Analysis Overview
SHA256
3d21905f6d25412c3dd3862a9d00e2f0a26631ea061fea39ec8ceaa61a468ac2
Threat Level: Known bad
The file Rain Sucked Up.weathersandbox was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Disables RegEdit via registry modification
Drops file in Drivers directory
Downloads MZ/PE file
Disables Task Manager via registry modification
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Modifies system executable filetype association
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops desktop.ini file(s)
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Access Token Manipulation: Create Process with Token
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
System policy modification
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies Control Panel
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
NTFS ADS
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-27 17:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-27 17:20
Reported
2024-12-27 17:26
Platform
win10v2004-20241007-en
Max time kernel
301s
Max time network
303s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\"" | C:\Windows\System32\wscript.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\System32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Gnil.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BossDaMajor.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3EBB.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BossDaMajor.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3EBB.tmp\eulascr.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\reStart.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\WinLogon.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\default.txt | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\creepysound.mp3 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\f11.mp4 | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Launcher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Doll_patch.xml | C:\Windows\System32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\DreS_X.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\CPUUsage.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\def_resource\Skullcur.cur | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\mrsmajorlauncher.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\mrsmajor\MrsMjrGui.exe | C:\Windows\system32\wscript.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BossDaMajor.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\wscript.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\BossDaMajor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Cursors | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" | C:\Windows\System32\wscript.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "162" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.weathersandbox\ = "weathersandbox_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\weathersandbox_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\.weathersandbox | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\weathersandbox_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\weathersandbox_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\System32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" | C:\Windows\System32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{FCB5FC35-ACD2-4523-BD9C-97FB897E50BC} | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\weathersandbox_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\weathersandbox_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BossDaMajor.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\System32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\System32\wscript.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Rain Sucked Up.weathersandbox"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Rain Sucked Up.weathersandbox"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Rain Sucked Up.weathersandbox"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b1a63ed-9f7a-4a0c-a639-edacaa540783} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4e8ab67-6cb4-4373-b0ac-caa699252a97} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 3060 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b29c82c-b27a-47ba-b36c-47b75f638116} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3616 -childID 2 -isForBrowser -prefsHandle 1656 -prefMapHandle 1580 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1d09e87-9e11-4b3b-b159-ffd13a71652c} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4976 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4824 -prefMapHandle 4972 -prefsLen 33298 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b17ac990-cd27-4238-86b7-0a019242fe90} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 3 -isForBrowser -prefsHandle 5572 -prefMapHandle 5568 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {737ea630-36df-492a-841d-211e67dc0b69} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 3680 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb634c38-bf57-4f70-b60f-d3d96d4ad322} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5900 -childID 5 -isForBrowser -prefsHandle 5976 -prefMapHandle 5972 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5017ebf0-7280-4dfc-b1c6-c535c5081f9b} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Rain Sucked Up.weathersandbox"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Rain Sucked Up.weathersandbox"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Rain Sucked Up.weathersandbox"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Rain Sucked Up.weathersandbox"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1820 -parentBuildID 20240401114208 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60176d05-ce1e-4504-b83d-73afc31c71b1} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2172 -parentBuildID 20240401114208 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02ad43a7-52f1-485e-a804-7ea918468d30} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2732 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3420 -prefsLen 25630 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a555864-9ff7-4783-a289-7ee0873a81fd} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3404 -childID 2 -isForBrowser -prefsHandle 3156 -prefMapHandle 3196 -prefsLen 26499 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f1c663f-f4f5-452c-b9f8-6a2ea48e359a} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1288 -childID 3 -isForBrowser -prefsHandle 1284 -prefMapHandle 944 -prefsLen 27842 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85233c16-96ed-47bf-b399-2078389c02ad} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5040 -parentBuildID 20240401114208 -prefsHandle 5148 -prefMapHandle 3364 -prefsLen 33993 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cc3e15b-2215-4093-811f-69cffa9e7c65} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3768 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2632 -prefMapHandle 2848 -prefsLen 38813 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d37715ee-cae4-4da6-80c2-5be61b898aea} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3480 -childID 4 -isForBrowser -prefsHandle 3232 -prefMapHandle 3476 -prefsLen 32850 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19e1949c-22ae-4a3c-9e0c-17262abc599b} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 32850 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03fa085e-bf2a-4247-bb60-a7928c105b4b} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5880 -childID 6 -isForBrowser -prefsHandle 5804 -prefMapHandle 5808 -prefsLen 32850 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58a83742-a65f-4b39-bc0f-dcee683858e6} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6040 -childID 7 -isForBrowser -prefsHandle 5808 -prefMapHandle 5896 -prefsLen 32850 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfd3b789-78a8-4dbd-9468-fb79079d6e01} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6148 -childID 8 -isForBrowser -prefsHandle 4720 -prefMapHandle 4076 -prefsLen 33072 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5088bc89-9164-41fa-a7c0-56e4caa8a345} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 9 -isForBrowser -prefsHandle 5492 -prefMapHandle 5480 -prefsLen 33848 -prefMapSize 241207 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c46c39-a7c8-4ac1-91d3-af1d89f1a2d4} 5168 "\\.\pipe\gecko-crash-server-pipe.5168" tab
C:\Users\Admin\Downloads\Gnil.exe
"C:\Users\Admin\Downloads\Gnil.exe"
C:\Windows\SysWOW64\drivers\spoclsv.exe
C:\Windows\system32\drivers\spoclsv.exe
C:\Users\Admin\Downloads\Gnil.exe
"C:\Users\Admin\Downloads\Gnil.exe"
C:\Windows\SysWOW64\drivers\spoclsv.exe
C:\Windows\system32\drivers\spoclsv.exe
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\3EBB.tmp\3EBC.tmp\3EBD.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\3EBB.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\3EBB.tmp\eulascr.exe"
C:\Users\Admin\Downloads\BossDaMajor.exe
"C:\Users\Admin\Downloads\BossDaMajor.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\BE5C.vbs
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x48c
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 03
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3887855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 99.159.232.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:54214 | tcp | |
| N/A | 127.0.0.1:54222 | tcp | |
| N/A | 127.0.0.1:54638 | tcp | |
| N/A | 127.0.0.1:54649 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| FR | 172.217.20.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 216.58.215.49:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| FR | 216.58.213.74:443 | ogads-pa.googleapis.com | tcp |
| FR | 216.58.213.74:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| FR | 216.58.215.49:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| FR | 216.58.213.74:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.75.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.75.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 142.250.201.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 142.250.201.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 142.250.201.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 142.250.201.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 142.250.201.174:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 142.250.201.174:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 142.250.179.99:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 216.58.215.49:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 216.58.213.74:443 | ogads-pa.googleapis.com | udp |
| FR | 142.250.179.99:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | glb-db52c2cf8be544.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| FR | 142.250.75.238:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| FR | 142.250.74.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 225.74.250.142.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\fbca62dc-3623-4c72-b1fe-d010334d1539
| MD5 | 86e2f2606de857abc9a7ec2c7042270c |
| SHA1 | 21795606a94e81772b8faec82102fb06fdf6d243 |
| SHA256 | d1dfc814d7b6c3af3fe29f960f23d75e84d478d307b948d910c13243c1b9b6f7 |
| SHA512 | f50a4ba9c7753073dbca52fd9dacf7bd5c216ae138167fea0f09572815fbc43877461234c0774740cc9fcaba5aef3fe182dc6ef8e11c01cc9de3d2cadcdc0043 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\e71d00c4-6bb8-418a-8653-b3c56dd92382
| MD5 | 3064bffd37df669839b6179f72f1432c |
| SHA1 | cf89750a5e6cc049a814348a41ca7b13baa75558 |
| SHA256 | e14e6c8af272e377d78ff6b00dc12a458ff906e1e1ef1dcf055dadaf743c013c |
| SHA512 | de02ccf5237d982d6603659ccf155434d084c53f892fe018edb3fe4fecfd06c4e6b6647032406be6874d28cbf6b40d72a33d7fbb0152b40a30ad597156217564 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e0951b4ed3fa62123df518d3d253b039 |
| SHA1 | 5ec93d3f0fc5eb6ae3198de797502630c74cf0c0 |
| SHA256 | a999b3d14c6ce34bff2638f90d827a6025a10c066f84b8eb4b6d5d5dcf1a22aa |
| SHA512 | cd1e0f0acc6cd60e23337ea95d7c96a9cba1404c314883e802f1ed25cd596ae5b449b2bd4f70dfa4710d889114a38a7d2e15b122b89b4b7a9845a09d0998b296 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json
| MD5 | d9d65953f324c8d3cb940aad925c755a |
| SHA1 | f0854c170ee876d8f7b44c9951e6f6daa32d3d88 |
| SHA256 | 16229971d4597cc36893358aba6f5f3b2d4e1de218f4b02569fd3a57f7e2f34a |
| SHA512 | 164f75d8feb8b59c7440bcfb509858857a64aab90ff3bd766c1c194a71bf933c50be18fb0a069accce0048b0f25e0a2204b2d7f2c512f322939ccb2669b9229e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\008641f9-b336-4867-8235-402f196b40dd
| MD5 | 80a3c9fe4239eb3b1d53d47cf54f39e0 |
| SHA1 | 1e441c36ce6320733c86b1ec09ccabb6bea60872 |
| SHA256 | 5128038b783627049044c8c6fd20a0bde17e615c88eafe8e70080d9a2daafd04 |
| SHA512 | d26ef4515f23abc42d85b3f3101b27c3c4622893a4fdc12511ea7115f56b409c6a689b874c39ddecc71d4397c2df77a2e519fced9ab60b0d1502674ac737be81 |
C:\Users\Admin\Downloads\IhjFYQZl.weathersandbox.part
| MD5 | c229aa159dce2877a55cd579ac8edfcf |
| SHA1 | 6898ef0910f8c346ebcbbdbf840a4198fdd69339 |
| SHA256 | 3d21905f6d25412c3dd3862a9d00e2f0a26631ea061fea39ec8ceaa61a468ac2 |
| SHA512 | 12aa38200fd667e05bd53a963d89f06fdd1ea00e9edb55f18a1cb414e11e73626c97fa778b2b7f76803956d94abc3e813ebd5fa614012c298bd46b99b2d11e6f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin
| MD5 | 4cea105199fcd5ca210b36d9ac860e02 |
| SHA1 | ac1e743f231a36daa56343d492f2e1367dc6e729 |
| SHA256 | b357b3fde260a6e99076862128e9126b509bfad11e4d40848349d1fc48e50f05 |
| SHA512 | 36d64819989fa772db74a52ec5b47336ee26f3eecb37489c99235c9340b73cd6a3fe52d6ad984cc8934ca460d2e019602559efe0538f245c385d98d955da81cb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js
| MD5 | cb625cba421d6277f5f109d0692f0f26 |
| SHA1 | 4e765c8f80dc273c2c189842ca1b6317eb3de225 |
| SHA256 | 288d4ac1bac9eacf28d22255520d5269374b31e257fda093e2e5d8cb34690282 |
| SHA512 | c802e58a2049b0e01ced6ad7b1932823e685861eee1bddae2486a807030d3534bbc3204522f12c115c6e70c06d00e9a8e0b3f2bedd93a165852a867a7ca9e0fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin
| MD5 | 412d46b6fb9076b46f6855ade62b7b14 |
| SHA1 | 674088f4d360e170b76c5a15a5eae4606b8715cc |
| SHA256 | c7f80f011f475097a923a7fba53bc2895a3e8d3b1a10a928e8537fafdb4d81ca |
| SHA512 | 6b51a9552b37721d35221219232cc82e95a4b09c6aa7bd6abb00ee94e4255394d3a34a6745774293a00bd6a58ab63460993374e9645e4bab05db6c8e59e890af |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js
| MD5 | a104f516c31c597a3b0cad2c74d40bd9 |
| SHA1 | 8564a93b3b948a6e4fac45a6c559ffee14681924 |
| SHA256 | 028b287bc05988386d2de838fa26a765d9d5f81645ddac677b83b706e6b98923 |
| SHA512 | 285b576850ddfffde654f5bedbb3cfa8f30263012a875e4ddbdb1f2bbfec5e9e8c99f06146a5602778484c9c79010afd563090120c3c3714b151066274bd4879 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js
| MD5 | b2c5ae020842b7b64c9155e5360d1abe |
| SHA1 | 8ed1bb1a07d3ec11d0b0226f8e271e8162183ad8 |
| SHA256 | fa598b40ece16e64b2c448056e64b48877c9bacc9b4a460e5e2d8fd1dc1ad009 |
| SHA512 | 459140647834d8eb66cab090e2ae996b23ba072bf10356b2618d329cfb04835b3e1b36cbc6f6c7c580c17872487b7ae86c8e6a91d699cebbd31c589af2a1dc88 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\places.sqlite
| MD5 | b8f18e5859cf8380e763f7accdea5473 |
| SHA1 | 82402430dd2e2b5e973a17574d2349f12831a182 |
| SHA256 | 8751d5fdd06ef7d563915535411a456e460e05dadf83eb38668d33047a87bbdb |
| SHA512 | 671037e65effedcfa6cd23fc0cc6e4b27639aa5d2d037e271d625f28b715aafb275fe2c394349b5b73b053ee5440df06f4eec84287482a31825bec3dfe276fa8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\places.sqlite-wal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore.jsonlz4
| MD5 | 13c485264883bdff23b05c5f1f36643f |
| SHA1 | 7b543a35f01f57c07993d6f1702a03d5f9741995 |
| SHA256 | 70726fa78416f401a2ba5ad18399049e0428764bf4ba2d7f19133a62e758ac7f |
| SHA512 | 5f80028d2326b52feb749e3e9bf53a0e462fd4fb32abe27203d0664dce48c4c0529895c6a4aba309a96ce7fb781c56f308d3a9824f8ef2eab72c02a0f9528ae6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js
| MD5 | 3359d593aa449ffa035d5a15db3cd33d |
| SHA1 | 6c3fb6a3908be14eec18c969e98d08326a4368da |
| SHA256 | 6d457864b782b076bc6748bafbd6a9fdeeb85b289d9464a3fb3ee6a115da97f8 |
| SHA512 | cf5e081a902572fbd5db1d5ad1f9068ec0ada99fa83110bd9dca5f4ed4a81f4325c3fe38617ed05e8b6aa2c93f1834c583bde7a3d4d2979128d895ba5438b579 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\content-prefs.sqlite
| MD5 | b5acd9cf58ba89e643e7b2e839e0707e |
| SHA1 | 82c2b9cbea4acb50b446b786818287be7b0b8b61 |
| SHA256 | 4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e |
| SHA512 | 1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 81afd74b8393aaa4a7af4a0f9dc3a4bf |
| SHA1 | f56e2dbb3506d338f2b6e417ece5de2a8e0fcf85 |
| SHA256 | 3b37f7e8810229cb1cf298ec0ab79622e27d585124ed30c5e5f36ea7ae5e7c7e |
| SHA512 | 9f3433b947e27448765d28808e5d7bbb50f32f531fc2adaf2c1e81834ed2e58ece7024be3e6b21c3b8c52e502833e768d60368ad48b57a8d0c659cfcae82f755 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\events\events
| MD5 | defbf00981795a992d85fe5a8925f8af |
| SHA1 | 796910412264ffafc35a3402f2fc1d24236a7752 |
| SHA256 | db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d |
| SHA512 | d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\SiteSecurityServiceState.bin
| MD5 | b2f5761281e78e5c83a2525d48e91800 |
| SHA1 | 8530e9b6c2bfbf25129655fa36b90bcb99c0a749 |
| SHA256 | 678bcaa68553cb004238a7bae4fe48bd6db8d36cb80b70bf03db1b73fb043a4e |
| SHA512 | 3219b2445397109ee29383fcd960997b1c5e506f8fdb1f75be7066532c97b656fa52ba2ce80490f7cf2bb4cbb9087ee73acddac4c1178c8caa1d810b83bc8ec1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\startupCache\webext.sc.lz4
| MD5 | 126798c0032616f45514340eaa10b994 |
| SHA1 | 28ca874474684703dbb643a444d7417c9f80de8f |
| SHA256 | 1dad14abc4eeedec39933cd0b58782f4963d8490f3447dfc2c1ba9bfab765fe9 |
| SHA512 | a8c7eebbf3d1aa828475b5d4ce37de8abe257d5195f9f043ea82e24f957f9d3d74649377c35cb11b1f5a9f2b23fb66bd864e3fce627a8c8aaae62b2a1d426712 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\startupCache\urlCache.bin
| MD5 | f0bc0772d1e5c2c45fa49dd20f37f49d |
| SHA1 | 30ac599faf9ed692d34ec28d087b6f28dbb7a201 |
| SHA256 | 64d95ec8235cdc8f12481250a6cc59e3d5b929100d4afb8ad1bd2690a1522c37 |
| SHA512 | fa4ce4ca41d3c600e3742493df23ec27de744f7dad6b1084677a4f04e6e4555cb211070c2ac4f17fce9ce119242ac0b86921f88ad2a40a82e6fc2b4102cd6269 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\startupCache\scriptCache.bin
| MD5 | 170b7b37fe29fad9bfcfa7c1c088f224 |
| SHA1 | 9ba31b560ef0a82af19a3bb42e81bdd99c70329c |
| SHA256 | c96a8dccafb859585ae713cec98683dbbc9a67119ef5a3b3136f69765baf33e3 |
| SHA512 | 261975e1cc65784da3ced5f744f3e09bd83bf3302b9ab84a8474e10d8feb15fea4fb7e2c7afce97e4b521b83f0a7000d62ecea7851ad2be0e58c1845b17b05fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\startupCache\scriptCache-child.bin
| MD5 | 182245e2424abb1498c41041be3c7716 |
| SHA1 | 324e21d1e74adbb55071c9df79892aece754fbeb |
| SHA256 | 42ff48fd0bc943147ca7ab52d3b46d1beeef06aaec775c33e302effdda976506 |
| SHA512 | f28def2b4ce4b8e5ca627904589717d3d5f9643b90cddcb979475c02d25a97cc30818e0c36184c8d83c3b74624a2e3f0745dddca67a0e7c37314baa86ebfb885 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | 7be5def353b8645332df2afc2a2cbb29 |
| SHA1 | 57c45d0db3d4654b2e427aa6d0d428e61a77d71f |
| SHA256 | 6fc8fbefd1e78e984ba061ce304d9af20fc08f0489ba0243564483b9f0e7f37d |
| SHA512 | 01fb8f9e145e73476169277fd037e2909d1e8784e235b63caae87e8cbe19bb3bce819276d88f6ae83a97701ec2fa1ddf96944f0b9061e98df0a35aac9db74472 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\D49E954446CEE917A204471518A37B68E94BF628
| MD5 | ed50d4d8f56b5c7ea73f15ddf30e079e |
| SHA1 | a580175c866886da42569da5ee41bf127c18be84 |
| SHA256 | 827f2d329f434ff6ef2469639a2f2d48de6a49933b2ca0256216463c84061851 |
| SHA512 | 643026f0d88988c983a225b6b2790fc0a44064b31b84ec59881186deadcb7abf4aa85beb91903f48422e79e39eb0a44eec482071e15c0971c027eca7056ecdb0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F
| MD5 | 99a8872d4cc58025081e840fb53a9fe5 |
| SHA1 | 2dd6df08cd15436057abe90b59eff5f8102eaa5a |
| SHA256 | 2840fdb049fee6fea9b2a911a8c82271717152a68183b35fbec3069ed1b141ec |
| SHA512 | 20a13b660ba8c7d2f039c7109a4994f134e21456faa3181cd7a313f8585d5dd4967fc55a8a4ef685f080131b6775852823dfa798a637c65029ec119e13117643 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 355de9a8b519e1c0f24444c7baa17c8f |
| SHA1 | 45b7f607462b90e90319ebf3addea8ffe47dbebd |
| SHA256 | 354030d9a994f3157bf9c2ec955399b28d4ef5972075df04d4d6253fba522c19 |
| SHA512 | ee3ec58d3ee390d65350cd0ac006494838ca58d6f79c18c4f4dde24deb2af5bdfff2f7b30f307146a74f57a400357af99a81d808858b69d844e0ad82180972e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\37373F56CBD822F5FCF64BA01E1320A0924D8460
| MD5 | d44d3ca1497954f74f7e51be3a4e49ae |
| SHA1 | 972cb881af998d1aea04e1b14606ae5e16dca584 |
| SHA256 | ffc1cec33fb53132868e313d2c301de8da324d79d5f6a5f8811bb7cdd52e7ce8 |
| SHA512 | aa1bafd3e462fe20a6521222fa516bc2f471de70d924a02a39ac4a0bae5995adc318d283052684e258696ff15e068425df98d1d03c8dc74f4c100463ea60a099 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 9aae586f5731e90fb0dd1300633dc66c |
| SHA1 | 7240ef1e96b168690bbcbe30702d35886ec12f3a |
| SHA256 | f4ecff25aaec5e772a8bf5f4e5b631575a250655ccbf85ae2f3f7288f7ed3133 |
| SHA512 | e3660e43df746a6aa632ae8bf7a6afcc1934e48bd12a7cfbbf8e3a146853d589410ab9fc5da8189259cb8dc47e9734cbf8d573f6f12063cd6c511915242eeb4a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3
| MD5 | 24997d11bb09b1579d16eeb3b5ee8362 |
| SHA1 | 12be610107d1c5cc2fd9a07658f72863a8dca1e4 |
| SHA256 | 37aeba4cc19ef266f9c95774273c01db71fbf02138626f2fff406ceaa8b7a939 |
| SHA512 | a9c2ab07999096161a1b9ee533bef041d15dfb0c6d7fee579f5bf51a0a1e736fc5a3f814a7bee3252dc715e25920ef6fb746789342355ecc33429b4e8da03f42 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\targeting.snapshot.json
| MD5 | 646291e7869078bfb451e8c44da0dcea |
| SHA1 | 2041ece6addd461e0b181f47a818d9fa91c2366d |
| SHA256 | caeb0b9b606f9f994f7021020ffd6de23ed68c87561d265ce3100471f24fe17f |
| SHA512 | ffebc08ded9a3d7e1d739d3840461f1548fae8d32690c7c559d5d3ac6f9894ec66169b5e0ea88e04009038a33824d9ca630aead456510f3e8cd6c7114f9c921f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 66dc202f321d33e3a994f17e4fbef451 |
| SHA1 | 131e2982593704c36439c4ea432b8ad1aeec2682 |
| SHA256 | 9b586971d1ad031c8063c22cf1fd40a5b6710e78f9f0af5bd1e5b17a68c4abc9 |
| SHA512 | 6087e220b27f4254e18a8a521b00aee6d3c820efb19ddbaf01dbdab31fb97954c6ee63fc5238d681aec24d079dbeeb8177111b19f3cefcf5c1926baf97a32411 |
C:\Users\Admin\Desktop\Old Firefox Data\6ir3v68x.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
| MD5 | b7c14ec6110fa820ca6b65f5aec85911 |
| SHA1 | 608eeb7488042453c9ca40f7e1398fc1a270f3f4 |
| SHA256 | fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb |
| SHA512 | d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0 |
C:\Users\Admin\Desktop\Old Firefox Data\6ir3v68x.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
| MD5 | e64a92cd69822892c752f68affa36b57 |
| SHA1 | cacd157ba2efef4a0de409dac98ea6c8fe8ece27 |
| SHA256 | df58217d4a0a4bf8bad49c350bf345a03153752977208b3b3f62536b03b73170 |
| SHA512 | 58f7255d4d65a5300a957f0603affc824bf8c460d21ce9a26d465a1f0ab4eb72fe26c17d8d44b314ca4335eb93624ae07aa37eb6c58217e387ab8feecdb3e02b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | de271fe0c12655104538234216a5a8b2 |
| SHA1 | 3f5000611ea2c1aa95903273e1cd448f159a249d |
| SHA256 | e6322108ba0dd65b18381482ffbc38212ea9923ddcaf58d3d81ff114cfa28f72 |
| SHA512 | eb3dc2f9ffc0741911ac3bbf9751e067d8bf759b217edd1aa9239eba9eb6a51bd9b9ae9c485b2db951ae8df205661b7917b53fbd5fc6298e7508edf7e66e6d50 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\protections.sqlite
| MD5 | d7e5433a87ae3a30de4ab9adc47023bf |
| SHA1 | 4edaec48083abd90bc532ba8dd015fe209b0e439 |
| SHA256 | c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e |
| SHA512 | 9b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\xulstore.json
| MD5 | 3c7edbdeecdb47fba617e3d03c36b0d3 |
| SHA1 | 53628ce8c5170810fabafab8e001bfd971d47825 |
| SHA256 | c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04 |
| SHA512 | bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\prefs.js
| MD5 | 3df508784804ed9673973a58826fd607 |
| SHA1 | 04483d8d484e527fbf956313adadb9de8f6206b2 |
| SHA256 | aa56122fa8f37922711ff1de01c47cb2ed898750dbed54a12e86da6944300f85 |
| SHA512 | cde7101934309ec21d67c9bc4b6c9b898e748a48cc76505162984fea95b1af8bc7f346d240d4ee581211fc1158cf302e709ae43d163001c790237c101e574e41 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\key4.db
| MD5 | 3e92cba80956f0b249c06eabd105c5e3 |
| SHA1 | fefcfa15e05d93cde098b3abbfb5e32f096c0872 |
| SHA256 | 9c8415646e8eecb8bccb4ab2b9672485468a8d77b5d2a26be8421cf38100140e |
| SHA512 | e7a4e56fb36f852e8faeb48cba6203f3c040b9d82a8e42bd2c53c16cbf12ca4d86456d2706a812f8ce7ccee9594eac0e91eab0a55598825a7a34198de92dfb7a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 63038e1eb5ded9e9180b84ce2d85657a |
| SHA1 | f4a8586926e004690f1981636aacf4dc09f6bfc0 |
| SHA256 | f500bdc59cc3ad0ee18447d5ceb262e73e4fd1147987d89150e295cd9cc7c212 |
| SHA512 | ccb165fe3adc977bbc1e703af3ef5181ba52b21a04181f1cbd90fc1333144d3dc74c6f9e3f51b1c2cc57f85c634da2bae8a6db72ab955e155f875548115b0bf2 |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
| MD5 | 7d1d7e1db5d8d862de24415d9ec9aca4 |
| SHA1 | f4cdc5511c299005e775dc602e611b9c67a97c78 |
| SHA256 | ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda |
| SHA512 | 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\db\data.safe.tmp
| MD5 | 22964538ba87a318fb244aba78b852a7 |
| SHA1 | e2f43caaaa3fe0ecee7e93b5d859fba749349267 |
| SHA256 | f7fa1e08708e3603d5645f46d988f5b4ef2657ab8ef3f966452a650fe214732a |
| SHA512 | 80b4e100f2b11cb258a45bcc2fa8550c51b14fbc147eaa6be22ba2fcb4c2a4b461e7517282a207e0831a75d15b8c0813406b2cc8f5a0afe7b7b655e57b2765f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\pending_pings\fdd8b4ef-adde-4d16-b61d-8a8de2e02087
| MD5 | 08edbdb8d3cf2d1b2a9bf7137f78df8f |
| SHA1 | 9e9622a419c121546f121f0d2cab5098241d09f4 |
| SHA256 | 06487e1769bfd748d90048f02df539106657e8eedd2c5cc88a97682b6f2c0502 |
| SHA512 | 13f183c1d94c96efdf7de264cbee5f41541248ab6515a619841319d2bad7e3d16648a978be3276605e1b111112a1237a786ea5b4341e3dcc8490c90da94da630 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\db\data.safe.tmp
| MD5 | 7c3848621e310c63ff95489a18169f17 |
| SHA1 | 0e359a581e6d612a4827a85c5f8c1f0b65ee51a7 |
| SHA256 | 2082c5954b30429f590c1131c2ec5743032a6d869f4e056d31537e9082d25617 |
| SHA512 | ee9e707f71935f3868b06d3337edda3e779eb5b72b215a254c78659ba78fc92227117dc63fd5b85a4b73d76971a4754b13ba29002d79d917af94e9734fa1ed06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\db\data.safe.tmp
| MD5 | e48c5b26ec9d4a4d1c8c9fb957321b4b |
| SHA1 | 2435befa4b1750899fcec5a1522faacb2129a82d |
| SHA256 | f30e252a22dae8d15ac73ca3db6f1581bd97078396599e3115494aec4be8315e |
| SHA512 | c54c339d9b79f1caa55e5460b7234a7d776c3834cd18af2907af7f79f1ab33ffedfadfb5919bc3a73ac09a364c1ab7f94b1c5ec4d378c097cb62bb9b3cd7b062 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\db\data.safe.tmp
| MD5 | cf2babf8a2968fc66fa9df80ba7a8f7c |
| SHA1 | cd38ae10a6bb82c24ace536774f1ad10195e627c |
| SHA256 | c81c34c9cb56de5d3768dcde0458ee19ec7d073313c9705f8c029218d047fd30 |
| SHA512 | 19bb1ddd2c08757ff5cdac8bdc4de22a1186e7906feade5c4ccc71eb5c972a1f0e307f292415a6467aa21a6ceaadc1fe19bfed0d18a50ae03e6871b6dd5ac864 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\extensions.json
| MD5 | eabec3b410b3d1b2e40089cff529cdf3 |
| SHA1 | e0b0b6a9deeba887def44165c99c64a4d3ecd06c |
| SHA256 | 92e1c525bcf4561dea364ece3074be947d083d49c4bb161baa9014503b9c0b6f |
| SHA512 | 92c48e442b37bd6d1832cc2935a4a20b54cebb72c3474230fb75e7b5a45014ff9952ac898eb4a07f5710dc1df05ea6174420f3e8280a07313b49ccc4b566a345 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\prefs.js
| MD5 | 72054ac41319794a15c8e1b49d18b096 |
| SHA1 | ef1817a3235549a30bd8b09775ec84f81acc9ea2 |
| SHA256 | 5a702ef0814807cb4a64d4083a747d0cdc674257b834e22d8e75eaa01d06273d |
| SHA512 | f407a9cf9d5f1dfd0abf1b9147c653bc23fa44cc08396afe7615807fffeceac5a6cfcb2360019750ceb1265dc95462d1f7a137bb7b344f5cb4de9213dff66c05 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\startupCache\webext.sc.lz4
| MD5 | c960781e0420a90baf5cb92db4715bd8 |
| SHA1 | 7defed1e4268848abf4547e06a4c278485619b67 |
| SHA256 | fb0430aa6dcaadb09ce0727fa31e8465f6d9e4dcede5aee9d690dde984dd777a |
| SHA512 | 3c71d285e0200fcaeb92d1fb083d1a0d62a0492029dc83c66afe7cb10b1e69e6cb948e855d5a9ebd58e62685b4fe889879f9672ef2dde7ddd26df86206506b98 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\prefs-1.js
| MD5 | 57205033231a0c993593e38c901b6a7b |
| SHA1 | 04f32188eaa5eb4c569f8eecc1deeb9880b54643 |
| SHA256 | 1318aa201274451d7f0d157631f97515577c78e0d74884149cda9b136f71ac44 |
| SHA512 | 77603393d31249346b8b321eac85502ac7f6616e6a2193fc6ee3744df274f64fabcd459867b3963a82fce3d7c4292c511604150d37317d7b1d15e1e846eeddc5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\AlternateServices.bin
| MD5 | 58394f455f3745e722fd3f75cbe6f670 |
| SHA1 | 964b251ee1882c07efce73b29b5d77e7e875abb5 |
| SHA256 | 5283194a18f1263c5ef4103a2eb5e257b83646b796b5ac81961b89167960240d |
| SHA512 | 4ae388149a3d427586222aaa96c26e3f0d7e789b798d04c1d4288e2208804ae66add296440f18f08d579da92e7ce27eac0bb66d93ed18892e996087c46eb86f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\previous.jsonlz4
| MD5 | a5094cfe1bc6359cfa3a70b759853585 |
| SHA1 | 2881874b277a6fe7db79075b10a1c36a0a7009d0 |
| SHA256 | b569a236a50e50b3c4a916d99c788ebe991ccf308470310499bf6d449ef0ba7d |
| SHA512 | f802e4d63d99b7efa3bb9cbe3f2443bc3a6ea3239f229e809247e07282d7a440d5ff8be89df67d4bf5ab9ea48203eae9599e63b10e968ab0b2586a995386f50d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\prefs-1.js
| MD5 | 77ccd895f1135a3aaea3e6baf7b7d72b |
| SHA1 | a09aa81b819b82c48c078ff0abca13ac5758b9ed |
| SHA256 | 3c629a1f5774ccf7dcfebf2c47d24d5f0ce2b6e166fbb17a9608491d0656d9ee |
| SHA512 | 6a674e9efd7689e68acc43ad729a28c509b2c232087f14d5ff1f897f0272e633cac50b4111fd28a8cecb6f781a4c32edfbeb293329b9c8286144ef950d28a2d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | b21d0501be23aaa5cd03c8fabc470349 |
| SHA1 | 2c1ed5baf89024f1972a494a3343a536a51080c9 |
| SHA256 | e543ac215dfcf954bb725edee07d1712fde3fc32f42c50a854b47b006362de92 |
| SHA512 | 24ad9febb8947d6139498fd7bff96b59a6c0161e9e832db54c90e50a9901f4bd3b219f65b89e04c8fe0d330796692529b5c19a3d0630f087fe56177ea364339d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | b754d650bb2d5373e6cb8b3ce037daf6 |
| SHA1 | 96de76acf9951dd2a6297b577a31f140ed4c8d48 |
| SHA256 | b59209682a33a9a898d557d3be48f7e67b474ba038957b80b9e89026d8382a60 |
| SHA512 | 2649eed32d6b2d87e3183ef8dc862c2e317c770c71b32243d27d1ccecf901a4576fd4b76c583f3da930e19d1bc493ddd4f0e504a93b11fca34dd023bd338fac1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\cache2\entries\4A659374F8162DE9561EA239DEEFEF98343DF04A
| MD5 | b0e80538c26d11d4ff3b8a0804737c79 |
| SHA1 | ffcf9ff71d223081094830e1ab9e748e8b80ff48 |
| SHA256 | b6fe170df3397b28d39e889a98cf614690ebc734e7def25d08df9060d806d21b |
| SHA512 | f832eb0e46b9db85cccbda22c6091b6e39aad8d35cac30d30e58d17c4c7f14ab0323f6e23be2f0a17a1d703e74d17128968f2b2e298216ac62824c1a37bfad3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | a9da0ebb8ab582f0b227c24187ec0bb7 |
| SHA1 | 292413a68db6b2fdd82a03e6d6dc667efbdef14f |
| SHA256 | 2e72c31ca0f73f8021ffdc36894aaf7c216a5701a56596729a04367c6fcbe9df |
| SHA512 | 0ef4c5018385281ecc770b34a64a3eff029e783a06c0d12d98c284cd4c833460209bc9832fca27605b84b94f0b29883324045d6f52f0e770a053475c57fae3cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | 6779c592bcbf4f76833bb43d6b9776f8 |
| SHA1 | 64c302650f9aa4fa0ace562014dfccf4fe2df2b7 |
| SHA256 | 8bcc580fa82f42ecf03c69c7c428751b8890be43fa027e53d23e7b4c9a48c542 |
| SHA512 | 52a96637d3359414c825d26ed6433b6fd29804cd3b9169a48be637f36531a9459d44f726d41bf9da6325d2b4fcfc092ab9478546c387fcd9f958a8535de62845 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\cache2\entries\F1787751DB3D62F3F009431C617852EB32E531CD
| MD5 | f40dba2245c4bac64d27894d5d0ac3d5 |
| SHA1 | 0f337c87dc714097502a295c75acbfdf17675ffa |
| SHA256 | 6c30282e0f2a2663c951b81a3df219d23139bf64f45b20995d5560193f6bbc82 |
| SHA512 | 6af48290b354d26f35980209b5aa85b2e2bb1c1d3bb2962d98c2232dff5a05e2fb291a599d0a144e2fffa60c67f868f40526078a4e792f4306aac9fa6148ff4e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | 9d4c1a13bebf4334794eedb1d0716461 |
| SHA1 | 63faa25667716d0f6e4d18ebf3d49dfc98cb9820 |
| SHA256 | 7a3cef546c0cf3e55853496ff5381355315af0329b62d97c2f40ac3ab10431ae |
| SHA512 | 414d17927e308e4b5346af057f929536666d64c0a38c82428f521545ef0b9da99f18ad70339088ffb94d88d932150bf6057dc99a413fd451c5979794a1168f0f |
C:\Users\Admin\Downloads\Gnil.Sj_ebott.exe.part
| MD5 | 37e887b7a048ddb9013c8d2a26d5b740 |
| SHA1 | 713b4678c05a76dbd22e6f8d738c9ef655e70226 |
| SHA256 | 24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b |
| SHA512 | 99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | c8a5245de04875fc6977a3518742e53e |
| SHA1 | 5f0b0bce0fe2fb0dbe3fe7d1506689920a0712d2 |
| SHA256 | a3e3517b57ae1cc83c55e4d48941313c24f6162235a11a4c7ecff2af282c2bdd |
| SHA512 | 9e1d409e5cc73b32a91a495370b7fad29eab368537c417015f0d674c3ddc78f276330e01e75d6fda228463c237c13b668be9a8bcd5b5b735fdf742179fe505f5 |
memory/5228-1733-0x0000000000400000-0x0000000000444000-memory.dmp
memory/5456-1741-0x0000000000400000-0x0000000000444000-memory.dmp
memory/5228-1742-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier
| MD5 | be8a73363fc4d08354678e960fb37485 |
| SHA1 | ae45e77914758ac030b028a121242096e4501e85 |
| SHA256 | 5a80fdbb6da9f449cf528a27b18a876271dc0fb32b928079dddbbf5858780540 |
| SHA512 | 01378c9ca880be5e2032aedece4e4d3700011f904909bcce1b4cc163761d0c2db78996834b464a14807474adfcb6dffbaf0d057f48f3041e1507cba85b0c6ed4 |
memory/3040-1755-0x0000000000400000-0x0000000000444000-memory.dmp
memory/4140-1756-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | 11294fb3617005382471f2f955105efe |
| SHA1 | 71507f306dc15a335f1bd8e6985f4b47eee7a610 |
| SHA256 | 3e678ba1f3dc816fed41a70a57b561a8fb9c2f3d1c6b176c93c812988afcd924 |
| SHA512 | a1ea460a2ab4a7c152e7ca439f1fa9f41c2ea980d20181644aff25fb961df9ff34e6073daf337dffc2e3d28c65cbbdfe3727407319c36c17b56f92d82381f969 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\cache2\doomed\25734
| MD5 | 3f35f50459e6cc223523d3a338e1ec46 |
| SHA1 | 52abba150d6584ab1e8355c862e7265b56db6af0 |
| SHA256 | 8c58d977d07b246a23262ee6bc070a5a76158f3791f434c354adac3449621860 |
| SHA512 | d4dabbe12cdc60a4245108b0749637c182ff60b3c5dd464380809a76005ce4b8e1ff0a2872b373e52edc675ce5e9a846c3ebd1ed17adbc6aa42ce1044122d568 |
C:\Users\Admin\Downloads\MrsMajor3.jJnRJ1BY.0.exe.part
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Temp\3EBB.tmp\3EBC.tmp\3EBD.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\3EBB.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/3736-1833-0x0000000000EA0000-0x0000000000ECA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/3736-1840-0x00007FFD2FC30000-0x00007FFD2FD7E000-memory.dmp
memory/3736-1841-0x000000001DFD0000-0x000000001E192000-memory.dmp
memory/3736-1842-0x000000001E6D0000-0x000000001EBF8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | c09e4e804a7d10f69f4299aaf620f973 |
| SHA1 | db0982d68fad6dedc613249a9b2119d9bfe3c3c6 |
| SHA256 | dce468962701b0d256b0d378f2ef29523ef05680c5e254ab83513908365845b8 |
| SHA512 | efb43ec61ed721624ab7baf535a9a7742bef6a031b79f3fb9e3420c64ad870f2181a9ba4b09c6d6069e99146c8f104c008af542d12892ce18cbccc72020837a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | cd2af1a8935dcdbb9903872e66f47d5a |
| SHA1 | 9208dc9a2a8d04a54999b43fda5f6ccc1e7994d5 |
| SHA256 | 7956d65cf052734a24c310cf6116f702007a44a4aa98877c635ef6b60586b65a |
| SHA512 | 38b37782d7dab98eca77524a953513fac1fc06319362f90ae81ad35ecdfa1474baa6efc3897d55f5961202e0ea64f8403c12071e48452342def2fdebdde123cd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 8e39bc2249592dbbc2268c5b12394a74 |
| SHA1 | 423fc83c7709b0acf6e6ea4f3cc4621864922975 |
| SHA256 | 33f58e2739b76c3789b6562ddd5588f41b0899af3d99f7908fd70dd5c8667e68 |
| SHA512 | d2f3cfc26ae0b9173575aec37725934000ad74c48b76a0eccfbe80539e3d9b3925e7ab0e0789789594eddbdf3a6d8f8f57a88efe101ce6f432e7b1775b19331b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 998cf3a463ba478156c4448ae92ffba2 |
| SHA1 | 1fb4688932c470173f9ad8e980a0584f1014470e |
| SHA256 | 4a9591d4b928d9a6a85e7f2e15cb9dccc4752f2067da89fd8f4e8143993408d2 |
| SHA512 | 31d411dbbafd557827746e956b049ae23dcbe8ca006ebb0213871f62c05a08517f5df1e69116987d29ae78a2077412f34f788e509c22d0d657e0f8e819a6e915 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\jumpListCache\uZoJeFYfhz7QF09giKAQgCpNcNWDdh4TQ5SQKSs+Lxc=.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\Downloads\BossDaMajor.V65qpF_7.exe.part
| MD5 | 38ff71c1dee2a9add67f1edb1a30ff8c |
| SHA1 | 10f0defd98d4e5096fbeb321b28d6559e44d66db |
| SHA256 | 730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a |
| SHA512 | 8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\BE5C.vbs
| MD5 | 5706bc5d518069a3b2be5e6fac51b12f |
| SHA1 | d7361f3623ecf05e63bb97cc9da8d5c50401575c |
| SHA256 | 8a74eead47657582c84209eb4cdba545404d9c67dd288c605515a86e06de0aad |
| SHA512 | fb68727db0365ab10c5b0d5e5e1d44b95aa38806e33b0af3280abcefae83f30eb8252653e158ac941320f3b38507649cce41898c8511223ee8642339cfece047 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\CPUUsage.vbs
| MD5 | 0e4c01bf30b13c953f8f76db4a7e857d |
| SHA1 | b8ddbc05adcf890b55d82a9f00922376c1a22696 |
| SHA256 | 28e69e90466034ce392e84db2bde3ad43ad556d12609e3860f92016641b2a738 |
| SHA512 | 5e66e2793e7bc88066b8df3dccb554351287dea18207e280b69d7798ecd5cdc99bd4c126c3e394db9f45f54bb561e6688f928de4f638c5eca4f101dc2cea54a1 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\default.txt
| MD5 | 30cfd8bb946a7e889090fb148ea6f501 |
| SHA1 | c49dbc93f0f17ff65faf3b313562c655ef3f9753 |
| SHA256 | e1ebbd3abfcaddf7d6960708f3ccd8eda64c944723f0905ff76551c692b94210 |
| SHA512 | 8e7d98e6d0c05d199114d2d6ab8da886aed68de690c4d79643868eaf051c229fff94c88d937adb3da5e31fe48116613cf79dd00dda30f296746ce0a8aded9fe2 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\def_resource\f11.mp4
| MD5 | 17042b9e5fc04a571311cd484f17b9eb |
| SHA1 | 585d91c69c3f9e3d2e8cb8cf984871d89cc4adbb |
| SHA256 | a9b0f1f849e0b41924f5e80b0c4948e63fc4b4f335bbdf0f997b03a3aff55424 |
| SHA512 | 709076c6cef8dd61701c93e1fe331d2b1a218498b833db10ee4d2be0816e3444aeebfa092ab1bd10322617cf3385414e8fdb76fd90f25b44ac24d38937b4d47f |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\def_resource\creepysound.mp3
| MD5 | 4a9b1d8a8fe8a75c81ddba3e411ddc5d |
| SHA1 | e40cb1ee4490f6d7520902e12222446a8efbf9a8 |
| SHA256 | 79e9a3611494b5ffafaa79788ba7e11dd218e3800c40b56684ccc0c33ab64eac |
| SHA512 | e7a28acb04ca33d57efe0474bb67d6d4b8ceff9198198b81574c76c835d5df05d113fc468f4a4434580b1b58189f38184c376976604dc05d1424af1721995601 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\def_resource\Skullcur.cur
| MD5 | cea57c3a54a04118f1db9db8b38ea17a |
| SHA1 | 112d0f8913ff205776b975f54639c5c34ce43987 |
| SHA256 | d2b6db8b28112da51e34972dec513278a56783d24b8b5408f11997e9e67d422b |
| SHA512 | 561860907fa2f53c7853094299758232a70c0cd22c6df3534abd094c6970f28792c6c334a33b129d661a46930d90fd8c98f11cb34f3e277cf20a355b792f64f0 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\MrsMjrGuiLauncher.bat
| MD5 | c7146f88f4184c6ee5dcf7a62846aa23 |
| SHA1 | 215adb85d81cc4130154e73a2ab76c6e0f6f2ff3 |
| SHA256 | 47e6c9f62ffc41fbc555f8644ad099a96573c8c023797127f78b1a952ca1b963 |
| SHA512 | 3b30fa1334b88af3e3382813d316104e3698173bb159c20ff3468cf3494ecfbbc32a9ae78b4919ecd47c05d506435af4a7ccee0576c0d0018a81fbd1b2dfcf10 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\WinLogon.bat
| MD5 | 870bce376c1b71365390a9e9aefb9a33 |
| SHA1 | 176fdbdb8e5795fb5fddc81b2b4e1d9677779786 |
| SHA256 | 2798dad008f62aace1841edfb43146147a9cade388c419c96da788fcaa2f76bc |
| SHA512 | f17c9898f81387daf42c9b858f507889919474ac2a17f96fc6d4606be94327e0b941b23a3ccc3f4af92b8abc0522e94745616da0564cdef1c3f20ee17ee31f53 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\reStart.vbs
| MD5 | 0851e8d791f618daa5b72d40e0c8e32b |
| SHA1 | 80bea0443dc4cc508e846fefdb9de6c44ad8ff91 |
| SHA256 | 2cbd8bc239c5cfc3ef02f8472d867dff61e5aed9fde8a3823cda28cc37d77722 |
| SHA512 | 57a9d1d75dbbab842060b29f01958f7e6b27d0175ff9a3f7b97e423c1b4e3fae94547a569c2e5c88224fc5dcc785f5a1d49c61199a8c7b3afeb4fc520600df40 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\MrsMjrGui.exe
| MD5 | 450f49426b4519ecaac8cd04814c03a4 |
| SHA1 | 063ee81f46d56544a5c217ffab69ee949eaa6f45 |
| SHA256 | 087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d |
| SHA512 | 0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\mrsmajorlauncher.vbs
| MD5 | e3fdf285b14fb588f674ebfc2134200c |
| SHA1 | 30fba2298b6e1fade4b5f9c8c80f7f1ea07de811 |
| SHA256 | 4d3aa3ecd16a6ba46a9d6c0bdacdcd9dce70d93585941a94e544696e3e6f7d92 |
| SHA512 | 9b0bfbb07c77d9e9979a6c0f88b0a93010133f7dd3cf01e1de5dfbe812a5ed920e916d16d6a32fe21b9ee4b5425e61a616ded1aeeb35a410d4f77c0f9392ed0a |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\Launcher.vbs
| MD5 | b5a1c9ae4c2ae863ac3f6a019f556a22 |
| SHA1 | 9ae506e04b4b7394796d5c5640b8ba9eba71a4a6 |
| SHA256 | 6f0bb8cc239af15c9215867d6225c8ff344052aaa0deeb3452dbf463b8c46529 |
| SHA512 | a644c48562e38190720fb55a6c6e7d5ccfab60f362236fe7d63caebdc01758f17196d123fb37bd11f7e247ce8ab21812165b27496d3bd6ca5e2c5efefab8fb03 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\Icon_resource\SkullIco.ico
| MD5 | c7bf05d7cb3535f7485606cf5b5987fe |
| SHA1 | 9d480d6f1e3f17d5018c1d2f4ae257ae983f0bb5 |
| SHA256 | 4c1cfbe274f993941ac5fa512c376b6d7344800fb8be08cc6344e6c16a418311 |
| SHA512 | d30952a75d94dd64b7bd253ed72810690f3550f2262cfaaef45854fc8334f6201a8cbafb9b175c6435f7ce0499567f2fa8667b4b0046bfb651bf61eb4278e6c8 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\DreS_X.bat
| MD5 | ba81d7fa0662e8ee3780c5becc355a14 |
| SHA1 | 0bd3d86116f431a43d02894337af084caf2b4de1 |
| SHA256 | 2590879a8cd745dbbe7ad66a548f31375ccfb0f8090d56b5e4bd5909573ac816 |
| SHA512 | 0b768995187f988dc15d055f9689cee3ab3908d10b05a625b40d9757c101e067bbd6067ccbcf1951ebb683f5259eec562802ea6161d59475ce86cf6bc7c957f2 |
C:\Users\Admin\AppData\Local\Temp\BE5B.tmp\mrsmajor\def_resource\@Tile@@.jpg
| MD5 | 3e21bcf0d1e7f39d8b8ec2c940489ca2 |
| SHA1 | fa6879a984d70241557bb0abb849f175ace2fd78 |
| SHA256 | 064f135fcc026a574552f42901b51052345f4b0f122edd7acd5f2dcc023160a5 |
| SHA512 | 5577e20f76d6b1cccc513392532a09bdc6dcd3a8a177b8035dc5d7eb082e0093436068f92059e301c5987e6122c4d9aff3e5ae9cc94ccc1ecc9951e2785b0922 |
C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt
| MD5 | e20f623b1d5a781f86b51347260d68a5 |
| SHA1 | 7e06a43ba81d27b017eb1d5dcc62124a9579f96e |
| SHA256 | afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179 |
| SHA512 | 2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 5433eab10c6b5c6d55b7cbd302426a39 |
| SHA1 | c5b1604b3350dab290d081eecd5389a895c58de5 |
| SHA256 | 23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131 |
| SHA512 | 207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
| MD5 | 90be2701c8112bebc6bd58a7de19846e |
| SHA1 | a95be407036982392e2e684fb9ff6602ecad6f1e |
| SHA256 | 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf |
| SHA512 | d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 8c756216302305c4d18e1696987abd8e |
| SHA1 | 9088a0d31d5793b9e7a79be39341f514ec776d74 |
| SHA256 | 4a2eb3fce7cbba15d7b1940711066b2eea5ff7aa06d0e56c6e2d38323bd0639f |
| SHA512 | dde1785c0657e030ffc962eb0b397383d1f81fd9b3a740d87ad6b0a59b1ec85372ebd1264640f917f22088baca70d3e14069e255af900651c13911456b20b9ce |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/4844-2074-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/4844-2073-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/4844-2072-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/4844-2071-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/4844-2075-0x0000000007880000-0x0000000007890000-memory.dmp
memory/4844-2077-0x0000000004D50000-0x0000000004D60000-memory.dmp
memory/4844-2076-0x0000000004D50000-0x0000000004D60000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\db\data.safe.tmp
| MD5 | 03018b62f5eb571acf1491bbfb8f5751 |
| SHA1 | 07a81d71b2ca7f244936aee3e8d72cf6d57a1aad |
| SHA256 | ca14734a9db68481cb42878b0e11edd8b07df21dbf6ade4ab5fce564ce79bfe8 |
| SHA512 | f7a8fcf9ca46e64ad2fb8b23aec2ae1d217a749decbf831ddf404f08109043c0d49b68d8b34c8844e4e4bdbdc4d8784de5fec6d6c94fa22d766fd95665f61bb5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionstore-backups\recovery.baklz4
| MD5 | 474b3e9d8b2f1e29f8dc23fca666fa95 |
| SHA1 | fe0c34546a108c8e3809eebe9e70aeeeaf3551da |
| SHA256 | 9c413a887850db46c5555d68f4af8d36c06774bdd7e54bc24c6b5fd1d39cff48 |
| SHA512 | 740bd68c1a66967b4e5054ed9da5a6289a87401324daceda767619c56d3a2c5b6af82e2a1f31ca701155ce14e45bb3b935a3d173d780f3d068f59fb76955ff51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\db\data.safe.tmp
| MD5 | 29f026de809cddabbd6309f09f67b1c6 |
| SHA1 | b600919ae902ff3c1fa264ae6b3b7ecd8d89a2c6 |
| SHA256 | fb62d849f854075d355e68b265579aa151eee19749a0249768ed909cb8f91beb |
| SHA512 | cb9e70baac6007ecaf7433235e61ef5f92f96472afe5a3f7d8e37996e3382c320a1b5e2b1dcdc88095a5a5586cf70f769c282a1d8547935f67013123b962c938 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\pending_pings\18505663-4bc0-42d6-9110-608e4f06aec3
| MD5 | c42acf06d9b319adf209e1d9b4373b40 |
| SHA1 | 88aa804e89b3cab1b3d75401bfe37f8caae75d79 |
| SHA256 | 20342cb215643d92f3343c27640d5355f4be2ff66f38442a760e34ab6788ddf5 |
| SHA512 | 9661316cd44cb1f2a00aec36f34bd5f88a97da522dd0f11055802848a5b63b42375196a7bf7d315d6f90df2b5e7dcbe38ed9508d2b891dcaabd705e971de3f52 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\datareporting\glean\pending_pings\bf80421f-9724-4042-b30e-e77512f4dda3
| MD5 | 99043834b80b9c4dc7e6609e05ceeb01 |
| SHA1 | 916a048508e32dd723351761bab34dd9722ba68c |
| SHA256 | b6246a1729842037e6994a27ca4ed28de82696d42de311f41d634e16b4df7fea |
| SHA512 | 4397ef50c4fba7df42438c8fb2166e0710e87f8f24e30f2e0b5b4e81c843c29062080458a22c76b4f61ef57e1a85b0a1a19e87a67a2f5f3913444397b3224a81 |
memory/4844-2130-0x000000000A540000-0x000000000A550000-memory.dmp
memory/4844-2131-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2132-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2133-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2134-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2136-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2137-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2138-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2135-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2141-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2140-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2139-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2142-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2144-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2146-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2147-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2145-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2143-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2148-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2149-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2150-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2151-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2152-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2153-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2155-0x000000000A540000-0x000000000A550000-memory.dmp
memory/4844-2154-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2156-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2158-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2157-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2159-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2161-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2160-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2164-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2166-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2165-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2163-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2162-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2167-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2168-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2170-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2169-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2172-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2171-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2173-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2174-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2176-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2175-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2177-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2178-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2179-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2180-0x000000000A540000-0x000000000A550000-memory.dmp
memory/4844-2181-0x000000000A560000-0x000000000A570000-memory.dmp
memory/4844-2185-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2184-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2183-0x000000000AAB0000-0x000000000AAC0000-memory.dmp
memory/4844-2182-0x000000000A560000-0x000000000A570000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\prefs.js
| MD5 | aa573f3249eb430477d3b510b0ace608 |
| SHA1 | 4902882fc6beecae650ff912ecaed388aaff5eb3 |
| SHA256 | 2f05df3a6e25feea1762e62999f3bb25a4c222370557448bbd60978c371d353e |
| SHA512 | 7076122bb7481f9c8e3476ffd961af89bf60b98323db56f13a9164a692f21c7254a7cbe0a5a34a2d70f7d43966d1366a4c8ee578315c080b96bcac04ee0fba39 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\favicons.sqlite
| MD5 | acb042ddd6c026e25573267332e42f74 |
| SHA1 | 973bf6f0c06f8657d0b5cd89543543de77e07ac2 |
| SHA256 | 861f9f90b990c570b28ca98057aa7a327954fa0369b3df8b1e52bd2b2aec4e08 |
| SHA512 | 4c31e66c9c9c661c7d56be96ab57ecef6fe34a56dbfe45490e2f88e234dd1812648018f0c88ceb2877b1aca3190d74e6ed45a748b15a7d36a9ebdbc4d7495c5d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\places.sqlite
| MD5 | aacbc2dc1ac35279cd8c04cf14bbb885 |
| SHA1 | cac6ed5d48729e00c90e811e4f1af2c7aacf06a6 |
| SHA256 | df45fed7be49c485136328b886c9eaf3a0ba9d988d64b05ae86e517b88052574 |
| SHA512 | 659c19b0f7bd82780d965a45e90bbb825c665939789bc6b481a1283b190064bc51374ba1a0ea78a549b3c7ffd0e3c2e01e8bfbf0366967111b9a8f990e141e53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\cookies.sqlite
| MD5 | bae4d729bece9e8768374030ad5ed9d8 |
| SHA1 | c7a93c836fbed0fa22c46f13453dc41ecc0ee914 |
| SHA256 | 0370eb334372a2faf47f65e8e39ce1456731493a294f87ee421870c25c173a8e |
| SHA512 | c001adca723b16884ec6ec5408312498ed69bfeed09cb08cb1468bd6c95c657ea125fc1ca3e678ce52ac30c4d64ff777d129e4ec8b1c04688d22f5122d84794a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dopz0zdo.default-release-1735320105822\prefs-1.js
| MD5 | 04a0736053f0b3375cbac07e5017898e |
| SHA1 | d492a268c46860580c94691fecf22100414387c3 |
| SHA256 | a55a6b91a671d16a68a8d9d0cd49190a8a9a5ca868a4a714495bb7044473920d |
| SHA512 | 1b82b1d3dd53d33acdef61dd8280efe7e5478661ac954bf5858a381bfc43b904b0c72080b7365090f6cf5aac9ea40f8212925d7c397b8bc6f2532837425aaa8c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-27 17:20
Reported
2024-12-27 17:36
Platform
win11-20241007-en
Max time kernel
444s
Max time network
446s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Rain Sucked Up.weathersandbox"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |