Malware Analysis Report

2024-10-10 10:15

Sample ID 230405-r4madafd27
Target Venom5-HVNC-Rat.zip
SHA256 7da2fead1f047d7944281ec28881f8b765c6cd484712d4f5b3c79798b957231c
Tags
arrowrat asyncrat %group% agilenet rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7da2fead1f047d7944281ec28881f8b765c6cd484712d4f5b3c79798b957231c

Threat Level: Known bad

The file Venom5-HVNC-Rat.zip was found to be: Known bad.

Malicious Activity Summary

arrowrat asyncrat %group% agilenet rat

ArrowRat

AsyncRat

Async RAT payload

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Drops startup file

Checks computer location settings

Enumerates physical storage devices

Checks processor information in registry

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-05 14:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-05 14:44

Reported

2023-04-05 15:05

Platform

win10v2004-20230220-en

Max time kernel

1200s

Max time network

1010s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe"

Signatures

ArrowRat

rat arrowrat

AsyncRat

rat asyncrat

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe C:\Users\Admin\Desktop\New folder\crack.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe C:\Users\Admin\Desktop\New folder\crack.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\crack.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\crack.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4296 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe C:\Users\Admin\Desktop\New folder\crack.exe
PID 4296 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe C:\Users\Admin\Desktop\New folder\crack.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1988 wrote to memory of 1600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 1656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 2688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1600 wrote to memory of 772 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe

"C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe"

C:\Users\Admin\Desktop\New folder\crack.exe

"C:\Users\Admin\Desktop\New folder\crack.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap2010:70:7zEvent10219 -ad -saa -- "C:\Users\Admin\Desktop\New folder"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.0.1463128414\916207765" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {234d4ff0-d9d6-4264-93d0-6fa976440550} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 1916 1a00ba18958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.1.233151503\1922137905" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b66cb18-8608-4ac1-a670-61777243ebf2} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 2316 1a00a80e258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.2.1731492123\1439188679" -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3284 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32c2dfd7-35dd-4c8f-b31a-11936de0237b} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 3296 1a00e748258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.3.456069161\2056623226" -childID 2 -isForBrowser -prefsHandle 2348 -prefMapHandle 2360 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94a57878-f3a8-4064-a205-9678970fcbcd} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 1124 1a00d0fb558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.4.497075395\149770950" -childID 3 -isForBrowser -prefsHandle 2988 -prefMapHandle 2936 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a62a27e-164d-46aa-ad21-9307d230849b} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 2772 1a00f4d8858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.5.942644048\586419473" -childID 4 -isForBrowser -prefsHandle 4736 -prefMapHandle 2836 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {331891f6-fc72-4a22-881c-8119f14e5d2a} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 4884 1a00e8c0b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.7.284863264\331737129" -childID 6 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {255836fc-b886-452e-b452-873923c9cfab} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 5348 1a010fd1c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.6.690031505\1257193456" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58b5ef95-7890-45e1-a2b7-1942010eb2b7} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 5160 1a010fcfb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.8.496184295\33830497" -childID 7 -isForBrowser -prefsHandle 5824 -prefMapHandle 5764 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4601cb3-50dd-4f19-9d56-8725fd325e5b} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 5832 1a013598f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.9.1057915910\1813862467" -childID 8 -isForBrowser -prefsHandle 5656 -prefMapHandle 5684 -prefsLen 26755 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3718781a-54c5-4ac5-995a-e0f1e4414e05} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 5728 1a0138f9258 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 209.78.101.95.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 20.42.65.90:443 tcp
US 8.8.8.8:53 assets.msn.com udp
DE 104.126.37.40:443 assets.msn.com tcp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 40.37.126.104.in-addr.arpa udp
N/A 127.0.0.1:50141 tcp
N/A 127.0.0.1:50148 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.238.157.127:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 push.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 150.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 127.157.238.44.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 wdfiles.ru udp
RU 92.101.72.41:80 wdfiles.ru tcp
RU 92.101.72.41:80 wdfiles.ru tcp
US 8.8.8.8:53 wdfiles.ru udp
US 8.8.8.8:53 wdfiles.ru udp
RU 92.101.72.41:443 wdfiles.ru tcp
RU 92.101.72.41:443 wdfiles.ru tcp
RU 92.101.72.41:443 wdfiles.ru tcp
RU 92.101.72.41:443 wdfiles.ru tcp
RU 92.101.72.41:443 wdfiles.ru tcp
RU 92.101.72.41:443 wdfiles.ru tcp
US 8.8.8.8:53 41.72.101.92.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 wdho.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 92.101.72.41:443 wdho.ru tcp
US 8.8.8.8:53 wdho.ru udp
US 8.8.8.8:53 wdho.ru udp
RU 92.101.72.41:443 wdho.ru tcp
RU 92.101.72.41:443 wdho.ru tcp
RU 92.101.72.41:443 wdho.ru tcp
RU 92.101.72.41:443 wdho.ru tcp
RU 92.101.72.41:443 wdho.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 wdfiles.ru udp
US 8.8.8.8:53 wdfiles.ru udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
FR 23.200.87.12:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-5hneknee.gvt1.com udp
NL 74.125.8.73:443 r4---sn-5hneknee.gvt1.com tcp
US 8.8.8.8:53 r4.sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 12.87.200.23.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 r4.sn-5hneknee.gvt1.com udp
NL 74.125.8.73:443 r4.sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 73.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.111.73.144:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.111.73.144:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.111.73.144:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 144.73.111.34.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 95e9767693f0393921c0985ff1466374
SHA1 f785f7f6479c044f436f7d211ee7993d60f1397a
SHA256 6d09e591e64d856c8137dc1dff7a9623e8aed7e4e057419419e98df9940215bc
SHA512 3b834bc78e3057a7223fc1669a455c37da381df2bd6aaf30a9232657944d5309de74625e1f90781396c516e0149474a5ef83c7dec4ffdad99bf69955a9af0f17

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net40\Vestris.ResourceLib.xml

MD5 5d2dee455b4003b6624b6dd890edb279
SHA1 4cdb025c8c5935bfc49871fca80fc4a346acd579
SHA256 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
SHA512 90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

C:\Users\Admin\Desktop\New folder\crack.exe

MD5 b441b71b1ce23257d6f40bd7555703ac
SHA1 961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256 eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512 e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

C:\Users\Admin\Desktop\New folder\crack.exe

MD5 b441b71b1ce23257d6f40bd7555703ac
SHA1 961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256 eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512 e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

C:\Users\Admin\Desktop\New folder\crack.exe

MD5 b441b71b1ce23257d6f40bd7555703ac
SHA1 961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256 eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512 e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

memory/3908-454-0x0000000000900000-0x000000000090C000-memory.dmp

memory/3908-457-0x000000001D050000-0x000000001D060000-memory.dmp

memory/3908-458-0x000000001D050000-0x000000001D060000-memory.dmp

C:\Users\Admin\Desktop\New folder\7z.exe

MD5 3e797119e0fd64297cb82794b8d68edd
SHA1 a67d3b35743f6ca383673a3848b8c97ec164cc0d
SHA256 c7245e21a7553d9e52d434002a401c77a7ca7d0f245f2311b0ddf16f8f946c6f
SHA512 1378c54a3a1c5bd73c04e787d218f245024625003d689379013f1343c7f9e6282d670c3d68edce6006629ca90cddd27ac3f53f640f96c4936bbff319658caef8

C:\Users\Admin\Desktop\New folder\BouncyCastle.Crypto.dll

MD5 3551343fab213740bbb022e3a6dcf27b
SHA1 de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f
SHA256 5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6
SHA512 e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

C:\Users\Admin\Desktop\New folder\cGeoIp.dll

MD5 6d6e172e7965d1250a4a6f8a0513aa9f
SHA1 b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256 d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA512 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

C:\Users\Admin\Desktop\New folder\Guna.UI2.dll

MD5 0188fce753516183a41c4d146e337778
SHA1 eb0f5324e8dd08a181d4bdfc1d90543077b2ee67
SHA256 ee4449bccf826cbc56c13087d54a1a69fd42464d437ce8f355ac6afb61df6829
SHA512 b3aafc9a80eec37556f4e60ab23579dd7d42c060b3ca2064d6d0c16901b54500503750868bef651a01401551551e372ac9fd459029c5d0efdd2aa385384916fc

C:\Users\Admin\Desktop\New folder\dnlib.dll

MD5 4d0b771879de85137ee7e5f0d4bb4b16
SHA1 fc32cccd0cd5c3ebd968bcdf48e32a7ea25e9bd7
SHA256 962332e8c8cb459fb2f7dacec5d7a618cc53b1b49bc1740156398c89742f43fd
SHA512 bae39862ea07ebc5c9aa07a7333a880471baf4bf52eebedc03536e45584887eecc1075e0c0171229a54900ab93a66db9f666aa631c160912f538666da8c9e980

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net45\Vestris.ResourceLib.xml

MD5 5d2dee455b4003b6624b6dd890edb279
SHA1 4cdb025c8c5935bfc49871fca80fc4a346acd579
SHA256 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
SHA512 90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net45\Vestris.ResourceLib.dll

MD5 22fbd571c82399e06e0a7321eedef722
SHA1 ed5aa859dc8141d93a2bd8a8dd14fc50391b66db
SHA256 c05a6f13106e2dd10ae279c3435fb63fbabdc328f94d8065231c3cacfff5fc4b
SHA512 65aa846054a2b0c0dcb2db15273269d8514e000ac67e71542f910d8f556a0ea11e5ab5400b7f2026e5e51fef185d8e12379ac52fa4788c8940727a3721d134d0

C:\Users\Admin\Desktop\New folder\Plugins\Recovery.dll

MD5 902c646c9cfad54cb1271b8d4db4ce10
SHA1 96776a4cbe93a5e1a8a4b52a4a03172a27429a59
SHA256 d446330954f19467b8e8b09b4773781c54292c2a3dbdeab27619baac0664074e
SHA512 f3c7437888ca312ac5b617d0f574839a740735abfeaf07817e0baa62a372f84f16b932aa4d6ba60e8f040b2ba9a4bc45b2c7ce05a0a1a471a18b5aae17fd3d76

C:\Users\Admin\Desktop\New folder\Plugins\RemoteDesktop.dll

MD5 f75278e1fbfa2def4723a73daec54547
SHA1 5dbffd558e99dbbe66d06efd3fa40f98d66db6cb
SHA256 5bb6b6c1c4a1bcd5b53739f455fa06dc79b05a58c24dda17aebdb19700abf89d
SHA512 1d779ad89fcb5dfc07da5e19f3583740907a2286454413535b9d87943252d89dfda56b675cec302e29986f316eac48f93f7e6edf612d7632931cc55567505e57

C:\Users\Admin\Desktop\New folder\Stub\client

MD5 f4fdcb900e7af47100ac9e46945fbd55
SHA1 c1d235a9a2cae8d5a8d4f6ceb4eab9417e1b1fb2
SHA256 9160b90fa4a6a9cf22f943dba92cec64e2dc03c2317b5d9ab50a753fc410ce43
SHA512 236eef98d4695a5e1224a87a1dc598639e5c49f6dd192a96cc1b9f8305faa57078deb62d73906a33ba1c1fac4fa5ccc5f344a0f196dbba718b76a36667984ac2

C:\Users\Admin\Desktop\New folder\System.Console.dll

MD5 ea9376c17ee0148f0503028ad4501a92
SHA1 9d5686cbf45e90df5e11d87e7b90173a1a64b1a0
SHA256 b537313413f80105f143cc144feeae2ac93f44747727de309a71d57d2650034a
SHA512 18d1bb2d5c469644078d75766dbf04addf7d0c543f7ed15ff522ceeaef960900dd8ec68172f5d684b76b0aa6946bb38d641f021ec04c70ad66a6062c10412e0a

C:\Users\Admin\Desktop\New folder\System.ComponentModel.TypeConverter.dll

MD5 d1699287934da769fc31e07f80762511
SHA1 bfe2384a92b385665689ad5a72f23abc8c022d82
SHA256 0dbb92ecd5dfa7fc258bc6deed4cecf1b37f895457fd06976496926abdb317bb
SHA512 4fef3e1535f546ffdde0683f32a069beeffe89096524c7068f1f5ce8377824f82ae530d3990c9dd51bccaa9e53fded5613fa1174013325808059276dee771187

C:\Users\Admin\Desktop\New folder\System.ComponentModel.Primitives.dll

MD5 2f39655ccfc010e32a7240d9bf5d0852
SHA1 20aeaed12dfb8d71e39687350eb12bc0de372af0
SHA256 bfcd867f71c887429dfe008d7ec5d1853d15b3932d4ce8991694293477b5be37
SHA512 9769e59279a32f29c2f2c6970c81d3ed76fe3421b819ddffc8fa98329f1b45300c737fdf71956672f80f69b3a75727d184f8c421e00b84e94163a86cb744a991

C:\Users\Admin\Desktop\New folder\System.ComponentModel.EventBasedAsync.dll

MD5 6067ecbab3c6dddb6bf7c49c7948caa8
SHA1 5f3da777af01dbc159bd8d9d97d5dc105918afc5
SHA256 22108e32e0b6e42f5f52a4cb17b9b6fa3dfd547ecd9eef9c67226dbec54d23e5
SHA512 9f3e834b8342e0c7aa5ccc993b520d664b03f1f0091066c66067923e1d4991efa03f63908552538c05f423aa2b696de7c76993f71a7564f3e87662cb0fc00726

C:\Users\Admin\Desktop\New folder\System.ComponentModel.dll

MD5 632cc8ad69b76fd9bb5847de1e1439f7
SHA1 2e32d50ec33ec6635681485b754f4e58d434a5ee
SHA256 5e61d755616cb10524f5f31e9b70c65a7fff8e30e25ce711ac8b354d657ab479
SHA512 9ba5cc82573308e5d995ba05bc660fc1c087eb91d8bd7efca6ff838a3c47bd6118d9c92919b2e0dac11a5a27977318c5c819499dc19cd5d6e57122a0749858c6

C:\Users\Admin\Desktop\New folder\System.Collections.Specialized.dll

MD5 b52c339601cb264f83df72d802e98687
SHA1 8bbb7badaaa912c1f17775e9acdcab389704c772
SHA256 938da38561da54793944e95e94b6e11cf83aacd667487297d428fbce1c06dc9c
SHA512 287f08ab07827570f9f3ef48a6d7e5c186899a2704fb3dbaf36975f6be7b29fb6695a69fab85a6f09bddefb60c79052c3a33cf862651f892eb9d773d880b3af8

C:\Users\Admin\Desktop\New folder\System.Collections.NonGeneric.dll

MD5 45ff71114047dbf934c90e17677fa994
SHA1 526c688e71a7d7410007ad5aa6ea8b83cace76c5
SHA256 529943c0cdf24f57e94bf03fac5f40b94a638625027a02df79e1e8cb5d9bc696
SHA512 29684ac5391268eaa276196a6249364f6d23abfe59bdc304a561cf326cea6cd662fa04c05e15924fd6d3f9e9d1607992b8dcad3f817cfe891580f9d9462fe9b7

C:\Users\Admin\Desktop\New folder\System.Collections.dll

MD5 1d8aafeca1ea565b257384d3f64864b0
SHA1 4d923b100142afa2e0a8b7acdb3a6de6feb91148
SHA256 c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707
SHA512 99e4a226e1fabb348e7ef7c6fa56ad0ce4e4cf5d8569ce21881703dca8d83a1c113fd5f440a4fc9e9b99a04ae8cf4490e17d62ffc09cfac5a45678a4419efdbb

C:\Users\Admin\Desktop\New folder\System.Collections.Concurrent.dll

MD5 559c98eb9633c7ba1bc813f8e6e0e9a5
SHA1 311f52b31611e6dc5fd4c0159bfa452c22980ca7
SHA256 cc62f3b867d50083c2932061f20662c698d2e1a741c4d2f9df1fd2d435e3ef3c
SHA512 e241c16869d1cdbb2c6482a7c5b2af93de4ba0cef8185b8826eee35ecb174f35f7585c8ae0320f7f4f6b80f3bb5b3edae2383760f2f35637f03c3a0e38e0875c

C:\Users\Admin\Desktop\New folder\System.AppContext.dll

MD5 8cc4c7dfeb41b6c227488ce52d1a8e74
SHA1 93702135db0646b893babe030bd8dc15549ff0c2
SHA256 9dc115ac4aadd6a94d87c7a8a3f61803cc25a3d73501d7534867df6b0d8a0d39
SHA512 e4da7e3ae5ca31e566ea0475e83d69d998253fb6d689970703a5ad354a2aad1bb78d49a2c038f0a3c84a188d091696191b04e4a39253deb3b6cb310b72f02f97

C:\Users\Admin\Desktop\New folder\Stub\Client.pdb

MD5 008329249cc3e88aa1d6b89f409ccd13
SHA1 ab8a5d055e9aef140a19534c718f9b9ab2c379b9
SHA256 d5247c86c7402df8e64573e385ad7353f141dab59abc731fff3fe6a98a63e6b0
SHA512 36fbcc915dbcf19f0067e1089741abbb1910786fd0601cc8662b0b5fe985accf55f89d226004e15570949895363eba65f0d9a04bfa31764da36c5648e58b5c35

C:\Users\Admin\Desktop\New folder\Stub\Client.exe

MD5 6158c0682f86511060619bba0fe864be
SHA1 63a1738c87ba9449b1d572ee470da2b242742643
SHA256 5bf4fc2c4d3115229d60511cad1af48019a4c291ad6144e73393e88e319f80a5
SHA512 baef40b589d8717f419185ad0885173f790394827d72d78520890ae737c7ee1cebe3af062340847cfe705c223669562e7116f48ab11d59654653a0b269026bd1

C:\Users\Admin\Desktop\New folder\ServerCertificate.p12

MD5 9eb35831c5fc4c2faa95c0490da1fd97
SHA1 e9bd2d635feb0ed64b64d20b3443e479cd1778bc
SHA256 676b682456910aec732f9061663309d79b1bd84a8956492881fb45d757a8427f
SHA512 4ce36d18b4c06c7af205413dd155741dfa5de7a5a0058283b54fc5fd09d89323a93d21d0205a252d3f0fe70f30dec8a9133b519c113b2f975c73c0d20a144ab3

C:\Users\Admin\Desktop\New folder\readme.txt

MD5 4dc812ec4ed8b9f6b117eebf783d78cc
SHA1 4f17b61b3693b3469e61781af895e7e437a6e5ad
SHA256 8746b7b6305d3fd5d986fab51e9db647319b5673bb96b7d8082e416ab2508b03
SHA512 92c9215d387f0c29147d69d47f4a07ac1f093504eb14e63160838001d179e164c51efe1459a269a396263edf6bc1c4faea206671591ee728b907506f034c7d15

C:\Users\Admin\Desktop\New folder\protobuf-net.dll

MD5 4a4756e227c10623d81228bc4bc49c1d
SHA1 964014f538918d85f6eb6a7b4023b304067b28f7
SHA256 042b8c1c1e0eb7648b164ee48c95168c48324f1fb439cabd5f2e41db0938d807
SHA512 93d2c6f47c618dc9493f5a538cbfb5a32c1e3bb35a623b51561057245f2fa557c452ee18ae274182c3e0440b77353c5490d196f16eda142b6129e8d1108e5a04

C:\Users\Admin\Desktop\New folder\Plugins\SendMemory.dll

MD5 dd61babbbe5c58e8c7c87a1795ff63a6
SHA1 f6d2931d2c11a57cc12c2f8bd059e6b4cbba44b9
SHA256 14be9c3ff0aaccd55a2fc7b17fe63009ae3a746c28623efd8a7e66150f715a32
SHA512 724be458c812a8b3f0911418f273622f8a1a2aee7fc8ea52e072fd5be673293b867b551a3b79008729bcd83098619d69cb57468d61af415054f1e97bf43737fd

C:\Users\Admin\Desktop\New folder\Plugins\SendFile.dll

MD5 38b26e87939cb40613f0aa2fce3372af
SHA1 e455e64391ca14d08f1b85b9747c38c661be3b54
SHA256 072d48161b09b35ea7f698a4dd7708005e2c39ce96fde8dd140da5d3ff900c54
SHA512 7d357ff9a1a3024a79ae1408249eb9941af1a50f21cc81f500404d811bce9f82adf0eabb953896d132dda97a3b3afea409fff39135f8a60c034204b28121e6c1

C:\Users\Admin\Desktop\New folder\Plugins\ReverseProxy.dll

MD5 f83d9cf1d492d2c87e25c4584b0e2691
SHA1 531d83bf531368142fdaf370c30f146ec6bd951e
SHA256 5d360a46eca2f0721cb7b7080fabc41595d9acf25aa787ce76f8dd091a6d8049
SHA512 110c500c23d53abf76eda9addc232479aa6a6d37251a06572144a53ad871ed9a87b9e02d9df9b75654487a72fa0e51be94a2540639a7e176dda572fdfec23b3d

C:\Users\Admin\Desktop\New folder\Plugins\RemoteCamera.dll

MD5 59361cf454809302313c7a4c2403ba0d
SHA1 37b02bb2c79452e105ef27dba2bde7bbce82cf94
SHA256 4cbce783aff5305afd5e15e60f077ac5dd2b9d40effacf1089d766c02e7fa112
SHA512 4101a25ce5b6951d035f48560560e552f7b252911bd62503867e0ca4f9cd870b48f2400e1cc3a7126eb9d4cf85fe7d6d765cb2afb695de8ccca610f0dfac9320

C:\Users\Admin\Desktop\New folder\Plugins\Regedit.dll

MD5 f5f2798e0ea216d11aedb8257b7cdfe8
SHA1 d8974a91f8c37a6096aba1c58f891533590a0718
SHA256 0e9445775af2f2377469ccf463ffae76290f74ad6bfa324cbb0b156d971bc32b
SHA512 d8148ada3a46e37f78ff40d23565cd020eaf65b9e62ddaf0be0ee1397966601f3452cdd8a6b655c52998919aaefce78fed804a3561322befcbb127e1bcc44e4b

C:\Users\Admin\Desktop\New folder\Plugins\ProcessManager.dll

MD5 97a477186db32bb9020166069dbc25bc
SHA1 bb1eea629845e6adfcc8620eb80027c8ad145942
SHA256 e7d1a49c2c1ebce3b465f5a97d1771bd7681a263b676b0311a3ad9e58b87e1f9
SHA512 1e17734ff635b555888e686c5fa6bd8e86568bf45885c407bf2afbb96c95864781cd2274f99322df0d3683b5df504148f941dcc689e50d6b829db5a4f01e021e

C:\Users\Admin\Desktop\New folder\Plugins\Options.dll

MD5 0fd19be97a94b00e440d14b06449cf92
SHA1 c0ce1911fe5ddd5d9b9446b16df6c51a555e5415
SHA256 0460389a3845a271ba5d65b30b66c57458f2373d75aad94e92416d772d06df5d
SHA512 1049d90236b43a617ee3ede56ed175a39d1bf090ad1469f9edf71d91fdd7267b1aacdd3303a1ead11785aed2bc31dbb9fb1b2f15461cc793c7ab7c8b8f31e9f5

C:\Users\Admin\Desktop\New folder\Plugins\Netstat.dll

MD5 f0da85bd2bda4f27567910b80481b920
SHA1 4363e72fdd4de82b36ba248c899c3bcbb02399be
SHA256 479371c859f9e18a38b0832cc49b817cbec3970d1820badd5e274a7809afdeea
SHA512 237020ab90c043b34053eb551c4e2bc8bab1243e545e747e433dbec409caff289c424cc60a3068eeed0a101d3b5181d74bee6f7155b35439193b9ba018396f90

C:\Users\Admin\Desktop\New folder\Plugins\Miscellaneous.dll

MD5 8ed27058380bfe4ed4b7a761209ad623
SHA1 4787a6d8d7a55f214d953a37718f942155e800ba
SHA256 588ed6232c93d2e18a40051b02b6e0b0c2ce252b897667d5c6134166206c7396
SHA512 c31450e4f33eaee44e59711129ca4c1207724bcbf2f79c39e077589fee0151f123aed8d95ed2ff9519b0faf2fd1befd4ec1aa9f5698c501351124be7711822e1

C:\Users\Admin\Desktop\New folder\Plugins\MessagePackLib.dll

MD5 aff009b639ba8794200e91f7ea8915d9
SHA1 772ad6e739b1c85e09a3c2e0dc50797a8352ee71
SHA256 007a50a1275964e14abecc461549ae495147417d601c5900f3105330bb2e4a4f
SHA512 2f68cf7805c8360d343c97ffd734c7f277e5949b7ca74e2a5a39c821eadc32415bf1c737b9d424003b5040260c9fdf6ae4eeba14378a2f9f8ddcdd23aa42bfc6

C:\Users\Admin\Desktop\New folder\Plugins\Logger.dll

MD5 3717491f7b1a90aaa5f271ab14147a9b
SHA1 bced873bf58c79d2787d8ea501e7888b260d36f6
SHA256 f744c46e4c678d65d9682a0f42dc2b82277ea2d879eeb3d708fb70af2af40a94
SHA512 c45dae23e4fe7524aba823a834b6882572d4de10034291b81236fe6a44457e4d8fbc935b1d673b6b83260925f76ba1a0ae156eca4626b795f10b1a1e4f327a31

C:\Users\Admin\Desktop\New folder\Plugins\Keylogger.exe

MD5 4f846f2117c4eab285289b0090521b1e
SHA1 e25287c39bad32159417c5f0bf798625b6beff45
SHA256 a17a5bf35d8b784c3111632ba7e0c30a2c1a9c2c95b549235affc16d6d055477
SHA512 fd946b5f7c3c7d32f226897283de7ba3b4a4ecc2919c363877f1258cd24ed1a52bce53af2fe4ef34c4ac30d00fc456fd4e1593b79c37f7c22211f2c4f6092e5e

C:\Users\Admin\Desktop\New folder\Plugins\Information.dll

MD5 a7670d3509baa51af6566b93b185b854
SHA1 2b322b936eea3dd5414efe589acab3cb49dfe9b2
SHA256 9fbfd1036e579edc9498625e86c45743e4ad8ecf5960f4a87a9402ba1236448f
SHA512 34999ca9b71de6ed4a3cc99177ee472bf90af9282a095d2cf6b05f17e896f518b46382aee021b540f5422c0997680023206b1281013c468a72116cb646a89882

C:\Users\Admin\Desktop\New folder\Plugins\Fun.dll

MD5 e07004ec43ed994b9a11999145f5a43a
SHA1 00cba09ae5a38dcfdbac1a8cff9cd1fff2c0b3e7
SHA256 2b25c33a033bdc85ea4db8c3ea89bbfc7d1a1dd80d21a1835bba5672759efdd9
SHA512 39948577cf0185ffbda3c2757c7fa746e41a169ca7fa0a3718cc564fbbec439b047bc540fbd5ac59908965424ef11f6564d9795b101bfc58656247e76b0c88f5

C:\Users\Admin\Desktop\New folder\Plugins\FileSearcher.dll

MD5 a186a27b6e893b60bf236120a6a329a7
SHA1 9186d71d524f2716c7ad3e934e134aa68366006e
SHA256 a91d0552200064646768b1fcd393568ca6144279ef0543aee6a74c4d11c34f49
SHA512 f5acc60bdcf71eea700af6c6372e68d58cac1008a6fc2850dcde1c59310cb84527725740f646be4a146adde6f0878781101670ce922c3566b34262da857aa847

C:\Users\Admin\Desktop\New folder\Plugins\FileManager.dll

MD5 dab76ee6ff2548a9bd45c0e582f4d90a
SHA1 70b0e615c1728aa8198dd4be4899fd883bffa1d9
SHA256 50f93055604c7418fa0e5536afd0b4d535db752b5e7edf588cbc14c1570613a1
SHA512 431f38a2b08c5d9f9914a05eca7a32084b3b33d473cedb91904776417c49d8599ec81c905a857a118e8d6b39a200accd14b1c21a35b1faea760084fd75967501

C:\Users\Admin\Desktop\New folder\Plugins\Extra.dll

MD5 17db58471bf45715ba46b5af7920d676
SHA1 0ab236a6d554597dac8fc40fc3e1a29f905c0275
SHA256 dae673b838de497c1aa8a558d4dd5963d90e8b21538cb0d9adce585ef6fbc915
SHA512 29432c0d19be6ae8c8ab68ab1a7c4007d502222b329f9a0bfb994427f182028aeeacc199dd27334cdc0adabbdee7a07a3d24826ed67b05711c2370a4b7395265

C:\Users\Admin\Desktop\New folder\Plugins\Discord.dll

MD5 b591cff18fd7344243cf8a4eca624a65
SHA1 29f9134bb33d429d27b87e6f2112b6753e1dcae4
SHA256 6a43095314d5e32db307eef638d2f5afea7dd40ff6acda24fc28ce0c1632cb6a
SHA512 ae1aa8db37182a4b8ee06249da6304c1c105adf06b2091cf24b3e79ad1d6d1a6eaab12bf059cd86deb04b7084d563a25d5bbef6ddf7857c1a34fc0e0032664fc

C:\Users\Admin\Desktop\New folder\Plugins\Chat.dll

MD5 8fc1192cf52f55ed5efb5e12210a37bf
SHA1 dbcf714d0d9b0fe44bdfe2ee150227c2a0e7c387
SHA256 dfa246c2763bf5df442a81128b3587f7bf530e4327f631cdd4dd79106738cf31
SHA512 74603de6069cc6bf02afa5cfc3ba1493240bcb7c74fcbd53219448134b79fb5ebefc1dec61ac4c6a04c56dc6d986887a4a68d87ae1dc07ba6d1d8b8afc9d480c

C:\Users\Admin\Desktop\New folder\Plugins\Audio.dll

MD5 025864d133e416f144030cf22ea9f2c3
SHA1 6be2cb2454335f0de00799000f65c5cee796c185
SHA256 1323a7212239513270077e07cb436af721acedb0c21c99b06c163a230baaa50a
SHA512 ccda6ef9847f89e53adaa637c7f762be22506b8b6bd2a5538b6622c33f3244f9c491e39e7df7512b5edced3d0395e4541b182f7da6a254b8891b9d64d71538b2

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\Vestris.ResourceLib.2.2.0-beta0004.nupkg

MD5 849b21794509f4f0f1e0871e9b414bb1
SHA1 f6314c42531dfe4a4564d98a67524b2deeca03c7
SHA256 7296ba826122f5130cbe9f9adf364175a900c34b7803eca7ea4dfee2b0c74ea8
SHA512 065cbf826a3e98bdfc31a1a3e0f5677ab806ecc17167936dafc53105014972d27956770eabbb9703c867ac7cd4261e8cccb73af634836a84aa64656d4c60c721

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\netstandard2.0\Vestris.ResourceLib.xml

MD5 5d2dee455b4003b6624b6dd890edb279
SHA1 4cdb025c8c5935bfc49871fca80fc4a346acd579
SHA256 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
SHA512 90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\netstandard2.0\Vestris.ResourceLib.dll

MD5 61ddea15b7ac8c8f92893ef321867d27
SHA1 ea6835a6616f8a3dc07f82eb70111520a7b78c8e
SHA256 372103129856911388bfea0dc0d6934b645223e3e3e4e8280228abda9382030e
SHA512 1ee0196a52e50339b9d0fc68036a58f826b2be1095360ef299d2be5bb9a9a56c46f163094c912115f6c80b200caf6bcef74ce6ad45fbb74fb8f80d33d6ac3eb5

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net40\Vestris.ResourceLib.xml

MD5 5d2dee455b4003b6624b6dd890edb279
SHA1 4cdb025c8c5935bfc49871fca80fc4a346acd579
SHA256 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
SHA512 90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net40\Vestris.ResourceLib.dll

MD5 1d4ac765c46e8474583b3bbeba088f74
SHA1 8f2db7e48158a88d9fa49b888a4b20f93c8b2e0c
SHA256 3b3c0be681d7603cc1c5e3c5f1d8614a582dd82b2465f7f42d79c5ae57f7f642
SHA512 cbdca62b58f8855c92edbda5d926787157c16cf46ab5f8d5cad23176fc1157f19531347c4426de5a7e12198eba440ee69d06e46dea1efc6f1e5fab9b4764a5c7

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net35\Vestris.ResourceLib.xml

MD5 5d2dee455b4003b6624b6dd890edb279
SHA1 4cdb025c8c5935bfc49871fca80fc4a346acd579
SHA256 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
SHA512 90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net35\Vestris.ResourceLib.dll

MD5 4aa661efcbae2aea7050adbeec022d46
SHA1 3f1862f14ba7eb63fe3e24a78dc83a51fc676c7b
SHA256 21e08e7cf51fbe7952f8cf88b924947fd12b01b1ce3405ce2bf6914479f72fc9
SHA512 dda55ffe2345d3222a2bfdef7ad2f904fcabf3d76aefafb9998ba540bc347491ab9d8b7ee55cc94982544f3a7508952809ad7a159fb0cf62697dffe4edfebe11

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net20\Vestris.ResourceLib.xml

MD5 5d2dee455b4003b6624b6dd890edb279
SHA1 4cdb025c8c5935bfc49871fca80fc4a346acd579
SHA256 02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6
SHA512 90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net20\Vestris.ResourceLib.dll

MD5 2e565b9ecc88100e5815d3fec51311a1
SHA1 41db669f884a03217eea2d6082912d61f1fc2d23
SHA256 6861251df743827aad59af9dbc68b4f43b191c2a0857d222d28a82a9e3aa944a
SHA512 c61b90da4427b5b6005f1b1a7355c6972adfa0ba3818bffeebcdf54f0db13308dcf428455de212b77b22a19b6f41837522a2e316f28daffd71b38276c956c926

C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\.signature.p7s

MD5 008690efa5dcb142f17bf7f97461df25
SHA1 4b56b9178fc8ec56d9f60ee950edbe5379d99c0c
SHA256 96070f8dc2b0ff9bf0d4ae6b78fba4576ca91eb463ec82587bf2a7d933607104
SHA512 24174c7689ea03dac11c60a5983c2e2de29a9adb91a1bd0c661252989a604e88215bff647cb0ef8add15901917b2d084a6bfd34a3801fb3d89729e4a457c0390

C:\Users\Admin\Desktop\New folder\Newtonsoft.Json.dll

MD5 5e02ddaf3b02e43e532fc6a52b04d14b
SHA1 67f0bd5cfa3824860626b6b3fff37dc89e305cec
SHA256 78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb
SHA512 38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c

C:\Users\Admin\Desktop\New folder\netstandard.dll

MD5 0adf6f32f4d14f9b0be9aa94f7efb279
SHA1 68e1af02cddd57b5581708984c2b4a35074982a3
SHA256 8be4a2270f8b2bea40f33f79869fdcca34e07bb764e63b81ded49d90d2b720dd
SHA512 f81ac2895048333ac50e550d2b03e90003865f18058ce4a1dfba9455a5bda2485a2d31b0fdc77f6cbdfb1bb2e32d9f8ab81b3201d96d56e060e4a440719502d6

C:\Users\Admin\Desktop\New folder\Microsoft.Win32.Primitives.dll

MD5 76b8d417c2f6416fa81eacc45977cea2
SHA1 7b249c6390dfc90ef33f9a697174e363080091ef
SHA256 5eaa2e82a26b0b302280d08f54dc9da25165dd0e286be52440a271285d63f695
SHA512 3b510cdc45c94be383c91687c2cb01a501ba34e3fbb66346214fc576d6f0e63c77d1d09c6419fc907f5b083387a7046c0670377ad2e00c3ec2e731275739f9c7

C:\Users\Admin\Desktop\New folder\learn all kind of hacking.url

MD5 7ade4a739cbd8f44d0ef52a2f1bc6e7b
SHA1 20753d483e1a84cb248ba2c0fb72d44137d7d73f
SHA256 cc7649ed53c65e4851ace414529564fe16801bb2bed4cb15588bfd6b4ac13616
SHA512 5850c3d064c9d616854a47b4bd398b76494f1fbe9b356ec5e15879f97dc67970168196ec6b177fa71d15d25d25757a29319cbf9697f3a80461aa62b431d53851

C:\Users\Admin\Desktop\New folder\IconExtractor.dll

MD5 7bcf61e29e5cbcd1b81d9ab72cbfed93
SHA1 d082613177dd1711c18426d4f83921dd932bc7b1
SHA256 2c359ce857982f45b09af49dbccfb2ae302839acf1956e8325e7f854b339a8c9
SHA512 ce84af38dc63374d304d4e3b6c098892588df5ca5e921505c410b2a24ec0137dbc3120bc713cc0e4bf7836c57b7db224dd3264ea454cbfdb1ef78c9ffb19b6d9

C:\Users\Admin\Desktop\New folder\Client.pdb

MD5 008329249cc3e88aa1d6b89f409ccd13
SHA1 ab8a5d055e9aef140a19534c718f9b9ab2c379b9
SHA256 d5247c86c7402df8e64573e385ad7353f141dab59abc731fff3fe6a98a63e6b0
SHA512 36fbcc915dbcf19f0067e1089741abbb1910786fd0601cc8662b0b5fe985accf55f89d226004e15570949895363eba65f0d9a04bfa31764da36c5648e58b5c35

C:\Users\Admin\Desktop\New folder\client.bin

MD5 f4fdcb900e7af47100ac9e46945fbd55
SHA1 c1d235a9a2cae8d5a8d4f6ceb4eab9417e1b1fb2
SHA256 9160b90fa4a6a9cf22f943dba92cec64e2dc03c2317b5d9ab50a753fc410ce43
SHA512 236eef98d4695a5e1224a87a1dc598639e5c49f6dd192a96cc1b9f8305faa57078deb62d73906a33ba1c1fac4fa5ccc5f344a0f196dbba718b76a36667984ac2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

MD5 94801ad1bfdbfe0fa32bd1e5865891b0
SHA1 9b98ebc84af8b9ee446551b72c2d1e92d086abac
SHA256 fa1452029d88dc29f5cfedbcaedd07b8014969989a84dbc98b5868b9419d7e19
SHA512 6a244d755bc92cf5b1029aa61aab1317f7fd5af064bdaa7799a065c06f123ff626b0d20f5558d0aaeebc5c88993a18826bd92d9ddaf922101531426145058e38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

MD5 108b97b1ff7efbdb1aecce96d55ff2e5
SHA1 bb72b2e0c3d859fe5e821632307a32df331b55e1
SHA256 c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e
SHA512 e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 430aa26ee026037a799900b2ec93ea1d
SHA1 d384b07dd5e2479ac20b8d9231dbc7cb9094941e
SHA256 952d73a0a827a5ff3b9daa9df93224bac6d817f67e1a2e31821398aa8543517c
SHA512 596163559efd43f3beea5c474ae83c7b29fcba88121bab1bbbe2e709538b8bcd1568c60a1778ebd6ed0fb984d523785e561556f7e546339a91cc00717e8dd414

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 77c4bc7bca34b5f41a1104fb248095d2
SHA1 6dbb4b78e8d7fc1f67c15e4a60dda6dbc5956158
SHA256 4411118d25715c499d873406a583182f933282fc1a43366ec6ffbec093a39a75
SHA512 337f385bab812f7d2990484052db5504feece7a1cf370f86c1e25ab7c1c2131ea4656a227afdb267eb6f0bc915f3728b054b3f52edcb3ecd6a5e4604c2b17185

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 8d1070f440b012c1f09e1a89e727d0e0
SHA1 bf8b73cf5c87bf92f158438ff39168fcca9ac98f
SHA256 d8c5c6bb7866aef811393cb866c4c6ed2144591dcea7f3d733320686b4ad291e
SHA512 baafd98dc33b368c0213b7b158f7c81076c77304d5c892d6fe3ef2e1526eb9a77fbf9746f15b1d90cd5ba1937a1072859719fb0abc29b31f2a4b738ab1edb30d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a66d7f9ec10f047eacb6d21dc87b7e52
SHA1 cdc4f11b7d241990abd7539e3f334453a81f64ca
SHA256 ae18f964a57df948787db8873bd88381e79b19be5d45669ae483f39f85ff1a3c
SHA512 d3bd5ce9059b7b3beb1ec7692c0512fb69ce679deedbcd952872aed811e652a735b5d1b46f1f996910ca640e3bff3cfdf7105319e74f64f18c589a7a5e241776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 06e1aa4905a9d8996b4d03fc35f771d8
SHA1 3531bda3e4d9e3b77a84efced6b6f9ae169353c5
SHA256 85ee7b89759ac82d8f459705faa06d779fcb789c458021f3a7dbbde0e06c6429
SHA512 f3ada894ed2234154946249c6c0d67999db9e6d67f56f34b78b529a1d18b6a96071fec5983be95cf49bb90e4528d7fdfda53c150813e9772a46fa5fe2e5bd336

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 52253377441ba836e1a2daba00c21e8f
SHA1 497969a0c9bd86b8c62093f321eeb35783a97507
SHA256 728c2528170d716ae63c69439fc079b03608e1462b3df53f8a30a4bfd6588079
SHA512 b5b4a62d6ec58a4d79e1da52b2ab0b12ad12e15d0529d73277e0765a76e94da98f66e313725e00de01088a867eb26747529bbe1dc39592ad9ba493c0160ff8a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\A4BC0C99327D7691FF360F07D11373B5791EB30C

MD5 f64dcbfeff9259976319a237e493f6f3
SHA1 01a342aa246e44d84a67c4ff18e0135f4f99559f
SHA256 033ed8bdfdf421485235f1ae6c6c19148ac750d8ca3a240d1d42faeccaba453a
SHA512 ca3652d3faaf800f64c52c67324ddaa2aebb527c200e96618d9ff3c7f269d41e96bac356fc45fb000e3ab890f4a7aa32d07374ed2f97420788b9e7210bb19e08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

MD5 ee2441b8c67cf64fd6ceda1778fc5fb7
SHA1 67a9e1d9c02b9b6f9490a735b3f5eff5bf142c3b
SHA256 d05189df83978641c909bfcdd54725b391c5bae36c374873612a0f35cf88a1a0
SHA512 8d9ac88f04b393543d26a69816061228fc7445e53a4a093787eb0be598c824f4ce9ebe965abbfedcf150c879893b3b832f680236d56124dd7dc12a114dfa5d02

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 34f6f37b2aca7c499fa752cf66f3ce00
SHA1 58270c9eb2b04801b62c2f0ee14ea104a2a5b962
SHA256 28b1d71ec5b5715f883e2a01e427fe2c5448e657f1ebf985012db63e79a3f033
SHA512 69314381dbf49baaced892c749d2283b027cd63f7169248d3a46ffbaed630f66938be53c94c66cb39f88eadf96a346e5b99c25ceaf34eeb555486a1b514628ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\recipe_attachment.json

MD5 be3d0f91b7957bbbf8a20859fd32d417
SHA1 fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10
SHA256 fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7
SHA512 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\addonStartup.json.lz4

MD5 f250c684a241935c2794c30ae164ae52
SHA1 ea384bb1ba6744718b3bb8180800365d19887692
SHA256 ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7
SHA512 e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\xulstore.json

MD5 6d87256a2b21b9603b7d731eb033b9e0
SHA1 8e2603f254af21d5dcf310fdb5a688e9097aefd9
SHA256 5b3e57bf27b98cae50a753101df9a00a1f6d96886c1a92c4106a6f7eaf6d09a2
SHA512 67bfabf0b5d3fc75b5223a5da836e6909b2af8d98172120fc5efc0b0f6ece72b6cafbdd97ac170bc5357d85a39b15fda7e2df861981d193f84cfca82f360e156

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\targeting.snapshot.json

MD5 2310500d0ccde9e9dc310675c2c72a2c
SHA1 83fa713b261431025f83a2517bea7c2b9f068ffc
SHA256 060318d60e2deea6781251a9bfc3912e4832cef434e1c0233a4933c4be342431
SHA512 f1abf06d269f3ece1942850f1dcc4f6d7720dc75655566683fd1499908e9795deced4e92a0ab6ba0d013844701a0cd734d07f7f4241395154af5c3c0b457b15b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\search.json.mozlz4

MD5 033eb0645837c8b618a593f7b9a72642
SHA1 cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172
SHA256 3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582
SHA512 27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_games.json

MD5 4182a69a05463f9c388527a7db4201de
SHA1 5a0044aed787086c0b79ff0f51368d78c36f76bc
SHA256 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85
SHA512 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_sports.json

MD5 ce4e75385300f9c03fdd52420e0f822f
SHA1 85c34648c253e4c88161d09dd1e25439b763628c
SHA256 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14
SHA512 d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

MD5 6ccd943214682ac8c4ec08b7ec6dbcbd
SHA1 18417647f7c76581d79b537a70bf64f614f60fa2
SHA256 ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b
SHA512 e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_science.json

MD5 7a8fd079bb1aeb4710a285ec909c62b9
SHA1 8429335e5866c7c21d752a11f57f76399e5634b6
SHA256 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32
SHA512 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

MD5 2d69892acde24ad6383082243efa3d37
SHA1 d8edc1c15739e34232012bb255872991edb72bc7
SHA256 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a
SHA512 da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_real_estate.json

MD5 9899942e9cd28bcb9bf5074800eae2d0
SHA1 15e5071e5ed58001011652befc224aed06ee068f
SHA256 efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a
SHA512 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_shopping.json

MD5 97d4a0fd003e123df601b5fd205e97f8
SHA1 a802a515d04442b6bde60614e3d515d2983d4c00
SHA256 bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6
SHA512 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

MD5 b1bd26cf5575ebb7ca511a05ea13fbd2
SHA1 e83d7f64b2884ea73357b4a15d25902517e51da8
SHA256 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0
SHA512 edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

MD5 39b73a66581c5a481a64f4dedf5b4f5c
SHA1 90e4a0883bb3f050dba2fee218450390d46f35e2
SHA256 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17
SHA512 cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

MD5 36689de6804ca5af92224681ee9ea137
SHA1 729d590068e9c891939fc17921930630cd4938dd
SHA256 e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52
SHA512 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

MD5 5b26aca80818dd92509f6a9013c4c662
SHA1 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f
SHA256 dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671
SHA512 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_online_communities.json

MD5 37a74ab20e8447abd6ca918b6b39bb04
SHA1 b50986e6bb542f5eca8b805328be51eaa77e6c39
SHA256 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f
SHA512 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

MD5 df96946198f092c029fd6880e5e6c6ec
SHA1 9aee90b66b8f9656063f9476ff7b87d2d267dcda
SHA256 df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996
SHA512 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

MD5 0ed0473b23b5a9e7d1116e8d4d5ca567
SHA1 4eb5e948ac28453c4b90607e223f9e7d901301c4
SHA256 eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b
SHA512 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_finance.json

MD5 e95c2d2fc654b87e77b0a8a37aaa7fcf
SHA1 b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc
SHA256 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e
SHA512 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

MD5 6c651609d367b10d1b25ef4c5f2b3318
SHA1 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4
SHA256 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9
SHA512 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

MD5 80c49b0f2d195f702e5707ba632ae188
SHA1 e65161da245318d1f6fdc001e8b97b4fd0bc50e7
SHA256 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63
SHA512 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_health.json

MD5 11711337d2acc6c6a10e2fb79ac90187
SHA1 5583047c473c8045324519a4a432d06643de055d
SHA256 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565
SHA512 c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

MD5 a92a0fffc831e6c20431b070a7d16d5a
SHA1 da5bbe65f10e5385cbe09db3630ae636413b4e39
SHA256 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c
SHA512 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

MD5 70ba02dedd216430894d29940fc627c2
SHA1 f0c9aa816c6b0e171525a984fd844d3a8cabd505
SHA256 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34
SHA512 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_reference.json

MD5 567eaa19be0963b28b000826e8dd6c77
SHA1 7e4524c36113bbbafee34e38367b919964649583
SHA256 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49
SHA512 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

MD5 250acc54f92176775d6bdd8412432d9f
SHA1 a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65
SHA256 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54
SHA512 a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

MD5 c82700fcfcd9b5117176362d25f3e6f6
SHA1 a7ad40b40c7e8e5e11878f4702952a4014c5d22a
SHA256 c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780
SHA512 d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

MD5 bb45971231bd3501aba1cd07715e4c95
SHA1 ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a
SHA256 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d
SHA512 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_travel.json

MD5 48139e5ba1c595568f59fe880d6e4e83
SHA1 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78
SHA256 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa
SHA512 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 abf266365d895d0023e3306543558381
SHA1 058497892ab3830839a3421bf81a0958dc46c607
SHA256 9064c61980af55f16eccf0f3a7cb300d508300d0cd67e915d4d5908a7520fe9e
SHA512 7ea95674da3daa004c41eed1acac3f1f1248da3b9baa01e03dccc93dafdd22ede4f30c88c57874420c541e6dcd0343a26fccce1396e60815701c27db94454717

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 cabe33dc314138a366421bcfa589501b
SHA1 0fc8b72d0e0e738356ba669c525396483479f8a8
SHA256 845eb29ffb79e2321623a5dc32464196d20b11cb02a73fe52f950561507399c4
SHA512 94cc5b8843ab7d94bf0a9486aa0caf7101fede9a041c0a0298e8c5ac5b54f6a58dd6b851e22b0650674e21fd76c440c574cd529553bbe63768cec69ecbc10a31

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\bookmarkbackups\bookmarks-2023-04-05_11_gT8FByf4O6cZhcYxBQ66OA==.jsonlz4

MD5 d6fe6e70c2ccbcd9059cc0ba120e1841
SHA1 b3be381101a909653bb0cc7e51a6f1ff226018df
SHA256 c6db73fff9733c50f6eebf366f66ed72b9edac2567950b8aca7dc01353aec2bf
SHA512 6a93da2fa42ccd02f812181c043a04c3f5c13fcbed24c5b1b688aea3030f17d766700fa09267a468081b02faa05a6746667314dba57f95849242ed44f9cd4693

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 7b8512147b6c5cba156434e0e872f2f6
SHA1 c744c0fc503ea90ea6c33ec2760a4cead22e49b5
SHA256 3b63d52d7eb231503cb07f66dabf5191b107087c0cad66c514effeb49189a541
SHA512 f1714586ea0b5e85e5ad7cded0e7257757d73b8a3b3640f7b9d91ba61d1ce9734dbef55a9b037dfcdf1c36f0ee37f5c82a0586cfeacb6fcbf96c68222e8997cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 0af7ad31e845e2ea68d5b657837dff90
SHA1 3d0a333fbd8e3101e702d5f5cf0dc7d8886c0c9f
SHA256 6d436a2fd0c1c7e897a93c1580cd4765e425cd10815e00d04fff3914f06a4fe4
SHA512 8f553db9ce75b96b215e34b05be6320adacc90dd632d857d9f8ba8ec7aca48c785a6b92212d0fae54edc25611f4bb623c803569f358dcf736f9fdcc75defd9e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 a10639b7fdaf45a56e2ea09b7e500762
SHA1 c83dfd728b3e4c76273a80ef4ff171b386d9813b
SHA256 b89f690aada2d40fddddbdb42a955e572c6ae80489cae4d739b07fca9599781c
SHA512 758634bdafb6bed25e8e7190be43ddf72b18111129e7a15d2a7f6d3ec19179ef36b3b62fa1c2b312c83e226313c2979f8e84b433d38ddfd2d2f011e2d8a25b98

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 da13e92c507acab150280eb182538ccf
SHA1 15e7920737b0da82f21505e8ac45dbf7235020cd
SHA256 9843ba953de40ef1a9dd26eb5c4cfa76d6e1456c474993a036d0d060ebb1006c
SHA512 0326aa1d29bb659e20ee88603cd9b24f83de5f2ad9381e1e2416be97b9df1915ec6c2d6ffbbc5d04fb10220fa0e81c2929f806701e23ca6249a6bc9e1a23cc92