |
| SHA256 | 379faffb9d503943ab66791f59f25f09dac9a29efb4d98826c3275be7f41c768 |
| SHA512 | f385abd13b5fe1e84e5392bd7d29cfb035e5ed4f52d109bd774eab3abb967ea7e79b5f3776958362419d47c957f1623326506929972d41029a211d4005ef616a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json
| MD5 | 5ae538c1207fcfad6edf9c301e366cdb |
| SHA1 | f37d5d2651163f864dfb9220328dbc958aa94bc6 |
| SHA256 | da71f6c756bd77924dece967abf9397df4f29a4f8fd5ac449d7a81f34da75eb3 |
| SHA512 | 86d820519151375e5905ea76eb00af2096092b67e7d3cd81ac053f8a6e9f01fee7cfabbd62eca79ad1fd0273291313d97332fb2af8e88f77192958e0dc4c86a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js
| MD5 | 1e4921760188a6c00a165d37f0e4644d |
| SHA1 | 403596caad70207fc192bcc850dc3e1e1ee2e9ef |
| SHA256 | a6bd86dd905dec24b3c27c95cd740a853f73b55cf44f1c3218c1a668340502e4 |
| SHA512 | 4cfe65bfe699825ad7e1cd84c4eec780f8a51fafd08080e6c9208a5141cda32ae1a7e0292a8c4850377ace524f811e27c38578efb11c7aa2eaacb5507e76cf5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | 65ec2f218c073d662943e63786c87304 |
| SHA1 | 22c8d20c7e04bd24ca77aca2b226b27fda9bcf41 |
| SHA256 | 4da1b7c18ab0b2821c7ff5f8c90661f271900f570c0d939ce0b0a4f6804e98e1 |
| SHA512 | a408eb1fd8a76f78c790ac081862af6297b089c0041030d5fe54ce3179a791d98169716b2364111625897bb1c32ef402be89d36379d3db9483bcb95cb387d0a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js
| MD5 | 8e9a1a345d4a05a2ab745fcec186ca17 |
| SHA1 | 9ce0844b23f9efb4c2cf7d65780ceee12f79c154 |
| SHA256 | 1ba10490d2958e97c3b3be73c7b46922b5aae08cae4a315623a6ad37968f6cb5 |
| SHA512 | 8519879ffc8f0db5efb59e49e3e78d97863cd56ebe4a1ad4fd44faa87d60a9f18e865bdfe60a3d6e5d0d8a05adaef294143ee3fad9178754c7645211dae3641f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | 932bef375ba231ec9369efa5b70e5edc |
| SHA1 | df0abddf83f89434e456e2406be8b253ad6935fa |
| SHA256 | 73640d344269a1f35c2b55b2b243d51c5c3ad74b1eef105d3e932c53b9ba2a72 |
| SHA512 | 0368cc5bde4c94835f7ebab3eed21276a29ad2088c9b1195c2718b0cf2b083cbaebbdab60c2ef591d422d5cc387696c720a32180dd9765314bc4cd7733ed2116 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
| MD5 | cebfd236335c96cf990e98b48957014a |
| SHA1 | b2c180c778dc8ab173e777aecc67e275567b00ac |
| SHA256 | 85147370ec31a574ad8d7cb5a6589cd4971c14fd001ac9477df4c44587dbd477 |
| SHA512 | ec79878b2ba252694e63d4ed5b6d8671f85f8149ed7d296dd9df6f472220850542a0e7f80bd5668595f34ce5306a56c5dd939d26948e6d4172336419b2eda242 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
| MD5 | c4fbfc42fcacf7d8fd9eece925d8df5f |
| SHA1 | 84cc35d46844717f7db45472be69e2670c366ca8 |
| SHA256 | d5aaf5bbc028389f89dc80679b56f034ba5e9c850605fb3f4fda8395e2533134 |
| SHA512 | 817c67fd7e68ac572cc9fa0a655265835fe7be3e327580fabfb9e56ddcbfbe0dc48c491c1b513c1be8a2775619ad1c97996be9ef97c1abe4147cb597c4a944be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | 986613ecaa1d5ffe7eec18396ea8ecba |
| SHA1 | 1246edddd837b593112526c352d9ae8683746f24 |
| SHA256 | 8dbb0f4a3df19030b3dacc93cd137d7c0642ef0bb9b78f467f37ca628bae7528 |
| SHA512 | ffab0a1df960be4d379fb550ea7227428a259928378f041c7dc6dda93c5c9b10013cf7979d277d90d62cbee729284e36ae8477141658aae2dc2c21403264ccf5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | 1166b284dde38196a1b75aaa66aa4723 |
| SHA1 | 0777a06beb5b5fef9b077cbedd9b056b4f0b6bad |
| SHA256 | 2f24b1ff74922c55720f4fa928596991c80ca6d1616e5b9d67b4328c8a5125d9 |
| SHA512 | 2f5d4c3b2da9bcbd8f3520f9a3e99f681ff7fcbcd7fa9124a3977ef7262265ead08e4fc4b340703487b4471b2ead22287a7b4104c549150836f865751697d323 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | a163122f8362372fbf8cc0f8de832bd7 |
| SHA1 | 46244bb45e00a9285f527ba99d5911e51eabf7f0 |
| SHA256 | 5b4b96827805ae0d21553227c058f223faf3e18669772222276bcb0a0dc6cc0f |
| SHA512 | 385c7f01e3c4c7ac3bd76ba6616e77068619f486162bf7d008e4193ab34d9147a3a6a9824b7b1d171e76dfd86ce6f9fe6bf75e3c6c6818477bcf50429f5cfa4c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ec8485943eec7180a9b04c91b021c069 |
| SHA1 | 089b6dea05b6f6a05a736f56fd7ebc042a0db58f |
| SHA256 | be28c35212eee50cb55568860d52157a96df5b6368a3ba9ba69472cd4c2e4123 |
| SHA512 | 78f03b1bf7db2c9545c24a0836b7bd21cf64d6192d8c589d7682c35301e4d005bf5c2c6cd9c9f89ab776fe34d7d6f7100129126c0c0208452f0fb1de8b65d15d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\doomed\4033
| MD5 | 17f92159a6dfaf583927360526c74ed2 |
| SHA1 | 6ba5bfa28d4aa16e0580311c6cde166411e25f3a |
| SHA256 | 25bfa6d812d79e68714a9e4c040b2947c19b601471e7ec9c66c0cb1e62a6a943 |
| SHA512 | 9349cf5fc74e58da133bf32d7e6a700bfaa2ccf02e7ad78d1a447590437f961f48b3599543e80d5b1063cf747d47e42b55474ca5077322061be55308b70af614 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\doomed\26104
| MD5 | abe3073907362e8df7b199d214d411d4 |
| SHA1 | 273ae71ade06d8c14caff5d4f397e2841e6247dd |
| SHA256 | ed48b3e06ea31154c28be8c70f769a572f1f2808d4e07544122d834f20d2f3c6 |
| SHA512 | 0f3cdd45dfd7ddb03037b908d6c7dad04ff151b2a64d49e3a9e92214a7695cb219edc12759745ba17380e196503e2d429ca235ee3e8ecf4dcff7716c1446bc46 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\15452148DC37F7F3E37A31F6162F9E9EF7545424
| MD5 | 39134d0dfea80998129e82a84cd62acd |
| SHA1 | 75ab5ba5a5e071fde6b565b3130a05fb33864c05 |
| SHA256 | 0b4885575123d56aac012da631b424548f68c15fa2f8e995efdcaf82c89ffa90 |
| SHA512 | a601790fa14467ec45bb3adf0c97d2f0254f98df20edb4cce9a218ad6eba1bb714b990b04b8a8c547953ef338e7fe42eacc42fd27f52084a229e831422388bbd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\5C36AD522D06CBA27C557B84549A66AC74D92835
| MD5 | f8d428409be95a771c9d414023e01ccc |
| SHA1 | 19513d44e8b9bd28f3a655a4f7252ff0836d360e |
| SHA256 | cc72ac8f1ae1891e8887753f261a49ca217a6c693c71a090354a9f7cd5e6fc1f |
| SHA512 | 5cf7164487eee73199beb8deecd60aec9e021a66a015c50e83212617a9512384ad4f370f4048fc01d3a1036fda88e9031c236608b0e7b1b444b644a743ce6e6d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4d9de78b5f7be5279e9567783d8603bd |
| SHA1 | b8c2bdc23208c8d85669b732f0b8dcf5e6ca5689 |
| SHA256 | 18b75313d1ba773389eae2e553013919b8798aa133133a5a665ed70e6fb9273c |
| SHA512 | 1cffa1747545376bfc193705dfe07ea1eb206d1db08c9c798a2c4b232192a599a039d3f0989cdbf641519a64b89fa375d417011c91df4afda059d41e742dfc67 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\0B09FAE341F4DDD969BBA2C6B6B8F6253CF20D50
| MD5 | c9f6bbeb184165e9a2e2407584bf4526 |
| SHA1 | b05bf3e5aca7d21d28b35732f899950d1cbe089c |
| SHA256 | 5f397f988c6e49c66faed4e2329453999598cb3d78586bec3ec58eb4746594ed |
| SHA512 | 19fb282e6fb625a2f23e71ae18fc7567988dbdd6357a54301e8b57c8da7495ffc9ccb90dc0eb8b4982b4e38d364a770f7f92366370f02b62b1ef289921f11a30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | 2fb74fbb662f6bf11e756e7c8803e28d |
| SHA1 | 2b35c28101329dfc8f8f922cfc619d3d96491dd7 |
| SHA256 | a33e3a6ed6960c4b67aa9836b1e0a0733146cd5b96cb30b1f8c9bd2743dfdd80 |
| SHA512 | 390473fd1bcdb31c1d4137bff57a544680ce134989209bf07bba4b867a9146949cd8d66d4ae30b8a834e13eaec96e605e6839a9645f8ad81bb84b9471db31ac4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\816705FEF1DB3481B3B6CB5A4542A9BE5F9F75C6
| MD5 | e2c8f6579c2bcc07bb593bad7b21dcf6 |
| SHA1 | 0cbb9be957d6ed1c873180168a3e8d44ee578c6a |
| SHA256 | aac12cc4e198baf98a3d85e475bcf68c86fc883867eb92b455fb49c50ea71515 |
| SHA512 | cf9b73b129eb095e81175f150f35fc2258e3cca38eec1324695cceca938c91b830f3b5969282b6cdea3992b748a5d1794dccaf1ba24420e950bc3866d934e238 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\5CAF0F45716E767E04F44899002CD8DC8EFBF123
| MD5 | 7b8e97a8eb029284d05b89980b37d81b |
| SHA1 | 5af64eea60949747f3c1007342e5f015d03d1641 |
| SHA256 | 6d91bbe99f3872fefd1668d70ed0d51a7e18ba1da367554b66e7b2668916ea5f |
| SHA512 | e5bbb52ae12fd6da27adf6d593cb8ddaf18f78a73f0aee9307f0af77f1405f03979960b2f77c657c91af109aec2a3fd1a4ffd3a4446bd00814e3ad413cae6a65 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\944281DE8E653E8D9793A8E9F6BD27DE1695F581
| MD5 | 47457ee238bef4cb7e8301d77d116fed |
| SHA1 | 09dab270f3d105e664f1860455d3ab61f3a110c1 |
| SHA256 | cfb82b41bcada3107de248dab9b161c5aad5668c151a12fa083f8594d0e3d9cb |
| SHA512 | 98aab2b843711007d8ca4029e26038d2c8932f4a0373ce395b52468b457f0764cac6014959d57240edaff6577fc445322ca3a3c424e8d72d6ffffce9a7a28a40 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\C0F4D880C1B3CF628066058BD865CA7B495E5F29
| MD5 | 2abcb59db78a343418d5a485103021db |
| SHA1 | 9d018483c44193c83c804c888d8d5d965f8e18b6 |
| SHA256 | ee427998f947b5522c8c8a5394197c0a551d961a5f6110caddf6ac84e759975f |
| SHA512 | 646f5151ebf1d1804b7aaddc0fa2a3674467f714c27efae17fdb9c435a6f03d77a2d8b27577c7504fa1375f5932601d0221dd5db4c1c12716836722356a0754e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\5D88F86F32DC808B55FF241F00F12611A6FDBCB2
| MD5 | b651bc9527c9aebe800eece7682a561d |
| SHA1 | df406cc1646a8c0c53b1a704883164b19e39ed3b |
| SHA256 | 7faf1d0475ced72ff6badb40e840bc494af69fd1f504f83a17f5d9dbff8da479 |
| SHA512 | 3f8b6bedbfd30f0f491130f33de8aa8c578e7ffb3f59ab4efa2f4845b4dfde751a595597755fad22bcd7da7c6c2f1150e188d00df6fb9a986ded96509ea2ee5f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\2F80A05A314CCDB66FB88D0D30B7405BCD9AB353
| MD5 | 2de9d573a934efebc99b2e32a38409c6 |
| SHA1 | 198f11cf1b9cb6bc3cfcaffe9cc635db473b085c |
| SHA256 | b31d2b6da67f8bfd11560e3da27d967ad9ef838af52659447f9e687e3f746d7c |
| SHA512 | f19f78a5a8d2ddc80a1987ed84c2d591130af3322d297022bec480632df137a399584f4e0802676e200c9c9299201526f30a7877225927261ae5930b3f6a7ee5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\B3E9141EA653832D356942C18CCBE9C056FE1193
| MD5 | 97622ffbb4d13d14ca5c3e35bf28cf60 |
| SHA1 | def4ebd751c025285dc25e8457ae49ff6705cabe |
| SHA256 | d2afb0e76f2910b969b8ae3a455b4b73cabf9e2b132af39bbee0c35066018374 |
| SHA512 | 11e37fc53613ba49aeac4e080d07000ae74d42050126f6246d032f3f89295ea398027e9fe579f5a6831080bc937b29da424209439b6cdd54379884a5c9affc4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 875bbbbbadf364c9a59ebd3c8ff9c98c |
| SHA1 | ca4b74e30311eb9590dd744913bf90a21d651b7b |
| SHA256 | cf9e6801f375629d5242a697a35e81a231c05a04db615b8ee3d1c62abaf050f1 |
| SHA512 | d0f0056cd7cbca325ceea71fb1066d7f56b7a61c4768490d00a0f5b11ce8e0ced257c2dabf47b837918fba185fb87ac284c2328d09c356c41735bb4cab7daf00 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3407e32b118171c0faa4abdb553bc1a9 |
| SHA1 | 2f723e4bacbb787e3890d323a33d195a889dc97c |
| SHA256 | daa5e036dd520ea5ece7b9c7096f4a22561a90caaa1da3b34939c0f35c31401f |
| SHA512 | 45e82cd6f43bd4011a2485868c1f60bac913e27573b6a2e99a889b342f6113006e32b25363aff50ac4d2003136d0fc96821f891fd244b6a3f24148dd1feeaa8f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\1951DE72CFFA8150C812E912B27FCB419836A7A8
| MD5 | 2ff56147f449ff5fc45d762ecd77c5f8 |
| SHA1 | c4bbeb2e974e75a986d518736112d2daac977dbf |
| SHA256 | 6cade1c6e4bc79ae9b0dd605b6a0367049d97c488318ea4bb3822a87e4e215b4 |
| SHA512 | 50012439f3b5bc29dccf87863f404aa1d98933080959cb7013e15adbd2c8f4ddea257caac6eecc6e61e99f36a508ed087cb7980f1a2f62c3c67f38435aac71d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | 4913649c1a6f8ec5c9d961956903393a |
| SHA1 | 782496ed73ad6596bc49dc5020e6876fbe7aad15 |
| SHA256 | 777ff608aeba0db5450ce75c394bc3981acd8608a7d66014b0315e6b87ecec84 |
| SHA512 | 6bf46d48372c71c973530f90f2b1e519d7bd0b4ffd379ff82599ab1857de70fe767b59a69c1ba5c50d686633222dd6ca0780b26e6270c48ac6eeb12c474cf78e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | 5e9615d2523f3707434cd2d1d1bffb0a |
| SHA1 | cd326468334ad58ed6d9ea4ef69820712a56efac |
| SHA256 | 89c41b49703f1af86e46afb4e2399acd1615f2246244357e48757e9ef7c812d2 |
| SHA512 | 54dbcb5a1e448c828b88c1b7279eae97a7c3d5d0b5c1ad843f5efe9499a0e51ca0a0eaaef75a64c1516645f0a901a56c67be815bff0c7862b3f9726e95a590aa |
C:\Users\Admin\Downloads\WaveInstaller.URFM5EZE.exe.part
| MD5 | 215d509bc217f7878270c161763b471e |
| SHA1 | bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9 |
| SHA256 | 984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886 |
| SHA512 | 68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b |
memory/760-1435-0x00000000748CE000-0x00000000748CF000-memory.dmp
memory/760-1436-0x00000000003C0000-0x000000000060A000-memory.dmp
memory/760-1437-0x00000000748C0000-0x0000000075070000-memory.dmp
memory/760-1438-0x0000000009870000-0x00000000098A8000-memory.dmp
memory/760-1440-0x00000000748C0000-0x0000000075070000-memory.dmp
memory/760-1439-0x0000000009850000-0x000000000985E000-memory.dmp
memory/760-1441-0x00000000748C0000-0x0000000075070000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 576428b1052758c5b418696150fdbbb9 |
| SHA1 | 3ee0dc2a0af329abbfd5765f69d60d9ac31f9fcd |
| SHA256 | 442b722d58acbe3c7d00e3a53d988bcc2eac27b69565e883dc5188e5d6dc4ad3 |
| SHA512 | 47668ed4bd274e1d81dec06f99802d5d947da99f3fcebf5c7fb47e7955f0f0689aa1598aa65aadd5d9ce859bb0ed5cc6c45670f3f66fe069a741f23edc9e5074 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d7b11c7ea9e6de388212593952f59606 |
| SHA1 | f74fda99d7fb5057b5ade476ae8b00dec0859ea2 |
| SHA256 | 6779cb5b0ce3b9fa158960d77eac030dd4cbbf9cbacf53f4d604548f21175f72 |
| SHA512 | 8a0e84c1671660bf339948bd9f7b6d952300bb256aa4c53d2c9729a6a6fff7c6efe03f54115ac9261829c11a80111a9232c8b5ac01f2d5a4f6bca6235979b96e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0588032595cae55ffdcdbf98ee865a6e |
| SHA1 | e9ced0ccae515ff72c869fbc381a986a2886740d |
| SHA256 | b29e516c423349c54f8855f33ca0a328ef34858b5967d6526c8c18c908a5c31e |
| SHA512 | 12af6d38e0524c3f73e2ca50fdee60bf30cd718de48a543e59f8915cbb55eba4f47fc7df594a2ff21ee21a511334d9004ec564865a8e9419c4dd39352392fa1b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\3c1db6f6-1e0c-442e-9f31-f6584ae000b1
| MD5 | c5757489bf889a243b4bfcf43830797a |
| SHA1 | 65f4d3d9221cbb4b004d3dfa87375a2ec985a9e9 |
| SHA256 | 23c55b294f33a8776265570fc4f5fac28db25090156d5aad5eee22993444bc45 |
| SHA512 | d941fd98932fd6ef7169beb871a11cdd5bd57534a0029e72894f885e4a9f65fcb0c0e46130cfdf09d184afda1c5101a03b942dc440bea455d6a6d943e4769cfc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\e0159c21-9161-4d2b-b90c-761d73fec01e
| MD5 | f3243ce8be9c1e83be61c990829a9e89 |
| SHA1 | db13c86c94110f68f85ad57e0e191d7cc21d91d7 |
| SHA256 | a31c62d8561ac5e89848e580706b5762aae633c8e347e73b2105f982dafd7070 |
| SHA512 | cd3ca5e25dc5829df59f0c64fc81fc62a32c9fdeb65c6d89366556eee2b8a7a92a2329ed9afb79a95a65a2299d9643e38d565d7f287eb1b54b2b42037479b145 |
memory/760-1484-0x00000000748CE000-0x00000000748CF000-memory.dmp
memory/760-1485-0x00000000748C0000-0x0000000075070000-memory.dmp
memory/760-1486-0x00000000748C0000-0x0000000075070000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 954215cd48e41901c3ab8abf36ec2951 |
| SHA1 | 0a4e08128710bdcac19799e0d7c9e717c7b8c905 |
| SHA256 | 44565919bdb3cf8b13d13af9a1aa9656d62bca2feb0cc6aaa0ae39fb29a77bf5 |
| SHA512 | 7d1d4b2c3720c1109d9093e3e4dd44fb3d8c742e01d255178e5b457cc34fe260ff26c834cd11d798ce50d1732d4192c76a13bb836a436c168afe4c2fdff41dc1 |
memory/760-1515-0x000000000BD40000-0x000000000BDD6000-memory.dmp
memory/760-1516-0x000000000B540000-0x000000000B566000-memory.dmp
memory/760-1517-0x000000000B590000-0x000000000B598000-memory.dmp
memory/760-1519-0x000000000B8E0000-0x000000000B952000-memory.dmp
memory/760-1520-0x000000000BDE0000-0x000000000BDEA000-memory.dmp
memory/760-1521-0x000000000BDF0000-0x000000000BDFA000-memory.dmp
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
| MD5 | 495df8a4dee554179394b33daece4d1e |
| SHA1 | 0a67a0e43b4b4e3e25a736d08de4cec22033b696 |
| SHA256 | 201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42 |
| SHA512 | ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33 |
memory/1316-1735-0x00000000748C0000-0x0000000075070000-memory.dmp
memory/1316-1736-0x0000000000A80000-0x0000000000B72000-memory.dmp
memory/760-1738-0x00000000748C0000-0x0000000075070000-memory.dmp
memory/1316-1739-0x0000000009200000-0x0000000009304000-memory.dmp
memory/1316-1740-0x000000000A070000-0x000000000A086000-memory.dmp
memory/1316-1741-0x000000000A0B0000-0x000000000A0BA000-memory.dmp
memory/1316-1742-0x000000000A0F0000-0x000000000A0F8000-memory.dmp
memory/1316-1743-0x000000000A150000-0x000000000A16E000-memory.dmp
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
| MD5 | b8631bbd78d3935042e47b672c19ccc3 |
| SHA1 | cd0ea137f1544a31d2a62aaed157486dce3ecebe |
| SHA256 | 9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c |
| SHA512 | 0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26 |
memory/1316-1747-0x00000000748C0000-0x0000000075070000-memory.dmp
memory/3992-1748-0x0000000000880000-0x0000000001082000-memory.dmp
memory/3992-1749-0x00000000059F0000-0x0000000005AA2000-memory.dmp
memory/3992-1750-0x0000000005AE0000-0x0000000005B80000-memory.dmp
memory/3992-1751-0x0000000005B90000-0x0000000005B98000-memory.dmp
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js
| MD5 | 6b1cad741d0b6374435f7e1faa93b5e7 |
| SHA1 | 7b1957e63c10f4422421245e4dc64074455fd62a |
| SHA256 | 6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f |
| SHA512 | a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253 |
memory/3992-1756-0x000000000A170000-0x000000000A222000-memory.dmp
memory/3992-1761-0x0000000006160000-0x0000000006182000-memory.dmp
memory/3992-1762-0x000000000BB30000-0x000000000BE84000-memory.dmp
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
| MD5 | 772c9fecbd0397f6cfb3d866cf3a5d7d |
| SHA1 | 6de3355d866d0627a756d0d4e29318e67650dacf |
| SHA256 | 2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f |
| SHA512 | 82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31 |
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll
| MD5 | 6546ceb273f079342df5e828a60f551b |
| SHA1 | ede41c27df51c39cd731797c340fcb8feda51ea3 |
| SHA256 | e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5 |
| SHA512 | f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7eceb2d53ac1333b643809105c569a03 |
| SHA1 | 7d2ee1fabe4d6f5027af488a18cc14a5ac91d76a |
| SHA256 | 205bdc219a2da231d0ebf2e714bda8ae75807bcfd8f5c1c434e3277f0e0a414e |
| SHA512 | ea010887277601335938dbe41334fed1a0c7eb8a1855a22cc9080963a8118d480a1a0b89e30f89e4670534330937d1e57f59d39cea621982429f693e1b8497d6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 9f02b5ca14334400200521ef95ae1f2f |
| SHA1 | 68ad8777a658a23830ab993ece7c9e6ba0f285d1 |
| SHA256 | 6e968e2ff79391f5c5aca818e1d4860a25733b132a9492260528a15952edc2a6 |
| SHA512 | 2dc8e207ed362700eb84e76a08343ea83faa9d35f6b77293d20cf4b6c68a0b393e70f41db51872c5c9eaaa6b79684fceae6838f7d45286f964d962ffd6079f84 |