Malware Analysis Report

2025-06-15 21:26

Sample ID 230425-z19khach88
Target Mercurial.Grabber.v1.03.rar
SHA256 3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6
Tags
discovery evasion persistence spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6

Threat Level: Likely malicious

The file Mercurial.Grabber.v1.03.rar was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence spyware stealer

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Registers COM server for autorun

Maps connected drives based on registry

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Looks up external IP address via web service

Drops file in Program Files directory

Program crash

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of FindShellTrayWindow

NTFS ADS

Runs regedit.exe

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-25 21:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-25 21:12

Reported

2023-04-25 21:57

Platform

win10v2004-20230220-en

Max time kernel

2700s

Max time network

2646s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

Signatures

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\NebulaSetup.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\NebulaSetup.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\NebulaSetup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2201-x64.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip-api.com N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\NebulaSetup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2201-x64.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\NebulaSetup.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\NebulaSetup.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\NebulaSetup.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2201-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2201-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Mercurial.Grabber.v1.03.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2201-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\regedit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Mercurial.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Mercurial.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Mercurial.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\NebulaSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2201-x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2201-x64.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4604 wrote to memory of 4308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 4388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 4388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 3056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4308 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Mercurial.exe

"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.0.1067285243\46533827" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adf49d33-5608-45e8-a12f-c6083a6784ac} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 1908 270b44ecb58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.1.1635970855\1846211760" -parentBuildID 20221007134813 -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44a569be-87ba-427c-aaba-770aa54540c0} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 2308 270a7571958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.2.2007372565\1385662000" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9258ecf-3e07-4d63-8a24-6e2fbd8d1961} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 3000 270b81ea558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.3.1968551024\894320823" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00db634c-6c22-48a9-bdeb-02663239d2e3} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 3136 270a7561c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.4.791977873\1891623231" -childID 3 -isForBrowser -prefsHandle 4136 -prefMapHandle 3616 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daf36000-a420-4a0f-b6b6-faea8e52672c} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 4444 270ba437558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.6.2110377506\1873162085" -childID 5 -isForBrowser -prefsHandle 5080 -prefMapHandle 5012 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daa20dda-ab29-4e5c-8372-3ca9d81a411f} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5112 270badc5858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.5.1367238829\1366216730" -childID 4 -isForBrowser -prefsHandle 5056 -prefMapHandle 2716 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63e7cd34-8240-426a-80c3-13658a9c1b26} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 2708 270ba5dc458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.7.1695881245\841548441" -childID 6 -isForBrowser -prefsHandle 5476 -prefMapHandle 5420 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3610640e-dc94-437c-80ab-2f18699394a1} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5080 270badc7658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.8.1713316784\738864850" -childID 7 -isForBrowser -prefsHandle 5932 -prefMapHandle 5928 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c588030b-7b26-45c3-b241-a80576766b27} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5916 270bad9a858 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d4 0x390

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.9.1267424526\428943085" -childID 8 -isForBrowser -prefsHandle 5236 -prefMapHandle 6216 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06710dae-ffbc-4c84-a323-9f9ec0386b92} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5192 270bb61a458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4308.10.1043278984\1359836410" -childID 9 -isForBrowser -prefsHandle 5232 -prefMapHandle 2804 -prefsLen 27235 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bbfe105-6769-4e0e-bc86-7e13276f3e01} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" 5316 270a756c158 tab

C:\Users\Admin\Downloads\7z2201-x64.exe

"C:\Users\Admin\Downloads\7z2201-x64.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1484 -ip 1484

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 1080

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1484 -ip 1484

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 1512

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\7z2201-x64.exe

"C:\Users\Admin\Downloads\7z2201-x64.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.0.1545108982\2013496532" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1532 -prefsLen 20890 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {343a1f60-04c4-45f1-b21b-b00daa49500e} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 1788 1ca93a0b158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.1.1454757210\1807024495" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 20890 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aabbcb93-5b8a-4093-ad6e-a010a2f1167d} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 2144 1ca93ad6558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.2.1551184087\152012001" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 21437 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1904a298-4b89-462b-a4ec-eb2ab68b6d71} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 3160 1ca96fdd358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.3.2005630228\77233457" -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 26049 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f01feb-98a8-4411-b003-d9f8fcbd99bc} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 3916 1ca86e62858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.4.1150825155\632198426" -childID 3 -isForBrowser -prefsHandle 4088 -prefMapHandle 4100 -prefsLen 26829 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0855792c-b42b-4bd4-9df5-bf1bedc82e7f} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4196 1ca949ac158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.5.355759944\165522006" -childID 4 -isForBrowser -prefsHandle 4396 -prefMapHandle 4400 -prefsLen 26888 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {267554d1-a1c9-45cd-b6a9-ffa82a81dd2f} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4772 1ca86e6a558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.6.1854823011\1378828282" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 5308 -prefsLen 27144 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28a51158-dd1d-41f5-ab69-95ad2e35c279} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5304 1ca9a442f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.8.1914702940\1236571542" -childID 7 -isForBrowser -prefsHandle 4860 -prefMapHandle 4844 -prefsLen 27144 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d794bef1-9834-4ab9-99cd-8c30c63fb278} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5644 1ca9ac36258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.9.1914555920\361935991" -childID 8 -isForBrowser -prefsHandle 5336 -prefMapHandle 5308 -prefsLen 27144 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1855413-5531-4bfe-a563-c15359caa884} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5464 1ca9ac36e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.7.1692265269\467523511" -childID 6 -isForBrowser -prefsHandle 4880 -prefMapHandle 4800 -prefsLen 27144 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec9d3be9-1c63-4dd3-804b-2f5d0ca90c50} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5548 1ca9ac35c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.10.1548136377\1579400569" -childID 9 -isForBrowser -prefsHandle 4956 -prefMapHandle 4816 -prefsLen 27144 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2395409d-11df-4f25-a06b-d0fd95d10143} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5524 1ca9adedd58 tab

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11185:108:7zEvent17236

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.11.1542549539\1440897806" -childID 10 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27240 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb84a955-9341-4a48-85e7-c72195f5421d} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5260 1ca970f1d58 tab

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Mercurial.Grabber.v1.03.rar"

C:\Users\Admin\Downloads\Mercurial.exe

"C:\Users\Admin\Downloads\Mercurial.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3736 -ip 3736

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 1756

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3736 -ip 3736

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 2132

C:\Users\Admin\Downloads\Mercurial.exe

"C:\Users\Admin\Downloads\Mercurial.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\20s04nhp\20s04nhp.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3C88.tmp" "c:\Users\Admin\Downloads\CSC97403635513A46E68978E6F8664753E3.TMP"

C:\Users\Admin\Downloads\NebulaSetup.exe

"C:\Users\Admin\Downloads\NebulaSetup.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.12.561170560\764795255" -childID 11 -isForBrowser -prefsHandle 6572 -prefMapHandle 6616 -prefsLen 30717 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b384c49a-dbdf-4939-ab72-7cce07478a25} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6604 1caa15c3e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.13.1958588761\2104984706" -childID 12 -isForBrowser -prefsHandle 6560 -prefMapHandle 6584 -prefsLen 30717 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ad5f2d6-015b-437e-9ef4-95eaf3edfedd} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6768 1caa1568d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.14.1082175683\1171399823" -parentBuildID 20221007134813 -prefsHandle 4884 -prefMapHandle 6028 -prefsLen 30717 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8553f7f-4914-40e0-bb61-b44e6fc2a1ae} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6016 1ca86e60758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.15.351409943\1646551168" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5488 -prefMapHandle 5904 -prefsLen 30717 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f9e5554-286a-434b-a858-fbd61b38ba2e} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 7104 1ca99bd9658 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.16.1344038310\173725987" -childID 13 -isForBrowser -prefsHandle 5756 -prefMapHandle 5564 -prefsLen 30726 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92c45ddc-f4c3-4747-b04b-132f37e6ca13} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5460 1caa3663f58 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d4 0x390

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.19.687230543\2116389285" -childID 16 -isForBrowser -prefsHandle 4972 -prefMapHandle 4352 -prefsLen 30726 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f85d639-ec02-4c1b-8799-695d53806df8} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6992 1ca9b650258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.18.184165667\999166745" -childID 15 -isForBrowser -prefsHandle 6844 -prefMapHandle 6848 -prefsLen 30726 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07314c65-ac18-4124-8830-2a009eb47842} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6796 1ca9b64f058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.17.1759266387\619560750" -childID 14 -isForBrowser -prefsHandle 4196 -prefMapHandle 3468 -prefsLen 30726 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94c5da09-8716-43e2-9db3-fa1f2f0e18a3} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4352 1ca9b64f658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.20.1927176749\1547690191" -childID 17 -isForBrowser -prefsHandle 7288 -prefMapHandle 7284 -prefsLen 30726 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d48fe31-32a0-4c38-817e-4e787ecf434c} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 7296 1ca9ab84858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.21.888015138\1548464692" -childID 18 -isForBrowser -prefsHandle 4084 -prefMapHandle 4092 -prefsLen 30726 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f9e3cd3-220f-49bc-8586-d917c58a9500} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6728 1ca9ab84558 tab

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3416 -ip 3416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2336

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3416 -ip 3416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 2336

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.22.648868066\1778621122" -childID 19 -isForBrowser -prefsHandle 6468 -prefMapHandle 5732 -prefsLen 30735 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b14f1665-a2e7-4694-875b-9683cb89bb4d} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4092 1ca9faf8658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.23.1114831301\2066180843" -childID 20 -isForBrowser -prefsHandle 5680 -prefMapHandle 5704 -prefsLen 30735 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {744e461b-94e8-4634-acc5-305d12311746} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4840 1ca86e5e258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.25.711424391\616786658" -childID 22 -isForBrowser -prefsHandle 11132 -prefMapHandle 11128 -prefsLen 30735 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d9ef5c6-d7f8-4197-880f-ffd2119d3d25} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 11140 1ca9afc8a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.24.690083586\997846619" -childID 21 -isForBrowser -prefsHandle 11300 -prefMapHandle 10960 -prefsLen 30735 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4fec655-daeb-4603-a691-25c82a78e051} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 11292 1ca9afc8458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.27.2073240369\1424525571" -childID 24 -isForBrowser -prefsHandle 6848 -prefMapHandle 11260 -prefsLen 30744 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc07fb8a-a546-4e63-a883-0e5ff4482efa} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6520 1ca9ad0c758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.26.1805059215\332261945" -childID 23 -isForBrowser -prefsHandle 10820 -prefMapHandle 10876 -prefsLen 30744 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9166ee1-be16-48ca-ab75-9aea68c03c28} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10804 1ca9ad0c158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.28.758705368\1111750061" -childID 25 -isForBrowser -prefsHandle 10580 -prefMapHandle 6848 -prefsLen 30744 -prefMapSize 232711 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d173b874-22ef-49a8-a222-483508ca9424} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 10588 1ca9ad0e258 tab

C:\Users\Admin\Downloads\NebulaSetup.exe

"C:\Users\Admin\Downloads\NebulaSetup.exe"

C:\Users\Admin\Downloads\NebulaSetup.exe

"C:\Users\Admin\Downloads\NebulaSetup.exe"

C:\Windows\regedit.exe

"C:\Windows\regedit.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.0.1597097030\81777296" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20890 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97cb838d-1b8a-4a52-bec3-929502e32710} 540 "\\.\pipe\gecko-crash-server-pipe.540" 1780 1d3e4b0c358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.1.2031423387\454597685" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 20890 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd67e9d4-7d42-45ac-9927-9ea3dddbd2d3} 540 "\\.\pipe\gecko-crash-server-pipe.540" 2144 1d3e4449258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.2.1884182949\578567255" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3052 -prefsLen 21437 -prefMapSize 232711 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69fa91b4-f05f-4f29-bf02-70d9a57b2efe} 540 "\\.\pipe\gecko-crash-server-pipe.540" 3080 1d3e89d5958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.3.576959096\1055584170" -childID 2 -isForBrowser -prefsHandle 4060 -prefMapHandle 4056 -prefsLen 26829 -prefMapSize 232711 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8efb35a3-6d07-4ca6-9728-eedfa8a16059} 540 "\\.\pipe\gecko-crash-server-pipe.540" 4072 1d3eabbee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.4.1866798066\1400410290" -childID 3 -isForBrowser -prefsHandle 4692 -prefMapHandle 4676 -prefsLen 29265 -prefMapSize 232711 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abeffa21-8c2e-4fd1-b389-47b056168579} 540 "\\.\pipe\gecko-crash-server-pipe.540" 4764 1d3e8925858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.6.1477674165\1972652240" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 29265 -prefMapSize 232711 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e629193-7876-4ddf-bacb-a1e5f9893095} 540 "\\.\pipe\gecko-crash-server-pipe.540" 4748 1d3ecbad258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.5.937254705\1084849061" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4912 -prefsLen 29265 -prefMapSize 232711 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38b7e143-a750-4ee9-90d3-4a968b95a8ec} 540 "\\.\pipe\gecko-crash-server-pipe.540" 4904 1d3ecbacf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.7.337599476\300440531" -childID 6 -isForBrowser -prefsHandle 5520 -prefMapHandle 3196 -prefsLen 29519 -prefMapSize 232711 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c33278e4-425a-41cd-a551-1ce85977c8a2} 540 "\\.\pipe\gecko-crash-server-pipe.540" 5528 1d3ee8cd758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.8.2074432024\638886313" -parentBuildID 20221007134813 -prefsHandle 5732 -prefMapHandle 5728 -prefsLen 29519 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b180745a-f5d6-4924-91e4-2dc1eb28db55} 540 "\\.\pipe\gecko-crash-server-pipe.540" 5708 1d3ecd40b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.9.403860893\1227414691" -childID 7 -isForBrowser -prefsHandle 5884 -prefMapHandle 5908 -prefsLen 29519 -prefMapSize 232711 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {957f12da-e4c0-4136-9683-5c135753c1ec} 540 "\\.\pipe\gecko-crash-server-pipe.540" 5888 1d3e4e2e458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.10.1782540199\436513774" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6076 -prefMapHandle 6080 -prefsLen 29519 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc2eb006-9193-47b0-91c2-60948f49be2d} 540 "\\.\pipe\gecko-crash-server-pipe.540" 6108 1d3e4ecc058 utility

Network

Country Destination Domain Proto
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.242:443 assets.msn.com tcp
US 8.8.8.8:53 242.143.101.95.in-addr.arpa udp
N/A 127.0.0.1:49739 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.211.203.81:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 150.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 81.203.211.34.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
N/A 127.0.0.1:49745 tcp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.11:80 bit.ly tcp
US 67.199.248.11:80 bit.ly tcp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 na.static.mega.co.nz udp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
US 8.8.8.8:53 na.static.mega.co.nz udp
US 8.8.8.8:53 na.static.mega.co.nz udp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 210.16.208.162.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 12.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 gfs302n504.userstorage.mega.co.nz udp
CA 185.206.25.14:443 gfs302n504.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs302n504.userstorage.mega.co.nz udp
CA 185.206.25.14:443 gfs302n504.userstorage.mega.co.nz tcp
CA 185.206.25.14:443 gfs302n504.userstorage.mega.co.nz tcp
CA 185.206.25.14:443 gfs302n504.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs302n504.userstorage.mega.co.nz udp
US 8.8.8.8:53 14.25.206.185.in-addr.arpa udp
CA 185.206.25.14:443 gfs302n504.userstorage.mega.co.nz tcp
US 52.182.141.63:443 tcp
CA 185.206.25.14:443 gfs302n504.userstorage.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 www.7-zip.org udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 44.8.109.52.in-addr.arpa udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
N/A 127.0.0.1:50869 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.7-zip.org udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.215.121.165:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 165.121.215.34.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 13.127.203.66.in-addr.arpa udp
LU 66.203.125.12:443 lu.api.mega.co.nz tcp
LU 66.203.125.12:443 lu.api.mega.co.nz tcp
N/A 127.0.0.1:50884 tcp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.10:80 bit.ly tcp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 162.159.138.232:443 discord.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 ip4.seeip.org udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 141.64.128.23.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
FR 23.200.86.251:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 251.86.200.23.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-4g5e6nz7.gvt1.com udp
DE 173.194.187.170:443 r5---sn-4g5e6nz7.gvt1.com tcp
US 8.8.8.8:53 r5.sn-4g5e6nz7.gvt1.com udp
US 8.8.8.8:53 r5.sn-4g5e6nz7.gvt1.com udp
DE 173.194.187.170:443 r5.sn-4g5e6nz7.gvt1.com udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 170.187.194.173.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.111.73.144:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.111.73.144:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.111.73.144:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 144.73.111.34.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.io udp
LU 66.203.124.37:443 mega.io tcp
US 8.8.8.8:53 mega.io udp
US 8.8.8.8:53 mega.io udp
US 8.8.8.8:53 37.124.203.66.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 15.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
CA 162.208.16.210:443 na.static.mega.co.nz tcp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
LU 31.216.145.5:443 mega.nz tcp
LU 66.203.124.37:443 mega.io tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com udp
LU 66.203.124.37:443 mega.io tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
LU 66.203.125.28:443 reqstat.api.mega.co.nz tcp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
US 8.8.8.8:53 reqstat.api.mega.co.nz udp
US 8.8.8.8:53 28.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 184.28.198.179:443 assets.msn.com tcp
US 8.8.8.8:53 179.198.28.184.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 lu.api.mega.co.nz udp
LU 66.203.125.15:443 lu.api.mega.co.nz tcp
LU 66.203.125.28:443 reqstat.api.mega.co.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 66.203.125.15:443 lu.api.mega.co.nz tcp
LU 66.203.125.15:443 lu.api.mega.co.nz tcp
US 8.8.8.8:53 gfs206n208.userstorage.mega.co.nz udp
BE 94.24.37.118:443 gfs206n208.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs206n208.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs206n208.userstorage.mega.co.nz udp
US 8.8.8.8:53 118.37.24.94.in-addr.arpa udp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
US 8.8.8.8:53 mcd270n310.karere.mega.nz udp
LU 66.203.125.56:443 mcd270n310.karere.mega.nz tcp
US 8.8.8.8:53 56.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 gfs302n130.userstorage.mega.co.nz udp
CA 162.208.16.40:443 gfs302n130.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs302n130.userstorage.mega.co.nz udp
CA 162.208.16.40:443 gfs302n130.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs302n130.userstorage.mega.co.nz udp
US 8.8.8.8:53 40.16.208.162.in-addr.arpa udp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.11:80 bit.ly tcp
US 67.199.248.11:80 bit.ly tcp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 bitly.com udp
US 67.199.248.15:443 bitly.com tcp
US 8.8.8.8:53 bitly.com udp
US 8.8.8.8:53 bitly.com udp
US 67.199.248.15:443 bitly.com udp
US 8.8.8.8:53 docrdsfx76ssb.cloudfront.net udp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
US 8.8.8.8:53 docrdsfx76ssb.cloudfront.net udp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
US 8.8.8.8:53 docrdsfx76ssb.cloudfront.net udp
US 8.8.8.8:53 15.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 33.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 js-eu1.hs-scripts.com udp
US 172.65.208.22:443 js-eu1.hs-scripts.com tcp
US 8.8.8.8:53 2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com udp
US 8.8.8.8:53 2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com udp
US 8.8.8.8:53 22.208.65.172.in-addr.arpa udp
US 8.8.8.8:53 js-eu1.hs-banner.com udp
US 8.8.8.8:53 js-eu1.hs-analytics.net udp
US 172.65.202.201:443 js-eu1.hs-banner.com tcp
US 8.8.8.8:53 7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com udp
US 8.8.8.8:53 7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com udp
US 8.8.8.8:53 18ea70d2d9a945cfb97d818ba71817dc.pacloudflare.com udp
US 8.8.8.8:53 201.202.65.172.in-addr.arpa udp
US 172.65.238.60:443 18ea70d2d9a945cfb97d818ba71817dc.pacloudflare.com tcp
US 8.8.8.8:53 60.238.65.172.in-addr.arpa udp
US 8.8.8.8:53 track-eu1.hubspot.com udp
US 172.65.240.166:443 track-eu1.hubspot.com tcp
US 8.8.8.8:53 e5de3d23065c4748b155c28e6fa36f3e.pacloudflare.com udp
US 8.8.8.8:53 e5de3d23065c4748b155c28e6fa36f3e.pacloudflare.com udp
US 172.65.240.166:443 e5de3d23065c4748b155c28e6fa36f3e.pacloudflare.com udp
US 8.8.8.8:53 166.240.65.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.optimizely.com udp
NL 173.223.112.148:443 cdn.optimizely.com tcp
US 8.8.8.8:53 e5048.dsca.akamaiedge.net udp
US 8.8.8.8:53 148.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 a16488430484.cdn.optimizely.com udp
FR 104.108.44.67:443 a16488430484.cdn.optimizely.com tcp
US 8.8.8.8:53 e4728.x.akamaiedge.net udp
US 8.8.8.8:53 e4728.x.akamaiedge.net udp
US 8.8.8.8:53 67.44.108.104.in-addr.arpa udp
US 8.8.8.8:53 errors.client.optimizely.com udp
US 35.168.175.58:443 errors.client.optimizely.com tcp
US 35.168.175.58:443 errors.client.optimizely.com tcp
US 8.8.8.8:53 client-error-log-962704628.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 client-error-log-962704628.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 58.175.168.35.in-addr.arpa udp
US 8.8.8.8:53 logx.optimizely.com udp
US 18.208.67.18:443 logx.optimizely.com tcp
US 8.8.8.8:53 p13nlog-1106815646.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 p13nlog-1106815646.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 18.67.208.18.in-addr.arpa udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 public.profitwell.com udp
NL 52.222.139.11:443 public.profitwell.com tcp
US 8.8.8.8:53 dna8twue3dlxq.cloudfront.net udp
US 8.8.8.8:53 dna8twue3dlxq.cloudfront.net udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 11.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 snap.licdn.com udp
NL 199.232.148.157:443 static.ads-twitter.com tcp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
DE 23.32.238.152:443 snap.licdn.com tcp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 12389169.fls.doubleclick.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 104.16.89.20:443 cdn.jsdelivr.net tcp
NL 142.250.179.134:443 12389169.fls.doubleclick.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net.cdn.cloudflare.net udp
US 104.16.89.20:443 cdn.jsdelivr.net.cdn.cloudflare.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 157.240.5.10:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net.cdn.cloudflare.net udp
US 157.240.5.10:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 152.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 20.89.16.104.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.linkedin.oribi.io udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 s.twitter.com udp
NL 52.222.139.9:443 cdn.linkedin.oribi.io tcp
US 8.8.8.8:53 d1ni990a184w7d.cloudfront.net udp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 s.twitter.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 d1ni990a184w7d.cloudfront.net udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 8.8.8.8:53 sp.bitly.com udp
US 34.120.78.44:443 sp.bitly.com tcp
US 8.8.8.8:53 sp.bitly.com udp
US 8.8.8.8:53 sp.bitly.com udp
US 34.120.78.44:443 sp.bitly.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 34.120.78.44:443 sp.bitly.com udp
US 8.8.8.8:53 analytics.google.com udp
NL 216.58.214.14:443 analytics.google.com tcp
US 8.8.8.8:53 analytics.google.com udp
NL 216.58.214.14:443 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 13.107.42.14:443 l-0005.l-msedge.net tcp
US 104.244.42.195:443 s.twitter.com tcp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 44.78.120.34.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
DE 157.240.20.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
DE 157.240.20.35:443 www.facebook.com udp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
NL 142.250.102.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 35.20.240.157.in-addr.arpa udp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 bitly.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 67.199.248.15:443 bitly.com tcp
US 8.8.8.8:53 bitly.com udp
US 8.8.8.8:53 bitly.com udp
US 67.199.248.15:443 bitly.com udp
US 8.8.8.8:53 docrdsfx76ssb.cloudfront.net udp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
NL 52.222.137.33:443 docrdsfx76ssb.cloudfront.net tcp
US 8.8.8.8:53 docrdsfx76ssb.cloudfront.net udp
US 8.8.8.8:53 docrdsfx76ssb.cloudfront.net udp
US 8.8.8.8:53 js-eu1.hs-scripts.com udp
US 172.65.208.22:443 js-eu1.hs-scripts.com tcp
US 8.8.8.8:53 2acdb9b66bb242618283aadb21ede6c1.pacloudflare.com udp
US 8.8.8.8:53 js-eu1.hs-banner.com udp
US 172.65.202.201:443 js-eu1.hs-banner.com tcp
US 8.8.8.8:53 7c7b02d4bc3d48dd81a7c7738d4de1ab.pacloudflare.com udp
US 8.8.8.8:53 cdn.optimizely.com udp
NL 173.223.112.148:443 cdn.optimizely.com tcp
US 8.8.8.8:53 e5048.dsca.akamaiedge.net udp
US 8.8.8.8:53 e5048.dsca.akamaiedge.net udp
US 67.199.248.15:443 bitly.com udp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.111.73.144:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 analytics.google.com udp
NL 216.58.214.14:443 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
DE 2.16.241.76:443 assets.msn.com tcp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 76.241.16.2.in-addr.arpa udp
N/A 127.0.0.1:61415 tcp
N/A 127.0.0.1:61422 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.211.203.81:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 id.google.com udp
NL 142.251.39.99:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
NL 142.251.39.99:443 id.google.com udp
US 8.8.8.8:53 99.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.39.110:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.39.110:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.170:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
NL 142.250.179.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
FR 23.200.86.251:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-4g5ednld.gvt1.com udp
DE 173.194.182.105:443 r4---sn-4g5ednld.gvt1.com tcp
US 8.8.8.8:53 r4.sn-4g5ednld.gvt1.com udp
US 8.8.8.8:53 r4.sn-4g5ednld.gvt1.com udp
DE 173.194.182.105:443 r4.sn-4g5ednld.gvt1.com udp
US 8.8.8.8:53 105.182.194.173.in-addr.arpa udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp

Files

memory/1484-133-0x0000000000040000-0x000000000037A000-memory.dmp

memory/1484-134-0x0000000005400000-0x00000000059A4000-memory.dmp

memory/1484-135-0x0000000004D90000-0x0000000004E22000-memory.dmp

memory/1484-136-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-137-0x0000000004D30000-0x0000000004D3A000-memory.dmp

memory/1484-144-0x0000000004D80000-0x0000000004D90000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

MD5 f73e52d124620d05267ba934f3b312d3
SHA1 34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30
SHA256 fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7
SHA512 4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

memory/1484-153-0x0000000004D80000-0x0000000004D90000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp

MD5 a71c32e746d8bfc506c407238e07c71c
SHA1 65b645a5a52f52f637204ed6b5666ca20df8eb15
SHA256 88e6c1502621fc29552a2091dd8249c65bf354120806ea15ea8d4686ce5e283d
SHA512 f3e715de9f5df8c7b90fcd84b748e69bf186250ac7711d6401f1dd83cca1af8c734a5696f03e923b0cc4311545e52983cf083295619ecb2fff1df2544f241074

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 43e876f1c3191695cfbe5b3137516785
SHA1 10632ed5401e36ed95fb1998c99384d75832e648
SHA256 5b4789ddce7401e2b220ca68130d4badba8cb01392d7a32963afab6f7a01197e
SHA512 8b444a93ebfad6c3381d53e9d91d14d536f71a09a22894a64a5eed42489d651da239c4e76e10724178db7294e30e8ebeb07edb7100a0387fb2fc5028da378bc3

memory/1484-214-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-240-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-261-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-269-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-270-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-304-0x0000000004D80000-0x0000000004D90000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 76d23a790c80567312c5e2f75cdadb64
SHA1 778ed9ee3a93d60d20c1189331c30dd0479dcf92
SHA256 c9d32d7a7ca83976bc5935a1783dccd87f61fa9b012b97ab8fe6239a71194391
SHA512 3e1b7bb1864875b136f82e2c945336826a05ee88c004711bd595eab99119b32f734185b3d86ba14a92624b6b5c04cbaa0e2c6ddcfadddea24607316d98aff6ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 b4dd6b6acc74fc1d6f06caf408bcba32
SHA1 498123d5734e48a56c4d60cbe9142e8bd33db5c8
SHA256 e9989bf9c8638ee218c82e499e48815babb5ea35415fa9aebe8779f85c41b012
SHA512 7d6cc4e11daa08fe4a40c4a1ac19b1f66fcc45e3a61f628390fcf0eb3f4356b0241ba7e27e91a88ba2dc68bc4315c59bebb7841633329bd528f1ddfa35199896

memory/1484-373-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-422-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-450-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-461-0x0000000004D80000-0x0000000004D90000-memory.dmp

memory/1484-475-0x0000000005250000-0x0000000005350000-memory.dmp

C:\Users\Admin\Downloads\oJJUB7Nt.rar.part

MD5 635903bad1ada856d701f34d3070ccd9
SHA1 3ff98d91b9a3a47bf9f64bdf161efb9c5ac99fb0
SHA256 3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6
SHA512 fee2c64124c47bcb1251b7b87969a1ff493e24bc196633e3a301565b126f5ed2e2967d4d1426ff5d9be9466c852bacf405229308acf946368e00ca887a4ef015

memory/1484-561-0x0000000005250000-0x0000000005350000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a839963d5e8165ab10321ad99840cda0
SHA1 b880e4c4191655e1d630edb10a8888eadf536911
SHA256 e76e7b647bd5bba8e81b67377041ec3cb5d482324e143336726c5ecef26f6a94
SHA512 b64b5a50fe250cb31bc8857970b1c342863247251e92d6a8b06da193ded25a58003660e096486405822aafc1aa3040da71d67fa514076cafe1f00deb62b29a7c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 f7bebf45b175aefeedd62073138dfb0c
SHA1 2b7d324b3ff3ecf91530f4e3afadaae178ba8f44
SHA256 69e27f10f032ccd064b4b7c3c317e3342e03813c8e5a059c7b1bb8aea585121b
SHA512 f87626aee7bcad0d7bb02accb2fe338d7fedbddf6848015847d46f47d1848eaf7fb063ea36257ac0feba34d7aa423508c1f186aea81c3c5131f68b5ebe106e88

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite

MD5 3d82aa3d4fdb0826999c32a5bae7df4e
SHA1 09ae02ebe39fb4f5f2e61208fa35abcdd39a6205
SHA256 ba93128dcfc35baac833b062883980ddf70ee1fdb1d3173479677814d0a7f401
SHA512 c9137f1762b11482c993faf9b90994a0ae73bdaa0cb4a3517f3a7555e55c9a3bde8f5106ae724732b47cf97869124a4c3818399a285d49a22b2bc01a32340355

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 1efdb274750efa5089f18c3558574bec
SHA1 bd014479e92797a7beda3322df7359386eca7ba0
SHA256 2fdef2dead9ed527fa480f66be39602b221398bf44cb73722f4a2f322df9a750
SHA512 9ebd209c59ea4bcb41bcab82b0a3bbe1e29d589bcb2e61d14dd726841462f649fb7decc5bc3d643eff0666f0f8bb0af18ab34094d3b6870de9bf3502788e6ae5

memory/1484-611-0x0000000005250000-0x0000000005350000-memory.dmp

memory/1484-657-0x0000000005250000-0x0000000005350000-memory.dmp

memory/1484-792-0x0000000005250000-0x0000000005350000-memory.dmp

C:\Users\Admin\Downloads\7z2201-x64.exe

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

memory/1484-881-0x0000000005250000-0x0000000005350000-memory.dmp

memory/1484-882-0x0000000005250000-0x0000000005350000-memory.dmp

C:\Users\Admin\Downloads\7z2201-x64.exe

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

C:\Users\Admin\Downloads\7z2201-x64.exe

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore.jsonlz4

MD5 cee2271e03be73a7cb460d8b60457729
SHA1 ea77ec2e02bfc2f227a79215fba7bbd054fd0456
SHA256 a1d6b86f44b5edb2df597c526cfa26c020d7382020f11ac50fd565838ab51916
SHA512 a38f44974cbbd6bc9c790e266309440760a102b02a15596f64665350a374153760b69ac074ecce7d9563d86fec4f63ca38356d731a2d002452389f43c5c7ee9d

memory/1484-1001-0x0000000005250000-0x0000000005350000-memory.dmp

memory/1484-1002-0x0000000005250000-0x0000000005350000-memory.dmp

memory/1484-1003-0x0000000005250000-0x0000000005350000-memory.dmp

C:\Users\Admin\Downloads\7z2201-x64.exe

MD5 a6a0f7c173094f8dafef996157751ecf
SHA1 c0dcae7c4c80be25661d22400466b4ea074fc580
SHA256 b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
SHA512 965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

MD5 f73e52d124620d05267ba934f3b312d3
SHA1 34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30
SHA256 fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7
SHA512 4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\startupCache\startupCache.8.little

MD5 a5e59bfa39139f96b0663420448a8531
SHA1 553ac15955dd72a131cd6f4fc19f00feb139bab2
SHA256 d0af4da97fa8083683d04e80460ae5ec8440a43370c381b0fb5b25d971d8a23b
SHA512 18c7eb9370fad39b18810bf83f1aabadefbc65009ef2c9e253e5206adc095872d157efb90a166a9f268d465d8df3c1610258a7eff91f2ee96594bb49a5ca95d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\startupCache\urlCache.bin

MD5 f6f677fff7ae332ea66f4894bcf548cb
SHA1 8c70d5932602fa6a235e754758cfb0923af8afa8
SHA256 9cb2f28bca18ac42378fd69e5a77b46d3cf41835967ff69e4e2e62ac94ad2528
SHA512 0c7a9582e0ee7e6430ffc9efb94c5a7e1afb35fbc4d6c42047d48deb1c892c1b9f1a5761f2f04d3782c8dd8d4405a7a7b009d9e4c9b67add8f80e95fe9c228ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\addonStartup.json.lz4

MD5 f250c684a241935c2794c30ae164ae52
SHA1 ea384bb1ba6744718b3bb8180800365d19887692
SHA256 ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7
SHA512 e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\xulstore.json

MD5 1995825c748914809df775643764920f
SHA1 55c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA256 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512 c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\startupCache\scriptCache.bin

MD5 1402a1f6e5d9c8ea91f6faac1c7cf929
SHA1 b0b0b2cdebd7fdee8649f469c57a10cf168b5844
SHA256 8d5acee3829ba79d5a7871675c9850d0bb0ee5fc17853f08d8c04e3d9c7118b4
SHA512 bb3e6474e628934c8bb1ba4e53c96624030f57843addc7a11dd83ffbd5ab890de7b983338c6a0701128790b36e259f0268036c89de57daf88c0532c1b34df032

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\startupCache\scriptCache-child.bin

MD5 67f22f27223d6a2da3760b5cf1a92340
SHA1 70ec506cdbb71d9777baca2232c1ac27d9ea4c93
SHA256 4cdd33a28c637663c53970683497e24af6acd0f8e3c8611b65caa3cff47bacd4
SHA512 aa218e6a5d52e175abd10da7fb2fcaa59aa1313acfdde24d8732554f8c036a540af8eb3660475b3b403494185e1a509cf42b3fce492b03b76e44d313ee2460ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\permissions.sqlite

MD5 13e9d1e2d59b288227440f0cdc947904
SHA1 8b59c6216a2f26f6f581087e34f0a62570bae938
SHA256 facc2c3a989bba238a4a7a365ec2e0ec339a3c5da35375cf90b4d05b484f4501
SHA512 3cbe00694318fd4ee04d1d0c60cc9c490d9bb19d1498aa3635d991641aa0e867667ab38558deefa5f31194381a7ef740938e02db6e0cbccab296cbd18f583c6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\cookies.sqlite

MD5 223db9ba0e52b1a771ae6c07430c0ed5
SHA1 5723101d4ba3d399310609c9a0bb4d8d73fcb771
SHA256 eb3aaee975b107e3479410940e11b0108fac0413ac5edb18dab652befba3bb57
SHA512 4d664ba7fd81e683b0ff66424efba8ae8dc81a1720e1813ecaee30520b061b135e996f2b411a41bf4230b0a54babb5f15fa756128f4d0ec80c9d8e15e66fb414

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore.jsonlz4

MD5 cee2271e03be73a7cb460d8b60457729
SHA1 ea77ec2e02bfc2f227a79215fba7bbd054fd0456
SHA256 a1d6b86f44b5edb2df597c526cfa26c020d7382020f11ac50fd565838ab51916
SHA512 a38f44974cbbd6bc9c790e266309440760a102b02a15596f64665350a374153760b69ac074ecce7d9563d86fec4f63ca38356d731a2d002452389f43c5c7ee9d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0747894845651652d9ff4101bf8d656b
SHA1 40ec7b525aaf9482b6171e25a82e04930907cb07
SHA256 edb701d20304b8649a311d387b71ea580b2809cb6e49bd58b8d6bedf56429e91
SHA512 781efe1f3bc38d3926615efe9e13428288d3fe7c4cab3ee59cba38a060b7c3db5087a1713536e64af4fcc7695233bcb7b5c5006e3b3648150f7102c5d655983c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage.sqlite

MD5 b48f0ef3ac0a2761ddabab67ffcb5e85
SHA1 cbf2b7934e949f8595724934e87dc9cab9ee6528
SHA256 b428b677f9990cfc8da8efe5495e3942a3b375bc3a28a66e64473b80e55662d7
SHA512 b68ec47025a99783110e95ae98c70f819ba65d85bd63d66ed01022d11bd63d95ee7c5bfc2aab2a84744e8b80fc8fe6445c4bd587bf98f5f02d2a2dcf678ad87e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\SiteSecurityServiceState.txt

MD5 fec8f2855155c07da65bed52eb93695a
SHA1 5e277bdd6965031633f00b9151073e638cd972fa
SHA256 8189e0f5dddd00390d0922735f23d26c588af5a9fbb654c292c83a5c306e9589
SHA512 52e91fb775a1f761a96288634c475946235df865dda15e5b6063eb508f854761bbef3d8e843d60beff8947ea387488de15470cc652075719e289d8d0a3f96306

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\cert9.db

MD5 989e96a21309881cb01d727a9e769d9c
SHA1 61ed280356bba8ba91aa491a19cc7fdc0d4201fa
SHA256 60a010b102219698e4f807a9ea8487a51ec7fca6237c3196c011bceb7d3c22bd
SHA512 6bc96d4fd362504dd1dcefeb9ccfbb85a7371c1ff0d1010a122f0aedf9a0b767c761be14376f6c96b4d9d6561d15a1f00cab2996f10b996820a70d851e995c36

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\search.json.mozlz4

MD5 033eb0645837c8b618a593f7b9a72642
SHA1 cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172
SHA256 3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582
SHA512 27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\35CF8F0BACAFFC9656F3D3134E049835542C83AC

MD5 2de5ab936bfee1f04ae0ef13c6cc69c4
SHA1 e0421c2e7f9b8dfa0d0a57ecfa1c28883acf0650
SHA256 bc61676d43fea50e7ba6c9541b5d3d144a22b7f3fb4967a65ed973e5bfb7079f
SHA512 b0c56de31bd312e5d295208ac6fc9327ed15cb5ff161a1fa6bfae752726690a814cf3c45ef9d03b8848967b4ff2caeeacc70cd0211dc23a22bc887e1fec351df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 1d9ee450e1f3cd52705ac184807fbe48
SHA1 54a20b5089f106b346a66ccf7a18573baedc2f65
SHA256 797b8d852c833521aaf82e32169de04d37d65d12d36ba642aaa672d0b9224318
SHA512 e5b7aa2a5fd1453605f1681caa9f7124c73e2eb851c3c076bc82aab9910773c78fa9d708ad2212dbc9a3dadc829e5b1be1a8c756579f288c1df4fabdfe8ca72c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json

MD5 8567c3b4ed3c1257e44564e23c7f8c44
SHA1 a68819d1cd78d26b1f7ebfcc66dc1aecb5f248dd
SHA256 ed06529f67c0439b4fcec9229e00370ed69240fc0445ec43376e02091892ac20
SHA512 a53c8a40dd548b92de8eda1e6f9d367f8533ec5e797164489d0d9ee480fe6dca1a927c54afad6f6cde6b06fb1e2b1ec6516f0a0fe78010d5f29d43cbc5aa19a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp

MD5 3e0e37c71d280b783591728b482e9630
SHA1 ee744f68b8f076e91ea582e4d8aa0dd862cf3aad
SHA256 c3c39753d074bf2f14d5cde21cd3c6a46f268d5220e7048c442b1de78eae5011
SHA512 3d3bdb31cf6ef26f072255cbb59d283ea94dd3ec84e7b998aace7290163f0b535c395e4e7fe23009ca771824f8f1e8de9fccade0f02436a50549c1cbf5365531

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\A3214108324DF7448BC2285E274CE48487034585

MD5 5843312f6090ccc6b51637f53a531c2b
SHA1 ece457e495594b5e860e355cc3dc29b8a2d79c32
SHA256 6a811dccbac3e8caeb1fb92b3a1ae61da10af7940c66407d51a3be3a5e429642
SHA512 8cfa7f04c75d47d0283076117e4a691ff767260575c24d198b1e7b7d42325c1786998f41f47145e55e7fe790b06ee571a340a70734f0d6aa5ca683f702189852

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 b1c807aeb33978adc10c990444c78efe
SHA1 3cc3169dfe211d3bc496cfb798ea9e8bd2066dd5
SHA256 ef37e7ae36381b604dbe1799143cb3aacf9f401bde1fcdecd8be6feb738c0446
SHA512 f3eb19973b28545b3bcb465daa13dfeed9c7f07bd7b5dd2e4de95b63daceb9553e911381274725596faa0fc7920bf45e52c2696a64c2f03f19c6637b6198ca03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

MD5 dae800a5c03e45e632b89e9165173c92
SHA1 6b625b801f707245ad2b73bd578473b81aac3486
SHA256 aad28e47cd7bd0a0ba4abb29cf9c0f5926a0df7fba30e56a47700463ee64acb4
SHA512 3028570ddef0e4737db807e591191b3e3a6149e6fa7546aa0806e4f06f1ed1ffa68d74073b5a7591c5dbeca72c51cfffd3645776cd52bee762a92d03eec7137e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\favicons.sqlite

MD5 c8c502c90e898b3551af55e4b674e561
SHA1 b956ec82ebf0304226bca05bd775c97cc776dd39
SHA256 240735a521d1786cd534f5242f2825cd8bcf290447ea1035f5c8c45c679b2df4
SHA512 f7e027a1d4d0d0f48a1f24438b09c6f413c8dcad1d303fbda2a4e68d03d914b6c64fb0593a9e90ce52c742fb7ea6dbf8ac86029339dda96a411b3cf2ac0b54f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\places.sqlite

MD5 603b9ad9a8e2fd80479362b4bd8902ed
SHA1 160e316fd25d10bb1b521a6085b3cdae909283bd
SHA256 35f9374d11f30b66ad86ba0ddf34de3851ad490d871e16a042a7de618cfde524
SHA512 1b8f09780cd60e37b9ddaa732f2d844a3b24fab1f81023055a5234bc52385d884d5598e11cbe73c119d59e741b7073d1739498e72332f2da6c8828158c4bdb9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\AlternateServices.txt

MD5 353f6fc88afd7e96657080167ba7d580
SHA1 39535f69a3d044288912034d86fb2dde4937f053
SHA256 0b7d3f7bd6504e78149abd9b9b382d357187ae1f8dc4bfde8fae3570c4907de5
SHA512 44d1801dca9490c6517d8102a98e7064b09f4320b038fec7fc3d9def29e554a33a19f4bce952c541f3766f9dc94fb1b65b77b8765dfd38e252e5249115f9bb76

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\protections.sqlite

MD5 deeced8825e857ead7ba3784966be7be
SHA1 e72a09807d97d0aeb8baedd537f2489306e25490
SHA256 b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54
SHA512 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\datareporting\glean\db\data.safe.bin

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 681ce51ea764fd3e9bb680ef948f5d0a
SHA1 7b93e661d0dbf61bd17acd3c6a4d05b11ba5ffb8
SHA256 4ebc5e1afc748d0a03208a3151e657e3f262bb5b00ca6b0b2906f2c823216104
SHA512 62c755aa95443ba16234d58e46f470d17d422f09686a05b95109bb0cdc60c9af4dc0b0cb0ab95ec9a338267666d8fe1b2bd11a00e80c2bc18e4ff744c9227ae5

C:\Program Files\7-Zip\7-zip.dll

MD5 c3af132ea025d289ab4841fc00bb74af
SHA1 0a9973d5234cc55b8b97bbb82c722b910c71cbaf
SHA256 56b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52
SHA512 707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++mega.nz\ls\usage

MD5 3053c20342048085db2ad3d8ea65dd11
SHA1 80b5eab05af8c4c2af8ad6401fb84924c8d56143
SHA256 2fb863a23a91612409def0d2965588c4a108c3bda4bb36cc7ddaf17fc5cd7fda
SHA512 61575c0b25d275211b20a3dc8090c1879505dadb4bb47443039fdc433a0dc37e558eb9b7b8e403175e1d53855f279936651aecbcbcb93cdab64480f00b6bb89b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\43D8C898124B7E76A3FD4F4FDE08FF8A93536C94

MD5 79c666e9410bfaef134ef9a46497c0ff
SHA1 9222cd76d9ed77ce006802bb9630542c90c34e0a
SHA256 8f68a276bd376901c8740602ab770ca36e0eec02002cb03de4a59e690fadf390
SHA512 e83b7d980d4e90f8333d78aed1cb0006f7533b45e7818841371dfc0a9311cd022fc970fc09aa981686860a3e7b61e16cddb7ec11bf46af873af6770df0faad5c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\A2A7547BA527F9A7BB30DBEE99FEF93F4DBC54D4

MD5 32c1d61a98a5ec3ec7ed023d6f5116dd
SHA1 2b9e38324dd06f5f48b8b688726a45efa7c6e6e6
SHA256 09c8dcedddc808db8829916208edb8519ba94a358e9ae00d8b5bcd3a7bb8726b
SHA512 f4661c7ea6fad92c698dd3b093ce260423916a994f79451b7185e7c496de26562c48caf150b56ed2b61c3a5a8d38d3cba502a772c8950eca9739bde160bdef0d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\4E59E9BA631981F353B998F3EAA32000A2D02112

MD5 49492793327e471054e77e9356d81e12
SHA1 03248a46c8845729523b474052115cacdea34851
SHA256 b75534620a391364e86f3ca6ec8d16a306921ca6196b1f83c6c870c5d07aa58e
SHA512 6b7e3b20a0a0e9ffb94b3bcf681fb2c1ecd040a9d738ad52fdf1d40ea1d893cb0f0449ee87d7842a6df63181d9c037d00c4c1c3e0e5311e34f668c4e63d33f13

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++mega.nz\.metadata-v2

MD5 5119f1f1bc3dc6da3d7d78ff3c8bf40c
SHA1 80e9f18481c103c5be583a707638caf88e73f2a5
SHA256 70a7839796d3e9df32e31c0abe269d0c1ea71a0fd2570b711f67fcfcbbe03852
SHA512 54111044a64d9e8e197382277aa1fb925d56be42164b131da9b180f86239ad21bf78f97512e02c0f6af2f929c1e40c8c925a048a3a6f6b02f3a637e0b840af9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 7005f80a98990e68fa2eb60ea3de0322
SHA1 e038e7a8207ac0bb6cd1497bad121ce6f8097932
SHA256 98d4ac86621ec109f9272ab5732a085bfcd8f48491a6b2354a73b649800bcd49
SHA512 3fcc06592cd2fdaa79fcfed9c9b83415900927bda7e5e46eea97e044ab3c1c2cc8f3d84db80e729bec11e9f51438b5b63e831353769a851bf0990b59dccab0e9

C:\Program Files\7-Zip\7zG.exe

MD5 5ab26ffd7b3c23a796138640b1737b48
SHA1 6dab8c3822a0cab5b621fd2b7f16aebb159bcb56
SHA256 eb775b0e8cc349032187c2329fefcf64f5feed4d148034c060e227adf6d38500
SHA512 2b40489f46e305f7e3455cac25e375711a6a1733861ee7bf1b800b86eaad2f40871c219924ddceb69b9748ae3cf9de59f0edffd7ed7b5e7f35d1239fe0333a78

C:\Program Files\7-Zip\7z.dll

MD5 bbf51226a8670475f283a2d57460d46c
SHA1 6388883ced0ce14ede20c7798338673ff8d6204a
SHA256 73578f14d50f747efa82527a503f1ad542f9db170e2901eddb54d6bce93fc00e
SHA512 f68eb9c4ba0d923082107cff2f0e7f78e80be243b9d92cfab7298f59461fcca2c5c944d4577f161f11a2011c0958a3c32896eba4f0e89cd9f8aed97ab5bc74f9

C:\Users\Admin\Downloads\Mercurial.Grabber.v1.03.rar

MD5 635903bad1ada856d701f34d3070ccd9
SHA1 3ff98d91b9a3a47bf9f64bdf161efb9c5ac99fb0
SHA256 3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6
SHA512 fee2c64124c47bcb1251b7b87969a1ff493e24bc196633e3a301565b126f5ed2e2967d4d1426ff5d9be9466c852bacf405229308acf946368e00ca887a4ef015

C:\Program Files\7-Zip\7z.dll

MD5 bbf51226a8670475f283a2d57460d46c
SHA1 6388883ced0ce14ede20c7798338673ff8d6204a
SHA256 73578f14d50f747efa82527a503f1ad542f9db170e2901eddb54d6bce93fc00e
SHA512 f68eb9c4ba0d923082107cff2f0e7f78e80be243b9d92cfab7298f59461fcca2c5c944d4577f161f11a2011c0958a3c32896eba4f0e89cd9f8aed97ab5bc74f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0a18ecc4861bb01892391083ce393480
SHA1 e6ad79cdd55540b3dc3c793d8c150b88916cb1a3
SHA256 3ed91cb0af452f165bee6527cc68d180262dc8647862495eaf584ea7d90f4c30
SHA512 3c5e416787c179316aca4ae01f8badfabaa24ccac5285fc96b8a67e1319cf693ebb1226d9cf77e2e67d4f862272f38b7add927f3cfe0b57343a7fa84fdbdbc2a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\upgrade.jsonlz4-20221007134813

MD5 cee2271e03be73a7cb460d8b60457729
SHA1 ea77ec2e02bfc2f227a79215fba7bbd054fd0456
SHA256 a1d6b86f44b5edb2df597c526cfa26c020d7382020f11ac50fd565838ab51916
SHA512 a38f44974cbbd6bc9c790e266309440760a102b02a15596f64665350a374153760b69ac074ecce7d9563d86fec4f63ca38356d731a2d002452389f43c5c7ee9d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 99eaf156596c1cf003a95ea3fcf9912d
SHA1 8d84d8f494602d892df4a48bb929078580536681
SHA256 37fa570185a9b1a803de9f425d1b816638a6296966d0a3df0f12671ddd86a995
SHA512 da728e1991ab20d32aabcbf8efed4dfc06e448bf421e4097ec9537ca87bef5ed48e1dbaa74bc7876822d7e51e8d92fc85e4820357c45e44a4abc2efb602df39b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\6D81B5E71B11BB91239B760C682E5E832DDB7B9D

MD5 6caa04d45cdd88be9ba379cff82b910d
SHA1 72eb9a6bc05edaa15a933906b241a6763ce9ca7d
SHA256 bca06a9d06881ff630f7eb666047f364143619111a2e8a0fc2f07bb0b67c612c
SHA512 c01727634b1ab99acaf766896046367003c381d9b7478fbf48f056b1e41134fe3ee139c6e285ab509474cc319eb4bdeef300da390fa883e8cb1ae1b121b350b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\thumbnails\b91c4063098e54247979b4ae504ed20e.png

MD5 373038d43871bcbcbf77b59683dd04ca
SHA1 f60629699d7aae1e1f4d7dd607d91345b49ea70c
SHA256 9aba2e4d4d4fccc721fd6bbc84ebe5de9eda549a9ca96e3fc6d7165230e97671
SHA512 81f566cf65e4431f0f56ebeabe1e96f638b1304a39065ce121cf5d24648a88ef9e19b0da70dcc24852744f77406fb745c85ff0d01c88c416d6cfd261c43356cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 b2a98bbea7fb5f76396360a0a87f9f83
SHA1 0fb243bf091388d681625733bb8d9f2de6342a35
SHA256 3df74c4bba898ed727f7905112064553732825d3ffb5a60fe2bb8b7ea3c4c853
SHA512 df4dc6df15d40459cb7e13df0d8ba43e694c5c835a71b2a3fe3067bcfeda68f1b514166ae47e2caaa89e17d7c24ce4f1218c3864ffac2908e57050994bf40fac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5cf2321079e50451c2caa593b9c2448a
SHA1 7240b8944018900353529664e3cbf03a904f6aee
SHA256 73dc7f185020cfd92e92fd223999b8112b4db3c144ca94985cf13af752b25fcd
SHA512 1476afc3b212af46e1078d4f1fa35210ea4b143938449d24cc3c72b6550030b8904badee28e6db22a6ad1f4ba0c506ae65facc4590d4dfa999633fcfd38c4a24

C:\Program Files\7-Zip\7zFM.exe

MD5 d36deceeb4c9645aab2ded86608d090b
SHA1 912f4658c4b046fbadd084912f9126cb1ae3737b
SHA256 018d74ff917692124dee0a8a7e6302aecd219d79b049ad95f2f4eedea41b4a45
SHA512 9752a9e57dd2e6cd454ba6c2d041d884369734c2b62c53d3ec4854731c398cd6e25ac75f7a55cda9d4b4c2efb074cb2e6efcbf3080cd8cc7d9bc8c9a25f62ff2

C:\Program Files\7-Zip\7-zip.dll

MD5 c3af132ea025d289ab4841fc00bb74af
SHA1 0a9973d5234cc55b8b97bbb82c722b910c71cbaf
SHA256 56b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52
SHA512 707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2

C:\Program Files\7-Zip\7-zip.dll

MD5 c3af132ea025d289ab4841fc00bb74af
SHA1 0a9973d5234cc55b8b97bbb82c722b910c71cbaf
SHA256 56b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52
SHA512 707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2

C:\Program Files\7-Zip\7z.dll

MD5 bbf51226a8670475f283a2d57460d46c
SHA1 6388883ced0ce14ede20c7798338673ff8d6204a
SHA256 73578f14d50f747efa82527a503f1ad542f9db170e2901eddb54d6bce93fc00e
SHA512 f68eb9c4ba0d923082107cff2f0e7f78e80be243b9d92cfab7298f59461fcca2c5c944d4577f161f11a2011c0958a3c32896eba4f0e89cd9f8aed97ab5bc74f9

C:\Users\Admin\Downloads\Mercurial.exe

MD5 a9477b3e21018b96fc5d2264d4016e65
SHA1 493fa8da8bf89ea773aeb282215f78219a5401b7
SHA256 890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645
SHA512 66529a656865400fe37d40ae125a1d057f8be5aa17da80d367ebbe1a9dcea38f5174870d0dc5b56771f6ca5a13e2fad22d803f5357f3ef59a46e3bdf0cc5ee9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\000A0FEFA4002BA4C4E7DD0373412C9B8768AEDB

MD5 c3d364f7d3a9711a1769a146c93af823
SHA1 810edadb3e07f30d9b5316d5fc5eed91ba9784aa
SHA256 e08dae243893bf07203df0a67d1f2859e53a9eb9a7b76870279a43a28edefe0a
SHA512 b2e8215d461c40584f546d6d4a86ce9bdcca61e95958bec19fd0c29c13eaaead4f484110af146b8daba01d4dd3406eea22bc970e6c33e784c70cb35ea9d5eaba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\0215C8DE8F05D6937B55FF8157DBCD99B7899257

MD5 1983e7da3bbe6a011bc614e7b01406d8
SHA1 492d22b20c537a994ae902cffd1e7f801177f3f5
SHA256 7d514328173dae5bdda4560cfe67e6644000edd8d5a560be7c7d107ccb179761
SHA512 993932f10fb1b8bad7b6a7ae19e69303c17b9f473e57f54b97c4e8b4c7761ac7c4ded36282c93403a201f3198aac10d749de7eb56a4ae696f067ef7879d97e71

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\1A701ADED0D8045B96E404ECFE81BEB8D2D5CA43

MD5 01b2badf573804960aee2007c857adf9
SHA1 f40c5941e76d2d2e472d1fe3119f8c015566b864
SHA256 a19426083220d94f2ac2e3b37aa726b88f064b091b99ad34eb09d0600c374301
SHA512 889ae0672a328ba442a4a037044b78c39f7735e58335ed8d9b77608f7359faf2309adbc543b4658a75ae3b3fff4c8b474482a9343fdcecbdbf48bad5346573d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\1FEA972BEC302391762B719E216B977191C80344

MD5 9fcb0d65fc4f9bf128771b5695d9033c
SHA1 ec4ac0bd9481a32f6fef364b6c79e8e7b34e091f
SHA256 704bbf1523da91a78f64dc6989f4aabbeb8b986f59b174eb0d3bb6c3da63de0e
SHA512 3e8d3588cc0a78de9d47907e5062ea32e1840b9bc5e16889b33968d92e5bbb50195a8fae5bab3df7973a9c331f2e54958e7d220089ef3be0a81f1c3158b9660b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\150A1D3929D9968E9FFD912A054CF41FBA90325C

MD5 4ede58cf42f49b001ee356b0f521441a
SHA1 d87eb775debce128755c7acd7d519a5af31f05a8
SHA256 214a362a1395da40e9d4322dbba5f92fe4307618f095bbf5112ea1959f43453c
SHA512 2bf88685f78521cedc65f742cff7b364069b7eeea05d869424ae28e507701b09d9f2c57f32dda298cf8fd2c63df9f652e98bf7fcde962be1b3d5b55308dc73f2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\13375980190C97C081E81367CC560267B2F3EE5B

MD5 ff6e18740b00f7ea947411d74f8171be
SHA1 cea8be1f479961a65684e0f58243af4e4e0ff846
SHA256 b8b4dbb86362a0a6c6aac84d4dd532cc44242086fcaf5a0d67908be06c1c2098
SHA512 011fea21a6074be88223a5c0d897dd16d5d4ab03a2eb3970653a7b623483251065bf4d0aece009e170504e26e6cb22716e8f63ad6b336d72a66ada42fe252e0f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\0D4EFB51691578F19FB67447FB970F8AE9938C7C

MD5 c76b7d77735f380de59687f520021cb5
SHA1 f3bffa0c11cda89f6eb4efce7e16bfcf935d0d33
SHA256 8c093f876890e25bf55231826bda1681e66e55747709142b12d182ff55d9e8c9
SHA512 6b6b774716816ebf33ea3f874cf0024b2510356f6972ad4b28e07012dc989beeac59b49bc50d3631e557db10a8419a32adb26429c33f521bef8795552678b1e0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\0BABF52A64DC7B1FCCDD563D131A086B80FE77E0

MD5 445ac8e20d1ae84ab72ac31d24143eb5
SHA1 f931beaa4e1acfb7ded4b82e704b09986c0c4672
SHA256 36715277f3cba5c16f127acb704905d386b58c64497475ade9b938b664394915
SHA512 87352b561b8e717e3a8b1d255daa3ba56f52e844e3be83a63db2f8293227b762ff3fbb74f0d4310adb72ca3605484420bf559e1646da976cb906cae2856b3eea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\0AE70713715ADDC709BF5E28617D4AA5FAC51607

MD5 2f115ce167faaf1e2c13b4048f15c558
SHA1 71676c922939374a7037e29e12cb80589c1de4f4
SHA256 ead2da4cfcccfe33f991569b51ffc0a3e4bfc8e41e647c9846215ae2b55becf9
SHA512 c1e78d437068cda1ca3ca408957e7b138578af7d7f462b614e86ce278e4b8d7e4d93b7dee263be7bfe91f3b5ab1ce07aa79891d91a3801cc1e00e0738b5e2315

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\0695492D440F57A0C6A77A5F02FADC5E1531620C

MD5 28ebc4f35515efef9db4f452c34f44b8
SHA1 68e79ea823b50ce902040365c293370845e8c88b
SHA256 8eaa79e26166833117f24f05e4a51ddf43cdeb7d7e66ea0470a61aebddbd6300
SHA512 53c77f777b694e25ba1fcdf808e23af4c1ab4557245e289f5ee994c375534982372acc7eb069c6f41c89b56e86cc81cb0f0157bc878b965c4ba689ec1b6dcbfa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\05C496ED52B190E9BDADC9B7D9B35C435584BEFD

MD5 829a660588c86f9fcde4d88fad04bcdb
SHA1 af5588cf4b7ec8c99d061cf3bfdeffb4a77864b3
SHA256 6283077ae5d257db777c8907771fa18f2d38d5c36cbebd1e5dd11c9516116d65
SHA512 bc30123ba950fe150ac7e4477a952ed678befb4dfccec1d90041bc5c18cfdbf5f075365b73a3463a32ffef06c10023b9b9dd1fcd467195355e1f868396284395

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 eef5f61df2a824d14695ffb910d2d09a
SHA1 2f1a7f9dbaa6d314714533783a7d812c3f4e0ed5
SHA256 39502361f57c5005f256b7b3ba3ffe17024dd05d2dd22b8ee5e4899ccb34bb87
SHA512 691f2a2b9ce616d549d7bd8cf4fd7ad8c61c8974170b5789f845f77a4394453544c009221630e1b62292a984bb4601f1dd552b2d68c59c6660102b308b860db1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 f7ae9977f0af0dc515e796f580656171
SHA1 05fa20c032c4826a92a35a4efc83ccc1b1cc25df
SHA256 9977ff6ca9ed32c166c285bc952d9a4d7d0375f751df3a99ae24673865159233
SHA512 ff38f8e5b68259e33bc2bdae3e3548fe4028e1b1a9c4bc4a4f993b31397d883a922d2e09c7177886cfa9fdbd5a174739c9219b1089b014b54780bb9fb7b9bba1

memory/3736-1902-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1915-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1916-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1936-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1943-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1962-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1969-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1970-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1980-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-1981-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-2000-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-2007-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-2023-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-2030-0x0000000005A90000-0x0000000005AA0000-memory.dmp

memory/3736-2031-0x0000000006070000-0x0000000006170000-memory.dmp

memory/3736-2074-0x0000000006070000-0x0000000006170000-memory.dmp

memory/3736-2093-0x0000000006070000-0x0000000006170000-memory.dmp

memory/3736-2103-0x0000000006070000-0x0000000006170000-memory.dmp

memory/3736-2134-0x0000000006070000-0x0000000006170000-memory.dmp

memory/3736-2165-0x0000000006070000-0x0000000006170000-memory.dmp

memory/3416-2217-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2230-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2231-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2245-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2260-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2279-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2286-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2293-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2306-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2307-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2320-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2324-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2343-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2350-0x0000000005920000-0x0000000005930000-memory.dmp

memory/3416-2357-0x0000000006540000-0x0000000006640000-memory.dmp

memory/3416-2394-0x0000000006540000-0x0000000006640000-memory.dmp

memory/3416-2419-0x0000000006540000-0x0000000006640000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 e495fba3a13b8f09b49d559aea264b6e
SHA1 44abd7a5bb99178da277ead33f89a4e86901e2dd
SHA256 229b325365c951d06574ef72e5c3770a5e88c49474ece8e5d8a0c80fc03adcdd
SHA512 82ed724cf7204b6740d6dd9b3f00dd37c2ba9f0a7a6e26746d6abf0deda5622a30f8dac639d992ed979026d1efc5e5b038ba222d59d12b0a8b3a7fe560f2ac4d

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

MD5 f54f190b74138fafcb7743f246afb65d
SHA1 1b4ef84ed12375d39babf9f72ebb85b58b3df98d
SHA256 abdce8317c4ab18690202e01c33fee04df174012e6841a7e5d2eb2ad65c5fc99
SHA512 539c62d423977e23fdfdef50249b4dd568cac904cced7b62e4ea5cff2127e32a1bfd8a547f937a7510112ddb9a0cbac69c18940ca92440a16732be58a8816bbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 b671a98854978a885e073a88bdc13145
SHA1 86bbb98edcb838829f1e34703a88d6585f616d1f
SHA256 aa5baeacd29edc747a134c743b57dc4a146146596cc76f34931af16727308bf4
SHA512 06c7e2861f1fdd25cbccc2a00e76cac48d7432cacd17faedfa29697bab75fc378d287f538bc35be7902ecbdfd5f1ef9a9c241d338dda4b760338b511141229a7

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ccf2ad90f97ab6a59493c078318becc8
SHA1 5a596dcee909daf6ae615ea612db51b00f99459c
SHA256 1696a4d36841fb6e9e7411a5f9c6ddb371de77d7476b0ea9b049caabe1c8b252
SHA512 2ccab53a3100ecc10ca8e87a5dbaa02dc0c290209b8c14e0a230fa293ba975914278fca2019fbb0b880c8efe086438a2dca3ea8a91cf2520a50657f3c3e64b24

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 27ab292d7b71881a71717d487185beaf
SHA1 bc938ff9d21fd07f2836a15973a0efdd49b4ad08
SHA256 729bccbd5b9bccdec6c6ac22b8b1e217378579524a2ad8000de32ec854579f94
SHA512 4b231f9e001d589a8e57f123e91c2a6b85377c9ff57e68c8db6313b64e3ad5a2a158054ac51705ae560363613b1c08702b9d47d55b06bf89d18beee1849a032c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 1c09f1681800866e33e69adf228ed5ec
SHA1 53d83dc50e86bbc6c7f78d54bbbb91b9e433ad04
SHA256 c4ee9ec160d996b5f34bf5fea2747ad4ae1348393879acfe9eec4001e0c35c43
SHA512 005c329b59b95495dc6204bc6ca2a32d43c1f02ac9b492cd71cfcb986a782c22edb10e3471e324d8af7180496e643100aea779de1a546c003de9ada41e684d2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 38a0f935df031932b71dd3dff8ebaad9
SHA1 ae8c6e8d67feb6ffdec6eedb4f08ee76c9443401
SHA256 bf113b05b39c879aacb70ddb10e102de9b970c5108628784362a16682ec4ee6d
SHA512 36a58b983f65d0e87e07eba8e7d9efc57962e4a7f2fe769e46f7e9d5912e25000c05f49475c6e99affd8b0c2d2c7685ceeb7ea5d63ac743abd4c8fde7d4f1126

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\52ACDF6A227197C103843ECC9309C07E7D40130F

MD5 1064d89b45fa2fe1923e3583c564d319
SHA1 cab85fe8602c64841785f1b6248eb113baf0ff8e
SHA256 df93924f05091fca013c78bfcc41828861b4fc21e50bc4dfc37f26c18aa81cae
SHA512 61bc60072e4ea852f2d9be9d54e1ce8c3a31344eb1755a5465168aec5d5e616bc09633e628366249b8822fc1345f42f1dab6cf9eba79f7f7f723c4ce86d065f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\thumbnails\c9e626258b56c126eeb9839a3833c741.png

MD5 7b4a4086cbd9f0e3e22b073ea02fd91b
SHA1 d80b1d32ca8c792e43257c0853a1a017a6645223
SHA256 25ec220fabe477a8ee98bb5edbbc3547f66c8bde8ce1a9d6c1028d53adff86da
SHA512 59a75d329c0486005945000a45664bde3cefd64e5078bf1caedb5404d9e1998f6b5330d61540bab6e264d1336b937c6fbe8f70a6bc1e52bfef7d4823c82d3ee7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d936d38220ce72727a57ec44668cb6f2
SHA1 e73e949f851f85bc00ed56514d608a1433a47b55
SHA256 68af55bfd825bd9468030e5649df56066898a1874c752f8a7b338dd78958da48
SHA512 02e19aec99c7efa2f6bf3cf5e6539b0b02bf8b39328ebd7676228d8a0c1db0cdd2bd349d270420c548083497a9263a6d810d46c644dcde3a61488ced4ec7fcbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 7fceab4dffb7bc3865c619ca011dfb9f
SHA1 95f78f06b8fc7b3cc954bf086101d1312150ff50
SHA256 2717e2800369db68317531eadc03f0d79490395d21fc6a2d4fd5d0886904ffac
SHA512 7fb6855692b422cd6b51138d2772564017e787680a5c06194c9a72a66c70e5ab7179c88479f8e2f4e58d2062bc4f1ca7f63e346ac8e0bc1bf31bbe5481819485

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 c359f2c87e43ad6e1e8fae9042bfd561
SHA1 ade0ed633b20feb2557303ab52fc8b6212f4a62b
SHA256 dabc4c4512543316df7c21a22a192c77493254a608a476c1990495990d3fe428
SHA512 03920484f1b3aa2353220bbd87ec62fc31d133eacd94fe146012a5f33697aab815a41cd7d0530f01b4f53c75ed04c4bc9698308793f162c318a310cf3ce6ed1b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\5E3F231055825CEC7AE91E91A990320D4AE9B0A7

MD5 3ccb9cd260d0c82986438dc04d55f0e9
SHA1 411d4a28ef3725db49116673ff31d785a700b7f1
SHA256 1533a2242bd15f8fd67baf5e515aea0e594f8fdcff3311a218a098b02759e35c
SHA512 6c423bf20cb6e2739a4df9b537721269606c0f4d93b5980d94821595feccae54838d3f661d50a413b98e483054ad02eff416e064e1ae02e128ee385686b6650e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\46452CEA1D6AA2BF58B5942C88BD664FF9175EFC

MD5 12f6060da194f6e0849438adfdf6ca6c
SHA1 eb71f3eef37d14028427de78770e4c4ac9fba4f2
SHA256 b44fa6d108327298539a4711ff8477f1255de3900cd1ede0aa432f937c28ed73
SHA512 4fb23fed23a5c0f0c89f7d0566d096c813a0f40e3193c07000e9bcd0deba4087baf847633814751cf4acf5368bd87c39a625aaa9d1d1e64764d789130f28f6a5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\5F7216BE067F23FC46339B6A8BB34CFFFBC1F64D

MD5 ce67968033093fee1d193b1807fda0cb
SHA1 21a1c2d50973f9095137b01acd989b7e54ba8f33
SHA256 694986316c3693f3c49aec6167ff3b4859af61f29aacc105005d3a04e52d1451
SHA512 541ffcef147df739a9bb740862a3efe65ebadcf9fffc1d63d9e12f889c722a9a412dedbc5549f3380ea1f3adec83be3f49c324b2257d5906bf040ecb36e192eb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d5734cb7ad7f27e8d11381c25eb96496
SHA1 98c7cccb04a6bb20e9b30faf104cdbc20718aaaa
SHA256 be11b9fb73070c9dcf8f5bfb7772e3d66b7bd5ccc3552a2da3a244f191bd961b
SHA512 242002a509d94998ef0c011b7ea3d957ef98824f6206085656c23bd245e78db25fd1101ba47dd827081fc3428ca17cd3dd4141590a4ba1e2535fb5c371f40d62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\jumpListCache\cpjcLGDSOntlwGmTyN141w==.ico

MD5 88a2dd6219e96abc4f0287585b87920f
SHA1 59876829dc29a91c7011f7264e31ffe9feacd5e6
SHA256 c98dd841910c481f11f6084c7d1f96b69672d67e6cedbfb4fc6c3a9a66798a64
SHA512 4f5fc0c9102c625fdfad58406d30685d085a626344aec3af56c4326ddf0ba80c77c787f2bcf368893e3fda553e5e58e0cce8b1ebaca684120817d6abe9697b51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\datareporting\glean\db\data.safe.bin

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 f848d53a52b94abe66acab8ce6f1aa6b
SHA1 0eb2f53d40724717845c6c9058b2f6e2aec33440
SHA256 7da7092811ec506d79cbd2539198949b9e60b6b737f30116473eee2dff215a58
SHA512 2e364320365375124ea8d8505d40cd1a0f670a9b0110141e55e6bedf777d5ce2c1160f60fa289c7befc14a92a0f5814683442a4f10d63cf7374060b8abc8fecc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\thumbnails\b227cffe21e41ca3fd1074d88bf4310b.png

MD5 867a4f264840ee14096f97384783ab90
SHA1 5d457f5c191a3aec6b79a8c39c08a94fd3b8edcb
SHA256 d9c2702a846cafa946e346ce47df20102af6d4b602753729299a54408d92cfe2
SHA512 b7e394c9f239baba188b5ccf2e8414e2700467d9b6c0c866c8c9c5245abab5312e2c4c8f43f509616dfe174dfff578ed6091884123b987841e911ceb6d0464c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 1e0fa40e21c40a3997cce0409c065371
SHA1 abd1fb478d230b7d9632e9aac3a0985188bdd493
SHA256 3ea1f65d307637587ceb78a6080eb7044bbeb48bf170d783d6ef84124ecb4e87
SHA512 2196011213c53af7c5fbd39193d5192e7163eca97eed5fe4d5fa4e9db5c0ebb115aa39fdc54e350ff912b8cf8e5d29befd8511c36ebcc4a093891bfa1c2e4f3c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\extensions.json

MD5 2c3184c50a316326153fe7900e01d8f2
SHA1 2208bd31827ed3b7f61b367b307d06946fc360d3
SHA256 9eb5d9b22ebba6c3f880b43a0539fce4760f2496aea9f07094e70a03b368eb5b
SHA512 dbe61d9270aa74f8457eeaa02584f1a7f4653ff7a4c89ee2271d1166d7fe7bd0ec8aefbad6b6d47669e6f03b28870978df86d3aa4bd126e49cad91c69883bb03

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\recipe_attachment.json

MD5 be3d0f91b7957bbbf8a20859fd32d417
SHA1 fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10
SHA256 fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7
SHA512 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_travel.json

MD5 48139e5ba1c595568f59fe880d6e4e83
SHA1 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78
SHA256 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa
SHA512 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_shopping.json

MD5 97d4a0fd003e123df601b5fd205e97f8
SHA1 a802a515d04442b6bde60614e3d515d2983d4c00
SHA256 bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6
SHA512 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

MD5 6ccd943214682ac8c4ec08b7ec6dbcbd
SHA1 18417647f7c76581d79b537a70bf64f614f60fa2
SHA256 ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b
SHA512 e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_sports.json

MD5 ce4e75385300f9c03fdd52420e0f822f
SHA1 85c34648c253e4c88161d09dd1e25439b763628c
SHA256 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14
SHA512 d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_science.json

MD5 7a8fd079bb1aeb4710a285ec909c62b9
SHA1 8429335e5866c7c21d752a11f57f76399e5634b6
SHA256 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32
SHA512 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

MD5 2d69892acde24ad6383082243efa3d37
SHA1 d8edc1c15739e34232012bb255872991edb72bc7
SHA256 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a
SHA512 da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_real_estate.json

MD5 9899942e9cd28bcb9bf5074800eae2d0
SHA1 15e5071e5ed58001011652befc224aed06ee068f
SHA256 efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a
SHA512 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

MD5 b1bd26cf5575ebb7ca511a05ea13fbd2
SHA1 e83d7f64b2884ea73357b4a15d25902517e51da8
SHA256 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0
SHA512 edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

MD5 39b73a66581c5a481a64f4dedf5b4f5c
SHA1 90e4a0883bb3f050dba2fee218450390d46f35e2
SHA256 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17
SHA512 cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

MD5 36689de6804ca5af92224681ee9ea137
SHA1 729d590068e9c891939fc17921930630cd4938dd
SHA256 e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52
SHA512 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

MD5 5b26aca80818dd92509f6a9013c4c662
SHA1 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f
SHA256 dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671
SHA512 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_online_communities.json

MD5 37a74ab20e8447abd6ca918b6b39bb04
SHA1 b50986e6bb542f5eca8b805328be51eaa77e6c39
SHA256 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f
SHA512 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

MD5 df96946198f092c029fd6880e5e6c6ec
SHA1 9aee90b66b8f9656063f9476ff7b87d2d267dcda
SHA256 df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996
SHA512 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_games.json

MD5 4182a69a05463f9c388527a7db4201de
SHA1 5a0044aed787086c0b79ff0f51368d78c36f76bc
SHA256 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85
SHA512 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_finance.json

MD5 e95c2d2fc654b87e77b0a8a37aaa7fcf
SHA1 b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc
SHA256 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e
SHA512 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

MD5 0ed0473b23b5a9e7d1116e8d4d5ca567
SHA1 4eb5e948ac28453c4b90607e223f9e7d901301c4
SHA256 eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b
SHA512 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

MD5 6c651609d367b10d1b25ef4c5f2b3318
SHA1 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4
SHA256 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9
SHA512 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

MD5 80c49b0f2d195f702e5707ba632ae188
SHA1 e65161da245318d1f6fdc001e8b97b4fd0bc50e7
SHA256 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63
SHA512 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_health.json

MD5 11711337d2acc6c6a10e2fb79ac90187
SHA1 5583047c473c8045324519a4a432d06643de055d
SHA256 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565
SHA512 c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

MD5 a92a0fffc831e6c20431b070a7d16d5a
SHA1 da5bbe65f10e5385cbe09db3630ae636413b4e39
SHA256 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c
SHA512 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

MD5 70ba02dedd216430894d29940fc627c2
SHA1 f0c9aa816c6b0e171525a984fd844d3a8cabd505
SHA256 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34
SHA512 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_reference.json

MD5 567eaa19be0963b28b000826e8dd6c77
SHA1 7e4524c36113bbbafee34e38367b919964649583
SHA256 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49
SHA512 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

MD5 250acc54f92176775d6bdd8412432d9f
SHA1 a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65
SHA256 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54
SHA512 a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

MD5 c82700fcfcd9b5117176362d25f3e6f6
SHA1 a7ad40b40c7e8e5e11878f4702952a4014c5d22a
SHA256 c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780
SHA512 d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

MD5 bb45971231bd3501aba1cd07715e4c95
SHA1 ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a
SHA256 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d
SHA512 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 a4a699ce30114e1b7df84b9eef0e8ecf
SHA1 88553fe5c82c4560967fcb8cef681c242861aeda
SHA256 4f70af590aab5d5bc041d608f75289d76e21b062f9bf4acfee01a1cba0a03007
SHA512 28a4b029b5dba9f2bc760aece3bf19478ab120ba1c22a86349d256646c0b89265e94c41afaaa6b06a56f25fda81563684714a754be1173be2166488eaabe1411

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\bookmarkbackups\bookmarks-2023-04-25_11_thoKC1ApEP-+BgLfLlfjTA==.jsonlz4

MD5 b2b2915d6081f7808ebede03e2e04d30
SHA1 0d039b73b50cc94beee2f1d73b100d7a6bcac68b
SHA256 8e663627d0af4ec65e63cad998ba2d83addc8dd1a413fa4d2e4833046c8b5efa
SHA512 230bf0145fe380fb3a8cc4331264200c155100f88a303d655cbadcc2865b63d29a4a1f1205c3a8dc5fbfbdb521c5da748a75f963bbd03a0e9f8c32d139325153

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 4f3753999058d75e50f62c208a8bbb4d
SHA1 e41871f0abd0be300f4d2e345df1f40e33864ee9
SHA256 380bbe7e87cd9480995109294327eb9fe3b7e696d9a76c9b3ddb6556d01303ed
SHA512 e72cbbed13a16637b8d55945adb5745cef2a45aa84f482dc5129af7ca63c6d96043993ae3ebf441332ae9d32049c353539d707d9c76ec5233c78f44507d73b30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore.jsonlz4

MD5 b94d2a50c91f1a3824fce5d9723fe6ca
SHA1 8202dddfeeb233323dc34c8111e86d504dbbf751
SHA256 6919032dd70e3a338eec7ab04ed5b071f401ec3f4dbddcd4bfdd4bca146c2fe4
SHA512 762b45541074f3ccf86cb5c227dd8e071d87ec69647e77f141706352f4284241957177eea89b953b30d56e445132335277f5af7e5f356a4736e3656706bc4493

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\favicons.sqlite-wal

MD5 394b400a4bbbf1d69129f2fdd662d61a
SHA1 0db1b2c70775324a89b660983e2438ac931bee26
SHA256 e95ec887be82a80438ec7ad102f5957a90f1514e8f43994ee2f7c60158deaea8
SHA512 18db1a8e6baea1f1ddc7079f4aaea035fd1278cd27eb97b60681ad493f7ac736b72adf4c78313dd3123c169d8768ed0f001b0baf02e75b7a8b150e291ed5833b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\places.sqlite

MD5 dc143c230c004b707ceb6b3c9b10d70a
SHA1 b7ef92a2b0c9ae0af56c9885e0dcb3bf08e5c2b1
SHA256 7c3108a673a5dd33ee54ccf875683401fd057a219dca3410001ce5627b631bf1
SHA512 ea41e69d83c3867328a7de955a4a0dfacfc22853d686ae00caf048721cc4935ab46501c4ddc6ed80e416dd4fcd742185c6cf8cc139580392f23ae70b9d92ef30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\places.sqlite-wal

MD5 837b5fb0ef5e99527d518321f5f62e62
SHA1 792be1d782bad49fe232f2c06660dc924654b639
SHA256 eb5096921ea23db82452a1c20505092acda851028b4dedcfc21c571bdefc0540
SHA512 e03251337299bbabd270ab2a4e6c002cd42f8663c783508006bdfb5a83c96f1778857a340f602aa1033e8f72a52eabfcec3a0fd9dd5d0d2dc07db4f075845b0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 68ce7754c252ecc86cfcc263d5a05295
SHA1 b4451f08c81cfc7a6c433cdb7230c833dddd1f9f
SHA256 197fd0e8ab643202cd6014f8f8bf727e9012494fc29dec612c3e05590b3a6afa
SHA512 83484af60d731389bb703585bbb30973e5339d1a529a780122ced36d8ab40f2413cd7a8130b50a1d09d692ecb4484b7465125a05f4a0621e2435a1b253788720

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 2c09da6de7985d381b605d99183cc421
SHA1 06739c049630067f8d523900cebe9adafc3748d5
SHA256 495530a2940529a0e80d8f6bdd04f72441f3ea895f2dea61bf113ca365beb99d
SHA512 99587bf44e3224b1482a4717741433140af8186da20f694ca5723b70f2af64029b875bb1eb16d990224927285a01b65efe3969ec298c2f5ccf3870839e819b09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 ed24a6a1e188ad8bc3290dba356af1eb
SHA1 ff434eee3d6f1850392cdf05ec9fff57fba45a0e
SHA256 eb159962028e7911d363fd68c6110745f98b58c12a5458f1be2246b8f87932e3
SHA512 f2dbb769e41decc462ab6a0468a3da4c8ca3902e7a36548ef3546b6617c01aa89215eda02aee034398a39acebbbead103ca7c7ac29d0b631b1f0e711838a12ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\broadcast-listeners.json.tmp

MD5 5429f45616b044c4a8af796341b9ca5b
SHA1 f8d9129f99e5b8042d7e60fcc1329395159fc1e4
SHA256 51c24ee4f65276cc59e6e2a5f4642f73ffe8eb14c166505cae8caacf6b64a75f
SHA512 50acc14d919ea5bb82c72bf9b2b0f21f677e840a45ab878b192cb37fafcf21a6f701d1a9f1c119759c7524fe75d363e9ee85155814c7ad8f5f05ca4aa167fc23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 88025c033ddd8071584c8e691b6e4482
SHA1 f2bf55024d75a692c9d6bafcee24137e3d6a59b9
SHA256 67aeb12bd8e84980d25f5396800755de2076c5447f22e23e2978268d60081023
SHA512 2886a7644e97016b58af907e003b0c529c4742eec15386c0885073defa8e813856692342b97c391ca40fdf5c877b7ea8aaff3702166f594050e2815ec893c1ab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 12c88612b2fe6385f7c0171e524d0664
SHA1 b19226af0d431991940417ae83ccabfe9bdd2ddd
SHA256 d0fd0f420f55c6416e0a1bcecf61096d3fdc0b339dc13307cf425abfdcad9d34
SHA512 87ddb8fcab5b3416c584c2c2c3c274e0454078c4089c52f1be4590faf78b18388d538807dba6c48d38f137c46154a97548770a57d55f0e5585387d88705e0a24

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 fc8ec3e2db63e53b7c1d46ebf56797fc
SHA1 f51807de7395226c00da05464bb8548ea397f36a
SHA256 9bf0b0eafef0ea849be405cb48cc0f4aa80914f73c01b285dd2141af5baec826
SHA512 f80cc26ca1724fd09b17c2402bda1a28c7801eb6b808d6de653772eb03947b922967605ab714745128656e870845a6b9f7654a81b317e87dc3689814cb204a24

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f6ab3180101fd22a5ad819ddb4c1dc09
SHA1 f74df73bea952ef7a706312b54fbf989316b14be
SHA256 12bf64d3ce6fc01fb98b772e619afc78438457560e6db8eabba4c7cf36a36316
SHA512 2ca7e5ea4fd9c53631c7ddb889f3f530b4dfda30001b3515b6783246daee4584f676a4a339a90c76cf4e02576b899697db5605d793b23e14fa8b9ce1e298993a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 910df1e73e05f001de4b391829f03f49
SHA1 d97b5392aa11204f624157fd424e03d2e37d6711
SHA256 5aaf4ac9b69510018262995e5d365cf182f1780f416aa5fad81c72ce449a8edf
SHA512 1b7249e12078151160ef2d2d699991fe715be2d3bbb588d6e0cde4fed927837bfdd926782d61744ccd15e5fb4fbb8e875dc2e0391bf2d66015b880fdb257843a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

MD5 1c3f32451ca67544cc9aea1d8a5216a3
SHA1 117201928ccbe09c088acb0b345847f0e0a80732
SHA256 d6daa214ee89c886d185c29aaa1bb0bb5a5f71f1ccd9f7819bdeeb498f76e275
SHA512 e2a0dea2bc95535fd1edfbc1cfb561e86ca079d5ee08ffbdddf8a1e962a85e0d057ea6a933580298573ee1b59dd3d07d1bafb2ceb166049aef380e807b0220b8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 8c01994e1278f295b805c154353a925a
SHA1 b83698d0e1f3495740e6002d71374904ae01ee2f
SHA256 2672a6bccd4390ff6db8c1874a673541fa65b7a9fd6be84e76d54358da462b58
SHA512 60aa43c341db9c1dd9d1c2613438a60664953a327ad3c24d54850e8d1b4010a68e888547e39bd8ea927917ddb50d3449167efb870108f0dfa0df9af3bd99fd51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\datareporting\glean\db\data.safe.bin

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 83736bc0d6b18cf715e6c0bd1493eebb
SHA1 9dd7288bf3abe49e2b90398e6a32f78a6702ffd9
SHA256 5a10d71f98d722010105b05c941eceb88f44e57dfa6d7b16ed84231cfc5be715
SHA512 216bf8f3c5317ca6daa465bf7506624dc99d8f770375707f0b1e10bc468a43ffff5468307d5c88bb684d17c2a675e0995abd1c31aed7732182ca927eaa251bba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\5BDCAA308EA0EAE912B0F679E47174ABE7C2F7E0

MD5 ac7d418306843cf46a4fba6367b5dc9d
SHA1 613ade096cc95b2712787c8a928ef507c3b25c5f
SHA256 6e7c90808edc04d68077fd0b1c1f660bc896cad9936900f5136faf5df0e4e7b4
SHA512 7cca421c7e4bd43a8854c15e797a65561c194682cea97fcc19f769bc2b83a0f3ee2c2f6c3d01149ee83649bd1d1b93357ee581d845277db2b66d401b99826388

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

MD5 b0c55aaa23fa3d214935e14b48b29060
SHA1 9f600ffe00230f50302e13e99670a9eac2b8f2b6
SHA256 3205cf9726aaf515a6ac09a5ba7adb4db8f6ea3303407962f76c2d8b5159e779
SHA512 8078357162f49014b4291703ebd0977d3cbfc94bbf82a7244c41fba7daa8f19fe239ea41f8a2e2491a18bac835de4d8ee97cc788ae8c14555987718e6e934511

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\85C3231D5BF2A0AADDAD774DF4322AA8FF187907

MD5 747fd0b5437c0d669171d3636065d299
SHA1 00559fe38d6babe6c37a1df5aea40fc38bd0b885
SHA256 f27051c3c97097a11bd48ff19b3a3795ed73769755a55a57b6a3286bef521e07
SHA512 753b4b5bd6cf9d626de7c1937a5c310cb661c080a70b2a0aba798eec423dd74a6406c43567821c8abf4d6d85ec3a6718ff5852ca69f544cebed558b2418ed481

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 c5929cad34e6b6cf03f89414f307d7c0
SHA1 4878007d9858b6e9d2e07700ee830dd7752c0d66
SHA256 a6b82bc45ebdf9ae9ccfc3ad52cb73b463bf81e85dc7509f9ec33605de21e954
SHA512 fdd6f96e829b4b53c79f8ed42e707692cf6119d8940a503a2ae80f449f467f31cef5c4d496c28d987f585f83cd41ea5a4aecafadc6d477be4226e2cffbac2b81

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 651481d5ab6092ce3ffe0d77546f36e8
SHA1 f60a934ea2cb70665f6094fbcdd8305049be3c14
SHA256 ecf1ee1eeab14c861e81a52a5ffac4ea41f267f091cffbeabac7a20c9e36bb97
SHA512 2b78b938a50109e3bba269dd33fc4f5107424c5ee4f75503c1e26559b9f39020ec9f86209475db6f612de0ccc0f773d8da6cbf96aa9a2f3a2a63639ecda759a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 948628eb00b0e52d14d41b9c0730518f
SHA1 a14a5af3a25ba6f38da5c637fe32e1c8450f5ea4
SHA256 83fa03c0508ff18f9079da94f9c6f773d332349d39b615fb75b87073e9ff1459
SHA512 d639fd4088a5e718c20c9e87d82cf2310a67af9e737c1e802a32b3462aa1b80a0e54fb6b69913ff1ecf0ba50053a12f4a3baa28ac7f1344f8dc2f43f2e34ccf5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 01f937cfea0316f4797421923372b471
SHA1 112353e19e0d7070145ee64255e3faaa6d622995
SHA256 c0761f4a8ccd08c182cb512942c08348e032bcdabe5fbc95312e59f90bb86e96
SHA512 7ff74d513f008bfae3aa893a1927a5c6bd68fe8f871ccb9c0cef4bbd60ee9fb8c66c83f9133b75b78a9c7388147aa5f9b83cd83980509619aabce2984acf5630

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 a1829423758ce2c1b208b9b3dfe1a953
SHA1 192fcd5982296326780d20a60ce9273fb9f65e45
SHA256 90b5aa3339cdf177f0c4e0c26002d0112d6dac0efb52ec016b43b48a563f0eef
SHA512 4275d2d702d8ab48ccb0c87bc5d0aa8ef3d23119fee3eb5889c3a3141b4054d0372368d593247fc698dd9c3f3cccd64cb8280f6389b01829df0a20cbe61f5c8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 b3e99ff646fd7ce1b16f4e945ca5337e
SHA1 92fa445a652893ad91a7f86fe34c5c4aadfcd364
SHA256 4c27a087d16cbd9951518157b2b9d2a300ec366a9fbfe5930a2d2514d6e6375b
SHA512 f4196ce2376af6ed211d86ed1a187f94f4c2e36c18abd740231c58f6573650ba8db54c3a67d16acb58548eb7945c5d94e7b67995db98e3c37045a1f0265a002d