Analysis Overview
SHA256
a0a24efa02d4462fc7bbe2e322b4c82e4ff1f9e4194a0a86eea566302bec2021
Threat Level: Known bad
The file raid macro3.rec was found to be: Known bad.
Malicious Activity Summary
Laplas Clipper
RedLine
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Drops file in Program Files directory
Enumerates physical storage devices
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
GoLang User-Agent
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Creates scheduled task(s)
Checks processor information in registry
Suspicious use of SendNotifyMessage
Views/modifies file attributes
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-07-25 13:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-25 13:15
Reported
2023-07-25 13:23
Platform
win10-20230703-en
Max time kernel
444s
Max time network
443s
Command Line
Signatures
Laplas Clipper
RedLine
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Windows\System32\Conhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\main\7z.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe" | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tt.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hr.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ast.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\de.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
GoLang User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2301-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\script.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\7z2301-x64.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\raid macro3.rec"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.0.269596496\400488784" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e7514f3-0a74-4baf-bbee-77021640ec0d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 1812 238528d5458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.1.1200488976\555917829" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f4ef632-b6fd-4f9c-b836-35735f74ae12} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2168 23847672858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.2.1940952481\870191388" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2900 -prefsLen 21120 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e8397f2-f0c4-466b-9798-a6d1a9e673aa} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2872 238569dab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.3.1497963375\1772696126" -childID 2 -isForBrowser -prefsHandle 2780 -prefMapHandle 3112 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf266881-0160-49d6-b41b-c6d08872a10c} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 3540 2384766ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.4.62216990\50109511" -childID 3 -isForBrowser -prefsHandle 4328 -prefMapHandle 4320 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f138c98-9c71-4d1b-92fb-36b13d592df9} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4340 23858a7da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.5.381186738\181415041" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4912 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9efae3e7-0dcb-4f57-89e7-4933bef3098f} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4968 23858ed5e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.6.1526742387\1380066309" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40907346-ec57-480e-b94f-32f8952b5f0d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5092 23858ed5b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.7.1352111730\507516753" -childID 6 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {137fdb02-b72c-410e-935c-f686d081bbff} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5360 23858ed6458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.8.46948688\751609490" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 7588 -prefsLen 26964 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ca92268-ad25-4bda-a7c4-b7b204534f26} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5880 23852bb1158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.9.1167411704\1051564531" -childID 8 -isForBrowser -prefsHandle 9608 -prefMapHandle 7512 -prefsLen 27139 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ef4f47a-e5a0-410d-8f53-d52cbd8afc01} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 9660 2385b2f8e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.12.602268020\1415154968" -childID 11 -isForBrowser -prefsHandle 9576 -prefMapHandle 9572 -prefsLen 27139 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {346bd408-2372-480e-9ecb-0e66f3fab29d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 9588 2385b94e458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.11.1629046242\1900873324" -childID 10 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 27139 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f2f427d-6c20-4666-9902-86b6dd2be0f8} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5928 23859cd6b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.10.77539297\340454085" -childID 9 -isForBrowser -prefsHandle 5400 -prefMapHandle 9708 -prefsLen 27139 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eb4124e-2f90-4a52-96b8-439f5addfe7e} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7288 23859cd3b58 tab
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\Downloads\BackupResume.ttc
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.13.663085724\2045944842" -childID 12 -isForBrowser -prefsHandle 7316 -prefMapHandle 5192 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d76c98-2750-4439-8f37-d8226b7002d0} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7084 238585c6258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.14.31080208\218512396" -parentBuildID 20221007134813 -prefsHandle 5832 -prefMapHandle 5844 -prefsLen 27331 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c84df9a5-c3a8-411d-84c1-7efe1fd0e33e} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4524 2385ac3ce58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.15.1474240222\1777299193" -childID 13 -isForBrowser -prefsHandle 6860 -prefMapHandle 6864 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {273b4a3d-eb81-4975-9258-c09c6cdfdb86} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6848 2385a8f2158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.16.2137646680\355959901" -childID 14 -isForBrowser -prefsHandle 7492 -prefMapHandle 7172 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27d6cd96-9acc-48d5-b346-0e76ddb584ad} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7352 23856946b58 tab
C:\Users\Admin\Downloads\7z2301-x64.exe
"C:\Users\Admin\Downloads\7z2301-x64.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\script\" -ad -an -ai#7zMap9224:74:7zEvent10764
C:\Users\Admin\Downloads\script\script.exe
"C:\Users\Admin\Downloads\script\script.exe"
C:\Users\Admin\Downloads\script\script.exe
"C:\Users\Admin\Downloads\script\script.exe"
C:\Users\Admin\Downloads\script\script.exe
"C:\Users\Admin\Downloads\script\script.exe"
C:\Users\Admin\Downloads\script\script.exe
"C:\Users\Admin\Downloads\script\script.exe"
C:\Users\Admin\Downloads\script\script.exe
"C:\Users\Admin\Downloads\script\script.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\conhost.exe
"C:\Users\Admin\AppData\Local\Temp\conhost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p7366415912571278752813224456 -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_7.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_6.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_5.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
"Installer.exe"
C:\Windows\system32\attrib.exe
attrib +H "Installer.exe"
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_3.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_4.zip -oextracted
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C powershell -EncodedCommand "PAAjADEAbQAyAEEAeABSAGwAUgBjADgAdAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjADcAMgAzACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAG0AQgAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBLAFcAdAAxADEASAAjAD4A" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -EncodedCommand "PAAjADEAbQAyAEEAeABSAGwAUgBjADgAdAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjADcAMgAzACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAG0AQgAjAD4AIAAtAEYAbwByAGMAZQAgADwAIwBLAFcAdAAxADEASAAjAD4A"
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk6312" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Windows\SysWOW64\schtasks.exe
SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk6312" /TR "C:\ProgramData\Dllhost\dllhost.exe"
C:\Users\Admin\Downloads\script\script.exe
"C:\Users\Admin\Downloads\script\script.exe"
C:\Users\Admin\Downloads\script\script.exe
"C:\Users\Admin\Downloads\script\script.exe"
C:\Users\Admin\Downloads\script\script.exe
"C:\Users\Admin\Downloads\script\script.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.17.149320452\431994016" -childID 15 -isForBrowser -prefsHandle 7084 -prefMapHandle 7092 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07c8f60b-5a96-4fdf-bb1c-52c0693621cd} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5856 23853c57558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.18.287542698\1867666559" -childID 16 -isForBrowser -prefsHandle 6928 -prefMapHandle 9584 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dcf6c6d-c5f0-4939-88ba-4c7265995520} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7072 23853988b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.20.1021561729\1820366478" -childID 18 -isForBrowser -prefsHandle 6692 -prefMapHandle 6716 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65738230-3750-47a0-9684-4795dc490d71} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6684 2385a497e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.19.1117803994\1963684542" -childID 17 -isForBrowser -prefsHandle 6592 -prefMapHandle 6852 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2c87520-0973-4fdb-a80c-ccb2f6bc7f47} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7096 23852bc5458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.21.410543759\292343130" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5236 -prefMapHandle 5260 -prefsLen 27362 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ca3165e-8843-46c3-b321-7e76fb03e76f} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6960 2385aa2d458 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.22.898733133\1282317683" -childID 19 -isForBrowser -prefsHandle 6396 -prefMapHandle 7588 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8baa9990-6cf0-4c89-86b6-e298df8de81c} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 7400 2385ae09958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.23.212465948\1188925951" -childID 20 -isForBrowser -prefsHandle 3748 -prefMapHandle 9176 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {634de901-fac5-4acf-99d5-66b6ac98744d} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 3736 23852bb0b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.24.1034059912\1179834464" -childID 21 -isForBrowser -prefsHandle 6744 -prefMapHandle 6840 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c72ea8ad-080a-4f87-98b4-89775d80d975} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6844 23852bc5458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.25.1230792848\1535693830" -childID 22 -isForBrowser -prefsHandle 8900 -prefMapHandle 5616 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e439fc2-968c-4a76-ade3-53ad5569be96} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 9036 2385b7ddd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.26.428696652\547309211" -childID 23 -isForBrowser -prefsHandle 6944 -prefMapHandle 9544 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9896f498-5c26-4c38-afff-ba04755dc0c2} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4696 23854f5eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.27.1438955387\78141468" -childID 24 -isForBrowser -prefsHandle 6652 -prefMapHandle 8832 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {814dcea2-42fc-4781-8d61-3add77ef9239} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6400 23854fc7258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.28.2141684260\1079199814" -childID 25 -isForBrowser -prefsHandle 6852 -prefMapHandle 8908 -prefsLen 27362 -prefMapSize 232675 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2de653d0-582e-4591-ad31-8e3e6857e6d3} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 6408 2385398be58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49762 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 54.185.202.81:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.202.185.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:49768 | tcp | |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.54.48:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 48.54.16.104.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| US | 104.16.53.48:443 | static.mediafire.com | tcp |
| US | 104.16.53.48:443 | static.mediafire.com | tcp |
| US | 104.16.53.48:443 | static.mediafire.com | tcp |
| US | 104.16.53.48:443 | static.mediafire.com | tcp |
| US | 104.16.53.48:443 | static.mediafire.com | tcp |
| US | 104.16.53.48:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.26.7.139:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 34.107.148.139:443 | prebid.media.net | tcp |
| NL | 185.64.189.112:443 | hbopenbid-ams.pubmnet.com | tcp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 34.235.214.237:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | btlr-us-east-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr-us-east-1.sharethrough.com | udp |
| NL | 142.250.179.206:443 | www3.l.google.com | udp |
| NL | 142.250.179.206:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | udp |
| NL | 142.250.179.206:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| NL | 142.250.179.206:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.214.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.148.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.214.235.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| NL | 142.250.179.206:443 | www3.l.google.com | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | lh3.googleusercontent.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 142.251.36.1:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| NL | 108.156.61.65:443 | cdn.amplitude.com | tcp |
| DE | 172.217.23.194:443 | securepubads46.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics-alv.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics-alv.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 216.239.36.181:443 | analytics-alv.google.com | tcp |
| NL | 142.250.179.202:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 37.215.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 216.239.36.181:443 | analytics-alv.google.com | udp |
| NL | 142.250.179.202:443 | translate-pa.googleapis.com | udp |
| DE | 172.217.23.194:443 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.61.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.40.67.88:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 181.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | download2287.mediafire.com | udp |
| US | 199.91.155.28:443 | download2287.mediafire.com | tcp |
| US | 8.8.8.8:53 | download2287.mediafire.com | udp |
| US | 8.8.8.8:53 | download2287.mediafire.com | udp |
| US | 8.8.8.8:53 | 88.67.40.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.155.91.199.in-addr.arpa | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | udp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 34.199.180.187:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | www.biphic.com | udp |
| US | 172.67.152.108:443 | www.biphic.com | tcp |
| US | 8.8.8.8:53 | www.biphic.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.biphic.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 172.67.152.108:443 | www.biphic.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| US | 3.21.48.32:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | front-geo.production.opera-website.route53.opera.com | udp |
| US | 8.8.8.8:53 | front-geo.production.opera-website.route53.opera.com | udp |
| US | 8.8.8.8:53 | 187.180.199.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.152.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| NL | 2.17.212.251:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| NL | 23.66.22.160:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 23.66.22.160:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 23.66.22.160:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 23.66.22.160:443 | cdn-production-opera-website.operacdn.com | tcp |
| NL | 23.66.22.160:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| NL | 23.66.22.160:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | e11604.dscf.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11604.dscf.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 32.48.21.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.212.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.22.66.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | pugm-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | pugm-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | spug-lhrc.pubmnet.com | udp |
| GB | 185.64.190.81:443 | spug-lhrc.pubmnet.com | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | spug-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | tags.creativecdn.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | global.easysecurecdn.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | tags.creativecdn.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| NL | 87.248.116.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | tags.creativecdn.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | dualstack.reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | dualstack.reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| NL | 13.227.219.21:443 | global.easysecurecdn.com | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 216.239.36.181:443 | analytics-alv.google.com | tcp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | edge.gycpi.b.yahoodns.net | udp |
| US | 8.8.8.8:53 | edge.gycpi.b.yahoodns.net | udp |
| NL | 87.248.116.12:443 | edge.gycpi.b.yahoodns.net | tcp |
| US | 8.8.8.8:53 | d2zcjgsjw9h04r.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2zcjgsjw9h04r.cloudfront.net | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 216.239.36.181:443 | analytics-alv.google.com | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| NL | 52.222.139.19:443 | static.hotjar.com | tcp |
| US | 151.101.1.44:443 | tls13.taboola.map.fastly.net | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| US | 34.117.98.198:443 | tags.creativecdn.com | tcp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| IE | 212.82.100.181:443 | sp.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 34.117.98.198:443 | tags.creativecdn.com | udp |
| US | 8.8.8.8:53 | spdc-global.pbp.gysm.yahoodns.net | udp |
| US | 8.8.8.8:53 | spdc-global.pbp.gysm.yahoodns.net | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.116.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.98.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.100.82.212.in-addr.arpa | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| US | 151.101.1.44:443 | dualstack.tls13.taboola.map.fastly.net | tcp |
| NL | 13.227.219.28:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | ams.creativecdn.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | ams.creativecdn.com | udp |
| US | 8.8.8.8:53 | ams.creativecdn.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | 28.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | 214.168.217.172.in-addr.arpa | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 2.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.8.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
| NL | 94.142.138.4:80 | tcp | |
| NL | 94.142.138.4:80 | tcp | |
| US | 8.8.8.8:53 | 4.138.142.94.in-addr.arpa | udp |
| NL | 94.142.138.4:80 | tcp | |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| NL | 94.142.138.4:80 | tcp | |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 31.13.26.104.in-addr.arpa | udp |
| NL | 94.142.138.4:80 | tcp | |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| N/A | 194.50.153.183:80 | 194.50.153.183 | tcp |
| N/A | 194.50.153.183:80 | 194.50.153.183 | tcp |
| US | 8.8.8.8:53 | 183.153.50.194.in-addr.arpa | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 143.68.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| NL | 185.209.161.189:80 | 185.209.161.189 | tcp |
| US | 8.8.8.8:53 | 189.161.209.185.in-addr.arpa | udp |
| NL | 94.142.138.4:80 | tcp | |
| NL | 94.142.138.4:80 | tcp | |
| NL | 94.142.138.4:80 | tcp | |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | yotube.com | udp |
| LT | 93.115.28.104:80 | yotube.com | tcp |
| LT | 93.115.28.104:80 | yotube.com | tcp |
| US | 8.8.8.8:53 | yotube.com | udp |
| US | 8.8.8.8:53 | yotube.com | udp |
| US | 8.8.8.8:53 | 104.28.115.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | phanu-swc.com | udp |
| US | 52.0.238.176:80 | phanu-swc.com | tcp |
| US | 8.8.8.8:53 | phanu-swc.com | udp |
| US | 8.8.8.8:53 | phanu-swc.com | udp |
| US | 52.0.238.176:80 | phanu-swc.com | tcp |
| US | 8.8.8.8:53 | 176.238.0.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xml-v4.explorefast-2.com | udp |
| US | 173.239.53.32:80 | xml-v4.explorefast-2.com | tcp |
| US | 8.8.8.8:53 | adventurefeeds.xml-v4.ak-is2.net | udp |
| US | 8.8.8.8:53 | adventurefeeds.xml-v4.ak-is2.net | udp |
| US | 8.8.8.8:53 | epo.wpori.com | udp |
| US | 52.204.19.219:443 | epo.wpori.com | tcp |
| US | 8.8.8.8:53 | ph2n7.bmtrck.com | udp |
| US | 8.8.8.8:53 | ph2n7.bmtrck.com | udp |
| US | 8.8.8.8:53 | sessydates.com | udp |
| US | 8.8.8.8:53 | 32.53.239.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.19.204.52.in-addr.arpa | udp |
| US | 104.21.2.195:443 | sessydates.com | tcp |
| US | 8.8.8.8:53 | sessydates.com | udp |
| US | 8.8.8.8:53 | sessydates.com | udp |
| US | 8.8.8.8:53 | 195.2.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.sumo.prod.webservices.mozgcp.net | udp |
| LT | 93.115.28.104:80 | yotube.com | tcp |
| LT | 93.115.28.104:80 | yotube.com | tcp |
| NL | 216.58.214.14:80 | youtube.com | tcp |
| NL | 216.58.214.14:80 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| NL | 216.58.214.14:443 | youtube.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| NL | 172.217.168.206:443 | suggestqueries-clients6.youtube.com | tcp |
| NL | 172.217.168.206:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 172.217.168.206:443 | suggestqueries-clients6.youtube.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| NL | 216.58.214.14:443 | youtube.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.36.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.36.3:443 | id.google.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com | udp |
| NL | 216.58.214.3:443 | e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com | udp |
| NL | 216.58.214.3:443 | e6mtnbzgyn4xobccbrhpve7gjcnd2ryn-c2r.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | theclashify.com | udp |
| US | 188.114.97.0:443 | theclashify.com | tcp |
| US | 8.8.8.8:53 | theclashify.com | udp |
| US | 8.8.8.8:53 | theclashify.com | udp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 188.114.97.0:443 | theclashify.com | tcp |
| US | 188.114.97.0:443 | theclashify.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | cheatermad.com | udp |
| US | 188.114.97.0:443 | cheatermad.com | tcp |
| US | 8.8.8.8:53 | cheatermad.com | udp |
| US | 188.114.97.0:443 | cheatermad.com | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 2.22.61.59:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hneknee.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.73:443 | r4.sn-5hneknee.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | 59.61.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.208.110:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 96032a2db8a47d2f33a1b8e9ba4ffc1e |
| SHA1 | c3cfe33a3874aad7ace425a4557bfcb1de57e49e |
| SHA256 | 7ab0716a05f823239141e199335ac2b76913d74c422fa82adadf8786283523f7 |
| SHA512 | fc40b6be7dfe37ee2b67bd36448459b9f4740d400827c19a0643c199e6c27a0106d8216ca2c2866942b196015cfb6092eca4560b37c5d0f636b9b35e02e1abf8 |
memory/724-162-0x00007FF787120000-0x00007FF787218000-memory.dmp
memory/724-163-0x00007FF923DB0000-0x00007FF923DE4000-memory.dmp
memory/724-164-0x00007FF91FD20000-0x00007FF91FFD4000-memory.dmp
memory/724-166-0x00007FF924310000-0x00007FF924327000-memory.dmp
memory/724-167-0x00007FF923BE0000-0x00007FF923BF1000-memory.dmp
memory/724-168-0x00007FF923BC0000-0x00007FF923BD7000-memory.dmp
memory/724-169-0x00007FF923BA0000-0x00007FF923BB1000-memory.dmp
memory/724-172-0x00007FF91F7B0000-0x00007FF91F9B0000-memory.dmp
memory/724-171-0x00007FF923AE0000-0x00007FF923AF1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js
| MD5 | f3725e45308da90e594159b7d5caac3a |
| SHA1 | ac8ce683026006936faaf132d7c05565588bd203 |
| SHA256 | c8a5f2d464032ff90ce30c472301a513a929dbcd106d9a815fa3c6506cce0a69 |
| SHA512 | 262a15f62debd32d9619f6acece063d309cc9b003f694a1b14c0d35e446cd737fea2a5dbad85ed844ec579fb20b1bb8fe1d5eb6961cba0b3a1be1b456ea3932e |
memory/724-170-0x00007FF923B80000-0x00007FF923B9D000-memory.dmp
memory/724-165-0x00007FF9243F0000-0x00007FF924408000-memory.dmp
memory/724-175-0x00007FF9105B0000-0x00007FF91165B000-memory.dmp
memory/724-178-0x00007FF921540000-0x00007FF92157F000-memory.dmp
memory/724-180-0x00007FF921520000-0x00007FF921538000-memory.dmp
memory/724-181-0x00007FF921500000-0x00007FF921511000-memory.dmp
memory/724-186-0x00007FF921370000-0x00007FF921388000-memory.dmp
memory/724-185-0x00007FF921390000-0x00007FF9213A1000-memory.dmp
memory/724-192-0x00007FF9212F0000-0x00007FF921318000-memory.dmp
memory/724-193-0x00007FF9200A0000-0x00007FF9200C4000-memory.dmp
memory/724-194-0x00007FF91FD00000-0x00007FF91FD17000-memory.dmp
memory/724-196-0x00007FF91FBD0000-0x00007FF91FBE1000-memory.dmp
memory/724-197-0x00007FF91FBB0000-0x00007FF91FBC2000-memory.dmp
memory/724-198-0x00007FF91FB80000-0x00007FF91FBA1000-memory.dmp
memory/724-200-0x00007FF91FB40000-0x00007FF91FB52000-memory.dmp
memory/724-199-0x00007FF91FB60000-0x00007FF91FB73000-memory.dmp
memory/724-201-0x00007FF91F670000-0x00007FF91F7AB000-memory.dmp
memory/724-202-0x00007FF91FB10000-0x00007FF91FB3C000-memory.dmp
memory/724-203-0x00007FF91F4B0000-0x00007FF91F662000-memory.dmp
memory/724-204-0x00007FF91F450000-0x00007FF91F4AC000-memory.dmp
memory/724-205-0x00007FF91FAF0000-0x00007FF91FB01000-memory.dmp
memory/724-207-0x00007FF91F9F0000-0x00007FF91FA02000-memory.dmp
memory/724-208-0x00007FF910370000-0x00007FF9105A1000-memory.dmp
memory/724-209-0x00007FF91EDC0000-0x00007FF91EED2000-memory.dmp
memory/724-206-0x00007FF91F3B0000-0x00007FF91F447000-memory.dmp
memory/724-211-0x00007FF91ED90000-0x00007FF91EDB5000-memory.dmp
memory/724-213-0x00007FF91ED00000-0x00007FF91ED61000-memory.dmp
memory/724-212-0x00007FF91ED70000-0x00007FF91ED81000-memory.dmp
memory/724-219-0x00007FF910260000-0x00007FF910362000-memory.dmp
memory/724-218-0x00007FF91DC60000-0x00007FF91DC71000-memory.dmp
memory/724-226-0x00007FF910230000-0x00007FF910259000-memory.dmp
memory/724-225-0x00007FF91A850000-0x00007FF91A866000-memory.dmp
memory/724-227-0x00007FF91A3E0000-0x00007FF91A3F2000-memory.dmp
memory/724-229-0x00007FF9101F0000-0x00007FF910201000-memory.dmp
memory/724-228-0x00007FF910210000-0x00007FF910221000-memory.dmp
memory/724-224-0x00007FF91A870000-0x00007FF91A888000-memory.dmp
memory/724-223-0x00007FF91B2E0000-0x00007FF91B2F2000-memory.dmp
memory/724-222-0x00007FF91B300000-0x00007FF91B311000-memory.dmp
memory/724-221-0x00007FF91DC20000-0x00007FF91DC31000-memory.dmp
memory/724-220-0x00007FF91DC40000-0x00007FF91DC51000-memory.dmp
memory/724-217-0x00007FF919D80000-0x00007FF919E1F000-memory.dmp
memory/724-216-0x00007FF91DC80000-0x00007FF91DC93000-memory.dmp
memory/724-215-0x00007FF91DEF0000-0x00007FF91DF02000-memory.dmp
memory/724-214-0x00007FF91ECE0000-0x00007FF91ECF1000-memory.dmp
memory/724-210-0x00007FF91F370000-0x00007FF91F3A5000-memory.dmp
memory/724-195-0x00007FF91FBF0000-0x00007FF91FC13000-memory.dmp
memory/724-191-0x00007FF920410000-0x00007FF920466000-memory.dmp
memory/724-190-0x00007FF921320000-0x00007FF921331000-memory.dmp
memory/724-189-0x00007FF91FC20000-0x00007FF91FC8F000-memory.dmp
memory/724-184-0x00007FF9214A0000-0x00007FF9214BB000-memory.dmp
memory/724-183-0x00007FF9214C0000-0x00007FF9214D1000-memory.dmp
memory/724-182-0x00007FF9214E0000-0x00007FF9214F1000-memory.dmp
memory/724-188-0x00007FF9200D0000-0x00007FF920137000-memory.dmp
memory/724-187-0x00007FF921340000-0x00007FF921370000-memory.dmp
memory/724-179-0x00007FF9215D0000-0x00007FF9215F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6b9dbd5b7540bd4f7a945d6e05ebd320 |
| SHA1 | b043cf93d21ef0ee7b2ce2e665b38ba1d0c6f807 |
| SHA256 | 6987763b5a90b326c7763b944bfcdbdd3150f5712fa6dd8f8417647aa033149d |
| SHA512 | 37e5cefd78b70cff73e1ba4697c965ebca1057d9b335bed4f7010aec27f7b4f88612470ef356608988d425501b6232ac383289d95a587893987a0429e47a58c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js
| MD5 | 2ab6b5cab1d91e63a8cf1fbe9222aae8 |
| SHA1 | 63a21f141e32cc677ba4e0a0732d227104f7e82d |
| SHA256 | 86f054c63d0c78376fa4b0c77cfd17b303608260743126e8498f911069675d50 |
| SHA512 | 34992cba2f1c1e3924e3f8c2a6449fc21c79efbdf359e5dcb147b58655fd9a2a42bd7af7f8884faa3ca0af6e8481f365c53cbb57fd7b7535fde46b1dd7e92777 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f448274ef839fdbe586a3ac16bca3c3a |
| SHA1 | e4c8d9c4330c1c64038b7a62ef6ffb280ce808bb |
| SHA256 | 9f0093444a061437da4f8864f4fd20a4cb02f8c32a0a0cb15a070a2ce3f11068 |
| SHA512 | b72bb1ca8b02fa9188c09251a742dcc7c762b8a154a45b8315a31dc41eb7ea4b3a898810b570183ff89b7ae6ed490ce077470a9099685c5d070cdb559fc91a07 |
C:\Users\Admin\Downloads\script.QWD6pA8q.rar.part
| MD5 | 15ce4e8923d54e718b59c86b3e3d45d6 |
| SHA1 | cf2784e39cb5ef028478787e35934f81c163f85e |
| SHA256 | b8ea6f789a75705caa6e6bd3105addae1e30c3118cec14f509c13f3308250d8f |
| SHA512 | bca1cea79cfaff138f30135a3d4cc8aa84e388ca3b0781a6ab13e867a5f90c678a61a442f06a96283c651111c54d0917956910ae00fd37d08c8aca877eeac6cb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7a4dd2d7c76a3b55b77a4cf7ba3489ab |
| SHA1 | 86d7be4649a3dcc89794aafa064ba46fe8814b94 |
| SHA256 | 9192df10cf2ad30f2a530224f9a1c5538c6e46f7a1c7d73bffbab3ca2c30949f |
| SHA512 | 8d60a2cd54cb6060129962dda35aa708ea092183226ca5dab2ac690a329e75423da82d073b406836b4affcb638d5c0adda476d42c0d2f364e1d8eca89a3fcf70 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2f7bb23fe3b44068c1d988dab62e9486 |
| SHA1 | be31eaccfe37edfef40aed3abca7e3e9e2db8dd9 |
| SHA256 | c02d0a1fffd37f9b5fe7e2e5d7db5591952f88ea7a9b12c91beeb1bd0df4dc4d |
| SHA512 | e9d7a94d4026085e118672def59cd6b25635db1c4a5b351d9d1dbbc0321a9eb658267766bd004d62b5a45341b140818c5c9778ccbe9b8edf99665b895cfe861f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\17142
| MD5 | 062d7b4832562d0e32376705bdf8f9dc |
| SHA1 | 034e8242310d9b0af6e85767cd9a4b4db1a24b37 |
| SHA256 | 7e688063092f19778f0487ac9ca1f0d41847df4db55ed0d227d3c2b16f61a730 |
| SHA512 | 9f17ec5bb8a0556488c9c10d67cee3b4d3bde609b022d21c0993835f500721de857e1b8818f926371da2bfc830b362425ca5a56ce9a43cebb9e53d13f3ea69c0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\1982
| MD5 | b6a968bb04ee76a6127eff4df117aea8 |
| SHA1 | 06cdc70abff96945b3b063ea9f9fd0e90572e945 |
| SHA256 | 44e77520c5c02b6958518c267b80a06c9b4f8be0cffed09a91cef45bbeaf830c |
| SHA512 | 6a8d82f1235e340d9934113b313e3d6ec9874d0a511771c0ef132794793c45ee5a057b21688989cac73087ce2d64e28346721677c30a4e6f2a47d3280ce8623e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 77fc331fd24022f2c1874171dc0b3218 |
| SHA1 | c1912635f99142dd81923ce162f7145fe79d5e81 |
| SHA256 | 2dfac450dcfcffa9fca56e2a1f856b3ea1cefde8a9f25bdc48d62eef24d67891 |
| SHA512 | 78b21a4579f6dc936bf3a325561fa62feb8a8dd260353367723fdf4c1fc6f95e7763cfd3f67f7edc1b8fc83b8dc08daefcf83f3249c66af26ec06098a9ae824a |
C:\Users\Admin\Downloads\7z2301-x64.exe
| MD5 | e5788b13546156281bf0a4b38bdd0901 |
| SHA1 | 7df28d340d7084647921cc25a8c2068bb192bdbb |
| SHA256 | 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd |
| SHA512 | 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff |
C:\Users\Admin\Downloads\7z2301-x64.exe
| MD5 | e5788b13546156281bf0a4b38bdd0901 |
| SHA1 | 7df28d340d7084647921cc25a8c2068bb192bdbb |
| SHA256 | 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd |
| SHA512 | 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff |
C:\Users\Admin\Downloads\7z2301-x64.exe
| MD5 | e5788b13546156281bf0a4b38bdd0901 |
| SHA1 | 7df28d340d7084647921cc25a8c2068bb192bdbb |
| SHA256 | 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd |
| SHA512 | 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 342550bdd3cd63a6e3e90339afa293a4 |
| SHA1 | 71c74a03ea397340b0ba8aed5af2f157017348be |
| SHA256 | 6dca895da8786e8624f77150660aa1433f6e514c8c52002f7b512cea35407d0d |
| SHA512 | db43d869d506d623da4433e8b40cde2bbf713ea8f96aecaea83c99c740566b280c01b29b52402a44fd893ed6f2d445dd46a3a3f762f1b483fce6c143bd95f85b |
\Program Files\7-Zip\7-zip.dll
| MD5 | 956d826f03d88c0b5482002bb7a83412 |
| SHA1 | 560658185c225d1bd274b6a18372fd7de5f336af |
| SHA256 | f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d |
| SHA512 | 6503064802101bca6e25b259a2bfe38e2d8b786bf2cf588ab1fb026b755f04a20857ee27e290cf50b2667425c528313b1c02e09b7b50edbcd75a3335439c3647 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 50f289df0c19484e970849aac4e6f977 |
| SHA1 | 3dc77c8830836ab844975eb002149b66da2e10be |
| SHA256 | b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305 |
| SHA512 | 877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38 |
\Program Files\7-Zip\7z.dll
| MD5 | 4e35a902ca8ed1c3d4551b1a470c4655 |
| SHA1 | ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c |
| SHA256 | 77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9 |
| SHA512 | c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30 |
C:\Program Files\7-Zip\7z.dll
| MD5 | 4e35a902ca8ed1c3d4551b1a470c4655 |
| SHA1 | ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c |
| SHA256 | 77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9 |
| SHA512 | c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30 |
C:\Users\Admin\Downloads\script.rar
| MD5 | 15ce4e8923d54e718b59c86b3e3d45d6 |
| SHA1 | cf2784e39cb5ef028478787e35934f81c163f85e |
| SHA256 | b8ea6f789a75705caa6e6bd3105addae1e30c3118cec14f509c13f3308250d8f |
| SHA512 | bca1cea79cfaff138f30135a3d4cc8aa84e388ca3b0781a6ab13e867a5f90c678a61a442f06a96283c651111c54d0917956910ae00fd37d08c8aca877eeac6cb |
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
memory/4420-1912-0x0000000000400000-0x0000000000440000-memory.dmp
memory/4420-1917-0x0000000000580000-0x00000000005B0000-memory.dmp
memory/4420-1918-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/4420-1919-0x0000000002540000-0x0000000002546000-memory.dmp
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
memory/4420-1927-0x000000000A530000-0x000000000AB36000-memory.dmp
memory/4420-1936-0x000000000C2D0000-0x000000000C3DA000-memory.dmp
memory/4420-1939-0x000000000C4D0000-0x000000000C4E2000-memory.dmp
memory/5324-1942-0x00000000004A0000-0x00000000004D0000-memory.dmp
memory/4420-1941-0x000000000C4F0000-0x000000000C52E000-memory.dmp
memory/4420-1951-0x000000000C6A0000-0x000000000C6EB000-memory.dmp
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
memory/5736-1987-0x0000000000680000-0x00000000006B0000-memory.dmp
memory/4420-2021-0x0000000004C20000-0x0000000004C30000-memory.dmp
memory/5324-2022-0x0000000000400000-0x0000000000440000-memory.dmp
memory/5324-2023-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/5324-2024-0x00000000023D0000-0x00000000023E0000-memory.dmp
memory/5736-2025-0x0000000000400000-0x0000000000440000-memory.dmp
memory/5736-2026-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/5736-2027-0x00000000023E0000-0x00000000023F0000-memory.dmp
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
memory/1540-2030-0x0000000000400000-0x0000000000440000-memory.dmp
memory/1540-2034-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/1540-2035-0x0000000004B20000-0x0000000004B30000-memory.dmp
memory/5324-2036-0x000000000AE60000-0x000000000AED6000-memory.dmp
memory/4420-2037-0x000000000ADC0000-0x000000000AE52000-memory.dmp
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
memory/4420-2039-0x000000000CC50000-0x000000000D14E000-memory.dmp
memory/4420-2040-0x000000000D190000-0x000000000D1F6000-memory.dmp
memory/4420-2043-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/5136-2046-0x0000000000400000-0x0000000000440000-memory.dmp
memory/4420-2048-0x0000000004C20000-0x0000000004C30000-memory.dmp
memory/5136-2047-0x0000000002030000-0x0000000002060000-memory.dmp
memory/5324-2050-0x00000000023D0000-0x00000000023E0000-memory.dmp
memory/5324-2049-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/5736-2051-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/5736-2052-0x00000000023E0000-0x00000000023F0000-memory.dmp
memory/5136-2053-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/5136-2054-0x0000000002320000-0x0000000002330000-memory.dmp
memory/4420-2055-0x000000000D370000-0x000000000D532000-memory.dmp
memory/5324-2056-0x000000000DCB0000-0x000000000E1DC000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cookies.sqlite
| MD5 | 2e8985947187b3604e0bee8288e73acb |
| SHA1 | 5bea31a692ab37f9978f2cd3e78139d9d3d429e5 |
| SHA256 | 5f4084e2f9a8dafe542e96ce1b93ccd85540de8e1d6e3acee7b96caee93ee90a |
| SHA512 | 5a4286e4025d0698b1020958c0ec396e9057449c884c47d6e9c58ac9a1ea153a9539de0314c430775ab5bc6c34e1fc7a174b2b58d830ef09416ddfbcb7b53ac9 |
memory/5736-2142-0x000000000E7E0000-0x000000000E830000-memory.dmp
memory/5736-2145-0x00000000736D0000-0x0000000073DBE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\conhost.exe
| MD5 | a94b437f0e3f94d1b6427002d137d927 |
| SHA1 | 2bd679e0d49c1dec51c44f86ac935c810dd96f8b |
| SHA256 | ca11d0fef6aad8481e038660b5ad9b8be14614b46be2a624e630b446749d581f |
| SHA512 | 85d2e475477ad637059b3a4a01ba8d98e33cd58f66a6f67bfb48f88746911e51fc513ec7f6e068c7844360f4eeeccdc8b551bdf0e18b15ceb4c6d00489605771 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | d076c4b5f5c42b44d583c534f78adbe7 |
| SHA1 | c35478e67d490145520be73277cd72cd4e837090 |
| SHA256 | 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8 |
| SHA512 | b2dfcf98695e7e40578f02a104a1c2fa1de29d13b0056d3dc4a5689168546f437bfd6acbc99e3766f94efb01bac5c908f3e80795f017e1629c97b6b1026ce638 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | d076c4b5f5c42b44d583c534f78adbe7 |
| SHA1 | c35478e67d490145520be73277cd72cd4e837090 |
| SHA256 | 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8 |
| SHA512 | b2dfcf98695e7e40578f02a104a1c2fa1de29d13b0056d3dc4a5689168546f437bfd6acbc99e3766f94efb01bac5c908f3e80795f017e1629c97b6b1026ce638 |
C:\Users\Admin\AppData\Local\Temp\conhost.exe
| MD5 | a94b437f0e3f94d1b6427002d137d927 |
| SHA1 | 2bd679e0d49c1dec51c44f86ac935c810dd96f8b |
| SHA256 | ca11d0fef6aad8481e038660b5ad9b8be14614b46be2a624e630b446749d581f |
| SHA512 | 85d2e475477ad637059b3a4a01ba8d98e33cd58f66a6f67bfb48f88746911e51fc513ec7f6e068c7844360f4eeeccdc8b551bdf0e18b15ceb4c6d00489605771 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Applaunch.exe.log
| MD5 | a25a4a5e90923e58107eb7a930ca67d3 |
| SHA1 | 828fc8f86350eaa731d8e8e68c6420bb54d4f76d |
| SHA256 | 2ff5d4fe5feea05ffcc79009e7c21a8fcfaea60af29523060130f2453a0a49f0 |
| SHA512 | 2ea15e62faff445c28b88e4f9102d4515914710ddfafa5ad2c81ad37cada19c7e3080264621771a28ab13a2ee70f46527a2af5e6bf06c7bd5998d9bbdeeb5ccc |
memory/4420-2171-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/1540-2173-0x00000000736D0000-0x0000000073DBE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | ae01d4d2bef26b49814f92862a7c835a |
| SHA1 | 9478789e4e1f19a99c51f081dd783043baf86094 |
| SHA256 | 1ae44cc7d29c61903bed9e1a90b15d65313cb8f9de6a5254f4d27970d5c67fa2 |
| SHA512 | 8a852f668427b28839d928fc8bc9c05bc83e0179382cf30d3a76b10dfab5da8be1a57266ee5fa19a23df3f37ece9ad7c1383d9746340e66e2fe3f1e71ce9dfd8 |
C:\Users\Admin\AppData\Local\Temp\main\file.bin
| MD5 | cbe112b186d443cff69816f1cc42fb41 |
| SHA1 | 9d063a5ed79b9dc83877893bddf36eef179f2ea9 |
| SHA256 | 06b688ca2b776e8c334c0ce38b8d19615f7fed66cd43dc9812a61a9f0f9bf9f8 |
| SHA512 | d2b2e521f8410ade52c4e2818998907728a3c3cacf5a082d1d080e80cad2bd2081b658b9a2d7616fb269dba1fb343f0b39c04df58a6ad66a922e4365f893e539 |
C:\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
memory/5324-2180-0x00000000736D0000-0x0000000073DBE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_7.zip
| MD5 | 8a9e372d4bb86ce61feb1dbd0eab13b1 |
| SHA1 | 9a9c7131359bfedf7545b088a2dedbf53faf8240 |
| SHA256 | 64d9b7f7597c73b4c04e474313334cb57a6330887cc5501ff69dcd9340eea777 |
| SHA512 | a38cb731c6769f01265ac24b9fa3cd2a0416698f8097ea924f975628d0c96dedbbf12ef35271889d7b6816d140715c6ff7a55e99f800e5e6a5f2288906118964 |
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT
| MD5 | c69ede2d5b33d01a6df6ecf0102e9fff |
| SHA1 | 6fbfbd8c28291adeb8d7c8c2a07f779509eb9235 |
| SHA256 | b0b6419444760d3e472a77f561037803a7d1e52517ca9c50c3fa55da304ec85f |
| SHA512 | b2f731b85e162590902b543b772a04716d5e6573a458eab5a19053675b10a303f8b0364e43fae37f7810e48f1c5183eda5990b6785364be4f4c63fe3c2dd063b |
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
| MD5 | d8fc96c146e66d12afcbf96b346cab05 |
| SHA1 | 3e5279f40c078fcb71e60c744eaba5f196195748 |
| SHA256 | 7ea069593b121866d47986d8f52bf9a4b2e4dfb5c310a7c38a524950525671f7 |
| SHA512 | 96c21c35f0fdc05a81847fd1c32ece80c74c913d368bbeaca9db402784eb63413dcfa1c0470f46d4f440ffef269dd78eaf6df4159c647935462d32a6f4486029 |
memory/5884-2232-0x00000000006D0000-0x00000000006DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\extracted\Installer.exe
| MD5 | d8fc96c146e66d12afcbf96b346cab05 |
| SHA1 | 3e5279f40c078fcb71e60c744eaba5f196195748 |
| SHA256 | 7ea069593b121866d47986d8f52bf9a4b2e4dfb5c310a7c38a524950525671f7 |
| SHA512 | 96c21c35f0fdc05a81847fd1c32ece80c74c913d368bbeaca9db402784eb63413dcfa1c0470f46d4f440ffef269dd78eaf6df4159c647935462d32a6f4486029 |
memory/5884-2233-0x00000000736D0000-0x0000000073DBE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip
| MD5 | 7c9a8ec532f7d5b1bff2214d10a31f5e |
| SHA1 | 47d0e477ece141d2399dedee7f525f3f872c7776 |
| SHA256 | 5135bb80e45c9fe2de369fbf2f4f6eb8cb86b736ca099a9a7e20eba2613df877 |
| SHA512 | a1d65c22bfe81e0f62b88053a590727895b240d9992610c1f8922748826b919c785b7543f4e69bb632f3e07e0b22af706e059e2ea29255bf05e19c1002ce3ea3 |
memory/5884-2234-0x00000000051F0000-0x0000000005200000-memory.dmp
memory/5884-2235-0x0000000004F20000-0x0000000004F2A000-memory.dmp
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip
| MD5 | 5ef35ac8123dc3f199f1493143f55240 |
| SHA1 | b2e76a799c3298a671cfb3db4350be68dfb3baba |
| SHA256 | a7688a25db62d4dedfe70939f60582e0a332a2204804b9f92261c925d3b26933 |
| SHA512 | e8fa65051adb62c50afc8da103b29d97a0cb9d30d42ee98eb30caa77d633db3e03d91f962d06bdbe983a768c23df91bff19ac00e4cca2af5b6748311eddb1455 |
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip
| MD5 | 3eddad9489e47a4cc4ea8c868b520cbc |
| SHA1 | 4a9557b2fd9fb0ef5e562b5bd088069d4da1fe6f |
| SHA256 | 16582aa955a5cf3e73f2f580576bf3b05e007bac4e00af7f128cb44f2bf75827 |
| SHA512 | 8a37b1d1f9c84241d6b86836888e9f115abfb794de01442f29490efbd4f6bd95d14d5e674a18a805d0b0bdff10277fa19e109a04aa5fafd972054ccb0ecd7a63 |
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip
| MD5 | d6f58a99a38925da8164c137441ac600 |
| SHA1 | 21d55013737ca80ba9e180f1e42a8340a7772443 |
| SHA256 | 72973cab5b8a4be2eb2fdbe465597d564fd507aa6cc65f8b46413d821f70329c |
| SHA512 | f66558380e72d07559dac0d82c1d76779ff362f78389fb654a13d30d526534728f2decfd0fae3a767873eb1da6e66c7e3d15bba87e8d2cb158f8a872ab9825fd |
memory/5136-2236-0x00000000736D0000-0x0000000073DBE000-memory.dmp
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip
| MD5 | 53407d9085db0764829731520fe4389c |
| SHA1 | 703618c635257e90a8b4a8b3c69805a0ab29d470 |
| SHA256 | 47f9ac92d4beec003b491f1e8bc98f54beaa107cba11a4c57ceb8e811c87339e |
| SHA512 | 0b7d86cccb89d47112ffc773658bc75b03ad284f11c9093ae6c906678943bcb6bb5f4a38148ef25f42bafbb8853d623d479f7073c0417677888849745075d990 |
\Users\Admin\AppData\Local\Temp\main\7z.dll
| MD5 | 72491c7b87a7c2dd350b727444f13bb4 |
| SHA1 | 1e9338d56db7ded386878eab7bb44b8934ab1bc7 |
| SHA256 | 34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891 |
| SHA512 | 583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511 |
memory/5136-2250-0x00000000736D0000-0x0000000073DBE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip
| MD5 | 01da78a8a2a458aba780668d6518f05b |
| SHA1 | c0765ad28703e425c31775578205051cda4a6991 |
| SHA256 | a929c9785846f552fc5c05a79595e30e611e31194fb0f8962ed6fd145d283db6 |
| SHA512 | 24893d84c5cc6cebc2d0b89a192c343a06fed755cf04c18df8d96c32069020d8fb9a288a92a66132af45e6f5ec9d5b92c475ec626c87ff356956d57e0b4fb3f4 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
memory/1540-2192-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/3296-2289-0x0000000004A60000-0x0000000004A96000-memory.dmp
memory/3296-2300-0x00000000075F0000-0x0000000007C18000-memory.dmp
memory/3296-2330-0x0000000006FB0000-0x0000000006FC0000-memory.dmp
memory/3296-2332-0x0000000006FB0000-0x0000000006FC0000-memory.dmp
memory/3296-2331-0x00000000736D0000-0x0000000073DBE000-memory.dmp
memory/3296-2335-0x00000000070D0000-0x00000000070F2000-memory.dmp
memory/3296-2336-0x0000000007C60000-0x0000000007CC6000-memory.dmp
memory/3296-2337-0x0000000007FE0000-0x0000000008330000-memory.dmp
memory/3296-2339-0x0000000008330000-0x000000000837B000-memory.dmp
memory/3296-2338-0x0000000007CF0000-0x0000000007D0C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3o4egspq.fll.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/3296-2363-0x000000007EED0000-0x000000007EEE0000-memory.dmp
memory/3296-2364-0x0000000009430000-0x0000000009463000-memory.dmp
memory/3296-2366-0x0000000009410000-0x000000000942E000-memory.dmp
memory/3296-2371-0x0000000009480000-0x0000000009525000-memory.dmp
memory/3296-2372-0x0000000006FB0000-0x0000000006FC0000-memory.dmp
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
| MD5 | 14ccbc6a8098c9ffbaa8ca7d02ba6abe |
| SHA1 | 87daa54963ee65e714a8c515e7501b9b97abddfd |
| SHA256 | a12993d8c8fa63ec2d0af2294a9e2cc29fb2d9dc4abe9e273e752eb7dbe8dbdb |
| SHA512 | b32047cb4f305ef2a75cee6c3bf57fd89282063f12dbd142b3dfd0f24e58a77145e5abcbbaa33d29f6ab62741a4e710775e3f2fedcdf21dd28bc53f9cced3370 |
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
| MD5 | 14ccbc6a8098c9ffbaa8ca7d02ba6abe |
| SHA1 | 87daa54963ee65e714a8c515e7501b9b97abddfd |
| SHA256 | a12993d8c8fa63ec2d0af2294a9e2cc29fb2d9dc4abe9e273e752eb7dbe8dbdb |
| SHA512 | b32047cb4f305ef2a75cee6c3bf57fd89282063f12dbd142b3dfd0f24e58a77145e5abcbbaa33d29f6ab62741a4e710775e3f2fedcdf21dd28bc53f9cced3370 |
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
| MD5 | 14ccbc6a8098c9ffbaa8ca7d02ba6abe |
| SHA1 | 87daa54963ee65e714a8c515e7501b9b97abddfd |
| SHA256 | a12993d8c8fa63ec2d0af2294a9e2cc29fb2d9dc4abe9e273e752eb7dbe8dbdb |
| SHA512 | b32047cb4f305ef2a75cee6c3bf57fd89282063f12dbd142b3dfd0f24e58a77145e5abcbbaa33d29f6ab62741a4e710775e3f2fedcdf21dd28bc53f9cced3370 |
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
C:\Users\Admin\Downloads\script\script.exe
| MD5 | 043cf41c0fe957ccd6a71e808b2384b8 |
| SHA1 | 0baaae425d1cb9cb80cfed95a700ce43bdd92e13 |
| SHA256 | 289e4679c8b169e6209aa3a6c7875da9705225edb1ac3cf06ea88dd4236c849c |
| SHA512 | 033591d80a2d9e16bd25ca456b8c908d08cb30f30154f67ea53f8a0053217c519ef843a2f4406d3150c28e9219c63f8610a9c2ec97480498a0fc6085cfbb4c1e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\default\https+++www.youtube.com\idb\2257848399LCo7g%sCD7a%t8a9b9a3s.sqlite
| MD5 | e2a07521a313bee6c39e5dbe3eb522da |
| SHA1 | 7c74b427e35f5034d638052a8e998a40a1a88091 |
| SHA256 | 9d663dff4aabc34de86418e1317f5a22465b500a611395cc932a22692deec88a |
| SHA512 | fe4f7ffcd2ba0d48613e801ede444ba04f66e542e0b95e51d99cb50a25fbdedaf5d4c857641c4bce3d44ed0d2a22fa44b04abf854345d029b2d67d96d8e16abc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\default\https+++www.youtube.com\cache\morgue\197\{ba3c9a20-0fef-40ae-8cdd-109d121635c5}.final
| MD5 | a45a56afbf2f37f17d484dea2713ee6b |
| SHA1 | f00ca7beb7e07932360a4144b8343d079f60d627 |
| SHA256 | a97aa79417c7f3cb0da70a289bd71194d168920eca151cf1c5890c2e376876d3 |
| SHA512 | 453d7165081b15d4cee70ad1cfa2da2b97db1ba44cb7e640c74b2ac223dabf8826bd3e27bc692e98746011dec8bcafba6615e16a586cdc67199eb566c10d39f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
| MD5 | ee2716d7b70959fc94a5d71a5969413a |
| SHA1 | 9523f65c034cf31418f660dc61377f05b63a6462 |
| SHA256 | 0405b877b3b014319fa05915a1ed3b9ec5b9a350a9e7c600a052b75a0b492017 |
| SHA512 | 7527b359ad852a878b173882607b59b793d5efdc0b39a89a5698dd9b92c723be5283271ad2f0d9ecff2658f2e55aa9f978bbb06131fad698fe435f31fb8b2902 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\3B9759A9A1EBF275CEAEB720492F338208F13E40
| MD5 | 6f803333e7fb8927ec228934aab5f76d |
| SHA1 | 19f1b4fc448e0b90a4e91bee51fc6384872e0b8b |
| SHA256 | 9a9eccfb013fc937ffaebdc9c1a4918336e672eac65f07804c92342c4d2f5adc |
| SHA512 | 34f391f466ca62f5d886b5bc87ad0ea311ea665de53609d6f238d6c447ad03496b4638023eac9ab0d4eb1de768972cf5d3eda7d374878dad8ba3a0ecbf4c416a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\9E42D640A41FDB552EF131C1703BCAA914A48953
| MD5 | 712bf530aee02a11032f22f8079f60dd |
| SHA1 | 07f4db24701fb1873a00e97727352f47fd32755e |
| SHA256 | 93940327e7bcac5b2bf7fe4fd7b85f4c726128b6965b96c06c571f7029c7440f |
| SHA512 | 7beb98e155b8e8147ca42fe16e2fd85dab332927b3f6f489b5f3e81d9b769a83028bb0806c7de32ca20f6f2ae2f7373f0d030d7bdc9cfd5cdefd89db59e76173 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\248AE18D8E6EF5DEB3156202336C6C67867CAE1E
| MD5 | d4828118a67145ab46b44107e2194efa |
| SHA1 | 735adc8c93696564b5d73a9967894444f80c7f45 |
| SHA256 | b09a34cd280095eab229b8fca27c8532dc08adba260db2e0338cfc9db7e70f6e |
| SHA512 | b626c3ed387e594e252829a67cc14dcd79a1ef5ac46bb1a89f9540d2379cc8e6e6d7df6031cda36c1336c8edc321e51d47b1008f23693f6103f3e4dc0c06e24a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\28796
| MD5 | 250ff9bb6e2e57c784d1465f536e18e1 |
| SHA1 | ed566b585de3d4879933f6b9b1e70cb4521e178f |
| SHA256 | b6178824a16e1d24793fff8e5fbd7d2a4fdae71cd461901eeac7ce4ddfb22923 |
| SHA512 | 8fa147d4ff606e99b3c94992dac22a67f629a2b296b87c7eea8d6f5357df3e7710bf7c6739cd0f85dca7ae502c001a55c578862a77070ccdb418c07a06bbff2e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\20470
| MD5 | e2d42e8e660b349a4cb9300f078eb673 |
| SHA1 | 73d94c63826731c28dd18b0ab8cd562ff154da03 |
| SHA256 | 12afe7f2287a6ee97da35fc132e762679f4554c6b55049cc4b5ac64c43d6a500 |
| SHA512 | b1b9f9d3f81060898688ef511651725a7571a91f7e55419b9c768b4a197320442d6d4427e0fc10df9c6912bb6738b8edf4d37ebb84856b11e9f636bf92c1d8cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\658A50B8A06FFC5874591788D10C0C6C5F691CF4
| MD5 | bc8ae3d497b135aa248ed5833c834e61 |
| SHA1 | fb9eb8a51cd6dee3373d48641bf380e39b9aedd7 |
| SHA256 | 10d92b80995b9f56ea5d7802f8b5cb993c93d783b1a520a62456b4cf98625729 |
| SHA512 | e51fecfa2dad9b81d469a7d76e893f9ac29d272efbe2ed07596bd7f910b99bd70097eb9b989a34b431dd4ab9639c6f73e113d88a5b8bf731990b1c0b98ba1ef9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\7A568F91C1A08B97B1B85999516EB1BCA9B45F6D
| MD5 | 594737c33eedb17545a62ecdd44276b3 |
| SHA1 | 3d4df77d7b9c9f547a17f685ff19bd882d4e7eb8 |
| SHA256 | e1fad4fce133e88c01432db7520e34ec7bf0924dac9b9af7276e478ace17c4a2 |
| SHA512 | 0a5e369d7471177bc0b4693b2e41d912ec7636a0e11a2b71f53d0473d9ec40246c16b0bc0aaa1a690560e685af243e02179415ed1326f3096f3803f9c20ad781 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\35EC5E1E8DFCD62B7C3E9CA5908C6940721F73F0
| MD5 | 1dc8f4c5b19fcf4d5015bec7429f6f5e |
| SHA1 | 2cbd67a1b23cfcb6af8a4827f9dfff4fb968c85d |
| SHA256 | b40a0a5c143d81de346fb3522e3564429884e4071db3a95c8144248c07fae802 |
| SHA512 | d9e0fed356858343a7d1a572d0478d24604aa8a65304df98f6fd01d9499a5b86dc6a6a752f39071d5ee344f5a1bf25a79a7c142f0c98fddde38cbe68772a70b2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\E48EC1B612B30C5E8ABA33B3EFFBBD773D9FD3AE
| MD5 | ce58e97ab00e10277d6ae0228507af4c |
| SHA1 | 8123366d605c2f9e9772556368d3676ef305f843 |
| SHA256 | dd96465543bd800160dfbf1c1d7fdf1a2122734aff73b480c4ab649880e138ee |
| SHA512 | c4d4058038081bfc9e1588fad9750f3a9371910a9d9b90473e6bc0e68d80c42010ff781dea89c1434752c13018587a64a3869b61b4abfece5afa22c76d38530d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\0FD28473C00AD598FD478773B66EDD8220B3CBCD
| MD5 | d92402fd7c0316dfeb13e7c87a2a9c79 |
| SHA1 | 2990ce6255de15c53095f4037ea0b714c31409de |
| SHA256 | 22ef851305a0b98c911b333228ad937e48cb15193f10826ea7ddcd661172bd54 |
| SHA512 | c2148cd8860a5d10f9bbf48a7525cc3b57a2777b8d299327309f382b936fe9ae18e882ee9ad36d9a3c3bb8259a9cfe7504cd697cc72e854f47fa62ecfaee2887 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\B15935A5C90F80F3869AD682810C92028A6EDCFC
| MD5 | 827f580642169187ec350ad6de613b7f |
| SHA1 | 4dd5c1c05cdc4d5790423a04c30cf1241e016845 |
| SHA256 | c2937f3e291542868a6a5b7793830047c19546af2c924d3b00d0c5f2e9d7750f |
| SHA512 | 638c90dc52aa9d6e3818583bd1fab011880264969433494a28f1fbd6b99d204042a66b80773537c93ae4985382c573f7ee9f531559608769aaaf29d3f28fabc6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\19044
| MD5 | ddb1a0a8a57679795aad623496fefabc |
| SHA1 | 94c0681ac84160f2bbc650d3d1ad38451d454666 |
| SHA256 | 4fdc1902db9c35022eac8fc22e167f7686a31a8112eb1636f209fd59f1b10fd0 |
| SHA512 | 2cc571c30031d2ebd4119f7b111bf473b26e34bef1c346a2aff4a92d9af5f665838d22a4ac6549cc6a5e1d62d7eba6aaba020217b33e20f499608e0210c01f95 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\doomed\16575
| MD5 | fad52e9f2c089b55ead4405966f7606a |
| SHA1 | 993c49b30ce4657e400630b67988c780aa46deac |
| SHA256 | 4bd6bba7ef1c6414261d87ad1f4d93bf560349f025f00d5dd4b68c3b6859e5c1 |
| SHA512 | 4d2dc843d19dccddf762ec06ef97b17fd6a190f30fab859bc5856cdc165ce5fe8c75a2d8683120cb8369d12986ab5207d89ed98fbf3f8425075463302948a8b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026
| MD5 | d146ca5a68b153894e4807b615435c27 |
| SHA1 | c7665dbf88d1c3d154a3ae896b186efdca04c04e |
| SHA256 | 0c8012abfbdf014b8c1e6b235a690ef8499cd7f708e110a6e2c4e9b8ce2ece72 |
| SHA512 | e6a95ac86840f8800250dca6624871bed05115b833c3dbc32df9b767023a9c24b0408193efe8e6a918afd7268912aaab3af4db26e3258a08ef42ccf9cab2c48a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\8716F8C17B00451F44310CF05230027866449E88
| MD5 | e152785a39c3c96ff813cacf1e1227ca |
| SHA1 | c9b3b98762b48727f86a6afaf73ec6c1be84fa60 |
| SHA256 | cfd7545524187843f6891cf4f902e01d695bceaeaca7e70d9ad11bd813784ee0 |
| SHA512 | 6834af0d061898bf6e9acbce3e85e6496a45afc03a7b4b423b07adc5f03174d185081c6aab8fafde69b8522428196e156cf0867a19ecb50726d7c11372e66ca0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\B7BA9A55816D8AAE7A854CED145D931BA1432A7D
| MD5 | dba2bc301969ef7fd866ac35e6217f9c |
| SHA1 | 2ff63f8481d30e3e5c4dcd76e276c127f27ab828 |
| SHA256 | fcbb8aed43901b052792d2836948d29acdf3b08d5cd13f923c2311777137d353 |
| SHA512 | 5c4cd70361b1651909cddd245cf33cfe9554d20b847343245f6a9c2da7d9a2e1800dead73cf619941d45c58782779b4b60865126b501864e72ea1e2f078f349b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\FFA7E2F711344074EEA3A05DBB02F11F9BD2C601
| MD5 | c461d33e8e7eac41039f7fb52eb11f2e |
| SHA1 | 782258d3664eb3d511bc079ac723097d651b4745 |
| SHA256 | 1d1400543b6c370f2d960e2ac86a4b43d7146441943ed0009999cef419819e1f |
| SHA512 | bcf3858e0e06b2ad724c3f3ee0b1b744718e19ef14a6a9352aa375b02c7b4fad586a3ec9a286f6e17c0f86fabf87f3d5816fd3bab7ec2016a557e5cb84b085f3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\771942AFDDDE9DB0E2B1887C5C3E889F1333D0D6
| MD5 | 7e0ab43225eb3e235b16688a1988bb1e |
| SHA1 | 2ca50a15a628fa2a9d9cb7d8dd98392b539f07e6 |
| SHA256 | 2145a2ed6aeb1abbed2b6994917d178ec466f341b38bee14c4451331413789a8 |
| SHA512 | 53ceed77e2df99a64404319b8e632a1b6ca8414f7c61a534d3da7f0f0bfcacc5f014938210bf7ff218a3f0589718a27577a89d79856766831637a5bc6a8d5198 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\768FF910069C2E7FAD7CEF3526AAD1F9CAFD5C9A
| MD5 | a6a1eec660d20076082b78cfb10ed88c |
| SHA1 | bec5e811ca8b2d6511b0da994146aa9183e03c4c |
| SHA256 | 39ad21b6a88e7342a5f6660f3fdc445c22bfb251c8310920b60d1a40f01ff745 |
| SHA512 | 6b72bbe47280e54a2de05522894f9a4cc10f3693676432d93d144e074506db0cd324f4d287182d08084f039fda399f81de63d11b49b6c6f25d33025eb2dcb068 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\689D8CF023A6FDA16414407570C8685D0993BC8B
| MD5 | 619746299cdd87f32e6e7614c34bd13a |
| SHA1 | a489055f7b5eaf08b872f28f1ef16b39d674bef4 |
| SHA256 | 905a792013c2dd8352b2fca4a8f5d17c865974f0e11e861953183a3c6ae449db |
| SHA512 | 3d1c29c96fd8fead58f4f47d140145adee83012be4803d3137d289a814f23006162e6e1647e9ce6013ef5a94c873913fcdd05c0979844b5d02d20dcfbbcd739c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 04c36b4912e621265d64da67c78c9821 |
| SHA1 | 924e9483ffb58109b494a62ffe49430baf902356 |
| SHA256 | a55d1d42b1f8f20938819043cd80805f0d2a402cdb6edff48dd50f2a535772f2 |
| SHA512 | 69b806056ea2fed4ff45197260c80193ffcf0a6b15c1fbfd37c8024418f8c30291cb0e4727a9cdb27391fff1ea6b93cb1c9ddb042ca8fc0701905500efddf04a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | d2bcdb495679def61d70741c4a85ba2e |
| SHA1 | fbaceb71462b7572801fe1bb592ba8b821b0ce6e |
| SHA256 | 89b29a40bd9b45c055a50316a233bc316ed16415f38c181b0daab54a90decd97 |
| SHA512 | b3397494e76bb0504fe3df765b0049b5dfd70f22fe032a6b0577d023834db7bcb06969b23483379b05ae7c9d8b021096027ac4120994b32a76a0c31123ec50e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\default\https+++www.youtube.com\idb\2257848399LCo7g%sCD7a%t8a9b9a3s.sqlite
| MD5 | 542fe7460ce03f88d7f4b1988695e8ff |
| SHA1 | 37215e41112084a859f6f04ba6d6fe74742ca619 |
| SHA256 | f773ce70ac8fc174e24a8db8cf1952ffe2a09f166c2d96ebdc474f158debf437 |
| SHA512 | c251d322467eb850f9e4685e5d429d453fb584057469f8a8d044d9ad8af05e84175900851b4aed93f482f256638e28f41586ab0f2c7b707dd100ce9a9d197a92 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs.js
| MD5 | a4b861bf93284b9e652f8986cfdb6595 |
| SHA1 | 2a4445ae621f31c65cfd0c77c0a258e16aab0767 |
| SHA256 | 73fd14e20775da56341384e0592a5292d9573174bba43397195ea537961ecc24 |
| SHA512 | 1875359d748a3ac05355d674f0063aff786bf4790a031b16a8e9b6e9dc9e2fadc953252fda7308df3c9800cac279618316504f07df74812f7ede109b7ab2dd6b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js
| MD5 | c78677af5454300bddea941a61d7548a |
| SHA1 | 541c5b5ab0ab0040d2ec84d6263e42c47ad4960a |
| SHA256 | 65a433aad6e53c5a0a8d2aa8a4dfb0eb4bdda9c873c78035a1963484b837b7a4 |
| SHA512 | 026a78601a17c5c107a9224731cf95908a43bbb9daab16987dfed9c8dd09153fb83a1ba1db4401dbb7a654f2761c32ccc4b4e04df05abbbc85c40f7cc295ff04 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 09aa7458b18e254858a3e5e088ec1878 |
| SHA1 | 452f163cd41a1edc1423591789deee89473f44bb |
| SHA256 | f420e401eaaf9a1f2ec5ba9e7ae623989e2fb2e74ca11f9609da45905a5c4cbf |
| SHA512 | 4366a36b34ec8411c088b35800bea0453b7e6bbd6972a793245c2a4ece7077f364ea118f62f17ee7d5abb211625432d83ce3d78ba1fe62b011bcf14ece096fc7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js
| MD5 | 606e6f627d536d14bc6e4752e73c3ab4 |
| SHA1 | a10b5925f2d9342a56034d67e5aa8ab066c66087 |
| SHA256 | 1586d3432103103ec5475cd5ea164316ea02383e77fc83b3816143917fc76b1b |
| SHA512 | 437203b8399fdb776a3c6b1edb7c9842138e9dcc23566529596257595fa6eb72eae2ca384c2686ff3384b2b201aa05038ef9ed9d1ce24bb47a3a0c056c54dbf5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\623F0BDB0F999209C444508A3959087800648ADF
| MD5 | af9608734de8299ef464f4a660d10b39 |
| SHA1 | 5408b7cb0dbad99148ce880229dfb842598ab7a0 |
| SHA256 | f0e34095a569855489ec15adbd22e64ed89b7912c04db0120468e84f40c3dfae |
| SHA512 | 51d2905e9f81cd9ee1750563d05a69051cb8a74f07a247f269b31439183b82577ef4de11025df3ad786ce1e863a5117fed9e4e1a8ca094c7549f543376e6fa88 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\9B498A26A0C616A3AD6494121D721EB08B19D5C5
| MD5 | 96f8c778f57f2c4777c3213e669e66bd |
| SHA1 | b2cff105c6d5d069b3d2240d7907b24ea4033ccf |
| SHA256 | ea94aa29a6ed7228f24a400cbf6f27995a99d0fad4470d866e194bc9359fa28a |
| SHA512 | a47efdede5ceafd68f6e37e0c80ef1cc4d3baa222b53e201045268384812c75e1c4ab7c4b3b16b9ef3e19c245656e7a87ab4b441984e01f021ccb15b42287cec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\57EF13A7737FF864AF48C16FA1B6319D25199DC5
| MD5 | e0334c396c9539c7e5d7b25962f38df6 |
| SHA1 | 3bb8e99dff14438954192d5a57ea153e0306c5a2 |
| SHA256 | bd84d5143174078a926a6db20e3f94bf5f2717f3211f453891f576e4fad18901 |
| SHA512 | f3358d52ee3c978fd296352b7ce63c3389ff6e31a610ed01cd3278c14eb6343c79f70aebfeb0f52953c72900df90144d4ef8b9618d4748398831578163a110e4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\8FAF7DC54DF280FA54952C30C51442085A439AAF
| MD5 | 9025991d5d3b20b673ec5e0a0e63ac99 |
| SHA1 | 1fa1112c1294126b48ed66fdf642a00a3ea0d4dd |
| SHA256 | 1058c575dc855e9fe5fc8208241cbed95a50ffc49d0bef7422f701520819820f |
| SHA512 | 5cbc5781a6094c6eb17256b8727c740ef425d3fdc4c3df79bb40e3e30f0017b8a31db42493a400623bf4c5f2398fe80ec14a275f9613a697e3d2fbfc12f538ec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\263F8CE8D90E89ED092D19347C40421B1EF4F92A
| MD5 | f5892b621cacbd56e5d753df53536bc9 |
| SHA1 | b0874c6d72473630c43166b81288e79c044be34f |
| SHA256 | 2e36b71af19c4e2003760bdc26acb4aeec1c661b2b99c56521922b4992c6bad4 |
| SHA512 | fa05271182ee2b57aed5482dc774d8a2e93434005c84484ed4ae7da4bd094f66e82f1c84e6f7953fc2a2c8313738da6c48f32923d75a60e049c1f882cbc1bd4b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459
| MD5 | a8efdffe13bc26d0748285d561c026c0 |
| SHA1 | 2d32370bc2b6a302b49a53fab6902b68f8eff9bb |
| SHA256 | 1c66d72eabdc57bc6e8ca09244d6273cf371f15d9882993f63ddbcd44b26b149 |
| SHA512 | 4a204bd88bfc8143fd18246e8bcc5f3933de4476a9f65b702c5a47ef5ed479d70890397a477b4265077e1e307069ddbab87c28838a9746a5020381b46ffa3090 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\FFF2AC76EE8D16D89C0E6E50F25434B5A9F5E8D2
| MD5 | 6962d35cf1bc09a508afc1363d9f94f6 |
| SHA1 | d8bbff0343384d46792fca6150f378412f53479a |
| SHA256 | 1c83f5e4bcd6c8117ea3e638d787867db6ae0103a0179923e8ac1ee194cc0f05 |
| SHA512 | ce45f62c485f1caa7f20095caeccac41a73a8dee377e3fb737b94073d82182f740fab04adcfa9f65903bbe70bfbfdd056b0286e86b427b69328c90ae26c84c10 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\055EC58BC36C089C877093DE21934AD3513C508F
| MD5 | 10031147b51c8647733debd144f8216f |
| SHA1 | d09f317f8ecb7c60a002befd59ede01a0808c1ab |
| SHA256 | 9b16ca56e50b74ae6bdbc4eaf8312d5c867bd08fb9401ba1006a0e116f5e74d4 |
| SHA512 | 0ffbf8086f02fdff914e67b576d79acf54337bd7895d36a73a8a0645553fee6d33dc4e52542751ee243a062450e61a8f1210a7ebada291c01fa4587f491cfdb1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0
| MD5 | f5bf7e1982badc8543bd0494c9fa1a90 |
| SHA1 | 45e676fecd5557572281a978750b5048a680575a |
| SHA256 | ccb58fa0c1ed3436bff276d1c30c6dad27c3ba1bad94fbe9ff55e8e67ec95a8a |
| SHA512 | bb6612ae2af7657e05bca428b889ba482d83d6e1cda89006e4f8092ea244eb43420ca18d7c6e1b69594c5ccad6e3a9e0962757e0c86d93dc2a956922f6a6f3da |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 11d3cdabfbeffdfef1edd34b413c8b11 |
| SHA1 | bddb753fe67a2cedbdeedee3bc9f1a19c0e20d01 |
| SHA256 | 110cd217056a35d4bd9f6670ac59037a76ba93cae754822d978a4168e0179a50 |
| SHA512 | f85b3a7cd859087e02a8a8bfc9b433593f461f5d6aeefa8dc54fe91cc6b1e111518b954a82532992bdeb749ce6a55e5a2e5525556b92f3ae7a0b7005219259d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
| MD5 | 343a464e182fb572f163f483fae78d48 |
| SHA1 | b43fb03b07aeff8b0cc47e03730d74d055ef01e3 |
| SHA256 | 38e6de262798b4e3b6fbb1312f57cf06f5d570db342ff3fc5ae2fd9a8d08a71a |
| SHA512 | 17821f1611cece9145fa9d7bf84b6061835646b6763733bcd2dc7cbf8584784ca5fd01ca2bb86c63b2a087f1133f8112ade0c52e6726f70703e63fda536b8dca |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\A137BA4146A6603CD6CE0D91B6AB860E79FB8DCA
| MD5 | 858b83cee69b486a0091b54147a307bb |
| SHA1 | ab21dba4070e195f54b9a3ca2b804f6b42e77a50 |
| SHA256 | 2db1d2f2ea36490b55488e5696ad50f4edef9b921c7da417ff5ecb463348fe96 |
| SHA512 | 95650c21396ab3c92c9d3d456d8fd7723f501618fac20e865d2d84b34d9e16c175b8be22b2c198edb2a466105647d936990ff3e8963758261a675ea7e9f91701 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\ED9826654AE8BD972BDE17A9E0A449D3F881E430
| MD5 | 9ae286085f7017f0537f03d39947626e |
| SHA1 | 6bced8c0cf928cf0048cc9259e62e6c11d4b5e88 |
| SHA256 | a9819cc4ccc6764cdcaa54e60263219c6a53fba4a096a8b9933f669f5f55b622 |
| SHA512 | a02a91dda753e90fe5987cde2da3f93837b6202f939ceb35612de962240f3068e44174b9a1cb422f9456c76be38910ddcfb6ae01c09bcd2932d3450c03593387 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D4B8C2FCDB026A1F938FEA8B5461B6C301A53E06
| MD5 | 2a0e4cef2edecfaed4439987ca899960 |
| SHA1 | 076e73b909b05728f785290ec148fbe9b97e0a1d |
| SHA256 | 406c211918a45e61307c76618e970494ae83fc53e950cd8c717329c9847ba3c7 |
| SHA512 | 7c2442cce8fa75347e9d321c6685934733774a196219b5a8a34bab30a9132dbbbd6c885c9ccc39bdee86650f320e8b322a4064d511e522180c348c63e6f1558b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D1F54868649597D102C19A7E0E7B84BF072F3BE7
| MD5 | 90f52e373d8d8793820ef47f5c153f2b |
| SHA1 | 5025b82342762bd7c4a9f902b06c4d0e99767e41 |
| SHA256 | ebc58467cd1ce3ecee88341490ede0d7d0a9ccb87a4004deca90dcd5f9a9af37 |
| SHA512 | 91a5c63c158203432ff90996583bc2d2d05f14869f606a697b7b6273f4ba4caf6614caf9ba6d40dc775b7ca83a5b0735493a91d6e93c016ee3de8139ff14290f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\7773BEB02797923498AF486EDD878A6AFAEB217A
| MD5 | e7a179a1a34fccf219f82b7d7d18d56b |
| SHA1 | 4dcfdf89c901e6950303620cf90600fef972646d |
| SHA256 | 3a3c363600535ff6284bdd2e2b3bac71812798ea6659f24ac0a42bdb95e1b15a |
| SHA512 | b6319ef17935dd6df999981ce1c48aacf88cbd5e9e088dc15e71443962d8eeca728d045d961e10cfd22c8db6e7babb6eabc5a139d46c2efd7bc175e42db249be |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D99ED0DDD8EE3E9503FB982D009AD03975591B05
| MD5 | 9d5fb5a6452b736c50b9e27b92ecd334 |
| SHA1 | 7cffe797cb620d98dfcdb318e1f6325ebce69379 |
| SHA256 | e3fd0f9184ed5997849907bbf50862c363c0a5cebee555ae23ff2993a3bb935c |
| SHA512 | 104589e6d793d3b59fc3132d1b3f12a9dd4f42f828c4e0949e0695a6bb68b81dcef159e76080e07718e52dbb89d40dbf1fd338319ee2e5be1623f655111ccb69 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\3A0B5DB873FF6FB94853CA97448BFCF17B6038B1
| MD5 | dd774b20bfbf2e6af368dd48f8570b4d |
| SHA1 | 17ab23c7e0fe5cb49d731686255046f3aa5d0610 |
| SHA256 | c2e2ba57d55dd5359d0d464dae4f33cac12cabc321e7895df8d5e7abaa038d1b |
| SHA512 | 9fd1c43fb13d5ae26ac36170ea15de0baaa45cd17a15001b3ff3d4666a0a96c2cbe35a5ecace7ab1f1b1468b2587044827158bb0cb06017e162538f6e97073e5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\CAD234E6F80653BFAA6106865ED86C1A281846E8
| MD5 | c86f884d0ae0400957d3cb2b6586ecd3 |
| SHA1 | c99af8b20435518c773981b88b049a272b873ac2 |
| SHA256 | 786360a6a3946d6983be69a27d9c16a3ec6236f81a85310cde26c79c5ac3bc2a |
| SHA512 | 78172fb0e77487b85bd41d44e75ab87b6175244b374092b7c30459fdf4418b7b6fcd65e73dea542d639a9d42d0784284853c393e1a29a39cfccde6e8a26ee786 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\6D93F397F808D9B5B6A044A862270FAD68041D1C
| MD5 | 1b57fe54486e75cf0c35fce59bb3b7c3 |
| SHA1 | ebf83c50f09ed1167717e809881905bf24ca0bc9 |
| SHA256 | 364c134303a6b95feb8d719a8a28b45afe257ffc8c6212d51ac899635eff3514 |
| SHA512 | 5ce042bed9cc45e6bfe6e3703e6f0232afa924b36aeac9f8fb9bef74f6047eb84a9a73297644373183a06b378a7203f3cfafd9963bcb8b406fa01ae9f5346359 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\35CF8F0BACAFFC9656F3D3134E049835542C83AC
| MD5 | 6a40d72450e01a3aef7e5a98e6d5a645 |
| SHA1 | 6c7e82d35c2b34bdfeab14c227c844abe5ef14e8 |
| SHA256 | 51aaf33ba85962ad136ca0b0a02b31ae1d0572ea23bf05b639902376914389e7 |
| SHA512 | 0f2c1d4b2f249c62c6ae31785335991a915152f055ed4e9cadb957e9730b265b0285efa1acc5cab1c594bd20c75080077d1ea33e3acd02d222ef5777d659683a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\61847B0907F16C6108F42A50E4BC8D7217A03E15
| MD5 | 1e3b755f6e6cd4239a33bc7d2f3985d6 |
| SHA1 | 90d6bacce48df26d5b39f2091a3a81e9f25fd883 |
| SHA256 | cc62be14b29f8e2bafe336a974ca3c0e3686f5e33b02b3d126d57353a289cbf4 |
| SHA512 | 59d55b7158af73f710602a32e4170b3327cbf0f98b6ad0c2004ebf1845071c8c275edd147459ada33a29c3d2a8cfc7ec27c4060ff4b730d08c0f36a765aba392 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\AFEA3AD40ED02D43949735ACC31BF7FC8F9BB2B7
| MD5 | a85d58700d6da73b5f27fce05c9b742b |
| SHA1 | 0c1c1e518430828f35a62a97c7ba2b02cee26e27 |
| SHA256 | 08c5ccf5023a3f3dbd8eca20d0717b5d4a45bb7afb0971a2d03722fc0da07523 |
| SHA512 | 5a92a8e06c8cd8a33a973ae45a2a189751328c313d6fa1090affe8361afff78fb7045d1501aa07866e8149fdcb314997a92a9b7732950043161e5088df9619b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965
| MD5 | 47b6c3991be0f262d6f9438614f9f213 |
| SHA1 | 75a51cefbabf018f98b121d2adbd219557a497d6 |
| SHA256 | ced60a993ad974222acbab05715aa2dc634a86b4a777a65cb825981e523ce82d |
| SHA512 | 761c5078374081fdaaedbc2f68850845bfeb1a9af5be0ca531870bc904a2b8c0e1516521959ff6991e298825b5817f99d421ebef41ab8ad1793ad7a649065866 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\F3C72925CA04EE108F42FCD7A7E9E2CB02044C3A
| MD5 | 43adb5ee3cb3a06cdc7871adadb07144 |
| SHA1 | 6036c79f67fd74c5e609c17b3de70f72dd972a15 |
| SHA256 | 1af32db13e550b73224e1e49d94d1ecab16595dcf5a2997540922d159ac5338b |
| SHA512 | 732e399a50f5bed43cda821de200bd45eab14755de507245e2ca5477909135ea311e7b10e4583e9dd320fcbb86f1c9985c56b2650fc4842cb69bef32bfb5ba9b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\2BA8D50BAAB027C18285F56256934D05B106DD59
| MD5 | 5fd30d64a6b314c92172a5fea444c803 |
| SHA1 | 03ea6e1cb228db0e61ebe33d2ba09d9851ad0d99 |
| SHA256 | 936b243d3455110c8eb5c07f647ef12d0975fa219774f37f81434e138339537b |
| SHA512 | 777c82d6d6684e8fc3bcb6020909b19cb6c2e9435a3171e26869135686f6c1000fefa5e65caa484e9a0ab85ec4d70de637312971aaf20bb165529194a6ae5bbb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\2965D96516D0B7717C392A6142608AF6D5C501DC
| MD5 | 8ed861505163c1ce4a04524d7202cc56 |
| SHA1 | b731a696c0273941655c7aa52dca7c1e9bbdc78d |
| SHA256 | d784cf7ea07ad53dab23f36cc2f2bd98d4f057507045939b7be4342cf940c895 |
| SHA512 | effd19193a96cdd60f9c58d0623b07b1e5516c1d89798a7955dafb51f5ad17238768a5de46a2a8ed028facc3b592f6b0233bcf98bde4254e0c8950f9aff1cd01 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
| MD5 | bab19cd7ba8004330b85587eeb66bc3b |
| SHA1 | 08cd813323da1195f08bcb8fa47d5cb2e031b6b9 |
| SHA256 | 83f6241245343bd4cdc375d32d219e50382958a545c83cd4426c900a650149b3 |
| SHA512 | 433a5515b6629277405de23cb012b81d9104e8d2f3820bb6a2d8c1932bbdbfbe4868fbe1b0960d0578a0b677dda9f726b0caedcbc6bde2379536d932b889382f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\B38D561328085A426A5E753F7697FAEB14208024
| MD5 | 41b514f9ba8c69aea54b6d7bc4e2699a |
| SHA1 | 4f4dfed69a45a20d43a83f80e0257ed875baff41 |
| SHA256 | 354d92b92e20e420b1ee18d8120bafee3f3426b816edf65f46259f33ad1c0ef4 |
| SHA512 | 016b054af1827d231ac0682691da6f01bce4ba7c2e187de8ea07a389fdb62c036eec59222bc9e16eb9968aad72aa678021009f89c45cb4116992cab136ad9163 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\7B2FF60388B306A9378122F65F064A1B8F966B2E
| MD5 | c0e3638196967860f5b9386f5a6c059f |
| SHA1 | 5ffedc5ad006b9272cb62e200198bc0c598b1af6 |
| SHA256 | 35ded87bdfc0b759b64b777487fdbac31defd556d3a222d9162f7555e735f527 |
| SHA512 | 4bf916dc4c8f7a10df8a0c85a74ec64ae764e24b20bd0a7612826e84317ee79fb734ded597669be010c1364bfa1b8b4988efe05d084a2718acb87cbaab6fc1ff |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\3A1485725BB37531A2001C4CC6DA67F980242435
| MD5 | 82630eff54edfe38e9d5736fa9f2beec |
| SHA1 | bada41ed6be4612e5d050b5da0b8d613109ac005 |
| SHA256 | 5fb294548b5327eb9f0923fc641214a835c45889504c9b893ac4873aae7da6fe |
| SHA512 | 40e2f3f4541b616636d7b3b6987494d419d118a61226643b581a64b64c472944d2862a66944642fc8fa1985f24c8689f09a360570b79465d055e0ca9ad49c25b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\58141F9F89D46AD78DBA12C6B96B8398EFFDF6EA
| MD5 | 77d6ac3e66ab0af714474eedd4433826 |
| SHA1 | e442a94df4789dc89714dfbbbff35a507c36a8bd |
| SHA256 | e0877c11c7cb6aec9e89aa34ed48571ab523ec56f2c6818529793909766c628a |
| SHA512 | b7e2233772538f1d6b98e0a564aed3bfbff3926575196b9ceb6b7ab79da0fd3b16169622ca7f2beff0e4a1e260f97ec31638afe249a8f3e72105cd4e6592d277 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\8400691AB6C4DE72799176C51DA4200AD9AB963D
| MD5 | 5130d3f3e5a4c65b6dd173902e47918f |
| SHA1 | 65171f289eac082d380c9a3ad9978767ff9832ea |
| SHA256 | 22f32c4feacbbc7a0b9a515ae052ecc5466017895d8afd63550a0633f18b3861 |
| SHA512 | ce2a9845a24a360ad3ab8a05a41271c60c99ca1cf9f438d2c06b247d76dda53410766231c9f07485ae78f3128b9073c4044460ba44b8eb4716c50f4421e1981d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\5223F76119195AE7AAD313BF9CB5180F294B1E63
| MD5 | 669bb7226ccfda6eac19b6536d78c844 |
| SHA1 | 793ce552d8636a9358b5f5b2ecb96d87e4ba1a58 |
| SHA256 | ff60f1263c8802ee0a88f655c98143441dd32af03a9565c248fb6b589d39ac66 |
| SHA512 | 374e18d4f640378384a14d64c041ed8f93f08e4995769c2c229e460c4cb1972f6b92e636bd7780507929d1f6b2ce2a5b94ff9d62b6f4e17bec6b5b6d2516d8b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\A3B41CE49D6A1812263F7813927615F6CE4C4110
| MD5 | 5970c2e180da2e6b96fe1e1b6ca8ab9f |
| SHA1 | c5d42756daee5361a0f5086794a77e41494e48f0 |
| SHA256 | 7ac08743f1588db8888e09e4bcdbc273098fc043677ad7f03786baac0a3e917f |
| SHA512 | 57a88f5e8f3447931d45cba10bf30c90194328d04e2f3f65ce0b990671e4b5893199d9a794570467262c19da50e40a830c0337097d89e39029fd11c0b3e9b917 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D495DB5734A8C0F4624B62C4C0BD7955BFC1A588
| MD5 | 9c9ae068e5b652b071785be42f6f91a2 |
| SHA1 | d85f16bf1bf75e5e3bade460b0d7ee58b72775ec |
| SHA256 | 3ca8c0cac0b46537c62faa60a80eeb3350d5f681c461517e996898da1be722c4 |
| SHA512 | 0de5c7c12177ef4fdbc9749d01e6c1b63da346491c5a486cb06ae83b9e05d9e6bfca9832ad530dd2d5a39356c5089acd26f9549cd050e1c9e99362d9624ea1db |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\D29550A6FA433E726F125B38F66390C5A7BB9F7A
| MD5 | 6525be6017262b25c2296e8d3028ad38 |
| SHA1 | 09b16416e60b437fd85b594677ab9fbcf91c38e4 |
| SHA256 | f8a247b5c4118fb5e00dd8f274804c642e906ced59cfcb807dce8f3129b283c6 |
| SHA512 | ed94c8f5de8fcf21c56ab3766fb2566322e0cca17585e5e79587293a4333526d952ee8c537e1ec0b19ef8891e59d0ebe34a7431abbd1db2003c6e4e6ca5a35ec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\B9D759A7070A9F97D578873A5BE056B5EFC6D70F
| MD5 | 32afb51f14a93839c246a0b0e7d90ae9 |
| SHA1 | 9086c6f1cf750e31ef1a30b2b5035016e0c56b8e |
| SHA256 | 62e931a905e03ec2c41b17f539eb94a0d7ee815db0f2c6c03b52faa63f7f46cb |
| SHA512 | bd0128ad05d845ecaffe450b457becc89c09070a137f4465b3154aaf3202558a795c47cb72ed432701420b00acbb642185092a40c588958111d6fd4e5a1d1bc3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\1EEC49FBD05A4658E27FECE4195B8E31BA150BDE
| MD5 | 93320903b5be576be0aa76cdcf6b10d2 |
| SHA1 | 90f72541d7f9501fa02bcd47a39c04a351093687 |
| SHA256 | 98d84e46b34c48bf6ec67b858edfd0e80221998dcb282dbf47fc1f4ef5b72897 |
| SHA512 | c0b15e7d8ccd0d8085e163fc29b4a90e36424ee31a2bef06bf6fde2a8ecbb01ee62d8495e4a3763f89e37d80cffc15fd1c49d15094c088a5b37ae1d9b981deb5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\E4A5360EAF7DA590B5316427680C6791D1348130
| MD5 | 89a6b3fdce147ce02b35fc9c9f6a5a17 |
| SHA1 | 167167145ead9d31350c410daa0f342751551449 |
| SHA256 | 6a28df43b9f3cb9aa3be50324d31a36e82de36d5c579317aad4f1bb23680ea40 |
| SHA512 | b213e03ad1c264c1401cc78d9d053ff334af604400a21eb05b195f80cdc011e25ffec8c59e3d08ac1d3d6956fed30e1f21d8af832d6a1902585b120a455e23c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8
| MD5 | d2cb44b29375d5547bf07d3f4514ce01 |
| SHA1 | 07da4053f771aea4ab8aefb76742117d7869c8e3 |
| SHA256 | cf3eec1b51a0b3c7e71f61011a7e7ec3fff8e6c4eefd14316bbf53cdb762438c |
| SHA512 | 77834e2bbee95dd221cb2e924962e9da2d50f479b377d6f3db888b463fa6fd36d25057584f9a67deda22445f7b5f2d6124646cee31c08ffe31098c8fbee5e2fe |