Analysis Overview
SHA256
facbe2969600f7dc612edf2d0ab85317eb6f3cfd2da416a2ead7953bc4a13677
Threat Level: Known bad
The file wallpaper.jpg was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand GOOGLE.
Drops file in Windows directory
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 17:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 17:00
Reported
2025-01-27 17:20
Platform
win10ltsc2021-20250113-en
Max time kernel
1197s
Max time network
1200s
Command Line
Signatures
Detected google phishing page
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand GOOGLE.
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2449540194-3226363261-2578591490-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\wallpaper.jpg"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d605b9-713e-4601-91c7-f51775ac679f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {549b6dc0-7b1f-43aa-852b-e61886175468} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1064 -childID 1 -isForBrowser -prefsHandle 1436 -prefMapHandle 2732 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2442376b-ab7c-428f-82a0-4dfd4764c1cd} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebcfe6ca-b725-4b54-9eae-87a17dc7be22} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4620 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4616 -prefMapHandle 4612 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {229981f6-c2fa-41ef-bfae-15127dc9074f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 4824 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca0ebad-7e74-4fe0-95f3-bdae7fc627f7} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 4 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde72b27-94f8-44a9-b02f-39099024c392} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5624 -prefMapHandle 5440 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f995e6b-f7c3-41ef-8674-0c4e6202be41} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3324 -childID 6 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 33043 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10642caf-9e06-4d4e-9ee3-89ce002456b8} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -childID 7 -isForBrowser -prefsHandle 6428 -prefMapHandle 6596 -prefsLen 27552 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d0cf29e-8e1b-496d-91d2-90c3a7b72a0e} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7024 -childID 8 -isForBrowser -prefsHandle 7048 -prefMapHandle 7044 -prefsLen 27602 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {661beb05-2df2-49f1-9375-da51709e8666} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7048 -childID 9 -isForBrowser -prefsHandle 7240 -prefMapHandle 7244 -prefsLen 27602 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba791a5-115b-4939-8d4a-c06b3fb67b91} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7340 -parentBuildID 20240401114208 -prefsHandle 7212 -prefMapHandle 7332 -prefsLen 33419 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7989ceae-bef3-4a06-a93b-0445bdbc2d7d} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7408 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7400 -prefMapHandle 6060 -prefsLen 33419 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a86be04-e59f-49c9-9e32-9be66a54397f} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 10 -isForBrowser -prefsHandle 5820 -prefMapHandle 5836 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2973a6d2-ac72-4d0b-a9a9-52050201fedb} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1288 -childID 11 -isForBrowser -prefsHandle 6676 -prefMapHandle 6864 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {622943bd-9a87-4ac6-93dc-6834208741f0} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 12 -isForBrowser -prefsHandle 5716 -prefMapHandle 5704 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c672ffc5-cb2c-4e5e-9e46-06e1631c1da3} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6028 -childID 13 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcfb77e1-9a39-4885-a919-a61e40583b98} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6756 -childID 14 -isForBrowser -prefsHandle 6880 -prefMapHandle 6668 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e31bf80-6d8c-4ba6-bc7c-bbb6ca7f5ae7} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6220 -childID 15 -isForBrowser -prefsHandle 3036 -prefMapHandle 7752 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832fb6e2-36d1-43fe-9f57-23d34e0d180a} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7852 -childID 16 -isForBrowser -prefsHandle 6756 -prefMapHandle 7868 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9db2b58-03c9-4b3a-9874-fecc8b05e38a} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2560 -childID 17 -isForBrowser -prefsHandle 7140 -prefMapHandle 7012 -prefsLen 28633 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69be4d1b-f3a4-4714-9457-42a31f8dfe0e} 4804 "\\.\pipe\gecko-crash-server-pipe.4804" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.90.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.115.23.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:49786 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 151.101.195.19:443 | www.mozilla.org | tcp |
| US | 151.101.195.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.195.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 91.39.148.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:49795 | tcp | |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | wiki.mozilla.org | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.wikimo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | prod.wikimo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | 215.124.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.54.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 222.125.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| FR | 172.217.20.165:80 | mail.google.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| FR | 172.217.20.165:80 | mail.google.com | tcp |
| FR | 172.217.20.165:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 165.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| FR | 142.250.179.78:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.78:443 | www3.l.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 23.200.87.12:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| BE | 66.102.1.100:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| BE | 66.102.1.100:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.233:443 | r4---sn-5hne6n6e.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-5hne6n6e.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.233:443 | r4.sn-5hne6n6e.gvt1.com | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.87.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| FR | 172.217.18.202:443 | signaler-pa.googleapis.com | tcp |
| FR | 172.217.18.202:443 | signaler-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| FR | 172.217.18.202:443 | signaler-pa.googleapis.com | udp |
| FR | 172.217.18.202:443 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 13.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| FR | 172.217.20.165:443 | mail.google.com | tcp |
| FR | 172.217.18.202:443 | signaler-pa.googleapis.com | tcp |
| US | 142.251.173.84:443 | accounts.google.com | tcp |
| FR | 172.217.18.202:443 | signaler-pa.googleapis.com | udp |
| FR | 142.250.179.78:443 | www3.l.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| FR | 172.217.20.165:80 | mail.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| FR | 172.217.18.202:443 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| FR | 142.250.179.78:443 | www3.l.google.com | tcp |
| FR | 142.250.179.78:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\7f1c9dc1-7448-40d9-807a-a82f6b2cc2e9
| MD5 | 342c909019f7074f83d456ec58d1a765 |
| SHA1 | 2001fb11be51c6b86b3f71551a74e655c70a664c |
| SHA256 | fbfa0e5f8143472385edd838c46b72eb5e707f30d51ab24c38a3d7d22c8a837d |
| SHA512 | 53573084c27050af7a2fdb40689e55ad9f0d4e212771be4618e8c7ef00a17a35de5d45323c0bdf047178c399af7137374a5e20cb7c773db05712021bcdfc00f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\3f61160f-1fd3-4ad6-bf1e-8ff90e0567a5
| MD5 | 0a5433918c704cdd48bd2cf6a68c9305 |
| SHA1 | 9e6568f9a017be79290fdbf9367aeaae40911cf5 |
| SHA256 | 1addc1529946a70f854acf686008d9822682fd255540144e519785346268205b |
| SHA512 | a69d7b2b7cc057cd3f7dd0b4f4454437b284d4198fa09cae2fdc284cf835c2f4bc9fd2d4bd95514afa292841256e7cae60d47649fa88a93b6f21a6245709ad17 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\pending_pings\206ffe01-be48-498a-b420-d5ca07a75eba
| MD5 | 2b43b4c0ccfe9c30a4589d67ffc31a4c |
| SHA1 | fbdd091091266104993513c21d69a0bf7805c08e |
| SHA256 | bd9524d9e74b2ddfdd8b06ad8f36e8dd57d4dce2f22d135ac348f5a5ec5ee63b |
| SHA512 | 61c18c342d01a46aa20e3b23206bccf20399a732f6d2fdc56de9c60c76e629f482c59fadaeb18f0f8f2e8ee4285a3a142d85e331b5800fb4a34f5703d3af1ebf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f3905ae6219cfb2bf4a9291d3088c126 |
| SHA1 | 3a64fbaddb4b8b61c044e3f313fca04b06ea88a7 |
| SHA256 | 36583df7ed5474d484c4f538ef981070fb74583fd9c98cad895421ba652003f5 |
| SHA512 | 7cc0a35f3cbd5be33d13ff9797a53182efb2342fca5a78b388fefc94fb4425f6ae5f6e681853f528d1e55e5815249218f218023b770c3efc5decd3278a85c20f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\activity-stream.discovery_stream.json
| MD5 | 8f103cd52f284ce1e77bc8760c140b31 |
| SHA1 | a0d22cb00bc6ce132e520b3fc790db8d5fb7ff2d |
| SHA256 | 517149c893924868e07eac2fc522e038552ed237977402ce9edcad36412e27ba |
| SHA512 | c2ee8b7dd61a83b688b4585ccbb36b95bf2519a20156049e59dba413c645c47b003ef98a9c6790946404e981e6c870ddf5ef9d49b04f864bf02e3e1b4cf98c2d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs.js
| MD5 | df109fd86daa94571003e1b77576c2fe |
| SHA1 | 856974f62cf956153bd204a2b5e8ddbef92b7f52 |
| SHA256 | 3b3452214a9c5a5a1dde2c3e183f5b41adf3d44c19e7ba039b2bcab4df5bf1e3 |
| SHA512 | 4a531d5de8670f3a3108d18ca1c861ac133fbf611c73b42b79185d16766530a48e8cc0c4ac9e2c0b7e8345e7f8ce5c16e35923337c38b8958456ce8693b4acf0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs-1.js
| MD5 | 6d0f45e38d36b533b2a5d9837c54cbf2 |
| SHA1 | e8b133c104eb11e0f23612665b99de18a9f0184d |
| SHA256 | da064c4e0dd6f30ba922d2fb831929c43f1bbb63296802a5734f81654426fbd0 |
| SHA512 | 7a5b79e10c1dfd98955c53987f7a43b6fa8cc43080e6ac1533e4c6d9b7e904873b62d9c407f981ee5c79823b3e018af518e8a344ca098dacd42cff32c2844d55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b6344be864a1530a4f41edb1b2ff16f5 |
| SHA1 | 7fca8046c01828ed0351e91a83a80ffd8f723d12 |
| SHA256 | 5956de3fa4a54428fa3a9991eb537c8554fd4241bb9ff3575cb934ddcb592547 |
| SHA512 | a57a96d2fd1da64327d70b35701e811142a1dafd431f6fa229a0221e4f3933f73841602431cc49756ffefa5a9acfb9bb0caf28358686b9d4098b11be31f8a885 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs-1.js
| MD5 | 2cbf52b17753f68b530af482344cd5c8 |
| SHA1 | 1e3025577fa925dc6cd1b2c7924ecfe09b806b4f |
| SHA256 | e85c0d17b7dc7ba13a7a459ef8799f70b11bcc9c93a7409fff7cf02c5b5f2e9a |
| SHA512 | d60951aacbb456d496006a2c4d1fd77bb3877c0250880ac6434e31b3d99e20d4ea1b690f75ace8efcb18f6b2f98244a4f78bff13b0d2d1f6bf89f364cd8481d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6bc209741cba678f8fe2be70518e5a07 |
| SHA1 | ed0fd2edafb46bf27b72ec8e65595d4d2023232f |
| SHA256 | d1dff420af789bccf43b91b694002efa3f1beea5c4c9e6418577e218f8f81cf7 |
| SHA512 | 6deebe77d2d433def3790d5c919afd7186c23a8d76aaadff71e57d85f4ff515cb86c14fd67e42ea08bfc5cebdd26fa68939b481af3c91fd72e05626fe7b33c9f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin
| MD5 | aa627985f69faf6b5c8938db94062347 |
| SHA1 | 628c7beb4614afa1afa340a926d20b7c45a3c89d |
| SHA256 | 7d4148e5d1174fd9e7971f6eb066b294b83ecd413f2bf57f2af026046659e4de |
| SHA512 | 94c2a7c2322397335c9fbcc69f6f53ccbd150449d68c6771b957f3b3ea0eaefc4098ef628994aa6b297c45d6f396b6f63bd413cd9e4e0fbdb872c4f4af865bac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d0563c85048734ada7d2ce7d0415707c |
| SHA1 | 71e613d25aaf96acfc6345d6305a77a3a0490f16 |
| SHA256 | f6afbd2f0c37e3e20036370c0924cbf2fe244cb58768d9f71b37905378d30bc1 |
| SHA512 | bfc67f22c46ab82ebbe0121709d8c45597511946d44031bd9771f1ae57e1aa7b35808dea92abc6032519a0eefd9c304392cf27993cc9fb15e2bdecd5a45587b5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs-1.js
| MD5 | 110a220aa1517ca1bcde0dd8039bc53d |
| SHA1 | 2b1f0f5df7b8b9ed69831b1b728262ffdbe18137 |
| SHA256 | c440af30ce247bb4a0ea229f6d924c40c4967c4e6032f10439f3c88670e9c77b |
| SHA512 | 058e6abcc038abd5113ddf9c20def8191bd6ad01cb31624a8d305fac6377e7504e43790a9f29b87d50c7b55d245de8816919ffed41215650b62253a688f99054 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin
| MD5 | 5307998aeff01c0e36f8c57f28318b60 |
| SHA1 | e18a00529bd6ba398e363be4ae997d33c07dcc1d |
| SHA256 | eff3f38427c0302e1621f05e6ffc8d386c96ca2e09b9b3564a7e79e8ef51b117 |
| SHA512 | ff5bfab500b6dc003579d64f3cc4891db5643d8d4840f8615bcc12277d7efa105c84fc18efcc72aa8b9fc2882c8e939ebd8271958222804673ea78106d20e6e4 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a95d067d4ce4911054a1188c7ace92fc |
| SHA1 | 5243d62b42763d63dcdf2ac0aacc969fbd7f30ce |
| SHA256 | 5c678db4d2e708f61ac12756c7adff3cbf3c86af1ad4f818308268e07742fded |
| SHA512 | 23074b882f184766f5ecac73a613f7386b48cc2b0419756c48722ad1506ef5a5c612d5941bf43ea946fea6b746e79c024bba6a211e94ad41bee7a055dc21dd3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 766c293d9ccd17263679d4887233ca7f |
| SHA1 | cf3275da0d9f65c2a0907ab929d9cb5bcd56dceb |
| SHA256 | 84c82c2e8d829f04f6635aa80e3809fc3f4defab12253bf34f108212e176add0 |
| SHA512 | f783d9c7cc77250bfeb2935970980a61adf40c2b521f06873ed018c03c585ab49a6f976e96e5cbbaa26358aac3cb94e0f68fd1c7cfb01d7e376cded648f2c7f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 53041baf4b7573c6db53078bb230f7a9 |
| SHA1 | 0220b5b846ff66a8fa981bc6f80845cf0d79dc9d |
| SHA256 | 595badd3cc8b3031e08528c6f34904aa38599cca9bb8e2f3fdc8309b28aff2e8 |
| SHA512 | d553ef756c883a57a58e808187b3e9ddbd3fb5e0df72961082cec90e146b1ffa749bf927f261d85a015c84fc4efb712303193d112063b13442fb82fa1775a90c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\cache2\doomed\28969
| MD5 | a5c372849537af0598be8dd48f7a8b37 |
| SHA1 | 28280101824be39f14f641e1448f85f9c48be2ab |
| SHA256 | f3a2dbf1e0dcbba6b554596419c1a3e5cb4680c5587d64e8e67e60349bc8ed66 |
| SHA512 | a47a5a13d15bd530c4bd8708aa762ae8cf05afd7bfbae78f241fe8c3ed884c152a01ddc61808a3d4897da42d8ab9fbf1a8cf858fa90da87a4f6b74c1955d0175 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8bc28e5e3ebfa3beaea6dd282405b2f7 |
| SHA1 | 5a10827fcca8c379cee9d82d19bc4d50466addba |
| SHA256 | f4882b9ea6c15bba08922180725255e263494d14a1ab9124724a5991f0ff82f0 |
| SHA512 | f6ecbd26fbdcb4247bf4aad0d801cd10ea0342361d975d16c7e2fc5d3e96a68728dd0a1bd24ce67dd4940516030720f282aee01bb54e7caca2b1f6f9f9655ce1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\jumpListCache\k5IAd5bmbBeGvGVjASMRd4I1kROajJV1HK8HHQSXS7k=.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7b10ba9c560d10156bda4e4193daaafd |
| SHA1 | 5a055aa7f198b4a039846aba87540e4a6a8eb2a2 |
| SHA256 | 63293d33be62ccccfe53cac3b3b823c313df40e2297923e43c838048b4403832 |
| SHA512 | 3cf74f72742a2b22fd31225e9bbf406986f53b9965c8f5f53222fb7fa6f95a2ef7fd5dce85ef694f3e86dcf57ddb265a925650c0e3436a1e30f3c049560da5b0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\cache2\entries\9101746EA8258A5B97B04A344FC767B0D7D65A64
| MD5 | d7858cadf931e1cc8778ce5ab3e1cf77 |
| SHA1 | abed47a7625acf9f1711e647b20884b1e231d687 |
| SHA256 | d8af935ce1755d74d5abdc42f7ae87c9880b8af109a7d92a2f63fc988d369091 |
| SHA512 | 986e6d313edcc1adce76afcb06ec6393cf4087b3a2be3d1b2b7f6cec75fb5e20a1f31009b59dac55e2966e7ce22646b521d63700ce9eaa92b3e1bb781ea186f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e9c3d31ef7286ec4cc443b26a9ef4703 |
| SHA1 | cf75f3fa390cd753d960347e513da4825b164879 |
| SHA256 | 6940fd535ab4e7db945aea70b9a8913e1f176a229e74f90cf6d32199a938c2d0 |
| SHA512 | b54d2add1425f087fdde9da571ecd1154a6f8c536aa8320059f27c2cc1f1a6052dab693db231cd1e65b9765613954051610ffe54fc8fe123787a52c6b893e289 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8416a47f3c5801a68d242d552166cf76 |
| SHA1 | babab20ab7a70aa57dee939c568fea23629262e5 |
| SHA256 | 5dd597c3188b958cae7937d2cd5e04509e072084481fa438dabb90916705680d |
| SHA512 | a4748ed85587d83c97cae1dcaada0ee39ce091483aa0bed2f81a1d630849b49037f8ebd67562d456e006e29265eeb75f33b3267194b574d2fe557f43658aacbe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a9c7d41865024015295a310058af820f |
| SHA1 | 398725b7a7cdd2fba6cf318dcf2be0958da138d6 |
| SHA256 | 7aa16ea46e59aa17d9a9b4213c83eb4c210e21ee28b6d9d9d38e0e32ccb2531d |
| SHA512 | e1a8d0f60219e9c1633393e1593ecc52a7d020d0a86678c1078ffd062390a8adedce25dd0e5909af14a1a387b49299bc0fbfcc6afe05613d28fc9775fdbe410d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 35d7c60565eee7024c381d42912628b2 |
| SHA1 | 0415aef10795ebfa3121713a3d58cc6b7ab74663 |
| SHA256 | 9bc9354e9ed2a6a266e321ccaf2cd6b713be2e06f3dcc574b0e58af896879260 |
| SHA512 | 6e3903611ea9f2159b01d8ac954f8b9757c1a1feb38feaa02e719b206ebfaaab45d7c5e7143741370ec65ea4347b78104743c9041d09e8e34ef427aaf317d794 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 751acecbabefb16186dff2c047f94cb9 |
| SHA1 | 6a14a7cf464730ea1597c59395f3aecad480bbe4 |
| SHA256 | a08f958f2a087063bc9f2f3fe08f2892c0ab32c7cf649651cad934ef7de9505a |
| SHA512 | 72e6fd949d6f52a0b6b2a16244ad25105ddbd14e74fe1ee6b565af17b9d8b3c7b4b4df72c2b690c4b9d42eecad038a1ed275de3cee68109e5b8e7136fcb1751b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | b26abd3a3c164d036dd5a028278959f6 |
| SHA1 | 637fcc20dc722a10c915fe11d6295db2b2c14610 |
| SHA256 | ff47515ed99cdd02e2e7bf1510701390b1b31d017927a9a085d00fca90f41602 |
| SHA512 | 3c60a92412e20d0bc85f13ebfa3ae1af30a199bc235cba0fb84893f3bf8e8c87f966bc4febb712696e1ca70c149e1a42608613129c52284c943a7b972396b35e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2d0ca8a213daaeb978ab48bdb9ca892b |
| SHA1 | a47dc2eda7e43915e3e605ddf66eae1eb39e51b7 |
| SHA256 | b6900c44318f5e8bc517dbe2d8a624987c5b6c8684e5eda5303f262415151be9 |
| SHA512 | 0b08cfbed1a2c86105f9ade8d9423f08fdb8fe34510b5e5c751ae5e2a7294c0e767dfc1cd1b8099ace78c3f620714db9f94279a48281875eec8124b574a383aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\AlternateServices.bin
| MD5 | 5792385bcf9d3dfaaddb89227e6b586b |
| SHA1 | d6f9e047eb4a73ddaf4d3a8fd761790170ae7e2a |
| SHA256 | 1a0f967dde09f6bfd7ef38ae68f101441bac3e0fd16a1b901bd41464cc0b6a09 |
| SHA512 | 75ce0c92eb022045459ed4a0fd8fa7e6b346e48b4b73f5e6fe4b3fd9c468150eab722050fcd7c1ab7a16c037cb3364e1ca87692f24a37ab5e03ace148d30f221 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lojadwsr.default-release\thumbnails\94352378ea009f591bc74551cfdc01b1.png
| MD5 | 11893fe8163fba916a5cc4190640105f |
| SHA1 | 118149e6602f9fbccf06b7c39381cb8793ab45a1 |
| SHA256 | ab619ba96835159f27998cab9cda06abd67e678fc8ca301b2425295cdaa1a8f8 |
| SHA512 | 9513c7abb01b8cefa4281794f143e8f4a7328bee9f5fba6c74770281aff562ceaa5dd5fc9fdf5bd80e5238b9ba70461bf2dfbb5b8b7b2a8c02284c7862636244 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0e44b9eefc46331fed1e75ea097f2c66 |
| SHA1 | 217613ab734b1df064b100bbfaf32b8fafd9aef0 |
| SHA256 | 17fdc23e260586ed0e3e3d853188b584e61d02297fcfd64b360de1714c79b803 |
| SHA512 | 0fe8c81ce480a7c9845ff310494579de0dd0ac405a434c19768c0cf997743b497d36f49c42800695987ef4d4213cd635f19587064207d714afe00efd632fa890 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\prefs-1.js
| MD5 | 178c1a619d28b30cf3785774f8dbf0ba |
| SHA1 | a3f03d5e76703b0d4f4b0b63d40e7b52fdb48b6b |
| SHA256 | 0c0f22475ea2d1425eb9f5b646a1c9fd07d386e534b4a95556404c28744abe6d |
| SHA512 | ef8d50eedf69461303a52d34c89be3e4895290144ec3b8c2bb7cf6871e77c0557c08e9cb77683224908d8748ad950f6a5e10bac0b049a25040b8d0ffff2fb4d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c23302fc378c28cd1904911a6349b65a |
| SHA1 | ff47d05f5d4f67a7df2218c8941b5b2965aeed0a |
| SHA256 | 556f47ea02274efd65beeb570845a00199c5f2b439a54dd9fa1aae6e226212ca |
| SHA512 | 68079b0bb3c72111fabb1a49257be832fea24c932067b134f794db5e52bd159279a1a6d999bea5410c0c54c7842c2251ce47bffd163d196b028f6f744c48744c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 9630c10111caafb1453c388790a435fa |
| SHA1 | 66a7f4b78042d2e7394e4e4dd9d3c2d287e6e3a9 |
| SHA256 | 7bc920504c1f4fe0423d10d98e8a8cea0d6454fa46860415389c9299bbc78140 |
| SHA512 | 7f385c6a3a22eec085979cd03fe7bd1e4b7a17404824647d05db29d073533b456ed1f97f43400c7f2a206f6896399d83a275a49fd2ab23b3e661f0d493fa90c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lojadwsr.default-release\bookmarkbackups\bookmarks-2025-01-27_11_k9c4cHCwDm-06SJ8j2XzNg==.jsonlz4
| MD5 | 77094adb05c103038609be1864bb6059 |
| SHA1 | fee44263833f63ce2f7684c944b6c9840809171d |
| SHA256 | 87e598a9a78d43c6d1be02b0849e73cb584468a05f43a7d49fbc9153e9482b4a |
| SHA512 | b6abf7ad1b1abe8390f6421efeacd823a506dd461b68e710ef9ac900b599872f76c5fac20d483c1032b8392b676a707b677c58069590c2bb3e09956210ec098f |