Malware Analysis Report

2025-01-22 23:08

Sample ID 241227-ydma1symep
Target 871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845
SHA256 871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845
Tags
banload discovery downloader dropper evasion ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845

Threat Level: Known bad

The file 871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845 was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper evasion ransomware trojan

Banload

Banload family

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Renames multiple (223) files with added filename extension

Checks BIOS information in registry

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-27 19:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-27 19:40

Reported

2024-12-27 19:50

Platform

win10ltsc2021-20241211-en

Max time kernel

451s

Max time network

508s

Command Line

"C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A

Renames multiple (223) files with added filename extension

ransomware

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\CheckpointPing.ppsx.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2} C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ = "AudioCleanup Class" C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InProcServer32\ = "%SystemRoot%\\SysWow64\\audioeng.dll" C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\NodeSlot = "3" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3336 wrote to memory of 4872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 1140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4872 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe

"C:\Users\Admin\AppData\Local\Temp\871f94756206d57420b846c762180555e69a451b7d18ae9bcf5171f855c51845.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7916a10c-ca75-40f6-9256-128b5b4ada71} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2388 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6cd6e33-0085-4143-8a71-1f178bb1434f} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3004 -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2980 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9572e0d-19d7-4a31-8f7a-aed55e3c1365} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3744 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 2720 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1899ccb6-0eb8-40e9-8535-eb40d0e57f3c} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4552 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4640 -prefMapHandle 4636 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7fee594-6e87-4b23-835c-46e4e8264f3f} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 3 -isForBrowser -prefsHandle 5540 -prefMapHandle 5536 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c472f7-9965-4f9d-8e7b-5b97956dd410} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 4 -isForBrowser -prefsHandle 5708 -prefMapHandle 5716 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17fcba6b-5fe4-425d-8a34-61611deb467f} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 5 -isForBrowser -prefsHandle 6008 -prefMapHandle 6004 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61c1c6b-30d5-45e0-a253-62ebf69d5249} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6204 -childID 6 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ac4362a-0f2b-422b-b9ec-7e9e823b75f8} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
N/A 127.0.0.1:50615 tcp
US 151.101.3.19:443 www.mozilla.org tcp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 19.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 141.120.40.52.in-addr.arpa udp
N/A 127.0.0.1:50623 tcp
US 8.8.8.8:53 uncoverit.org udp
US 76.76.21.21:80 uncoverit.org tcp
US 76.76.21.21:80 uncoverit.org tcp
US 8.8.8.8:53 uncoverit.org udp
US 8.8.8.8:53 uncoverit.org udp
US 76.76.21.21:443 uncoverit.org tcp
US 8.8.8.8:53 www.uncoverit.org udp
US 66.33.60.193:443 www.uncoverit.org tcp
US 8.8.8.8:53 cname.vercel-dns.com udp
US 8.8.8.8:53 cname.vercel-dns.com udp
US 8.8.8.8:53 21.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 193.60.33.66.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 13.107.246.64:443 s-part-0036.t-0009.t-msedge.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 168.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.uncoverit.org udp
US 172.67.149.47:443 api.uncoverit.org tcp
US 172.67.149.47:443 api.uncoverit.org tcp
US 8.8.8.8:53 api.uncoverit.org udp
US 8.8.8.8:53 api.uncoverit.org udp
US 172.67.149.47:443 api.uncoverit.org udp
US 172.67.149.47:443 api.uncoverit.org udp
US 8.8.8.8:53 47.149.67.172.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
FR 172.217.20.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
FR 172.217.20.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 4.227.249.197:443 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com tcp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 u.clarity.ms udp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 4.227.249.197:443 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com tcp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 u.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com udp
US 4.227.249.197:443 clarity-ingest-eus-d-sc.eastus.cloudapp.azure.com tcp
US 8.8.8.8:53 u.clarity.ms udp

Files

memory/2900-0-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2900-2-0x00000000052F0000-0x00000000054FC000-memory.dmp

memory/2900-9-0x00000000052F0000-0x00000000054FC000-memory.dmp

memory/2900-12-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2900-13-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2900-14-0x00000000052F0000-0x00000000054FC000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3506525125-3566313221-3651816328-1000\desktop.ini.tmp

MD5 0cb42b426a7a6cdd68658ce5e9e55ff6
SHA1 a5f61b5c6eb23444287bd8d8d502a71148af978e
SHA256 f4f97dcdd5c0e3a336f81f3efe29839011b8c7716b28451c876335e4ada40e3c
SHA512 d3913acf177bf4f7033a3ecc781504cde730e273df29d606f6f42ac5bade9f63f7f7bc8bc6bfbf3802d78b0fcad2eca7ba9d0500e90bfc0331b792be577b53e4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 fc1c40e62f53d33947e2823034f1ba75
SHA1 a8063945125b8912a8e967ba39a827be18fc7299
SHA256 92da4f1a505acc8700a9c619a95eb22387e039a919b79b99416bcfeb45d17a1d
SHA512 71dc49b3bdc60109a93974293ba8dcc622d2a577badaebd19374a00137b23330f4773aa2a73b1efb63e9594dbea5db195aae1d09ec624c073f0ba2a6de98d3ba

memory/2900-40-0x00000000052F0000-0x00000000054FC000-memory.dmp

memory/2900-41-0x00000000052F0000-0x00000000054FC000-memory.dmp

memory/2900-110-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2900-124-0x00000000052F0000-0x00000000054FC000-memory.dmp

memory/3892-627-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-626-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-625-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-633-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-639-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-638-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-637-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-636-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-635-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/3892-634-0x000002AD3A190000-0x000002AD3A191000-memory.dmp

memory/2900-836-0x00000000052F0000-0x00000000054FC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\cebf7af9-8256-499f-8a7c-90584cafdff1

MD5 a892eeaa835d8f6f14d9f313d9fef57e
SHA1 d8e8035634f75708fcd194f358f588e5d8db78ba
SHA256 2640ce75b8236f53921ccc9d0eb5b552a0745e8d02a00c2c2a95bdef0bc50ddd
SHA512 150013d9cd4881cee346a351e4d7db9f787cffa9d72d567d4fb0388101950a3ccb58e31484c8ed416819dbfe0cb288ee33b4c451373722814a58f10c428480d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\3f9183f9-34f7-4f87-805c-7484709d09e0

MD5 8e46ebe39f4f1c47ffc3ce446757ebfa
SHA1 f4a1bbe03e8ce8cd7ffb8653aa7195e4c8566264
SHA256 2300400308f297bb77e6bdfce2b435d2a496f1467d973a1b025e76236d3ffd3b
SHA512 aa1db00b2be6bbb31396bc5bc5ee277e06e288e26d0c7228d831a5a32ec2661cf795e73fa641ca16082e87d4dd1566aa6b204d8725337fe5ef315491e2fa461b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\pending_pings\43400a3c-4877-439e-8c11-7bc2b59e7b60

MD5 7c634180ba933b61e895bf489af51182
SHA1 e63bc37bab18b54dac48e89970f264dfe82ec38b
SHA256 839f233f7d526c92df35ddddc74e8096603f8309f6e37b2520ad63f9d55a1f5b
SHA512 43643e8968489d711909a776fb31fcde38c1350bb4ee2afea1763bf45f37b40c2a91b527fc1fe8179dbb040d5ce4fdc6427adfaabf19745579b320b2f637714e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

MD5 8194009b58f13c865a593a160da2baf0
SHA1 a4d7c07d4a3bd9cb45ab835b6575fc41409aab2c
SHA256 26d5d2874e1a31b9083a13c69e1c4533c7006bee820b01ff4a832852e4bac368
SHA512 0557387e95c52958c346955716d4dccf2f7152ae38c8594ed6e63b16768eaf3055a4ec9d51a9790ff94f37b014d771954a57ebeb70efe77313239a7c8a2f625b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

MD5 15e8497d1e52699c1bc3f046d1e3d385
SHA1 de6534d83abc9be0359bb69725d1ce4d6c5c5128
SHA256 ed1ebbf35ab4f838d72490068d6f229ce850deff0e1f334748d601f966b06746
SHA512 31ee81925f38043f8f185d214d66e5b5e6d5a53c88b8c0390cc03c6edcc6438a14bb22602c5b4ee73a45460696ff70ba8b4fe4c645ef0020759bb976b14fa606

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs.js

MD5 fa0d84b0e10e1d3fa39ad817bc2189c3
SHA1 3e007d46fdc534d229a95d2ce2098a8eef288363
SHA256 105454d4227d5ad2bcc34dd1258501eee96384751b39b6442081ea791a8b99be
SHA512 696b877cd21f35830e7bd6cfd13882dc07558efd5880efdb70a9f915cbadc38ba75ec0e976a4c276e046485bdbc6ff2ab38b887e537edb007f3b42f2b8738139

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs-1.js

MD5 8c1826e29ad3f5286a15bd206989be98
SHA1 c3715a0caea651d5f05ea824683f6579b5868e48
SHA256 66790a333674f393fc19f48d5beff8fdbdc8f148c052da003e8b121f776084ec
SHA512 28d430b62bf10badfd1f87d13c519446e2f2a27d33eaf22d93b55fe261e30c3c16bc470a529ce3976979eac0745135869cd35b2493b1f8077dc3328a5a3025b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\AlternateServices.bin

MD5 c0c6ef15c7a6a181fc03546fa7ae0c55
SHA1 d25fc6aeff136bf6e2ea8a27be23d7cb7871b050
SHA256 02970f8c98804c45ad6fee655bbd5a6deb602c0286ec653151b142db2219949f
SHA512 031798598771401b1108c99806cadc0e0268c95b0b02bca0925e8be2eea368cd599c91084ffce1b5bfde357a897e8e5a36141f4ff273d183b7b2695bf082a67f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

MD5 af054d00db3aa67a9e059743c3611771
SHA1 3fb2199a8612151ef48daf86adf920ca66d33ade
SHA256 ba22b3e4b1937127c33a71c68466e71b527c334cbd50790b543335576e7e2ecc
SHA512 577abbba53a651c31972746955318e64aa245cce8b3cbcc3a8c1cd908731b3af3a6240ca869a9f4e843d9844b2f4d45e217f304c090df8d7a50046b447e5958e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

MD5 db068d35e76fcf90b16e6c02b00d4fb4
SHA1 0d8f19946fa56d177b95275b92305b007aec67bf
SHA256 416d0e1d47a1c3cbfa948521a18d11cd4a7ae17cb521070db7a2009fcb5083dd
SHA512 4815371e5ff03896a8d4aab46b74424b1c7eba307862be38a9833a358d228eb61c501e02b4e06e39f77961dae25ee5e36d59797c81b96ebfec45f1e935d1a671

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs-1.js

MD5 e79915a43fdfe4774382e47c5c581998
SHA1 28347e6401c422972a9fc5078d029b8557b4aa58
SHA256 24df69fa91374f2dd5e05346569826173b67d6458379d1b1af99d240ba37335f
SHA512 a655fc1b46ae077cc0dc529b9775ffee51793f0018964613e07899aab9432b7ad2d486d7ef443c88a75b09be133cad074da6869ea91e10b1c5dbbd04bc0dbf99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\AlternateServices.bin

MD5 820cf6695c1b92145a7f9dfc9d52e390
SHA1 f126f54384f2d0e09107aa38d94e3af3c0a9fea9
SHA256 5b9ae9baf188ed2e4226b7d906e1a2a8665b94e7369fbb528d095c9c310c3644
SHA512 8629e49d84d89af5721c19637666c37a6dc46734d3934f5415aa92379d83bdd0e103578f318854944110dc4cc82f0fd4743756db37f5ab9345d856605456f7e2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

MD5 1a4ba34e348e54d92c403bf5348c0da2
SHA1 acd4e5f1a250c27e9247a01c3f043cbc7815c90b
SHA256 130675758a673ca392747161cfb1f357c2ee5886388cc57074a9c21ff171894d
SHA512 e07086d34a361b516642e5f6ac562b3d58d12c97e06244bc0e10c63762bf34fbef009097fddadb8d7a88d81837d914c5bfd53124907f1a21ab51f897f8f080e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

MD5 1ed38b880e931d0eda747f6f0b90ce76
SHA1 8f11d104686df5b7e1f2abf164ce2f1433cc3d88
SHA256 eeb1512c68c4884955d5785078198c8cc4af18a82315a93cca6cc76e9f4d1c49
SHA512 05401ad71156e480e46d7e1888f44c60a1ba23dcd394cf8e3609037b8fc13999db6a464fcfa57ec4e7a1354c12651c5f95d736eed3b3228b5ab1969f5413cd20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\sessionstore-backups\recovery.baklz4

MD5 7966ff4227cc189fa95ea25d7580fcd4
SHA1 73149d84487354f2a6acdf32172ebf359f23d924
SHA256 71df1de6b5d19328891858469daa1f4ee5149355bb1532463986f5f365eddfd7
SHA512 8e1037bf3ea647c77fb73143a346c202fd550f00c07144a498faa8e0d041f998f546f417518676910f6b05b1e0e1f10d1e0dd05db7bd3a0c4aac8b4c3b21618f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8T0WSF8AWEPDZSQOGKVI.temp

MD5 41d78e686eed83f499b87c2322c67c11
SHA1 55d039e441a4ed44810c9a2895e9233099ff4e40
SHA256 0738e5ac0d1bba196beb286628640bfae8ba1f62f6f43553a511e34e60786360
SHA512 aa439b6070d78dcfbde765b2cede98c067ccd80bcec8fb2a971f301e9f37771a1630c84e3b444fd73bb92db13dbc3a52885489ecc2a0c84fcb73c84029f43bf5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\prefs-1.js

MD5 4798324622f769017b2798ffe9f07fa2
SHA1 0a991a73581b671c4ce3e75c839216ec5b0d2a10
SHA256 fa268b1a40965da7be7a031d41b4f465618badfa551a27ac113b274fb2d24441
SHA512 035c9c01d0d79a9a8a5f5542934a067fed722b986efea3744285dfa9fac05d6916fd33d1492e55c2efa4cfc6cbc6bb60ff6dbf3b144a645f928ee19d978463d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\451CC85102D20419DA9C5E7A67BBAE272AC23331

MD5 ecfbee5a550bc2557519f9eb72aa4930
SHA1 fbc1a4541e748dbfd5475136257263954c68271a
SHA256 412f2f783699678ea3fd71f909a96f1d2a8297d9b8f109cb3d2885f0c54e6b2a
SHA512 337121c46db8a9aef94fe5b4d2592d4e953cc0d2f918592a45de1ad3e7402568c052ed5bd65fbf20f84aa6de5363d4abab0ab0327b0b8413972ab1dc3ba5ead4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\E5D947F085A4F15FB233784884B4D57C676542AD

MD5 0044d4073eaab30bdb579ea67310adc8
SHA1 9e576b74bd9a619878e87e301fd9343b8fe0647d
SHA256 79741e0dc2839d70d9bbd313ac768ca75943dec2be1cd155d7a4dee5e7b95aa0
SHA512 7a0117d661dd095730590dc617183693d363f4b2a089a1a2ab7d6af25b5df98af3381857195f503ca881abc990b278148815aebadffa9f71e3a4ea48150c482c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\A63379C01D4293AF6EE48CC93E37604BCBC4F189

MD5 f10d3a26cc2dd3230d215219a7c82d08
SHA1 2e380f8723ca0139d19d4f700b3721358cf525a7
SHA256 6b661f39bae8e905f251eb7a76d539126b0ca259d6e8b10b4ff286a9db3bd610
SHA512 26ceb59893a14ba86e1c48a81e16a541c480ed33a98ae329dfee1a6b30ac12f97304517187b4bcb5c7479133b2a668039e30c9d8c2705f5e86d0f98bc519e129

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\2C89E1E4FB06C5BD0CEF5227A1276667F9B4E7E6

MD5 391afcb3e8fe791c38547b50dd540b4c
SHA1 8763a54dc6c94272746474ec3b9b75287ea65994
SHA256 d08689f9436cb8ae8b2528184afda0d068bbd2add7cdd71cfb92684dcf59364c
SHA512 085d59bd2ebe722dbe5006e12bbb9d6535e67ed768971fb1553d3d3dcd1372369a043ce2fd5f949209cf1b7cf3320f8b24391efd47f84947fe6bbfdef5abb0bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\CF6596CD129D6D759784BC710B65AF805A51F79D

MD5 e49412c16ae35fac49e8c343fd9cd37a
SHA1 13b1ac3dbcb662a61206cf2dbab9ccfcc85889c5
SHA256 dc3b4c4648705260e9fca463abc8b80b0b1ece3bc163c8ba998a90b3c2696ce1
SHA512 178469dd0386fa6770885c039603b32f0a98a59e0dcb27bc5f4b01bd3f2deac1bdcefb83c6ee2192ccac45540833d8c196979117acf7fedb4fc78a369dde3ebc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\B9D0DD02E01FC7C5DE728097C2026E9EAE2B2C8F

MD5 4a991236181597b9f52f8730997fa753
SHA1 d42100583f855a49e5249c11cbbeeaa780522def
SHA256 71d820521cc6b4dbc75d05ea878772a8996abda4f0058d62f0f91c79c3c1374f
SHA512 260884e6be0242ce52f01e5ff4f209e2243ca4a54e2e822d58224bfe30a25536d4fbba2b056515c018a7252c841a6edd4bdf890845c742ab6ea7f16cb79c811e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\67367B7352F22EE63734BD68CF9B59CC86D2347B

MD5 74f84bfa93679f8be19e6410d6235ec2
SHA1 beb61fe549730c85efe61598007e75a1571e3358
SHA256 2ba4eaf968b97ede5ae51db1a9997498a08af64845d109978ac62738f3018727
SHA512 74424c7c3daa2d35b6c77792e7e6fd0f3b0457edc9dd271a92f71b6f7bf2a13e08a7897c1581c4bbee22b1c469926df83f4b43c4bf9ee3fe88ac0e913cfbbded

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\EEB213332F00D7E90F2817ECDF52599D30285B94

MD5 a1b8d8867298ecf0006c49d008cc03d5
SHA1 7a12dfbe6a4a8ae435e800b4de759d39b7e7810b
SHA256 90998ba3081f39aa1888fe60225339b8331e6e59d5f7ea3aff592aa411f369d6
SHA512 5979c055f6f7e1884c790a62254d6d928ab57740f8ce484daf4dabe2136f7360e6fd1a6048c03709560c80ec8536391b10db1b5873b416157d968af2ea8b0b8d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1373CF221AD24F5DBC9458BAEE0DD12F7C3FF170

MD5 176e48b8170b233a16ff811e0b34c4a1
SHA1 870fdc5c4ea6e298d01cac4cf81e516f37ec394c
SHA256 cb67b70b24dacda031a9588588ea7da82da6748158f77d09a2e944c4d4d215ac
SHA512 11d72198172207c0a69aaea839ffe7f7ef264b2e3339a576f561aaa528ca17c1e4ac2ee7c76dba1dc6faabfc37cadc6958048d435e09f6590afddf26f03929fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\FE88D4CD93238EF2DFDC3E9BB0EE799C9FB22074

MD5 c99e57e41f982b851dfbae6077dab756
SHA1 acec612510f5dfc7f68ae41fed720181affa23f6
SHA256 6b10d7a21a66b93d2f4d8268bef7c468684fe1d7731727b7cb33c5cfefbd85e5
SHA512 b0e98e5e8fab1270886d851822664b8e8d8bace488d25c0c3cc4d3c98e06fec7eb7f8e3f36c8ee072c5a57330761761ffe107d7bd222a122f244bf6d481a6069

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\44450B0E22C191D79C2203C6376F0C6BD8BFB524

MD5 abb11957bb784d074159e1308ba1b5a0
SHA1 1692b6cc12d9dc12180e694b49219ab64b2a2299
SHA256 89585b9146fc3b7702c54f00ae7bc66a119191c993f6c836bd7df0472ef47d3a
SHA512 7bef6c0d1f1425006f40a901fab81c25539eac54114b24a775efbc1ba26f71f5c0343ba6f830f79e1e8bd050756fecbcf17120fcfaf1b1a3adebe135525ec1d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\D5C5E6DC1FC7F825918D054820FA392318ED8A3A

MD5 2fa571c5f860d567bf5d3b11fb76c9b0
SHA1 f7a9dda4b4c16d405b507671b1440c26023cc126
SHA256 20db11556baf3d54dfc9cfbb0d46cc47752caa4bff873331cdd5b0455abc7ad9
SHA512 ba001a4d2fe32acd20fefdd3306b782aefbc7fa635514e3177c6074694844cc48b93c093fd12e9f051e8f2e6b5b7ecd5bdfbef69f859f2c043b6d6ed83d1a83c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\DC64361F24B744983F39111AEBC117009E6B0246

MD5 9221df0608747ec71bd81c0400c4d6c9
SHA1 a263d754bbfd0d36e5587837cb7e62329c9446bc
SHA256 22eccd43d10b0041ebc4b844dd336e89ee3240547177ee6af3fcbba8d1df24f2
SHA512 8de4a66f2ef7dc6f2e9761a2b3f677eb4b158ed76691d82c5a6f3ed88561bb3e4010713e3f83047c64f41bb9e8f2f63a64ff3508189af452eb92f8ad58048da9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\2AF97E86E728D4EA358DA0A881E6FB3D285B8E20

MD5 04f4af69b9f8a2b018fcda5aa51ed9ab
SHA1 913438831452a618d631a7bac050e2548f561fb7
SHA256 17d555d11ccf23bceb36bcb44abe978eb9c3b603c5132954ea0fe2f11e866427
SHA512 bcfabed59cddfbf7714ba93a1f97472f64fe5f67c30f9ac567e20339640a7ad35a4d75870ad518129e8baf5111191a215452c0f877ac6d8525619b7a006b8e24

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1F975DAE18E9A263C5E40EC8741AEBDA1AA51FC9

MD5 d441cbe231e5ebd36e1a9cf0ac57ef88
SHA1 37a4eda670552c989407e66e75e623a3a5a1a3f5
SHA256 dc13b873f878888380c1782761677565e583b846634d531f61f23e9c81477ba6
SHA512 06d312357f9feaa1f4c345d1e95e30e328aef3e19bba33b75cc88f1b166a026737f722cc3bff6ac94d54b7cb684412d3a776bdface6d355a15a75895bf013ea0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1F985F786755F24F24D72BC7472A332D1919A4E2

MD5 bd345f76191d92c8fb678411140e4ec3
SHA1 992a20d6dded237616468ace604677adb5762549
SHA256 2940b2c5f90606f4f7d8a9b7bd291473271add88a514e0393771b52c0563e35c
SHA512 72af4f93ffb82284014dc8230327d0b36ad60af6213d969faeae2a428b610b29ac0cb2400f3f6579bda2021f6ffee212263bb4e1d84dd250a2f07c5c0d8ab72a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\06A60D100466E0B0DC9504CD299CE7E39517DDC1

MD5 5680527314cd88c891266a684c54b76d
SHA1 c10dd445bcd19c7f797c25a9b9c552a5ba546745
SHA256 b88c7c08c9c9549cc80217bb5d156358404b36c4fdba6b330de74cdaf4d53bc1
SHA512 6d8004df28108b36bfcd48e3bcbb5e1c72a5248b554acd088f2e6a955a3584f38b3576ad3f77b9fbaf3cfb6acdfb445e8cc6fe77410d64b709b28723efbed920

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\F6CBF320BD88C4B978381E382937366DF90D2164

MD5 7791f6a942d6f160e6004445e72fcedb
SHA1 b55b919291ac60540bbf91a4eae4d653662d86e4
SHA256 7d3d4457eeac4746a7a740c65fc641517b24ec85e19579d8e8d19c41190614ef
SHA512 43f439ffb4a862f9d41cf5be810d513ef2ec0411d8e8802a38231607f29d0ad12aea917387a10dc71a7c86db342c6c0b04db5ef17e3fdb54981efa056f36017a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\1BF9132EC0EECA3FD21E9310764C69E1F15A4868

MD5 5b0552891e061ce4953ad6e5abf8b7e0
SHA1 34968e592252f82d71dca6aa6d8e21bb6f5154f3
SHA256 d3fd7f87a9168ac9e934a0cd25202f77de92de1a2c26f61b179d127e88596382
SHA512 02f1e745532c5fb9f152708d6cba6d521f8ae25c854124950b1abf10e70c37ef16a451586fa75f4a9f9c5bf72cdd61e19dac2ae036b24c2bd44691ea0592b074

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\2CB91E88BBF96FED5248D921733AE0E26DA9E5C1

MD5 7e3a992239b426793a28660f48517396
SHA1 298e7b10371d4274898bde9b5f1d0c95b5c21d91
SHA256 4cac399017d31913b1f57729397698d3c3b92d4579e0f2b6810665544ef447ad
SHA512 dee4d751d55f74c8cd800fd0bd5a3113c10525901bd4d39ab4cad95ed1b4a24cce6cdf5cd9b9a067cec0bbdea7792b0dadaa156651310f98edaece71276f2991

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\DDB5B4BEB749F4D666B8E5AE87A13DC169D1A2AC

MD5 32ee490df78955d75db56d97bbbf5d66
SHA1 de26ab6eee65617f4bd78daea63d0ef07331cadb
SHA256 39ab7b7dd365ece8a93b6a950754e138a0f802c206a8a1cf7bdb4cf1e761a5ac
SHA512 93a497b910cc5cc673e0a4b24170d86c22a029b2b9b69b3c5ee60070ca8f1e9d455d9c8385939aff74e2e0e872521b04039d5a236d973ccf51bda80c01da59dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85na2j14.default-release\cache2\entries\5A105639379B324B9B590643D674196AE88A7FB6

MD5 500e15da36a7db88225d7ff462f06e2e
SHA1 75297f0314948ce4ff6be02753f97033e591b74b
SHA256 8013ec4d8e18cd23896e13668395c8e383ac9c86b1984dd2ed6f1f65d76399ec
SHA512 7d8cb900ebf718a9594486349f0c9764f58b8ef4fc6c7feefdeb058bfe98d59e598790fbaa29486b5f6774b91bec48de23e75e624f61f9d5bf9ef433cfb6839a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

MD5 326a4670fde70b3e4ace352fdceff7ba
SHA1 d991d6bf29b296a657399bfe6facd2185b06bec4
SHA256 9949f3a7e2f1eeebc3aad8014f4bfb745066b624b32e7e4bda5488f91b59d547
SHA512 e9f4635abcd4b198d10b1e348faa6469f24153182c4cc3bbdc28a1106042b158a8c2880095c1e6f85f34c8bc9b944e49690dc79564a53ff52a20aaa8feebb2a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7616696a55627938f278d2162afa874d
SHA1 28f96a2e6121126568f6cdccacb9f01fd49a3a98
SHA256 009912deeb1f0c3f03408ff5f99ede585fc67a5295218e8aad9d9dfc3bac6784
SHA512 44b117a0d404ed2d3a477ce3e1b2121eb057c15f6923e5f756a1f2389a2c776bf73e623d1d7771605a2fca473039ef4714737b3afb5314efaf590f2757306d0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\datareporting\glean\db\data.safe.tmp

MD5 eaf765e45539b485e067bee3c5d1b765
SHA1 eaa655e8467f8b14ad235f41855cf377edd902e7
SHA256 609e2e704ba6fdf0ecc02c68d131d4f7737e3d7926e281dd85491a06306f13cd
SHA512 e67aaae62b9de7c0b8572a8570344fc63f19b7fa78b6ed8c0a4194d5341b3708ba52b5ede3718e3a2114afe59506b5911d61b45ae3b5b570309a5e430353c345

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85na2j14.default-release\bookmarkbackups\bookmarks-2024-12-27_11_+6JCK70mT+cI1dXbESGNHg==.jsonlz4

MD5 1c205a834ac9eddd9dcc7eedff1fab60
SHA1 169ea0f34063cbf4f2f66d3fcfb5bc585bbf85eb
SHA256 310e2fdaf46c5f3a182064187184702503542beabcfd4ab8c67978415a63ff3b
SHA512 e2541436985975039fb8d10e369e0acf33bc01823951da91cf6db6ebee890dc0c284a02f23938c4e0145a242a70b3a5f54aab24ebf1787acd1c810e059078313