Analysis Overview
SHA256
60ccfd2af3e5f68d1b1fa36140e97a65411f0ce26da19768933cd5128fe342fb
Threat Level: Likely malicious
The file fnaf plus restored.exe was found to be: Likely malicious.
Malicious Activity Summary
Event Triggered Execution: Image File Execution Options Injection
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Blocklisted process makes network request
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
A potential corporate email address has been identified in the URL: [email protected]
Checks computer location settings
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks system information in the registry
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:32
Reported
2024-11-10 01:33
Platform
win7-20241010-en
Max time kernel
12s
Max time network
18s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe
"C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:32
Reported
2024-11-10 01:37
Platform
win10v2004-20241007-en
Max time kernel
250s
Max time network
251s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
A potential corporate email address has been identified in the URL: [email protected]
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\JJSploit\JJSploit.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_en-GB.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_hr.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_ca-Es-VALENCIA.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_gd.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_sq.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdate.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_cs.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_is.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_it.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_nl.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_sv.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_tr.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_mt.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\jailbreak\criminalesp.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_am.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_bs.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_gl.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_id.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_pl.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_sr.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_nn.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_sr-Cyrl-RS.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\multidimensionalcharacter.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_iw.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\noclip.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\jailbreak\walkspeed.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_bn.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_fa.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_hu.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_ro.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_mk.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_ne.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdateBroker.exe | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_es.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_ja.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdateSetup.exe | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\animations\dab.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\EdgeUpdate.dat | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_mi.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\tptool.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_de.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_ms.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_nb.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\fly.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_pt-PT.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_cy.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\psuser_64.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_fi.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_ko.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_lv.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_quz.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\animations\levitate.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\magnetizeto.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_lo.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_bg.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_gu.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_hi.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_te.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_eu.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdateOnDemand.exe | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\msedgeupdateres_ml.dll | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{108D448A-5196-4E2F-917E-B502F591C9BA} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{108D448A-5196-4E2F-917E-B502F591C9BA}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e59ee9c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEF77.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{108D448A-5196-4E2F-917E-B502F591C9BA}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e59ee9e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e59ee9c.msi | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000038a6760542cf76680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000038a676050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090038a67605000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d38a67605000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000038a6760500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C76C02A1-BCDF-4632-88E6-55698920001E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\PROGID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer\ = "MicrosoftEdgeUpdate.CoreClass.1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C76C02A1-BCDF-4632-88E6-55698920001E}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\msedgeupdate.dll,-1004" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ELEVATION | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A844D8016915F2E419E75B205F199CAB\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\MicrosoftEdgeUpdateOnDemand.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\JJSploit_8.10.11_x64_en-US.msi:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe
"C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2044 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b640045d-4c96-489b-9e6b-2ce3a6a9d3d2} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76e573da-f83b-48e6-adc0-8629096c2ad5} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdb30fb9-ff6f-4abf-b4be-dd0173089776} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -childID 2 -isForBrowser -prefsHandle 4204 -prefMapHandle 4192 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e27558ab-697d-48cb-aa24-a5b074e6e54f} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1624 -prefMapHandle 4928 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5014a675-20f5-4918-94be-2c94998569d9} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c289a402-4a5a-4886-912b-36ed7311f833} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 4 -isForBrowser -prefsHandle 5600 -prefMapHandle 5596 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5d53988-0a9a-43cc-b020-71824fe32413} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5740 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be54337c-0349-4ab6-beda-0c92f6c4148d} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 6 -isForBrowser -prefsHandle 6160 -prefMapHandle 6156 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc9890e1-6f94-4add-afa7-b3b0f3ea3531} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2036 -parentBuildID 20240401114208 -prefsHandle 1964 -prefMapHandle 1956 -prefsLen 23680 -prefMapSize 244705 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbd16746-29ce-4152-9824-18977ff51655} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2424 -prefsLen 23716 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9855953c-cb34-4d26-ab06-34311e239a96} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2976 -prefsLen 23857 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f0bdc9c-c4f5-4bc4-833a-0b523a06072f} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4160 -childID 2 -isForBrowser -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 29144 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcbcf877-9754-403a-b89d-7c920745ad15} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4696 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4708 -prefMapHandle 4692 -prefsLen 29144 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1947da0-f403-4ea6-b876-6a4d19cde1a1} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5012 -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c627616e-0737-4454-b7df-eed41a21029f} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -childID 4 -isForBrowser -prefsHandle 5140 -prefMapHandle 5144 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d84875d0-2a55-4a4b-934f-0c6ff7623f83} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 5 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df622ae1-3082-43b2-b312-355aa6a5202a} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4972 -childID 6 -isForBrowser -prefsHandle 6172 -prefMapHandle 6168 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fea4cc5-1e0d-4e83-a16b-ec77da221a2e} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 7 -isForBrowser -prefsHandle 3684 -prefMapHandle 6196 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9f05b27-57d7-43aa-b89a-a158991a7ecd} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6860 -childID 8 -isForBrowser -prefsHandle 6848 -prefMapHandle 6904 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c562cbc2-58fb-4fb6-9525-a40d1a922078} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7072 -childID 9 -isForBrowser -prefsHandle 7152 -prefMapHandle 7164 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a2c5f03-91c7-41bc-a645-c324a52b80c5} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6500 -childID 10 -isForBrowser -prefsHandle 6400 -prefMapHandle 4384 -prefsLen 27785 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1077b66-ebc9-4b87-8165-e86e18f276e6} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 11 -isForBrowser -prefsHandle 4972 -prefMapHandle 6460 -prefsLen 27785 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d1cb51a-5f35-4fe0-8015-c9ec77366dd0} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6492 -childID 12 -isForBrowser -prefsHandle 6916 -prefMapHandle 7156 -prefsLen 27785 -prefMapSize 244705 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41d634c0-c467-472e-9a7a-a3fe098b8bc3} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\JJSploit_8.10.11_x64_en-US.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding BDC42C08FCAACEE89BA4C95786DBE801 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUCC3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODk1OURCRUMtMTM0Ny00NjM5LTk5RjgtMDFEMzU5MjJBMzBBfSIgdXNlcmlkPSJ7NjFDQjgxRkMtN0YxRC00MURGLTkxQTgtNEIwQzU5NjY3QTc2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3QUVBNTIyOS04RDhFLTQ5QkUtQjA2OC1EOUZBRjIzNDA4M0R9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjMxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Mzg4NTI1ODIxIiBpbnN0YWxsX3RpbWVfbXM9IjM0MCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{8959DBEC-1347-4639-99F8-01D35922A30A}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODk1OURCRUMtMTM0Ny00NjM5LTk5RjgtMDFEMzU5MjJBMzBBfSIgdXNlcmlkPSJ7NjFDQjgxRkMtN0YxRC00MURGLTkxQTgtNEIwQzU5NjY3QTc2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7N0E5NjkwRTktMDhGRC00MTIwLUI1MkUtMzVFQjkxQzFBN0VGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMzMiIGluc3RhbGxkYXRldGltZT0iMTcyODI5MzA2NSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzY1NzI2MzM1MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYzOTIwMDI3MTkiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultae9903b8habadh41e4h9ea7hd9265bbf9193
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe0e8446f8,0x7ffe0e844708,0x7ffe0e844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,12831373416021954786,4646381414580325606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,12831373416021954786,4646381414580325606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,12831373416021954786,4646381414580325606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:49207 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:49216 | tcp | |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 151.101.65.91:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49697 | tcp | |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49723 | tcp | |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 151.101.193.91:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 104.26.6.147:443 | wearedevs.net | tcp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 104.26.6.147:443 | wearedevs.net | tcp |
| US | 104.26.6.147:443 | wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 147.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.7.26.104.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | tcp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.178.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.doubleverify.com | udp |
| US | 8.8.8.8:53 | a1241.dsct.akamai.net | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a1241.dsct.akamai.net | udp |
| GB | 2.23.210.97:443 | a1241.dsct.akamai.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rtb0.doubleverify.com | udp |
| GB | 142.250.200.2:443 | googleads4.g.doubleclick.net | udp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 8.8.8.8:53 | 97.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtbc-ew1.doubleverify.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 172.217.16.226:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 172.217.16.226:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 5.44.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtbc-ew1.doubleverify.com | udp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.183.194.173.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.73.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.197.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 36.164.155.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\fcee93e3-ee84-48c2-9135-6a34c274962f
| MD5 | 8c2abeeade9a5ea96b9f071ab56b4e51 |
| SHA1 | db8636003a5d06dc8a5e7be1919ad5f34009b091 |
| SHA256 | e120a3eca6631f608ba8d5dda13ff5aaaca62c3380da1ac1e283c245616d6c9f |
| SHA512 | f7dc66190494c5eb5564939feb39819153c8361e87df76022c7ddbee278a8156c9136a55e22b4817a691cf55cbb9ab23d9f8a5477daa3cb4349a36436f7dc2db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\31161437-0445-454d-8776-0d1e00d413a9
| MD5 | cad48de2c644d33eee33f78b0b94e98d |
| SHA1 | 2fd6f08b0cfc8e98d1a8f4fcdc0cf0c180100a38 |
| SHA256 | ad03e1668afb341fe5782909270b18f6d0511a73e1185a9366e952ca8b9c1ea9 |
| SHA512 | 5ec536cc752acff1031a0a718215b50103810df0342c84c28d96cbddd8446f230a407cf84f67b7f5144f3247876a5727ce63bb41625b8551b2c123051502d6c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | aa06815ab05177aa4ce897b99d942ce2 |
| SHA1 | fea1cedc2307cda807e78008875c4386a7e4be15 |
| SHA256 | 5e15f0e0b158bdbd569349f2db422c7a40a2052616433e778e7ea1cbd1bde88f |
| SHA512 | 0a45f8aa76571be5429ad70fc9c2d11759656461baf065fb764c26b1f19726afc2972d747b440eef8174f0eb56836444107578eecac9cf65d153e79f2221db58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c721cc107b46878f72729b4370ca68d5 |
| SHA1 | 9d8f82a1a6a8ba0f62f5fc8f16c35cad84b8d887 |
| SHA256 | 1d288a6f6851743cf2da035a230c139b1c56cade68071252a606c69ef49a4653 |
| SHA512 | ac1d431f359bd4ec440634ddc7024ad023ab4990343f8a2782a22f75682d7d5be46f64a0178c8a68954f88a86ab9aeaad7e6ac8ba6f8ab9293b2ed98c2b28131 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 50f1bdfcee7c443d6d4b5abb38f92056 |
| SHA1 | 2bf5a309af121584b2808911baba3d08c0040927 |
| SHA256 | 03dfbecde7e5579feab1eb516ae44187e85255a703f898e1fe766c2d80ece634 |
| SHA512 | f6482034c8b8b3d0dab47725f3eaa7f27029a20e9a6b3f4953c5e49c964c8b9bd80cc998e12e962e056780c7955831de13a3ef10361e709b1eb20d3420e0f503 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json
| MD5 | 7b02e915c39cab6fe1f627351737cae4 |
| SHA1 | f69b89adc1de032b4129ba54b87a52d23c8607f3 |
| SHA256 | ccbb55b315ff2b5951c3ac04eb68e1e63774605602485cbca970953d1c238446 |
| SHA512 | 6f6dfbf847bf440185a93719486010355003276ae9fe652ee0ef5a7388e055344f50892bda96923f59ddfc111823c04aae9e488fe1a21bc03e68bb684ff69cf4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin
| MD5 | 7ca6a57edafb87c404747c3c01ac0c94 |
| SHA1 | 2d97ebd584b919feab879a4d6d83ed76125f5b2e |
| SHA256 | 0eab2ceb37f14b6d1dfeac57c11c278ad2d30f5b8989ac7d974e72c030e16ae8 |
| SHA512 | 4464a059d5a04f11215038b29fb2e86f8f3710a25141c34d1b62764c2cf229c92f07c7a5f2ccb2e1b681bed9a36574bbf7629991fa56ab08992ff93ddb42de99 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js
| MD5 | e27dec2b403d27b51a08c8689f732f8f |
| SHA1 | e0b21e496677c22ee3720c300ae52a895eaa2529 |
| SHA256 | 72eafb767552fb1e2730f3ed68973a055cbd77534d8f901ae682edab37310837 |
| SHA512 | 96a3a04dd959691d27d01d415a00a726ca094a7a6b21be6bc9a07436dc0adb0e22c415140bb2bc8e4ae10812e32a272fe2655a463b98b584029ab90c5a40b784 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin
| MD5 | b9f9da891e394e92b61b140d1a110ac7 |
| SHA1 | d488a9f9f8dfc7863df4fa3a7cf7ace917910d0e |
| SHA256 | 1e957f72f0219f43eb93385110ce229833a22ee0eb10754436241b33c29a5739 |
| SHA512 | b073b2b1ae9fcbf8f208d897780494e1d8c6e763e2ae7286327214fb68d9423cc5d64513b42831464da9c1e6aa1009fe5d269bacd2fa90e2a7aadd494d615f44 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js
| MD5 | b1d91d8c0fc3813fa6107292dfcdbe43 |
| SHA1 | c795638867ad50cfd5e1d099a7c91c373ebe2580 |
| SHA256 | 45d6b54e61dd79c596f28a67e038822799af3b8711b5ee9e23c460cd23b786e3 |
| SHA512 | c3ce381df9ffbf7ad98f15e673316b19e0685081476fd50a2113624851b4a414f2b6839a407865d0d7148ee7ea376aef98e5d1524c63269964d913aa531ec9ae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\ce5c8cd3-25c8-4f23-9448-66d4e8749a00
| MD5 | 485c4897bdf139f93716fd951f7fe78d |
| SHA1 | 9439666dd9e706218e11e3d12c0eefa90ef21f2f |
| SHA256 | 15abb85da4c009620f81f7446a96c5fe4baba0cd07785c08d3431215cd64aef6 |
| SHA512 | daf05f288456a1a15ad387abc4edfc0a8d82621e3944abd25f5c132796c6f482a02d21bba635524b41bf07de380ac1b2671066ff329215a8abeb7c613e77ab3c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js
| MD5 | c79d388a19ff280411fe58eb1f375dd3 |
| SHA1 | b84967713fa5c3273ba04cfa4f5c31bfd80fe295 |
| SHA256 | 75d756ef9073e0b5210cc3c60a4ca2d0b6a9d00117ecde1a475c8a8a2e412ec3 |
| SHA512 | f87bd6177e9a990283674be11d1d0e19793490d44e1d83463e13e8853713bc878f5ef3fe7ec3b390a97c1cc970aca5abe4256a0a0dff4ff0cefa360a91832fba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\startupCache\scriptCache-child.bin
| MD5 | 19bcb67b36d0284fb32873aad9382b44 |
| SHA1 | c2ce4e7798ff2373b2b576ded609847b5a472a70 |
| SHA256 | df3d383cba8360899ab4f9799f60b21d13514f32d5c5676a94fa985b501377ff |
| SHA512 | 0c19153c37e4fbeda74b0e32786a6fe99b2fab6c9691843a569f8613095e72b9d8c5a1128dcdfbc6c236dce4e5a514dce3c96ec17f22d4643120c7e00723fd1b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\startupCache\scriptCache.bin
| MD5 | 4551573765d73123135582e99c7e4f1f |
| SHA1 | 40705549db265e817657b5cf34a1589298202ea6 |
| SHA256 | da95fd6f4f84e1118f01c10978bb99401412b706b0143b891895d3313c9cf0ce |
| SHA512 | 6d6a88e53ec389b4e20f3229307cfabf78f732b8cb1b16ce72a75a1b7ea9a0092e910fbe062151fc98733dbd5830496ebb4d9ae8868de23fc4ac82c0075d799d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\startupCache\urlCache.bin
| MD5 | 5b497b9ae05fad99add047ef442ac0a3 |
| SHA1 | dc59ae5e443696c014c5f7db10bb53111366f8cd |
| SHA256 | 84f51002133020eddbcc37fb111243eccb5ec9eab1c8636982a1e38f335fa2f3 |
| SHA512 | 79249a0892ce8b8aabd482220a0fda616e56c64603d56ea68eb0c9917e10d15d557c6c749f6218d2b3f584bf284ed95a3e6ba46132453f8fd6a93e24c05331a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\startupCache\webext.sc.lz4
| MD5 | 109296395499eef8040d01ece7aae423 |
| SHA1 | f504b3f22a4f10fb8ba2180e4a1997c3e4de2704 |
| SHA256 | 1595cd43a72312a95b55ae6aa5e373a7a1210ae9565b96830b76b6b5ebc1c586 |
| SHA512 | 53bffcf35b29aec51e51fc82be478de2e452f7798af0aa101c2e9b6358f44fda7a12f9d2e4523569651e12423a63a79387611b45522d36198da6cc93eedb17e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cookies.sqlite-wal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cookies.sqlite
| MD5 | e706e8ae80beff97fbce6e6b92fec5e9 |
| SHA1 | ec60ea38066b6317d63ec9ab909964b0dc482151 |
| SHA256 | f652923f9201732515e666e0e82fd7e251db7f2e73c8aa6fd87a4977dee17f93 |
| SHA512 | c9c24cd3006fcef83de0a77c9ed08e304f91340de1c6f61acd5f1111f9d9736328e8e7103a27ede7ee48c9ab94369e7a373be8801949bb05873d940b2d5f8a49 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore.jsonlz4
| MD5 | f54bbd6401bea8eadd960a764c82ec08 |
| SHA1 | 889ddf3946532f6e343f68b19c5160d059eae76e |
| SHA256 | c0f9df110ace6f8fd238a040e070a5b47f632322ccd3aea4e8816162d5a44194 |
| SHA512 | 87ce90b86603ca11a7d0255a93354e4e2fe380405213d098b0c3b939eabdcd370af9ece9e79d8c8fa6544a299d3eeaf2af7ed08fcf060c2bb7170b1fc5b9e54a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F
| MD5 | a31e9a4d65a1d1ab7156134b2f3245f1 |
| SHA1 | 1f51e51f5b1343ec5cae998105c337da4c15297f |
| SHA256 | cdff12f7b4e1a75d950af3b729c09a88afe8a4cf987d45258386d6e5e189f9af |
| SHA512 | d8f917e8736d35b56d96a036cbd1d519b030dcdd59f24088c0d4694a3e7c32f92bf048f42fc91fb365519ccee8bd08497d82eb4ad3a75523d5aaaebc682cc210 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\permissions.sqlite
| MD5 | cb57429e66214892e25b20cdf6bc4f93 |
| SHA1 | a7dd0b14a1161a32c79a8e11f2241d5c8436b43f |
| SHA256 | 322b14af41205086efb1187fa7505720339b7debc91a369456a5094dea6c8785 |
| SHA512 | 62f2644a79b264fc6268eaea54324e4335459951b406cabd20da2d24bc11cab50fb5fec9ec2f83ddc754fa7b298c5e302679070b907f4bcf35d659e25f0bc37b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 656c302f010fecc787d2948fbd535c8e |
| SHA1 | feb3c59aa68a5613a6011c89cc0f830f3f330212 |
| SHA256 | 2b875025be9279745052fdacbe79671eefcae5975ad7188926a068693f79f108 |
| SHA512 | 06bb5e9088f67d67fcd41101705791957f00d94b954086baefa33c243ba374e22f5cf056b0f53cea968307cc0e9a003d1ef0a872b515a227e718a0fa07f13d7b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage.sqlite
| MD5 | ff76ca02139cc795c270231fe9a0e82b |
| SHA1 | ee734cbe0b594c2419d1b25ac34d3f02d4de6d1a |
| SHA256 | d4aaeb05110a5c52a7cf98bc4850124de466d065ea9d71479a37def180441c1e |
| SHA512 | 9e9e1a9870e580d84f1db075ab3ac2f9dd6ed1a3c9f1824c0681f08b1c1d35bc3140cd583e64eca11209fd8e148d5170fb95276ec53852fdc18e071fed15cdb1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\SiteSecurityServiceState.bin
| MD5 | a0f62a0f61ce80087ae6c65d825e7a0e |
| SHA1 | 15792e01ca152cd7c3ef7f4905339bd4b6c5dbba |
| SHA256 | 9f02338b1d426c12309a97f03fc42cb8423f5c7c22b074a9b66f9532acfc10db |
| SHA512 | 7ff637fad92768fdff84b681ff99051dad5f734b0e4981f9ac8a8159779bb56ffb019dcca05c2fb73eabf58c47a7bedca3cb5c66ab40bfeaadcfb44ad8b15539 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cert9.db
| MD5 | b9974ea4b213e2497e6c2586ed5c31cf |
| SHA1 | 71b119435535c619ccf48dba2248d0d3a8f09524 |
| SHA256 | 8639c123b6db8ec881ede17d4e6adcff4e2d7c1ed06e6b9c7688de7cff9c8128 |
| SHA512 | dfc273d3de49e04021da12a10636b3fb3b53d731e1f54facd95fa09e1c08986c0bd7596b8bac655178148cfdc197e9baa4d372a1d61eb2cf9b76c4b6a43bdb87 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 1fe03d39aa7a1d2f044664aecb7d386b |
| SHA1 | 679e607fc5b9e33c06fbe1e6356cee44bf8101c1 |
| SHA256 | a508a690e096b2dd62b5952c5e1ed17db50b21c1c805aa7afa5335d51dca99a5 |
| SHA512 | 0c240aee84fcb53120d1a58d38506ee49ef034e970359206e34a6677bbbca0ff437068401a2f31183ca2b0baf81d8e683485504b35d2099cdbe3f9cad9d3da17 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 6bae9c2d8a575bf2b171b53d5ea625fc |
| SHA1 | ab846c8aa8aecc5e83e7172b226b2c55668cff87 |
| SHA256 | 8cdd36de5b4c2ecdcf23685d0d2089834ba7a52e3b2106a05396523d0b4604b6 |
| SHA512 | 3c29215c893298dd99d8202c3f383e988edf4e9618c2ba0cc4fc1cff896141dc5f7d023237dcfa24d11625aa13fb1b9afe13906f2cfee4b752f4b6a65dced156 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\content-prefs.sqlite
| MD5 | b5acd9cf58ba89e643e7b2e839e0707e |
| SHA1 | 82c2b9cbea4acb50b446b786818287be7b0b8b61 |
| SHA256 | 4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e |
| SHA512 | 1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\favicons.sqlite
| MD5 | ca52cd4db6f606a95833d94ce7efd41d |
| SHA1 | 0634f9de63a192dff1da2bc22626734dcc90a8ab |
| SHA256 | 373273cd25ab85d8231c0b1885d1e6d40ee174f4d8b4b6c0adb11d8d5cc89d56 |
| SHA512 | 952de05d921bc5d10c65974c16a126817db6bc59292654230773dfa3c630f6ec3baebdf2820145bf4cecdf538591e2e33af589b125de148957c6dd43a642cbef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\places.sqlite
| MD5 | 38733559bf860d7df1f30f110efedf26 |
| SHA1 | ee65c4e773ceb07d19f3bfc2b36ef7e0d7bb0911 |
| SHA256 | 077fb6573ae6fb44d60bbf5074efca0abc59b739dc0ff1f1ae118dfb4086a0ff |
| SHA512 | 5c4b7241c26975ae81a7b44e44d8f39cd0495ec5a0f6ef773fae8b446c1d96f2b0ba6c9f8c15b69aa647f2476d70efece9dbaf6b222d71c1daa734c7ef0bd26a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3
| MD5 | 0796bb3a41b98c4a72288a6a33a43762 |
| SHA1 | 3bc29ed12389abd3ede578ae5d870ab5d66508c2 |
| SHA256 | 0894ddd252fb5003b48c208cc8ed727fcace4bf5cb5a1305fa3843937bd5c68a |
| SHA512 | 0f5b1525cb8f78fb556549f41d4bf46ce12b56362e8d4cdb46e1a0f69af347f4a0de8fe6bb8a33f0210bf299f8ac472e07cfc8719b3df50402306e99b9522774 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin
| MD5 | 5457b2c4f7dea72c328cf48a21004d10 |
| SHA1 | 20f9fff7471d56d8e7c7a62c7770acb37fd1097c |
| SHA256 | 6e2d713e85b2da63c73417373c08eb25eed9cb9361f9a465099000acb2514a6f |
| SHA512 | ffbb1745cd08c974120bcf5708b4682a108523c56cfb165130201c6c7252f72cfc7d9a16f023becb95ef0691c1b34f87e5e28bc7add2677ddc73c266176087e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\f0ce64a9-cf7d-4475-988e-897564c03496
| MD5 | e9579fb827d7608ec9471c4c5ec2ce5a |
| SHA1 | ee8754750aef8c6a2dcf097f7d96a4c461eb292e |
| SHA256 | 8da005d97b7e27bfd88e3ba2b1a0507142718180f5ba989d6b2d20c4523799e2 |
| SHA512 | 1301dab7f90e9c046767487d637221ba1bc848d08e3cba77bcdfe97f68ad3d07062fcc185a3572d5101b482767fd9cb6345f3e25cb4e54fca24f79a248d53441 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | f99b4984bd93547ff4ab09d35b9ed6d5 |
| SHA1 | 73bf4d313cb094bb6ead04460da9547106794007 |
| SHA256 | 402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069 |
| SHA512 | cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | bda66ef81b2db81bc12dcf8a4c3fc957 |
| SHA1 | 2e372651ee95b3500e924970a4e7bd81b19ad030 |
| SHA256 | c6b7eceeb823cd1f884d3d439fd13077579f764079766ca77be9bd46e99fd0da |
| SHA512 | 825e7447ff1dffd1a4859af42ff4e2c24816efae9f954598d0e2111c60b7efdfac2141e958a295070cfc3293236bb941693424f23ed65979d0cdba3a41e0909c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\fe9313b3-17c3-4fdc-abbe-c4c0fdf5ecb2
| MD5 | ddd6370778b4e1dcbdf9519a47cd3324 |
| SHA1 | 4e415afc8ae1499739e0ff51962685ed2ad66c16 |
| SHA256 | 0ba0c0c307a62097b320a5c5f0dc9f1314be30fe2fcd92078101f105737a2db6 |
| SHA512 | 7ee760e015bfe3c645961f4b11c35fc70ae4304a1da54d4c5d1897bfa34120b61ee4234213d55cd3a5ccb6efb37227cf7ac155b5fc2f5d9b34f9aa1322ac321e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\08ddad0a-c5c1-4008-a95d-36350cf4725d
| MD5 | 69574da31e9e6c0297839d3d5bc21a29 |
| SHA1 | 159095f6170d76cb6a8ba24465adc723793d867a |
| SHA256 | 0ae96579e06adec1912833061b2aa4dee61743185b84df5e172ee60b43813790 |
| SHA512 | 6a9ae7d6bb476e9840c62fe9740591a424845a9bf6ec50a2470356bc44f840d835babb842756ea940d488732a3d0d783b35ddeb6161c3e713ae0fbdb6e0729e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c8d5195abb4708a8fbf3fc83b8516fc3 |
| SHA1 | 17131558bc9b7e0300d80e9c7d992c43f38395dd |
| SHA256 | bca620a3f7c2559ff422ffbe8d29cfdc61474ae7d4612755465519768a74dca8 |
| SHA512 | 2cd5c78c0d27712b81c4b5591cfe1a2f0da5d4e1ca84992e4be5b175c7d72620e2b486d0de0ce3579479517c80e1c498e7edc323e388d5147f144024469c7502 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\protections.sqlite
| MD5 | 76786a4c0dd19d88d6d3ed95a293bf2f |
| SHA1 | b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7 |
| SHA256 | 1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31 |
| SHA512 | 8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | bdca914948bd46359d9906e6e8b5850c |
| SHA1 | 75f8cf4a0ee8e4a1de7b13bf67d9110ccdba95ff |
| SHA256 | 9e474258d5eeee9d3777e0682be3ce1411c0088f54d18fdedfb5186a0e431b05 |
| SHA512 | 040345884cabb5007f748aac6c1510c2066bdcc561e45c90f689731a770c1299e7afd8886f84e3704223976c4459bf1d467aa836a139926a8716f3dc21019440 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\events\pageload
| MD5 | 32f6abc2df2d6f2ae8750e4363ad4100 |
| SHA1 | 81de341c55065581887c89713fe8e96b069b5534 |
| SHA256 | fc31a782024a8533e511764bc3d18e13422355d5d045041f90bf3a084b0ed4a8 |
| SHA512 | 7f615aff01aa93323e031d637d87b36f42337321ce7f887ff3f691a584df295769062826357420129e9c4a92442c11796bcbe65ad962c765cf2775cf9d8a873f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\events\events
| MD5 | f6ea00fd7fb2f9f90e7b9f71c1bcfd92 |
| SHA1 | db9184345ce3982f8ca3271ddc4ec187fe580d1d |
| SHA256 | 2390c0ef5d75f034ac0275ac43e5874ae75cfcdab8c7c194d68775e8b3392b45 |
| SHA512 | 3db5f318d9722242c1125c5fab1897839c0231b03c8c7eaff573750ac9d1be7253cade825341d17780c52de134b41c7ad4a43a2ee3d6eb1362637ea477fd013a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 89f56e58ba117e506f11b552d1471643 |
| SHA1 | 916a531dbbfa10b93f8c9a6eab122882fd75a0b5 |
| SHA256 | 3dd8be86a3c7175838fc68fa2916d557416daae2a769168f0d0fc6b8d4f0655f |
| SHA512 | 1fa1930915de2bc0979691389855a5cebf1a60761531aa6303626e01dad69cc508b65bfff6e00ea0ad8d4ceb0909e91a5fff19fc5a688e17b49e72c880954205 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js
| MD5 | 3fd4858ad15a9a698db27a7dce2f08fe |
| SHA1 | 39ec0aaf63b7a7dde1488a26b0424957f9e6af07 |
| SHA256 | 2a1fc3ee316d89e504e5970d9593a8537aec54c87580f9c8ca56f1d77095c23a |
| SHA512 | a2c799125f7f70f84ce8f09c96816a1e7fd545c908ff2109dde6f4803802e3d51b6be99c97a1c714b6ec366d71ca2cd08b68f2efdbf0c7046f500689a953582d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 604a05d15a1dfa83f5eeccf142d314aa |
| SHA1 | 7599965a53cb0c8153466c5266141605d14eb863 |
| SHA256 | f64de18bd61353a03ab1e59f98c0ade19b5095926d302a4cf86434e552f8c55d |
| SHA512 | 61b9ff7b325547bfc4c2becf8a8db46c3094e281fdb7d26328cafec28dba8d4b1e9ed6f8bde32cbd1f519c298b09e6e1eaaf8f4d8f5637d0b7c07b77adec264e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\formhistory.sqlite
| MD5 | 6c54222b8ce9e2f0e1dae68f82ce1a05 |
| SHA1 | b3fc25e75a9e5c0355d2096e672b44b62bb194dd |
| SHA256 | ff9b5fe2e079acc8ea9f5b2d1d4167b51020be9418526b24b931b060888d950d |
| SHA512 | f419201042b490988e436990fc1fdc389c47375126c8873e9ea2ef70bf5f42759cc2a397a053234fc38c17aca2e74cc45e2370ee9b6985266c7866dd4d15c7b4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C
| MD5 | 741af7bd9d0823aaef92571e0e71c592 |
| SHA1 | b6d6871812480c1335b2812171aed42fe4fbbc13 |
| SHA256 | a540c61cd9480ffba0b4bc084943b640cb90a04433977dc4d8c6c510cfbb2ce2 |
| SHA512 | d909b0220cb54c303d006568cbf1517ebe069c6aec8e05d9216e7cec392873ded30fcb0a752efc091a4754fc60a82e694b5a1473c01b8374e6ca4e491b412b8b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\default\https+++www.google.com\ls\data.sqlite
| MD5 | 3daf19c933bdd822c370c5ce0d1107dd |
| SHA1 | 078f87b495f9181ee6d1f8c54c25f289f7da55fc |
| SHA256 | acbbdfc262ff01c06c80e44df12a36674f96d0c848e25a76f655711ed6f6f2ea |
| SHA512 | e660e80d043dbf998555a8ef8ac4cadb707a75502eecf192c2232952008b22f493dba711ea8b0b4ee555f7ae5e5e324c8795f50d2f3830773fcd8465b49c245f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\default\https+++www.google.com\ls\usage
| MD5 | 4c428e195a2fad0b912480f1aaa48bf3 |
| SHA1 | 52a8ec75e9ebe26a80438cfa5b234ccd96f24621 |
| SHA256 | 330e0baa0683f9a1187cfcee449c80c8d142c70ed58f6ed5bff634f23f399a8d |
| SHA512 | 795d309afb1c8bd2bb3ffa40ad5632fca3a1a8926143a1592a051ec8667bddcb21d0540fd33a898e4f28bfd65e13ae96693d96b11c13adcae09ff1f415a13ef2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\default\https+++www.google.com\.metadata-v2
| MD5 | fab00fa1804781e421b1b0a3c43b8dfe |
| SHA1 | b66112b5f3823ac801507d0bc3fd5bbb90b612ce |
| SHA256 | 8a1300db5bbe925f465443e6eed15a11b948e8cd34639ab8f0e7ab8b9540183e |
| SHA512 | 7fdb90498e8b259812e2397b5350a173a1e0d67c5ce579f39d2c6abfe5d428917046cb0295aeb5edabbf98d4e0f37a11916a5f96bbdf035ce770efeb5fc3346b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin
| MD5 | b0cd47cd356a36e6b6f2d09e6e7ca82f |
| SHA1 | c978cc89ebae5a96d8b4bbb0614f3546eb66ebe8 |
| SHA256 | 0b71edd6f273cc00c720c244972681fe0f3634b0f05203e9db8707a934a31fec |
| SHA512 | f7b4a19dcf1e6cff2c147b54ffc417c63beffa073a88f20309a7f09fee7fd395f8e1e5cd478646e2c5e9ada3afda1e8c4f3d37150979285f3ed706fd59cecf9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14
| MD5 | 928faa135d293b709b8a355aa57bc094 |
| SHA1 | cc6e9c7478a2c3e8f19a5481866450e81f8a2fe0 |
| SHA256 | 410d24a23afda274f70e22d0523acf6c7643c3e6dc7fb652121c9ce6140d7511 |
| SHA512 | 38186bb348c1c71b4e15cd6cb0f3f5652675a9870e6133ee43987cecee4f0ef33cbc703f1d0e7de993389da9bc809fb7a62bce5cace0b67035f00d6634e3b616 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\EA6D9BDE7E0D49FE4A6CD50D4500CE4E0B32B2D5
| MD5 | 1314430e2e4a799168369e6799e143a4 |
| SHA1 | a84e56deb1b8e44486245dd9a0cb087fc014ee25 |
| SHA256 | 874a8758f6cf9b7031b8c896e9112c1e1d151e15c557cd70b2f9441dfa130a2a |
| SHA512 | 7d386b161c845b3759b607806daf0f2afd12e4c2563c92030506419322cdbb54ff5275e51daa4dd83d400f22dcb62f8f15f1364a74b3438275d6b37bb00ee211 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 651da6207959cf511e16cdebb9b690b3 |
| SHA1 | 83fc19e39f9805c57c30702d2138d5067eaa3fb9 |
| SHA256 | 1d09801462072302dc3963677137e3959714db0fa9add902d1e48756692a9009 |
| SHA512 | a69034df32988f07e2b6f8ecaa9dd074d957f94553798370ed92d551a509f771ad32fd053f3f131204b23abdb906bf8e552db717294ecb1471b17968f4f36a0c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin
| MD5 | e3092a38f584c2fee2a229d23d6c9e30 |
| SHA1 | 626de8fe01cd043abb15fe065b8a87475245a1a6 |
| SHA256 | 9672537944182d749cd290cfe6f2e1a6254b203346238ee1bc3a50559c89c427 |
| SHA512 | 276bd75dea5a2003d4a4f8d79b3679fd8727fab6882d29619b8f5025c502cdc1a5f47fcd4465c77a62ddb170c8d1a5dec746d6396d90a441490711306cc2aeb3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js
| MD5 | c6f3ca63f108b9e6f0fb3d357b8eb63f |
| SHA1 | 66512eb4c2f13addb9fdc3c95f018d0076d4330f |
| SHA256 | 95e87494a3488ac515f0d6197350cc26cc08b16cfed9df61226869c25254cac0 |
| SHA512 | 7df3eca0a54cfd41a35a0390fcec150c41a2dbd6c205d6804f94e9cfa7cccffa256b1598d2152998b78a45ebbe3ebd042c1d90b4a2f25b0a15c99a902f35a4b7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\A73149400505F6C6E59516A03821C85131C5938D
| MD5 | 11403f96dd071468aec1922ed7921a89 |
| SHA1 | f8d45b7a3938372805c3bc78517f4fd6bcec3243 |
| SHA256 | 2869b45e9a5ccf35bed61f252ba39ddd0965bdab29ed6c0266b8fee3a96eca1b |
| SHA512 | f62b4ef951ac4891d337ecc94836788dc413fe79a668a304e8e8885ae7da2dc94abda820519ea33788ed969f638b02f04248ad89100cf3fd10b806a8dcdb41a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\default\https+++wearedevs.net\cache\morgue\245\{cc041e3b-dec8-4d81-8427-ec48017682f5}.final
| MD5 | a1f0f7322e08d29bae25058730fd9e78 |
| SHA1 | 9e99eeeeeb484a581cfc64b4f97241d2dde2c176 |
| SHA256 | 6519c3021515fc48b5901c4b3d0c022b1620f1a9d71992e21bb9295eee3b9517 |
| SHA512 | 8b1dc96c90ba25165cca48ac8cc2566cea5e2680f2481ba08ea5c0c068053bd5169aa5343325d05cb458557774cd414719ea38f132eae6b18e9dd7bbe2b57cba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\2C2CB353008FAA8559773FC209C76F11DDEA3573
| MD5 | 0fc2dae890bdc0432c5b6022bb06590c |
| SHA1 | ebe08287a5a857043e73d79cf96988c50d84afd6 |
| SHA256 | a9eabb355ff9847a3ca1550519ae6577e2926385da6a205cf1f13d429105c0f5 |
| SHA512 | 2bcbffffa465bb578aafd2eed0179ad7deafdb0e9366398c34374580b7fc9ca88609c0d70e33be96d4a1c89ac71a3a1f5c8238a7d0ad9ae4b1343cd3110310b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\B403CD48B9B4A9E6E9DE38291F2B8425CC3BBA9A
| MD5 | 9b9ab2b540798d719d26b205d7b98af7 |
| SHA1 | 57df20c9843178301610de47b8bfa8cd1aea5527 |
| SHA256 | fb70141a57422b498b86701e3859b9589572d3ab0ae9f599fde69fd243c363ad |
| SHA512 | c979fddef37c979d60038c1b2b6959bdf99d18ffa066376bfff7ca4df03499df0aa27cee8920654e66cafe26f9c781c8cb30d81acdab949cc2a349ad09950309 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\009555156ED9F89F57B2FDE1C16F5E63120DB4DF
| MD5 | 87ae0ebae2a1c3f53e838d7ea447cd18 |
| SHA1 | 01280bd68622d3961db6017716fc0b280a6b4b6d |
| SHA256 | 120e5fd6e4e8d88efbed14c960785cab9b1994a3129bc98ceb7313f2507853d6 |
| SHA512 | 5a2135137af90ac0df7260a2586350bc18e52b421db2ecd03ecec98fde4afd81e6c7de73804b79488b16b840e0b6fc51c9ef06d15d2751bb8ea3b7cc7acc1229 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\751348728EB168457C9B1AF6B175D7474AEF4FAA
| MD5 | 1a8cc299b26dc0ff1a82ae3a73c66eaa |
| SHA1 | 798326c228ad8cd898e3f73cdd3b9fc7abf59632 |
| SHA256 | 68c8613631f32ad89d0ac7d31d400f28cc29ab18ef9fda8f663ecde28b02a21a |
| SHA512 | 6b55e130b6d245a2356f106aac625763b524c038a0884651278555549881c50b6c3de515c053d8c4b67248bce86e278167efadd6d8373ea05b8d05c9799a2ef2 |
C:\Users\Admin\Downloads\JJSploit_8.UPjQT9bS.10.11_x64_en-US.msi.part
| MD5 | 190d3be205525ee48e3ca0a3d6fce256 |
| SHA1 | cdf09c9b04b8e6ed1ce6ea017ee821cbd6e53ba5 |
| SHA256 | a6f64d8f09f87379ebb9479366d0ec4a56e60c9c7b2e162af668be2beb9756d9 |
| SHA512 | 28c6251668f14082abc387d1ef8bdc8acb0d62f258ce1d229814092057ee2e7dab3bc585d648a4ce8ebac3bf0dee09842d7defa5df450891347b3aeaca20df09 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 553b726ca05495fa5da038ab26e27f25 |
| SHA1 | f08ed1cb391a8d8a8fccfc01cf7996e8fa5aa9f0 |
| SHA256 | 6bf76f868fe7de0ed982bf0f1d4bad83f60533eeba88b3fd055ea40106ff9bfe |
| SHA512 | cbe0dd824e63892aac354c1f73e83a40d5c723992e85925855ea986ef559e6719c4ed9a53a693f0a1e419bb6df2fe02d1dd145598a4b9f4d1e761623b0962a06 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\213E9B9C0CA79F5ED15BB0E8465CBFABD5DF3A2D
| MD5 | 93fb419b5f60f57a35f54df7f1b4977f |
| SHA1 | 900c483ff93bc77284ee8b0995c10b10dcc6d0a0 |
| SHA256 | c0619301a9a9ebe07c31f73f19313638138c255584c4cdefdb9283327f5dc28b |
| SHA512 | 3dc0d167c62b97673a02c8ace5191c203651bfaffd11a0f7ca4fdadcdb2d9f174f60c26a2ec85920b5d6f1feba0b3c44a7699b0c7e11648bb00f18309223a0a2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\2B16ACC15AA680352D12943E950AB926A085A466
| MD5 | 27b6a03559aa14e4cab6ab431c7c6031 |
| SHA1 | a4c7f59d893041b2b1ffb9d557f6fcfdfa0eb1f1 |
| SHA256 | 301c385ec508bc989581455ff4c4c4ad8353151279771d7f5a3f1c298ce821a9 |
| SHA512 | 98138b6a6a5daae8cec121f8b51c259c7276de7c086017753b51a82b8288c9469b903b63864692cff05ae91fc1c4475b5b58e99af7ee944de118b301f5aea12b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F
| MD5 | 5b585639d5bf7fb2c7d6cb796e7378a5 |
| SHA1 | ee520209637eda3335402fc6232805b1c76d52a4 |
| SHA256 | 2a537831e28262ccb424fdbbc38913338870f65342e22dce767e6739a48d28b9 |
| SHA512 | 8c68e9cab81ec3e604184e6fe5718980aeb30704c61d06546e865cd21b65eac56a1c89a33a768bc50e3182f0a79a85ea1bb1a0e0fdfe6659e52edd999064b75e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\94F72B6F2D0DC3ED340D601AFA278D214906FBC5
| MD5 | 38484e57cb289b10d29f3e969a152b1a |
| SHA1 | dbb77e55b751d032d7456357f31819127b3f9353 |
| SHA256 | f1e00ec32bd01aa1b233bb3bfd910132d5b217d433a987d97912bc81a12b6da5 |
| SHA512 | 504cad65f7f95c4f0fb4a52cc681fee4c42b6d5bf6441600f8d88dfbac3d194f6d115806d7e6691c1305f2a5d8ed814f98c738a42d28681c2e6d835ad599f794 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\CF04E6D390ACCF1C56F9F15C2023E3D3C114BE85
| MD5 | df828bfa5d4fce464476b6874a4ff04b |
| SHA1 | 0fa0f0a21f0f741b2e968e33afe87ddbc3a7a708 |
| SHA256 | c3810a64332eec920e204f89948f2e1db2d66bc928be3ce0ef54038361e01aa8 |
| SHA512 | 44881e63547030adf2d3b2d7b94da8c2e442135e0991bc48dbe591a79b8c153177bd2c81a86651339b2eb1b3d4185d87b1a8fa17f168d59d60624a57f0a06463 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17
| MD5 | fc0d878ade1ec44a3a23fa0fe3cccf16 |
| SHA1 | 3d45e003ba7f086c0c304ae39d47624b33037eff |
| SHA256 | da1e9a6f66bb709416b9720c23836882e3c078ee2fa036b122a8f9041c6d40c3 |
| SHA512 | 85b27baba6f20d6503ceae7e7a63d4ae65a88d6ce7cba706800c32c6ca44fe6ede14b77cca936951ad0792c945c83c7bcd405ce21fe4668582eb79bbf7265237 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | 07d3833ae90e765aa4500e7c8bb94e6d |
| SHA1 | 73541401d581b529615a18b79cc59614b85b2f13 |
| SHA256 | 5fb87fceadd78fd95d88ff521ec179b41935bbde49452840e05b146f88b66081 |
| SHA512 | ef7b65b9fadbc9090f14701e0693965421b3e458831389461a0ce1429531b81bec2ae0e1caced18de5eec0f5f0c7c5cd59de1d7a56b9a9ba0a15a8fbb3306c3f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\F21F53293B85556D4D7282B4E507DC37E6D6037D
| MD5 | 2a3203fa0925c1c347dd7ebf6a19eeb2 |
| SHA1 | 53b8bcfea2a1a13eb17f673690c68ada4f492d8d |
| SHA256 | cbafcf1cc9d01d5e1c0abd972d2f55bb77a64450565618e9cfd753b4e32f1e77 |
| SHA512 | 176f64f2d0811b65281bedc97dae997513dfa605854de64ffdd886845abb2b2ea0ec004b5838812b6c56195f40b09ac3d0770aaa65296e8c8d0da9b7836b7800 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\F0170AF0AA6273CDA9D105CE8905143FE8159A19
| MD5 | 8321aeb763c27676a96c03907799ea7e |
| SHA1 | f5e643dda397ac61ca1aa4eef5c15ac58afd698d |
| SHA256 | 6a98f5fa8508e5e8bb60b5aed375fefaf8e21687abfa7ba16f7f690ecf76226a |
| SHA512 | 8ce28467cd7060196c827aaae255f43447d309044e7beecff311f729d1585f3b30024d5fd3d74744731d8ae185434d6b476d064832b46a65ee018388a9fecc10 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\D8C2CFE0485DFC922614553B1999E8CE09530D68
| MD5 | 26d0387ff765867d9c5da579cac97009 |
| SHA1 | 8956794c6595d326211fa71478f4c84256867b8c |
| SHA256 | e6968512334367f940fdc85d4605d1c69ba65f9153d8454e92b64edbaf554794 |
| SHA512 | 94056a46da2b035d931551a9361d3cefbb80cfa2b4ffb3b38f154f5b38d85e1f365015e91ca20c9382d9962f39c23704700505cf367b1ad66f63cb79ae74651b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48
| MD5 | 55c94b3b485bae37248c31884b399336 |
| SHA1 | ed718a6034fc5a7ef13ef776956ded14bbb0d95f |
| SHA256 | b734ffc26e266a55928d96688004b957c2ea2787bd41e70427d23f2f95fad382 |
| SHA512 | 0979357fdcc29a6b3c4046536a3f1e6fae222ed7f87da93431a9902fbec03ee69c57b0c2b29326758f75232533e029a37e4109983235ce77050d2568f92d447c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\AE6C91A7A94F8219B78F6FB4AEBCFA5DD3A78D91
| MD5 | db4a87f07cd2e5d66a49ebc137ee3749 |
| SHA1 | 8ae3286daa0bba169b80df79208232c5de466f47 |
| SHA256 | e9a1a3553c43f248a9752e54994893960b45d30393ab2ecf5903641794c0e7bb |
| SHA512 | 92f8de9f01944b9c483d5b95916f862bb466cdd85d733865a419db08f02d513f5f9991d947c220c3cffd8097a5389a509bd949c43ce05c642d19281e015a0cac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\A9FB5E6047697568641592A7A75CA6ED3DBF5590
| MD5 | ce7e2c855348fdf2e49f83172cedc78d |
| SHA1 | d7a84be5cd5cb72ddaf2c64cc8ba3813d45cd7be |
| SHA256 | c00da6650c6e53aaeded01041bfec9d2445efc6ced5269e29e0b2cf3402b34e0 |
| SHA512 | 6428f67658cbf63eff04ad03eb083456a64905a7aa56cbaaacd16629a3c24a522b85a8e40319c1831f538fec907c4986a250279503ecde7b06abb84b7def4c4c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8
| MD5 | 074006f4bd025c267fb151b6900653ea |
| SHA1 | 36d00b286eb5c0cd2cc46a5659f298959fbf88cd |
| SHA256 | b92675ab948de1a361093ade3007dae95a36965fec8f656da6b22bb673bb5146 |
| SHA512 | fce82c47de0a3c24eab4418282ac20b9d2f8884032c9862faea931593e0f7f984d60d03492d953875f111e0cbbb45ee4a2161b755310f438dfdf326b8850513a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B
| MD5 | d7806988c9f6d90cf914c7726464f5cb |
| SHA1 | e3cb68422c1d77d4e126df88539afacd2a745db8 |
| SHA256 | f7d7d6dba42b60aa0d7e591bd53aee8a201264b3a0029a7bf4e8b04edb3673df |
| SHA512 | 1e00fd1788e300815b7f07d6ce05bb031c32c9b5e013782f450d07aa8fef87d4402dc165c7bb6eacae3b020dca48891d480be19bb0a787d85dc01a614566c781 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\74B59C6A1551D74BB99E6CB6A45B631D2D390D50
| MD5 | 8b30ca8e10c82546296ad1b54a13f43f |
| SHA1 | 89729f4bef41bb89ce41859d582ae9b46342eef1 |
| SHA256 | bdb403b57deba18e0207c156776f60b051072878b8990d1ea555d49182d5cb55 |
| SHA512 | b375b25432bc83c2a63db3cc7d2d7b4b0d0ba8fb1c9cfb61a06ce593efe40241346198e2f53f2905fa3a69aaf5ad1727ba49962790c43847d0d95cf698ee52a3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6EC2AE770EFC3451D85A600B7DBCCE4A25142850
| MD5 | 49ab10c4ecd4029a048ed0059c05d76c |
| SHA1 | 92cb1887734efbe380c1631bf4931bd912c7a88d |
| SHA256 | 7d10684da427362d8b94cec62eeca5339d06224168145ff1f64fd0bcdd588d39 |
| SHA512 | a6370e48fb808df489960c677ec9aa2205f89bdda0454fb8c3791ec130d33a22694088c30dfaa0f0dcd8a87c09ca3aa475e91084e4be6d14864dfcafda06cef3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\6EA2823892BE2B04EC41A4EDD4AA4E811A006311
| MD5 | e93ce2f43c5d69aae7fc869c0366f2d4 |
| SHA1 | cea539b577f1a6bfc8de1009c72db36ff5d1bbbd |
| SHA256 | fdc7030919fa2c69d2c0da68bacbfa74460dadbabb652ca9a7a2d2771d150649 |
| SHA512 | 3ab4dd21302fa2d3bc38c0e33c384c943439d9c0119fedecb0f3161be4c1f8d3d028bf5a0dfb3a7ddf97f8824de569d56a61cd08d9a90e65dd78a1cfe8c63a06 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\5EFB7B0E6074226F79A8AA9919C3E295081C6B61
| MD5 | 2a14050dfcb318ac6cdb4085a7c8355c |
| SHA1 | f806cd5a1d3d49d4806873fc6caeb6b60bdcb1d7 |
| SHA256 | ac130d251043ec63448456e02e0403edc2216edf69add714230668d398ced22b |
| SHA512 | dcef6507e50ee28e4f0738e40bac03d047e5c3fec0d35dcea22cf627380306a11a0b7fb141d7c76b9373c694ce42520f2c87ae459a8fec7d4fa1a72a30b1da51 |
C:\Users\Admin\AppData\Local\Temp\MSIBF7E.tmp
| MD5 | cfbb8568bd3711a97e6124c56fcfa8d9 |
| SHA1 | d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57 |
| SHA256 | 7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc |
| SHA512 | 860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f67e249ec6652aff0b3adeeccd1c0710 |
| SHA1 | e9efbca74b2236b3c361316ecdc741e84eb6196e |
| SHA256 | 5f1b34b699b2278515d979aa45e43f616564bac20d690452181995764351f453 |
| SHA512 | c2e7ee1d1b10193f7f5f50beea19386f6152e5455916d0d078fd87c06e9d012eb5d74e4041529f8b063e656008f11d0d10e376dbd1c9c902121a8bc343087e0a |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk~RFe59f0de.TMP
| MD5 | 9db325099e7e85655bea602d6f67146a |
| SHA1 | 1cdc7c325bfc70de0aaa4e94efe9d1af5a63aec8 |
| SHA256 | 8eae9251c7e58a7df7aa662a0a1ad67be684d8f89452e804e25fb8e4bdbffef3 |
| SHA512 | 8f8bf94150fc21db5bf596720e841bc1de1cb56eb880871525a76b46a4ff73aa8a7346bcd1f705b715dbc705d1d14b3ad885904cf69dc6bce15d43b65b61a8e1 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk
| MD5 | fb6f0088621ca552ca8c180d11b9e4ed |
| SHA1 | 05ca663f979f6598ff05d741082a2b9df026508d |
| SHA256 | e56e02e8b255cee7ae99a63baa8789334db253c74c5359d2d69bc1607a63968a |
| SHA512 | 256636f4e84b291c79354871b245ac86a5b1afd74229ba6b58a29be6a9faffdcf88ddc37ae55bfac8fe9a7cf9d8c725fb85d0fe5b244d6cf288e86704abe0e94 |
C:\Program Files\JJSploit\JJSploit.exe
| MD5 | 3d1cefc5a3c89bf73a020ddfe0f692a8 |
| SHA1 | 98204ac266cdca20a8a53c45eac5f8a066c7ee94 |
| SHA256 | e346d6542b0e696e068773b6769b3004f8cdef78e5812a5d00a1c7e0a9b17f56 |
| SHA512 | ef2f3541fc26d916f4364499c11bdf8500d3f6c6d55c6f785ab22ed3fe601fddec7b25e67993737140b579d2514f0bcb94d3715cd997ef4720365036014a1528 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qhwdngfd.myq.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5152-1560-0x0000025EFBBC0000-0x0000025EFBBE2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | 431a51d6443439e7c3063c36e18e87d6 |
| SHA1 | 5d704eb554c78f13b7a07c90e14d65f74b590e3a |
| SHA256 | 726732c59f91424e8fb9280c1e773e1db72c8607ad110113bc62c67c452154a6 |
| SHA512 | 495d60ad05d1fadb2abd827d778fe94132e5bfc2ae5355e03f2551cd7a879acf50cc0526990e4ccde93bf4eff65f07953035b93cc435f743001f21b017cbfdfd |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 35a79bd6de650d2c0988674344bf698b |
| SHA1 | a0635c38472f8cc0641ceb39c148383619d221dd |
| SHA256 | a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1 |
| SHA512 | afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 5c7e8f14eb2ffc92a4a84cd6a25f7a28 |
| SHA1 | c189f3236d8ab06da506399a0f5d4986dff32a2e |
| SHA256 | d24cc8911d60df4a2129a49e034c8f5b5fe39ea3f72d33b92e720c1ace212623 |
| SHA512 | 333db39ce9c81651445c739e7eb570fc3f04ae6d9cfeb0d9980b9fedbae97f98218670ef647ad0b904a2123422f207ccf833911e7a3b3ac36593f5712fdb524e |
memory/4020-1717-0x0000000000BA0000-0x0000000000BD5000-memory.dmp
memory/4020-1718-0x0000000073F20000-0x0000000074146000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a89a5327c5e274320fc9b48a938640e2 |
| SHA1 | 5941bb8f711303d51661434b72c729c2bb378249 |
| SHA256 | b0ccd4adde589e49f95a4c0f48c5b4344321293ae4c03b24124003d87a52d174 |
| SHA512 | 926140c021b5487d1ee30b2697a1a640fbe6349f6d51090e2b4ef964b124aa3df33b6c4b63335f55413879d031506a662bc0775500017b8c4e8b3617dbbaec10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c0e54baf100740dc84563b13a8bf4a0f |
| SHA1 | a9cf049cde7f0c8726206a9130522d8106d259f7 |
| SHA256 | 5db96473d61650cd0f4812ca4870440009918d16470ddfa8a34e24f65cd568b2 |
| SHA512 | fb7d60a13b072d530ae5a34180705d0281ca1e760e49c9fd7ddd7c46ad2cf7aa97d5dff6089f5ae5ebebdd9f086ecc116c95ae6141a28ffbed1ae34868052d21 |
memory/4020-1762-0x0000000073F20000-0x0000000074146000-memory.dmp