Malware Analysis Report

2024-10-19 10:36

Sample ID 230515-rmm6cafg49
Target f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5.zip
SHA256 34d333651e50392dc88a7ee939232a7c62d479a7665b57280a6552be2b633f0c
Tags
sodinokibi ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

34d333651e50392dc88a7ee939232a7c62d479a7665b57280a6552be2b633f0c

Threat Level: Known bad

The file f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5.zip was found to be: Known bad.

Malicious Activity Summary

sodinokibi ransomware

Sodin,Sodinokibi,REvil

Sodinokibi/Revil Elf

Sodinokibi family

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-05-15 14:18

Signatures

Sodinokibi family

sodinokibi

Sodinokibi/Revil Elf

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-15 14:18

Reported

2023-05-15 14:48

Platform

win10v2004-20230220-en

Max time kernel

1800s

Max time network

1589s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5.elf

Signatures

Sodin,Sodinokibi,REvil

ransomware sodinokibi

Sodinokibi/Revil Elf

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4536 wrote to memory of 4476 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4536 wrote to memory of 4476 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4476 wrote to memory of 392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 816 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 816 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 2724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 392 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5.elf

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5.elf"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5.elf

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.0.1361208451\1991878096" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddd758e9-4e67-4d5c-80d7-c2dce16b2b5f} 392 "\\.\pipe\gecko-crash-server-pipe.392" 1900 169a1fa5558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.1.1019320946\636917662" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63349202-836c-4a4e-b7c1-27a9ab8da9cb} 392 "\\.\pipe\gecko-crash-server-pipe.392" 2324 16993f76858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.2.236000396\1906562534" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 3080 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6f2e2fc-aece-40e0-9bac-550e28119efb} 392 "\\.\pipe\gecko-crash-server-pipe.392" 2932 169a4c34758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.3.395901462\1609363823" -childID 2 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f3dd6db-e50d-4a8c-baa6-b0c3d5720efc} 392 "\\.\pipe\gecko-crash-server-pipe.392" 4004 16993f65f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.6.631022423\1716432405" -childID 5 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36c97c14-acd7-4c9d-89ca-f698d6841f5d} 392 "\\.\pipe\gecko-crash-server-pipe.392" 5340 169a7530558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.5.2089805921\1064929810" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c8fb1f4-5bfc-4cb5-ba2a-a4d0a71c7289} 392 "\\.\pipe\gecko-crash-server-pipe.392" 5160 169a752d558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.4.677679141\1165415328" -childID 3 -isForBrowser -prefsHandle 4920 -prefMapHandle 4816 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f745c014-83fd-4cd1-b5ec-03258a0e22df} 392 "\\.\pipe\gecko-crash-server-pipe.392" 4932 169a78c1258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.7.1438413543\597969355" -childID 6 -isForBrowser -prefsHandle 3236 -prefMapHandle 5712 -prefsLen 26953 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56e8ae5d-f0a5-4bd3-a226-bc5868f035a8} 392 "\\.\pipe\gecko-crash-server-pipe.392" 3096 169a51d2a58 tab

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
IE 20.54.89.15:443 tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 164.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
NL 23.73.0.135:443 assets.msn.com tcp
US 8.8.8.8:53 135.0.73.23.in-addr.arpa udp
N/A 127.0.0.1:49740 tcp
N/A 127.0.0.1:49746 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com udp
US 44.226.253.107:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 209.100.149.34.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 107.253.226.44.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 anonfiles.com udp
SE 45.154.253.151:80 anonfiles.com tcp
SE 45.154.253.151:80 anonfiles.com tcp
US 8.8.8.8:53 anonfiles.com udp
US 8.8.8.8:53 anonfiles.com udp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
US 8.8.8.8:53 151.253.154.45.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 20.189.173.3:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 138.238.32.23.in-addr.arpa udp
SE 45.154.253.151:443 anonfiles.com tcp
US 8.8.8.8:53 anonfiles.com udp
US 8.8.8.8:53 anonfiles.com udp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
US 8.8.8.8:53 anonfiles.com udp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
US 8.8.8.8:53 14.103.197.20.in-addr.arpa udp
US 8.8.8.8:53 42.220.44.20.in-addr.arpa udp
US 8.8.8.8:53 api.anonfiles.com udp
SE 45.154.253.153:443 api.anonfiles.com tcp
US 8.8.8.8:53 api.anonfiles.com udp
SE 45.154.253.153:443 api.anonfiles.com tcp
US 8.8.8.8:53 api.anonfiles.com udp
US 8.8.8.8:53 153.253.154.45.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 99.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 46.46.119.40.in-addr.arpa udp
US 117.18.237.29:80 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 254.137.241.8.in-addr.arpa udp
US 8.8.8.8:53 240.232.229.192.in-addr.arpa udp
US 8.8.8.8:53 42.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-4g5edndr.gvt1.com udp
DE 172.217.133.231:443 r2---sn-4g5edndr.gvt1.com tcp
US 8.8.8.8:53 r2.sn-4g5edndr.gvt1.com udp
DE 172.217.133.231:443 r2.sn-4g5edndr.gvt1.com udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 231.133.217.172.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 50.4.107.13.in-addr.arpa udp
US 8.8.8.8:53 32.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 134.121.24.20.in-addr.arpa udp
US 8.8.8.8:53 191.94.239.20.in-addr.arpa udp
US 8.8.8.8:53 97.238.32.23.in-addr.arpa udp

Files

C:\Users\Admin\Downloads\GwxxFbTp.elf.part

MD5 c83df66c46bcbc05cd987661882ff061
SHA1 48d1558fe3ac689b7eaac82738a023c13f4c0e7c
SHA256 f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5
SHA512 840e5d668557c25843d702d1b758584b27c92c480d789c2a2a047c16500d1bf09aff36ce54761ed29f05d95a1ecc9c137ec51ac93f94879e67a8baf1f7058dd9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

MD5 feb8a52858c8167a58f36caa1b37f116
SHA1 7ae7f9d2721ae3c579f9e18e4fea679e8c848158
SHA256 adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a
SHA512 109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

MD5 c84ceb9cc3fefcba4663cdd1a512902b
SHA1 77e3a894ff79462b32b4c983ebb484df651f31aa
SHA256 84641a5b03ccbd225846447c53be61af7d20a475fc0e8e4bedf4bfeaa92fa731
SHA512 459556d7449d28ca9b8410a29a5c1b4c743446987bd129ce48a4f771e619e5181a49a85d41d2655c01b6a91dc1a18e45bfd881ccc090f0b7ec0f918099e2e07e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 3e5cf700cf8e4082b8caf4447e83ec74
SHA1 43e44fe4ad8d371222450dbe6d2038855a7bde31
SHA256 47fcddb02596fcd84365be61504ee76d757cc292aaceaa271327a4db41751a0d
SHA512 7decc709b4b6c4dfa29d8c57627fe8541378399574aef6f3f057b675fda74fdb47f5f0e5261052fcf19a5e250f2ce7c9aea95fe0b89e186c94bdce0087050f9d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 4010225414f191de2940561493dd2fe9
SHA1 82bb7c1e4032b20deec7d0edc25b03cea8e77e86
SHA256 99db178e361cf841f863fb230da25cb81cfa4ca9ff89122d4ec8a6f7fc60a63a
SHA512 20e11b55c94aa1391d93d183623512f99357090c15c1debcdfd2a406c0d8746f9ecf094a72c87bdc69c7d29a9376c831c166dac6014c378cd02965fa7bf3dd86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\thumbnails\6c84335a2888e54e438a2c76e640d17b.png

MD5 bb74f4d2650bd512aff26203795c1f29
SHA1 9a783bd059f9eb08150a4fc22c40635ad3817b08
SHA256 5165d58502b761800d58a4ee30b82c778c2498ca1100612c9a9f23f069ec21b3
SHA512 1f68380038b1afd376db1d816d9c15aa3ac1bcdca2679732591f46c98340a125c6c4911b720cc5d08184f2f032261ce3b54966fe1f26f76368a269c1cb2b20eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\28278

MD5 24fd4f8b8e8387e1a169be22c0a8b928
SHA1 b212afbb925c44458d9fd61b596f74c473e171fa
SHA256 4c2f4a5b4f8dd0b741c3bd1fed9adf0472daaba21e3507a351ddbfc663e39366
SHA512 bd46123526b74dda660bcd071fd75e6837693ffce207af933120f8b8b783172cc82d3f7078d561161a2d79530a5bd6f9691e724ec16703cf912a98084f2b819a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\14991

MD5 e2fb1f77be4197bd79d4789f0052b861
SHA1 912f743236a29bcb215474792a8557d9add95e7c
SHA256 f4c512c57cf1490eb0b5418e5e4fb3e0d40eef1619b2229510f77c20a2da2d96
SHA512 eb6fb26266f61e73c2cc9842a264fd1c61aa4c81a8c1bc423f02b759970199ed70067e89f0379af6e92d3e5ead6d8cf32166f9c1b59f00f87172caa5381cf899

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\32453

MD5 9ee509813150df38d2ad33965f4aa092
SHA1 cf73c8aa4fd4c507a430b34874561984025e297d
SHA256 2055a41026d13e1114d075a4a21ada46dd37e8b0f3cf00c2041a5a79846f71d2
SHA512 d16c4faacc13c2b32aeaaf55c245cd763b4db71e01277e0dc4fde3796c980676704072a0572610e40d56e236076b69db3ec961c0d554cf9ceba19f2ae79c5156

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\19278

MD5 96fc11df11637ad0049bd8a0a012896c
SHA1 b8e18e0707132671766fd51b84770bad436d6341
SHA256 44e1a55488c6c2049f2b633c745413048424581750820d2904deeb1e9c6a6a06
SHA512 c4278483d8e62e2cb08c6176f9067455234287e90d445a2620c7a16f7495096eb53d09f0dc64cbc170f9edf1cd8b49fc63b7bb1bd503ea453ab13acca2cfd810

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\9033

MD5 431a8e54148b8e7139300308b54d3dbb
SHA1 d9b371f99ffe2fd2a21f973ea246ff090af2339a
SHA256 4f7c3c8e3a334f4ad03282dc9fffdb327c3c1366c355b7eeec7253c28e8e4dc0
SHA512 18978d3b8f1025dac79d9edff38a98aac6e74444198ea891f247cbc2c22bedf25666cb7443847e65af29b633fd74381dfca4c3663986b7ddc009ec487ddbf98b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\22095

MD5 a6a1e51dbf8ecb27d8fc826d23259f18
SHA1 89261d485e710b848f522a8acb11978690b9f526
SHA256 025f5f26a5f8a04eb20e1fc6a9b74851640d894f92af65b97badd822325d116e
SHA512 d68f52486275edad02f8a19e9b67fdc0b4e9620d4de09077c4dd4b431929f98e69c5158d2f2443beb7d2295c59d332592e7bb940a9abac3d9cef9a954ee60bac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\12298

MD5 cf17a31ec8b439c78f44cf5bbf5f2032
SHA1 22b23071e9f727aa1035b77ea5c2e63f5f5bd5e4
SHA256 4eb59ec5302739d1b980c13e0e9f72f5bf14f1cb1d1f4053513936369961deb6
SHA512 c0ebda732735a6afe7c3c936d0407006b3f51232072eae2103f92c8df8b1894a678016cb5bdc3bdf9dabeca6de53caf6e36aa9cd51992fcd31dd9873dc0b7ee1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\2502

MD5 f5e6a5a91d73acd8fe7c99b65af20dab
SHA1 4213afc159a9d927b200c93aac5b83ec528ab17a
SHA256 1cd821b7def89cdd440e58b9dab6b04cee11501ae93a51b7f9fd84c3b8016a4f
SHA512 da173cfd7325999fa1b50aa4a752a1d79ef1fc6776fbd9bba28eb43195db5680d4589932d3a3c1227e2f2ae6739f20db9a60f616e05aab8ad207998e6644172f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\1604

MD5 7e36ac96f35b67ba94ac90fd7e126a67
SHA1 de8ff0a3985a0720706254d60b895ee7e94ae1c3
SHA256 56dffcd08d91fb293df7afeef256d084bab98e7131e593656946f8eb2a81f0e0
SHA512 eab676624e85bdd63a9cc71d6aa1b67801efb63bd87f684050192ee3806394319f63f3b5cbe7f5394e5245b4be297f685f4f92fc67263e529051a1857b235640

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\6789

MD5 eba4a77e442b078b5132ce7da793a06a
SHA1 ba27b9e22636e0bf756b7297b6ecaf19ac6ce226
SHA256 c876705ed193a4839299a60dc29d6d0b7e01f58f0eb5a41292f4d4b55f027570
SHA512 cad2534d055b55b6bef48f623a254de5f3e2a68076fbfd57d8a51b38627622a864128935ec9af0f9739e3b775e7c97e1852b22f13ae9329f5d4e27a434102803

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\31679

MD5 9bab2167d793475dc2f95a4761c89296
SHA1 f47b3051495aa5e6770c76c7f7776fa714125ab4
SHA256 3dcff63c377accb91fcaccf1c7a197e61a7653222f89d5486e9eceedf374964d
SHA512 20466c635530ac5b6cd5fa6f9d1d60269ba2177fb2df8bcbb9e19b0fe2201df1bc99fafae58363c5a977b4c76a08a53e187947f2e6298f4d235c624d7e4be2c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\17270

MD5 ee2fe1bb1e89ebef2538c994bded876c
SHA1 8b5d21a1367fcec3d34b9f4de2d969ad2c48ac80
SHA256 7a74d7d95d9f0ca1e62026d21fe35c8cb9870545e1ae157755acd7d22010175a
SHA512 682b3660afbb9b1b92eb3ad2058b948b5041f7246ebfd07f42183cf7b9218a17806aa79573764832f5449266080c1401dbc3136c5abefcfa599cf2e3e82330b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\28762

MD5 3b2e67d51a2f8d480255c415b83c8d05
SHA1 d32a7f4d98b6ea81fa5c0c0fdabe0507514da2d4
SHA256 741bbd372f0fa1bc72ca7a19aa35e2e008446cde1e8cfba2527fb0b843f2647a
SHA512 7532f5691374e12371903d292b9be4fbd09f2ffe8a40b6d8ad2898ded81dfa50ab4caad3e7e53f5678c111b3020aeb3bec984cd2df53c0ee74a9681a4d247e64

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\24374

MD5 a068d5aa25c31311c43afb18bab01686
SHA1 8c8c5b42d0ea2f9c9b5089eaa0e084c35948a128
SHA256 e3d2862146852c44b5c82a1e797e00969b1ff795911850d15679d4a188dcdb8c
SHA512 97f451536a912dbadb851c578d02e617c5e1bcb304d2774061dd57c7a5ef31e30422157822e5c5a4b2557cbf41b835f2cf2408833fb33589269445890b485e8a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\6587

MD5 bf054c1b6d69a0cedd4a201d430866e0
SHA1 4b1369bf68e9662edb769d6dd9a7e5d3d2bf11fb
SHA256 083aa6c8ecb9194c22a2c1d3ab9f4b8aa584595f79f8af3d667b3e505e1d6726
SHA512 b28972ebd43c2d9d8864b6fdd76921fd54fecd95def23dae24cc2f9448e2867b4b4ca5c23d848c031a00bf0c2f65fca174584a194e9904415d51c16a28c3ff26

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\18415

MD5 b23b1d379a1b15e55b103eba0a548d15
SHA1 142aec34c49c6a5a1b8c8cd1edac28f8272f299b
SHA256 73c49b217e3f0eeca19754c0ccd7efbcfb1e3215d93e59c9fb424ad00c30f1f9
SHA512 2820b73815f49828342b51f2a078ee485d8154b60ffb61cf577004bf7761f0171accc926b05a1b8e877d4fafce5901bb8263df9ea9f4939bdd8eff06e247f3e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

MD5 30519fa5391afdab40bba681da9dad79
SHA1 66d3e2cdc7eed9e612f89cd113b307f5d15264b8
SHA256 95a7bf4dfb35346f0a5c488201d9da63324a91c63644166c7553388313c357b7
SHA512 6a96171f92a886da137ba42c218a4e5e02c3741b418465fcda93fb8b1e9af705685aab6c56c810333c0bec24b0553f6af58645d721262083766d14a512fbf86c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 7c621eca2c060fac7d7b3073cb10559b
SHA1 c53aef92b9295f4307a3cfc72f686c1e68843cad
SHA256 a5ba1604a61f906fa088782d82c2f6be59717a325bb53c1e5cad052e2380e585
SHA512 e1d82b777396c4d3299318414cb5d16e03bc49435972218367e007aa99dcaf0ca0a27458f6f834f9355831b2d9181d1c8bda61343365d570fa36c75efef3b3c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\13681

MD5 c47b2de4f2f5d7a5928c6d7f951d1494
SHA1 822b80b5bcb600f73fc06fb6987ab84974cf3bfa
SHA256 51cd7e712ea90c244444e183e4f41017d34fdd2c887fc0ea33334dd2b4fa3f0a
SHA512 4784d82c58d349bb2f49f9232ce40cf319738daaa3c9b724e5fa3dbbf49d79898292336c9d82be63f74dbe10578f23f775ed6d470bc028fc390e727a0346bb9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\3885

MD5 8aef82da71c5b581631bfe9964e3b68f
SHA1 41f8b234bdd10c3881a6bb60e568402f25bc9f8d
SHA256 36f903bb1bf42cf5a579fcaf658f6590a42b2cb7be778d396610ffe450375a21
SHA512 12b91e067ee8cef7011a5b751605b801be6c50fbf112bdc3d37f555440c49b3abb71733f580788d00c84354772129001ae3ba09a14ea85ac1e7b946e561eecc6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\13569

MD5 5f99556421f2094d0fdd072ee3e26a09
SHA1 7323cce009b9ed845c5c60dd2b983a87eefad12d
SHA256 4abc25d32bc7169d28cb9424d1d0405e5a543554a52c01c410244369a0cac7fa
SHA512 c1a8e2578fc4601206f05b4bd5aac425663c6dceb60ccb0f33279f9a4d0f9249976db825ab8fc77685838992b6ca8e15c8095f6f77da913be025aa5b9346f0dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\16386

MD5 a6cd5627f7aa3e7b04a39ca8653a322a
SHA1 b2f4721c791cb8d81e06140779e7124e9a905454
SHA256 a1e9ff880a0d81d83c1ceba6f6d570cb9ce27b5b9972bb6556fe8f0233cbfaf8
SHA512 32a7033ef3b840c6971ebf1bdc155dc1f1c07836a8a8f00dfbeffccaa960f8c63d1fe8110eff4294cfd65874181765ad850bfa547d0b86731d7129e20cf315bb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\29448

MD5 e25ae4ebaf8cb8099270cb8cdf41a492
SHA1 42422718f63b81a36e33ca80199815f8f2f946ca
SHA256 13514518a1f147aa3cbb4bb7e0430fe33c15ffe113a62b3ce718d3b228ab1aca
SHA512 83502e92aa84b60371a50b0a39eb9922181a53684eb7c1cf950a8609c3cd85e16a2d2a04b5273e2ea08a78686bc0309dd0ec851ee77345cb23f46e1057fcaede

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\12896

MD5 308dad974b6e48c51145587beb1a706f
SHA1 f790254291a825221a61e8607e93cb085d32ca6a
SHA256 8e43821bcaadd56a842b4ab37d58ddf7a4298a3fe7768bd3c3126ab6e85f2064
SHA512 6849882c0d5c667c483a95eb0efc04449900757440089e7f7870a59e80587f4d21246712ba88ee761388c105e4e6dbabda6385ad24628f1f2f1903bb4a6e2712

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\2089

MD5 86390f1c255bad6af3f5454587bd4d25
SHA1 3d5844048389dbbd432182ad76f343be90fdde53
SHA256 ae6e7653441a76c691a48b915f84b2672bf128d1c75d2cfff2b9d02a1e930164
SHA512 660b9b019f7aee994318b76ed8572db014c795f26e4940d9a8932e4562495ed7c95ac60fc6b1cf252ac73328a21bbdbe007ef4b7c4be437d3215765f56c294dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\23714

MD5 74be67090145455c5bf8b1f2c560618e
SHA1 d46077507ac83d7745d42e76e58752a6fa1ccd68
SHA256 ebd1498636a59edfe3c2de19cb269325216abae1df2144723f69347b91ad42b9
SHA512 1ee5e455d104f61812dd5445b595b7caf251dad29cb19c91b6a3c8a1bb255fc74e25e7e6f001c7fbbbc9702bcf63a9747952b1620822b1e0b058faefbf5c501c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\22368

MD5 b46512432da801c3c8c7a058ddaa23ef
SHA1 7aaeed6e484f82deee68e371be57369a009db986
SHA256 b9586122b8591ed8fd11c65a448507b20371f54dff6ad0c7f4a30f6fe8a11107
SHA512 afb2f6791eaa0ae02429ad566b07bb476491fd4f805868af089d4d4929b220ca49d1b57d6fccb19ddb6ef6b144f73cfca63c9274f2a8fe66abe6f7719a3aabab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\4581

MD5 cd7734180bd15908192ebcb1d8deb73f
SHA1 622195c98c5abb62186dc423ccee3522102344f5
SHA256 1f4f92a3afce03c8b72dccce6afd1c78193b4b31831c3013ee27aae142cb8df2
SHA512 fae5bb4f49f1d99dfd071ade337995ab0eee751391aed94c9f3e527e1851f90f7bb7f477c74400390d2588b82d903292ba8996645dc842c5c5078e3f9049c3ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\22940

MD5 70d27bc5f4cf2470bdfd06937f4e4214
SHA1 c9f8b8e2c4ff03499c7a508b578dd949fa640bba
SHA256 4481c90eac60ec98afb1ddf683f2a41f4972eb4a69e7ccec749c61037eb8fe22
SHA512 8c2738d2372b6f47d6a63025332135cd021f328e5230a0ffde68501f57aff68486f5d84529c2c0cadcc79f396418a4a3f2757e9a7f4a00bbaf6cfaa606d14981

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\28125

MD5 dbde482e56a0427da9750f84780106e4
SHA1 752e7734eeedad9712e8bdca5a0fc6504d03689d
SHA256 667092f2bbb0075a16beb9bec35ca7001925cfec54a7fb54ef1637cff4539598
SHA512 85f3bbf756d8db7eabda375efb285db354dce40b74e101d4b0fe5520ccd490b7d0449854d05ccbb3fee7eb636865d7d2c15aa4f11bbccb7376b55f37080f613b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\18901

MD5 f3d13058183494eab2b9c2b5540b0193
SHA1 e1b96e5ae83ff0cf15df500f63880c050cc2925f
SHA256 043faa7c702faa419e7081a582e6cbd90312fdcd4fb3517450f5ca45d21d118c
SHA512 4714b944c246a5bbf5e634746d6d54b1bb4f41aaf6653b00195d0acea22775c795f22da2e3354d9f94f68c39ed264db9015df616683ec59b1e42126393867110

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\5614

MD5 ccc36f10d236310532c19bef1efd6248
SHA1 65639e0a8f685bac150d86d979fec99653ecf5a6
SHA256 c04816f543a1072631f442c32ae57ee440890506e04107acbd7b8bb89184e938
SHA512 42bf74f74c4017f9e97707e18572f50d0d47dfb5bcc8137c71e1887e9a9b2a5359deec7c1cab64d917e35ea167cead1412779708733ceef8e85d28af40bc9c13

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\thumbnails\6c84335a2888e54e438a2c76e640d17b.png

MD5 2ffabdc341842ec005358dc41aaf3ac5
SHA1 637b7d4e18fc505d8e38405e844b62af04cb7707
SHA256 875ccc5c9bcfccddbbbd028865c4e80054a9bc0037cc23c4744081a9dd2e49a8
SHA512 0c927e134f7c614d40e0adcd5f05b92e1e487e33e9d309e35a5bb04ce3001d04c2b7322614e82f8035d5d39a382b34cb5884974af8ca7da63662979cffd0953e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 509606379460aedd2c6bc098f1ddfd40
SHA1 6840635947158d9f7daf47f04774984d235af471
SHA256 1d0b91a2d3cba0da9d2c745295d80760a2fcc2462d5bc9a718afd720238a0317
SHA512 df056312f850958591be5d54c49092bed2ea5198b2efe2e930faae7532c3a3499e0fe052f6b9c296c6fc3bdbfde8ba4b808cb0517763ad9e90debc40fd760abc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ee2c4b7527bc3684751168610d25ad26
SHA1 1f1a2709da136807b70e7f96bbc84e2e9f4fe365
SHA256 6068fc7de3a72b0d454d35afa099c7fe8035eb1ec9bd9b4f8da5d1c215736942
SHA512 7e756af18d246f3641ba396b85783bb530ad8907ceee2d2da176a0b5c85d8a8b8d32ffa4c4c51f784e50a8b9c8ac45c1c23a49e7cbcc479fb1b3c73c75294b4d

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

MD5 7e405de6927f333817152c649902d71f
SHA1 55d3305bae58fcaf93fef27e890ca813cde3705f
SHA256 71d3600cd3abc671ff1a0fef2f351fc1a8050f2cddab2ac1a5d28b3992755929
SHA512 99685b59cea0eb2064ec29a335e3d273b22ad2d575f1a7892e854c206b3ec4271c3da6ad1afb403eed4f8c91421a631823a5509a968dd37dcf23793fc74366a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 577df8dafdf6f90c5273bd9259f143ee
SHA1 96aa43b908fb69c83b870d10bea28c2c29d1a387
SHA256 47201067f973b09efc8b109ec430e02d22b1b9b9d006e68602cda20fdf64ce4f
SHA512 d225cb4b233475e69cd6086dda70b989e884efd5f96a63a0d60781183507cdc78d5946361a5baa2e75d185f55cd150cc9ea8711d2a2bc4a8a8c75887b777b461

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 d6617f58a7f351b41cd58cad62309fc0
SHA1 2e1422ec4641f519f626675cf72f6a7bb1cdacec
SHA256 93a7514980dd81620420b52994fd570da3b08237084a207d7e94ec9df16a6612
SHA512 f5d1676ef9d2c1568a59622f5fa802e8251ba468559a7a84b3bb43c182fb050465c428a47c370566dcf586e7bc63b8862fa5fa30e15f37504f1f69d689f1a6e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 047793e8a51255cb266b4000ef7b4093
SHA1 428ad3828ff8a4a4cab94546fe071550249aa75d
SHA256 0af7c56cf6cdc6e85b896dea020661bdbb138f1cd59b56a3ff04b88ead1e3746
SHA512 b97ecc25771d20a7754726c8dc368d6fb48df2caf25d1ddd14cd0ff90dfa56a2c11e050c19f691f7747ee76c552f23be6e1323edf9ca5fa57d844b3e4288d5b7

memory/5428-3427-0x0000024C38C40000-0x0000024C38C50000-memory.dmp

memory/5428-3443-0x0000024C38D40000-0x0000024C38D50000-memory.dmp

memory/5428-3464-0x0000024C412A0000-0x0000024C412A1000-memory.dmp

memory/5428-3465-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3466-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3467-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3468-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3469-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3470-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3471-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3472-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3473-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3474-0x0000024C412D0000-0x0000024C412D1000-memory.dmp

memory/5428-3480-0x0000024C40F00000-0x0000024C40F01000-memory.dmp

memory/5428-3481-0x0000024C40EF0000-0x0000024C40EF1000-memory.dmp

memory/5428-3483-0x0000024C40F00000-0x0000024C40F01000-memory.dmp

memory/5428-3486-0x0000024C40EF0000-0x0000024C40EF1000-memory.dmp

memory/5428-3494-0x0000024C385E0000-0x0000024C385E1000-memory.dmp

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

MD5 5fce0c908b091887b04de357f54a0812
SHA1 753b55d4f2fe260c3f9598f45f3704eb3febf2ce
SHA256 5a7f2f86c83117b55bf14685fbedf5d9bdb8871db19fe38f38dd0f8636b89af5
SHA512 8c6ace7b3958d1c66c64fccf7097c6162465853a655f3fe41cf4229a0ee682cd056474e22fb2a7db407b201e9cb18526300e2fed526c9d6bc258ea2f5d51eae9

memory/5428-3506-0x0000024C41020000-0x0000024C41021000-memory.dmp

memory/5428-3508-0x0000024C41030000-0x0000024C41031000-memory.dmp

memory/5428-3509-0x0000024C41030000-0x0000024C41031000-memory.dmp

memory/5428-3510-0x0000024C41140000-0x0000024C41141000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 2a1dd9a313aac64b1bdee47d38328557
SHA1 8eccc8b6694f7677d846bb1c77859154e81eb689
SHA256 02e6288470aaabeffb77d03950ce494cede59243e6c4af870bfd8ae622b9a7e5
SHA512 a4740fc89da4ab9f6b13bb2aebe7ca0dfb80488329e2cc3eca62a3b747be39ca960524c89fbb77027e676a2f3848cb3c6a9a0b53226865eaa43df749a10eb4f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\addonStartup.json.lz4

MD5 218a6ede36bf96da77cbec9b979bf215
SHA1 72a1d0af732a91ebd9344165a25831656aa5d647
SHA256 f37e929262aee0d3e467ededad98ca7c3c5585ae27e04df14943c48ddfec6082
SHA512 36604958489b3017ddd30505d997382def83c991f840caf90b331f04edbffd62f262560327848ef174f0feac6d984efa513acf28a852e913b796d7abd21988e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\logins.json

MD5 3ea022fc474e0d8094aa8466b5cd442b
SHA1 aff94dba5850b2097178edda4f956bf77e6c8000
SHA256 86382ec64f02d15004d50f27332c931a85081159334c05d77eb1587754443941
SHA512 f3ef77cb4e400be848c7710ba595eb7871f3f037f1ff9eef0abeef76f581f3b2703c2913d2a7807623d040468006a5ba824330c0d0fb11cc7859e2a2632ff064

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\search.json.mozlz4

MD5 033eb0645837c8b618a593f7b9a72642
SHA1 cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172
SHA256 3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582
SHA512 27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\targeting.snapshot.json

MD5 5f5a5678615e92c69e3c131d84cd3567
SHA1 30ac80c846bbddc85cf72a74da93293c9e7e83fa
SHA256 3b25db85259011b71927ef2eed39a245122e4723b69de7aade1749098e8ab9df
SHA512 ddd3c28e518814a859db012286581f5c95ee4a9d537bebb7b1c0209ddc2699a16c865e8edfc013442acb549f7052828f404b6b06beaa6bb1dc2ece863f292d72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\xulstore.json

MD5 6d87256a2b21b9603b7d731eb033b9e0
SHA1 8e2603f254af21d5dcf310fdb5a688e9097aefd9
SHA256 5b3e57bf27b98cae50a753101df9a00a1f6d96886c1a92c4106a6f7eaf6d09a2
SHA512 67bfabf0b5d3fc75b5223a5da836e6909b2af8d98172120fc5efc0b0f6ece72b6cafbdd97ac170bc5357d85a39b15fda7e2df861981d193f84cfca82f360e156

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\recipe_attachment.json

MD5 be3d0f91b7957bbbf8a20859fd32d417
SHA1 fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10
SHA256 fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7
SHA512 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

MD5 df96946198f092c029fd6880e5e6c6ec
SHA1 9aee90b66b8f9656063f9476ff7b87d2d267dcda
SHA256 df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996
SHA512 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_sports.json

MD5 ce4e75385300f9c03fdd52420e0f822f
SHA1 85c34648c253e4c88161d09dd1e25439b763628c
SHA256 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14
SHA512 d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

MD5 6ccd943214682ac8c4ec08b7ec6dbcbd
SHA1 18417647f7c76581d79b537a70bf64f614f60fa2
SHA256 ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b
SHA512 e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_science.json

MD5 7a8fd079bb1aeb4710a285ec909c62b9
SHA1 8429335e5866c7c21d752a11f57f76399e5634b6
SHA256 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32
SHA512 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

MD5 2d69892acde24ad6383082243efa3d37
SHA1 d8edc1c15739e34232012bb255872991edb72bc7
SHA256 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a
SHA512 da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_real_estate.json

MD5 9899942e9cd28bcb9bf5074800eae2d0
SHA1 15e5071e5ed58001011652befc224aed06ee068f
SHA256 efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a
SHA512 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_shopping.json

MD5 97d4a0fd003e123df601b5fd205e97f8
SHA1 a802a515d04442b6bde60614e3d515d2983d4c00
SHA256 bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6
SHA512 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

MD5 b1bd26cf5575ebb7ca511a05ea13fbd2
SHA1 e83d7f64b2884ea73357b4a15d25902517e51da8
SHA256 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0
SHA512 edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

MD5 39b73a66581c5a481a64f4dedf5b4f5c
SHA1 90e4a0883bb3f050dba2fee218450390d46f35e2
SHA256 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17
SHA512 cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

MD5 36689de6804ca5af92224681ee9ea137
SHA1 729d590068e9c891939fc17921930630cd4938dd
SHA256 e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52
SHA512 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

MD5 5b26aca80818dd92509f6a9013c4c662
SHA1 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f
SHA256 dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671
SHA512 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_online_communities.json

MD5 37a74ab20e8447abd6ca918b6b39bb04
SHA1 b50986e6bb542f5eca8b805328be51eaa77e6c39
SHA256 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f
SHA512 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_games.json

MD5 4182a69a05463f9c388527a7db4201de
SHA1 5a0044aed787086c0b79ff0f51368d78c36f76bc
SHA256 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85
SHA512 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

MD5 0ed0473b23b5a9e7d1116e8d4d5ca567
SHA1 4eb5e948ac28453c4b90607e223f9e7d901301c4
SHA256 eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b
SHA512 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_finance.json

MD5 e95c2d2fc654b87e77b0a8a37aaa7fcf
SHA1 b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc
SHA256 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e
SHA512 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

MD5 6c651609d367b10d1b25ef4c5f2b3318
SHA1 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4
SHA256 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9
SHA512 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

MD5 80c49b0f2d195f702e5707ba632ae188
SHA1 e65161da245318d1f6fdc001e8b97b4fd0bc50e7
SHA256 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63
SHA512 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_health.json

MD5 11711337d2acc6c6a10e2fb79ac90187
SHA1 5583047c473c8045324519a4a432d06643de055d
SHA256 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565
SHA512 c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

MD5 a92a0fffc831e6c20431b070a7d16d5a
SHA1 da5bbe65f10e5385cbe09db3630ae636413b4e39
SHA256 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c
SHA512 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

MD5 70ba02dedd216430894d29940fc627c2
SHA1 f0c9aa816c6b0e171525a984fd844d3a8cabd505
SHA256 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34
SHA512 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_reference.json

MD5 567eaa19be0963b28b000826e8dd6c77
SHA1 7e4524c36113bbbafee34e38367b919964649583
SHA256 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49
SHA512 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

MD5 250acc54f92176775d6bdd8412432d9f
SHA1 a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65
SHA256 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54
SHA512 a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

MD5 c82700fcfcd9b5117176362d25f3e6f6
SHA1 a7ad40b40c7e8e5e11878f4702952a4014c5d22a
SHA256 c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780
SHA512 d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

MD5 bb45971231bd3501aba1cd07715e4c95
SHA1 ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a
SHA256 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d
SHA512 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\personality-provider\nb_model_build_attachment_travel.json

MD5 48139e5ba1c595568f59fe880d6e4e83
SHA1 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78
SHA256 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa
SHA512 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 64aa855a1ce97f42b2faa0fa7453a799
SHA1 17fb5f4792ab96480591611d1cdf68027c4189f8
SHA256 cd3088125e9b7998e39e9852109a2f1a14574349f68ea43f6e5cfd1a4ebf363b
SHA512 28ee25510ffdc7c879493f0d69e06a22db82629ae7a5550f7e579692666de6f2bbced5b16ab2618c99655c39edbaccdfe7dc2be9cfd31714201bce6fe580fc30

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 486feb1ef3dafc0e64f7e4de10caa448
SHA1 a9201fc399711081ec7008e5384e664ba4dcb20a
SHA256 7799e18c342a06588ee51423e5eb73cb8bc20d2fafa6de079d88964839a7d65f
SHA512 c7f0aee1e9251dda31d404bb82963dc63ae3ae388f1697e11067e2593e95bf270985d69084e0cbbbb709de978f9ad6f23aedc070e940528c06c7b2692a3bccf7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 7608c4fffffd442f198344236e66079b
SHA1 98109e784626c07bda3c0f79ca9a75dbee78fda1
SHA256 5a5a125bfa25f1066aa7c403d464b9b53652a15efa7bea58bb7ae89e74624159
SHA512 4187b3f6e14e93d7add0a409f5d0908e9ee02a16f430dd895898d137dabc79a61cd996009f8fde8b905587be5af96bb88c2215c3bc8a6fd1b3e20bad59cfe48f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\bookmarkbackups\bookmarks-2023-05-15_11_ApXJ2u02erSVR4zt9kD5iA==.jsonlz4

MD5 9a4c8fd9c708e001003fdf488330fa0f
SHA1 b2c049855b0ce1d90f41191aa9f5ad3124e08f28
SHA256 3466e3d0d9fce476718bf68bf58bda2db9412acfd1ae6caa66e6f7e896116bf7
SHA512 99647285d452adabfc534d9c0dc08bd7df3c2767491b16d9c1b1dc1aad9c5c499212a4a0f22f9771d78f495bc9a2ee2178250231306d583ad9812d2b3a1df977

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\6744

MD5 8bc8361f6e9943491c2396ed0ae36532
SHA1 4ddade6e9f05f16ab6260e4c6f1d06d5b9b97597
SHA256 fe160505728705ca04f8f5418536554ede546383fd3dc0561db4cd5d16c1f03e
SHA512 34d1edfeb5a0ee57c6fc52fb7f783657dd9d43ef0d78c6d07fb0f41afba122b01fbcb22f12a53682832a3567f5c2f4955ec680e5251d50d625ea6d3196c2a457

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 d6ff8f1260cccc707faec9761380308c
SHA1 5d2afca35be0ee74c6f554b1be35057b75fe2528
SHA256 e8ad83a49706c78fd50e93cea5509165843572c87ce4d150bb5b46f1fab66987
SHA512 6d2102c5bd06fd4a5f4bcce6747790cb4ce9fa67f6838b003287b7bbce4bfedd17a9716894c41c43efae53e1eee5d6b8c7656d27badebafa9e7dde0365ba3557

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 47717428d97ec00236a7a8684e88986c
SHA1 1fad3ac7fdabd465c5d8ffe0ebb0b336d0bf7072
SHA256 5895a7962178325526acf2c74a617f893ad5b3e3e38c179fbff36c2ad3227ded
SHA512 7da701abbf37b98ca9f63579103ad99d5e4486c01972a57860a1beb2f0325527a58928da12c1040f45ca403ac54673cde583a29d3067612bd53425069bad768a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 5b23878e3bedc9b55ba3fdc265b5a7bc
SHA1 f2687b8db408ef1f95f81864508ef6ac0e9fa84c
SHA256 92a519069b14a5cd68a656031dc1dbcf7770caf1083e64b5313375cdbc47de7d
SHA512 a2a41982582ceefc13e7f0db361fab6747122a6387ad499f7d1f24ca385820f824832dd20ab51434107076feb410c14af94285d59cd5d5d80301aad5d7dd9421

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

MD5 76585815a91cf1646aa9a6b8089ce0c8
SHA1 f80c39caf69f044e8469e1b3a7f271a8bb34f120
SHA256 02c724ec54c83d68b572c1b94d3b0945f9047160e73b18ff021a5c501a45708b
SHA512 f2d77e11da3cd909dd587d09a71515216efd2fc03732e4830a3364cd03c55b6eec0f9dfdbff8c0dd333d6530660d4f19a61136589a8e04e8f43da74558591bb0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\22439

MD5 82f30a0fea37dfde312936ede63c5071
SHA1 6b7b6527a9057719ab8d3e1621c8bd4d9c0d5bb7
SHA256 9c6d72e60095dc2b15de8053db6cf871ca072a623cccb78ea3f6a2268cb16fbe
SHA512 ab7069eb465d26b9cbb2969e806e2bb3712fae24a226345def19ae90ffc60928929681c77b52a631146e03ed612994c045373909ddc339dfb8a13ba5910062d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\SiteSecurityServiceState.txt

MD5 fefc1207eaf1d3ca217d08eaee9166d1
SHA1 fa1991f9853aa58c9efe6f94627767fce92037bb
SHA256 0d7081daed54c6abe8b34ea0c1a5b26b760686e1f865e37aff6ab61a40728beb
SHA512 b32001353b23a6c9c2258d78fcb9cf9fb042775ee181a83e49ce76867120642634d92bd65576c3f0454aa268d56d8e34d70769364ee1f17060536865ba1c70d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 98af60ffa9d610aafb4f46379ef4354b
SHA1 e3155d650137cfc2b636db710d3bf8d42b8e08ca
SHA256 9abbb1a001f958680846ddce7f1fa8654961e6086eecf0c469e4d8c38510b236
SHA512 cc2a7a776f1f20cfec64df64f22be5cd88bb0a610b374d154d3875a0834ed7c2b2b6656593eeb578cb9632c6cdd1ca95fb629e8efdf00e9393fa718231d13f38