Malware Analysis Report

2025-01-03 06:38

Sample ID 230813-a6dbtagb39
Target https://github.com/LimerBoy/StormKitty/releases
Tags
stormkitty spyware stealer vmprotect
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/LimerBoy/StormKitty/releases was found to be: Known bad.

Malicious Activity Summary

stormkitty spyware stealer vmprotect

StormKitty

StormKitty payload

Downloads MZ/PE file

Reads user/profile data of web browsers

VMProtect packed file

Executes dropped EXE

Looks up geolocation information via web service

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Kills process with taskkill

Delays execution with timeout.exe

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-13 00:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-13 00:49

Reported

2023-08-13 01:03

Platform

win10v2004-20230703-en

Max time kernel

852s

Max time network

857s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/LimerBoy/StormKitty/releases

Signatures

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A

Reads user/profile data of web browsers

spyware stealer

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A icanhazip.com N/A N/A

Looks up geolocation information via web service

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133363613707297672" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\da\Builder.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\StormKittyBuild.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\da\Builder.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4144 wrote to memory of 3656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 3656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4144 wrote to memory of 2836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/LimerBoy/StormKitty/releases

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff288b9758,0x7fff288b9768,0x7fff288b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1848,i,10725186753907825504,2298891426507755750,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1848,i,10725186753907825504,2298891426507755750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1848,i,10725186753907825504,2298891426507755750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1848,i,10725186753907825504,2298891426507755750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1848,i,10725186753907825504,2298891426507755750,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1848,i,10725186753907825504,2298891426507755750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1848,i,10725186753907825504,2298891426507755750,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1848,i,10725186753907825504,2298891426507755750,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\da\Builder.exe

"C:\Users\Admin\Desktop\da\Builder.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.0.1568942369\814317980" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a627d92-0523-415a-b235-8fec0a63621d} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 2000 240435ee858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.1.1466993509\1635512275" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {865a295e-84a2-44cc-97ca-e5df6b41ddd5} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 2380 2402f972e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.2.1786140675\227362508" -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a5e17d0-837d-4fbe-b562-4345bed1a2b1} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 3096 240476ac358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.3.1584552966\1088410402" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 1052 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3e8337-8384-4c96-a537-c01fbf148ff0} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 3524 2402f967b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.4.896563639\599857879" -childID 3 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fa09a77-816e-41e3-904a-d1125ce97036} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 3868 24048534458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.5.1186884348\1376739363" -childID 4 -isForBrowser -prefsHandle 5284 -prefMapHandle 5268 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d500e2-6c98-47b4-980c-94890cf82577} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 5308 24049bbb658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.6.1556006867\1305518460" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63a92ea7-5c7f-4c6b-84bf-cc51b7cad5f0} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 5444 24049bbde58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.7.1207329965\432710904" -childID 6 -isForBrowser -prefsHandle 5736 -prefMapHandle 5724 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1f81457-49fa-49e8-a341-ae8c634b7470} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 5744 24049bbb958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.8.707363360\447595648" -childID 7 -isForBrowser -prefsHandle 5668 -prefMapHandle 5684 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2612512e-94b0-48c1-8173-a2c16327654e} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 6044 2404bad8d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.9.1262904364\1481697753" -childID 8 -isForBrowser -prefsHandle 5496 -prefMapHandle 5532 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6063746-7851-4185-a369-49333e362b03} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 5668 2404bf7e958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.10.514033473\1686981490" -childID 9 -isForBrowser -prefsHandle 5008 -prefMapHandle 4632 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abf8a2e7-75f1-4437-9858-eac08ddfa9c2} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 4192 2404c1a7e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.11.1874402631\941760316" -childID 10 -isForBrowser -prefsHandle 5864 -prefMapHandle 5884 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b3bd199-6145-40b7-84b8-796efb509073} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 5528 240499e5e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.12.1584226169\181256191" -childID 11 -isForBrowser -prefsHandle 3380 -prefMapHandle 3928 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f65e3f52-71f6-486a-8c2e-d6ae0fd997a6} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 3008 2404b4b3858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.13.2137423873\683252897" -childID 12 -isForBrowser -prefsHandle 6440 -prefMapHandle 7012 -prefsLen 30600 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09164b94-8a06-4fdb-b131-123af199f93b} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 6392 240499e4658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.14.659773527\654691554" -childID 13 -isForBrowser -prefsHandle 6844 -prefMapHandle 4668 -prefsLen 30600 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89c484b6-4fd5-4e8c-aafc-e759c43f8566} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 4848 240499e2b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.15.1385407060\1628578535" -childID 14 -isForBrowser -prefsHandle 6004 -prefMapHandle 6092 -prefsLen 30600 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ceae0b4b-a88e-4485-b8c1-2c39d18b8387} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 7008 2402f930258 tab

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C title Confuzer && color f && obfuscator\Confuser.CLI.exe -n C:\Users\Admin\AppData\Local\Temp\tmpD12F.tmp.crproj && timeout /t 7

C:\Users\Admin\Desktop\da\obfuscator\Confuser.CLI.exe

obfuscator\Confuser.CLI.exe -n C:\Users\Admin\AppData\Local\Temp\tmpD12F.tmp.crproj

C:\Windows\SysWOW64\timeout.exe

timeout /t 7

C:\Users\Admin\Desktop\StormKittyBuild.exe

"C:\Users\Admin\Desktop\StormKittyBuild.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profile

C:\Windows\system32\findstr.exe

findstr All

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show networks mode=bssid

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp68A5.tmp.bat

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\taskkill.exe

TaskKill /F /IM 3980

C:\Windows\system32\timeout.exe

Timeout /T 2 /Nobreak

C:\Users\Admin\Desktop\da\Builder.exe

"C:\Users\Admin\Desktop\da\Builder.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C title Confuzer && color f && obfuscator\Confuser.CLI.exe -n C:\Users\Admin\AppData\Local\Temp\tmp6E5F.tmp.crproj && timeout /t 7

C:\Users\Admin\Desktop\da\obfuscator\Confuser.CLI.exe

obfuscator\Confuser.CLI.exe -n C:\Users\Admin\AppData\Local\Temp\tmp6E5F.tmp.crproj

C:\Windows\SysWOW64\timeout.exe

timeout /t 7

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.16.230649258\1210755085" -childID 15 -isForBrowser -prefsHandle 6972 -prefMapHandle 2852 -prefsLen 30842 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32fbf6a8-2e98-4d55-a4ab-6361a1cb08ae} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 6416 2402f961058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.18.1602943792\2019309593" -childID 17 -isForBrowser -prefsHandle 5008 -prefMapHandle 4632 -prefsLen 30842 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9736712f-e8a1-432f-a61f-5ef9769b145d} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 6540 24049cc2958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.17.1951097305\2005430254" -childID 16 -isForBrowser -prefsHandle 6616 -prefMapHandle 3376 -prefsLen 30842 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d395cf4-68a1-4bf9-8638-e304a0f36f10} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 6444 24049bbde58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.19.1691970097\1775920" -childID 18 -isForBrowser -prefsHandle 7244 -prefMapHandle 2988 -prefsLen 30842 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49dae867-126c-4805-9311-2469811da222} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 7252 2404b9c1558 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 140.82.113.3:443 github.com tcp
US 140.82.113.3:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.6:443 api.github.com tcp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 6.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
N/A 127.0.0.1:51315 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.211.118.46:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.117.65.55:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 46.118.211.34.in-addr.arpa udp
N/A 127.0.0.1:51322 tcp
US 8.8.8.8:53 yopmail.com udp
FR 87.98.250.141:80 yopmail.com tcp
US 8.8.8.8:53 yopmail.com udp
US 8.8.8.8:53 yopmail.com udp
FR 87.98.250.141:443 yopmail.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
FR 87.98.250.141:443 yopmail.com tcp
FR 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 141.250.98.87.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
FR 87.98.250.141:443 yopmail.com tcp
FR 87.98.250.141:443 yopmail.com tcp
FR 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 partner.googleadservices.com udp
NL 142.251.36.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 partner46.googleadservices.com udp
US 8.8.8.8:53 partner46.googleadservices.com udp
NL 142.251.36.2:443 partner46.googleadservices.com udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.250.179.194:443 www.googletagservices.com tcp
NL 142.250.179.194:443 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 yopmail.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 2.18.121.73:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-4g5edndr.gvt1.com udp
DE 172.217.133.231:443 r2---sn-4g5edndr.gvt1.com tcp
US 8.8.8.8:53 r2.sn-4g5edndr.gvt1.com udp
US 8.8.8.8:53 r2.sn-4g5edndr.gvt1.com udp
DE 172.217.133.231:443 r2.sn-4g5edndr.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 73.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 231.133.217.172.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
FR 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 yopmail.com udp
FR 87.98.250.141:443 yopmail.com tcp
FR 87.98.250.141:443 yopmail.com tcp
FR 87.98.250.141:443 yopmail.com tcp
FR 87.98.250.141:443 yopmail.com tcp
FR 87.98.250.141:443 yopmail.com tcp
FR 87.98.250.141:443 yopmail.com tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 icanhazip.com udp
US 104.18.114.97:80 icanhazip.com tcp
US 8.8.8.8:53 97.114.18.104.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 149.50.195.152.in-addr.arpa udp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
US 152.195.50.149:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 api.anonfiles.com udp
SE 45.154.253.154:443 api.anonfiles.com tcp
SE 45.154.253.153:443 api.anonfiles.com tcp
US 8.8.8.8:53 api.mylnikov.org udp
US 104.21.44.66:443 api.mylnikov.org tcp
US 8.8.8.8:53 66.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
FR 87.98.250.141:443 yopmail.com tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.34.21:80 virustotal.com tcp
US 216.239.34.21:80 virustotal.com tcp
US 8.8.8.8:53 virustotal.com udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.34.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
NL 142.251.36.3:443 recaptcha.net tcp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 recaptcha.net udp
NL 142.251.36.3:443 recaptcha.net udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
NL 216.58.214.14:443 analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 216.58.214.14:443 analytics.google.com udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
NL 142.250.102.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 157.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 ghs-svc-https-c46.ghs-ssl.googlehosted.com udp
NL 216.58.214.14:443 analytics.google.com udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 getpocket.com udp

Files

\??\pipe\crashpad_4144_QUUTZNCMDMIBFXZT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\Downloads\StormKitty.Builder.zip.crdownload

MD5 e6cc4e35008385622b3f2d33402a6ac5
SHA1 4a3642491f75ebcbd19baa14e952ce841bdcb267
SHA256 020cb841563eaad7dd8057e553711b675095243c61cf0a3cd49e42d0f65494c3
SHA512 13db1400e73db7396118b8863a81937d723f0a1167c54b4cb430e24f997d2a02487ceaf43294fd5c484f5798e8c06bebe0e6fe3241a196a8400bb74399f52e40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9f00ff961416917da1e933b8124b00c8
SHA1 c443f6ad7349b6dbc2d31da8eb2c539902a8da94
SHA256 bbb1e5e24ec6d936eecac60c0df04f4ac10352c4fad289400ecd03588e3c8ac4
SHA512 8397a8e2ea692ee8b026306d1a4b86506c5791c8c038b65b925abdc3b263044688f79c7b4a85d52c4a4ca486dd5c849f3cb1a70a013392e151794fac0fe8a4b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 847646104d0db0d31df6e81389704ef7
SHA1 11cf2cc6be785ae4ec6a9c0324e690931761c42e
SHA256 80d2c6b129038f3dbeed37a2e48821c5ce85efbd138c72d4e35df13fad446677
SHA512 f83fc87ae14ce42ed51fa460cc3a51794e7070aef7b3b1fbd4bac9f6998f6e624a605629341a738d74b3c436114bb9ee5f544f017bc3b00e2412ae797dcca95a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 23ab0f41566736c5b7855d13cbccdcee
SHA1 9584ed16443bcd150fb2992356029ec0927223d9
SHA256 7414bbe7286f4f3b44d6d7afa424a53719a9baf2bc04bb54d87734e6c6fad0fa
SHA512 24ede7a3a8b6c8e4154f4438807223a32f1d2445ab647231af93a1bb23e05f3f2276e7eb06eefe4e9becdd1d3b6e6fd1dd6c56983f1177b04886402d9374ffad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 702e5a9c1aff66b0147be991390e7fa5
SHA1 9a7933c9b47a4855a3ed20aa7989fc562584cb98
SHA256 c447a809aa7ef52d80cc11c96e9281244e2e701836d5eb6d09eaccc652c2d166
SHA512 2c87a93eda22bafe406173817622c2863ddecee1f9490f3368dfc912774d68b663649f6922842ac93ef123febe9e5add14e0357719310be21a371001bb7c7e47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 18c3ca69cb8ba56233d8a0f4b127420b
SHA1 a812ac555283078b017b24906fd7eaa2210e158a
SHA256 927e2f06f0ce71574fde4f2cc43d3070d68394be3c2efb0ea6093d0684832ecb
SHA512 0772d010efb8c4d86151ec7e3a632bebfb6e8695d7819068156225e9b7c3fc8a83141d74cd914e791965372f7fc6e6ee3333e58f328c578fd36fd7125d0be3c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 008766271563522e141195e9095ee496
SHA1 f7efcc0d14cbbb4df86b4d175b145c6edcbc546e
SHA256 c5cf406010a9c0faf571cd9fa57d92e15e9a0fa100c3d74f3eafb178dc81e30c
SHA512 62b9af8dab453604d1887faf3f0639e515c81a066b439365822d2942ceed2d2b068359460e1aa175594c8630b21344f025497b9bc77b88af222eb87e3b12dbd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9e9c57091c1d7b04d6a15fbaa8d24d8a
SHA1 c964641a67e3a86caec76367c5b1d2e6605cb0e7
SHA256 fc2eee3be441f71698198f775b24eb4ed34efe38adeb4eddf333cc8a28b013b3
SHA512 0ecb43f2c7647623cd7221dc9df57f69b5f08d080540a00b3e92048b877899e9a2f2afa13c53a328e05c1144aeba8bf3e9c7e9f27c54d0da9f99d5a897c5ad67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/5044-352-0x00000000003F0000-0x00000000003FE000-memory.dmp

memory/5044-353-0x0000000075150000-0x0000000075900000-memory.dmp

memory/5044-354-0x0000000004DB0000-0x0000000004DC0000-memory.dmp

memory/5044-355-0x00000000053A0000-0x0000000005944000-memory.dmp

memory/5044-356-0x0000000075150000-0x0000000075900000-memory.dmp

memory/5044-357-0x0000000004DB0000-0x0000000004DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\activity-stream.discovery_stream.json.tmp

MD5 a6a541490fec47431dc5debe13192799
SHA1 dfbb6828cd87280e62af551a54c185941e267fa6
SHA256 67837246529e1738b3eabf508081d7fe1ef516aba5b10bb64dc2741ef4faec8c
SHA512 89246af4973827d24f56c582884065927b4307cca6d9c681bf4515eefe0af90b46dc9bbd39f09da7d024afdad3c8f7f8e4caefd0af79971338717746bd49b5da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 19cd54f376f07c9a0afa62cb8472057b
SHA1 0e28f9d386dc57b391bc1d77b39424452a986fee
SHA256 8d483cc1fad2574233353e3e99c09e413544fe57cfafe4258c268b2570899afa
SHA512 dda58b9ef107c05a8b3630f32d65b49b2c26ead03013783abda977b6c684748205dd168fb700085087a1ddf4125c3603527e7bb6c4739e0e2459cc1be1c8c774

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs.js

MD5 acab0b0c25b66eade4d048971b9bdbe7
SHA1 e2ba197a306cb528ed81f5e61aa5d6ec558a9219
SHA256 ac1cd2fa69f230b3477616010931a7d6228c9016fbf7b19e95262f76274e2afa
SHA512 221d0beab7e253ffd21088b41f49167a2aadbba9c4e79c27e62c6c57faf11493ca0d53bc9974cf97355e8c7516746be210178f79e22a65b4477e118a41055226

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js

MD5 fcb2cee7c39410ad2aa1c005e3323a85
SHA1 4738d62f796de42880acd1b44b2d362b2c3d183c
SHA256 d282316a179cc341c2861a34d5c233c7b64c7ad3c8f4baccd0b4fbe1c587ee40
SHA512 f22b91e09c8ee2d5a56b1efefe4f3b8e934a051472d7c1afc64c224957b775ec0e54d51e82b7bb6272d74193f89c7dbae05a1e5277029b13f2071d09dd9106f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5fc8b2ffdc5ad818a4c5e64886554f88
SHA1 72f343e72f6dc7060180cae4d89940eaad409dc4
SHA256 cf2b59441bc429c38b736b27debdf333b06c03bd4faf723debf1533fe1ff3fc3
SHA512 b9a84b34c5c5b9a11f034bcec3f124bb2661735ca7174c5c34fb53669206ed80f351a20d12010bdcd4170886cb87a80809081c44cb7404e49ea36c6c27c61967

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\DDAA9644C71558104ECD038997E9CC41EC02EBB9

MD5 74126d7143cece616d389636b101dc7d
SHA1 52ad119a57196cb7f59a61714a6de526b8255635
SHA256 46bc6e124af9898e5bb6783cca050daf72aadab7cb3e2812c7a828f565138d40
SHA512 852d2cfd3ebf155d0de6a34b8173a173c275cef32eee865ab20399239da8cb61756f1e2e2498c7c60054dc7f009a8cd7da8384df982afa379ad6f2a73ef0dfcf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\1168B24A355F407F4127FD2FC08C4DAA61327A39

MD5 d3d77da9a98bd85dce61fd5e174d0a2d
SHA1 036418c149328a11b9d94802e651805697f513f4
SHA256 f41bd4374bf3636ef587b89b69066f608fde33888c58ceaa256dc914d35968d7
SHA512 f2bdd63a5221708c357863a9703574c8b2c695a8865456b5b83d639c9cb2607703ff7615ce0d64469f06ad64dd8bcd37da60272c549679b134357c8d72b9e3a4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\17B2D32A97BE56424C99A462598468834FF8BCDC

MD5 aa4b6279ed1886edaf7d819f99d86e7b
SHA1 2ca4688a86ca0e276c956312e08ffa9a4636abcc
SHA256 9179a97d92c8077c82d8ff008cc5fba48c8502bd42dd7ec3c294f1ad0ed683a5
SHA512 9118ae41f490be9dd565cab2491cb4d45e9366ccf25708121ed99f6667f51aa4c7913ca17b0030c4eeeda53fa5d475b4f4e6037724062f9f7b9e62343e1fa3ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\15236

MD5 c5401b26079e973ac8808369fc8c49d8
SHA1 c9c7c95f87685a7db65912028def124283729876
SHA256 d1653d93eb03c5b8b1ef2921dfdcab280f213aabe1eea2be9b9218ccb6fc3baf
SHA512 94b7200c59c7c2ed902980fab8b622a0416ba3a00067a6093f68b89e4559d63aecacb186c91d75d4a60bc0ddadc0ec754f1cf70c4ef3828c3fb381cfecc786ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\29041

MD5 df0b7a7dc6913b2194442a7d8fc327b6
SHA1 e020fe696200491264d29fa67cac70f12708c24d
SHA256 8e14438dee29c582b7dd155df9f0ef069d6dac31f579e3ff4304d6f65e8d436a
SHA512 d1c483f68ca1e0abb16bf9201f076d57f152072f971e6099c62c39b91d3febd22288b93db2b9a89944d9201415bdf5d1a42c0e6587ee053f0153bc9ce2db53ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\DE1CE5B08D49283ACCFE3E73258ED40DA4179CA4

MD5 981f7717b67d610c5c2e01d711e8cdda
SHA1 2f68c4ba3bab5653a852af9e085b0d0af5e777a4
SHA256 1bb402d6aa891b638033b511bb2f789f09abcee108b1b1e1aa627658a3161cf7
SHA512 cb4918ceb05c584a41f3a0f2401a955fd9bff8b88f0c9b51d041987b73f907804e34264abda1ac93a792e3d8c160afa1590d8e526493cd7dea86db6c61d30342

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\2A0DE7E0CDBDA6EDB6394117E489A6894B62890D

MD5 1e5240907df065092fc769597de414a5
SHA1 f884191018bbcf26397ea4296c89ab6c71fc9c10
SHA256 cfe6bce04bcaa899f1b5d9ab25f23a5abb5b2b18de35bbfcd138ce48981d6c0f
SHA512 3e977f85c910c7e33364256fb8b69b4c5672c4e8bdbb484656e2134f551af7b421883739fe0fda09d46bc3b903b67e1f3ee0a46a9aa37ac2471979850da2757a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\135

MD5 b47678126086506ca705e0b7b805b378
SHA1 47ae4c3b33a22438c657ba8c142b8bc6c974dae9
SHA256 4ea14ce75c129a2856b06bae3801dafde535c17899c0b1061f670e9a8dd78f9c
SHA512 9e17b25547bfaa6558eb6c19c60c339e8183685a33aa3e6eb3acf21cf94fc1c50b87cbc559c6b633ec955ebc443fd1610398914ede7f43551bbe2a7074609c6b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\18830

MD5 9c2833409f960a6a1c1b06188365b7ce
SHA1 bf5d47306831903cb9c8b606981eac9537b231aa
SHA256 7d066603ad102919bdcc1c7032143b2e356e575f89547aa0df29879bb0170174
SHA512 ee9a2b0ca03671ed7a434d7ec23b74f9c2c0717b49bd30ae1e9b7ac8ee25a19028b74dea876814cec41a012142b5ae1d977b315509699ac06932b9a8e9feaa62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\A3DAB5BA8D0E622A2404D16250AD31DBC4A2F3D1

MD5 d60036b561dcc2b522b0548edde1d6c0
SHA1 c68b307c00ac8bbec6f13cc6e5aad865031bd532
SHA256 20ec62a347b98d21f4b4183ca8c561d0045df5d35501652624af14610c883417
SHA512 758537697e852fdbdf3bdac100fffdbb760a849f406b0d74e9941a7fbb61ee4d2a046a92cf3ea67de0ecbaa099cbee7f7418210a449d27596290dcbbb61777ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\BCFBBDD6D97F1708E5FB7F988A4811291B9A5D72

MD5 34bff961c44bff465574314e4f957044
SHA1 2e05820b4a1e2fef9fff20710ae4c4515596bb50
SHA256 60922bf64f5150260b209edf9dca5a586504f37cadbfc115ce3a5186e021452b
SHA512 965a0d21c24ba21d154fe0311945a42768e0f11695ede44a28329a49f531e702852765e2cb91c8f1ad262d3316fa65b7aa02517728f7c56ef65f90279b503c8f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\27416

MD5 d7454b41613c4ea3ff5fdcc9ad3e69fe
SHA1 0304b5542257134c8b287ce17622787483490dbd
SHA256 d7bfb6af7ed484a06a89f0092592bcfb8433fdcbdf96fb6d7f7ced965246a57b
SHA512 dea10bb7efde5165afe47317f378b01621ef0d548665b77901728b80e95df0766631d7aed0a949cb9e87299e155aeb31a14e4b70c7f4cbbda9e9620c4e6f9fe3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ec6f12712eb4f201777f8fc4b266aef2
SHA1 b294f37ce8c372024bfd6f5c835de4c95b337ab2
SHA256 1031bf8aa6a989b24d02b3c170e3e813e3d610e278ccf4113030b026bc081eec
SHA512 089dfb39e98bcf08e05feef66b846788502a70534cf5df9e5aa0c41a7ee50a8ac776a584829b3392b97fe7e428fdb2ae0d35fc92009a3877205c17682e28a3bc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\9662

MD5 a15efcf6057fb20d0b7b5993c33a1b47
SHA1 69805bba4dddd6f6765d98945c76d1812b29b8a4
SHA256 08b49e967af7a507146399ba928eee7ec51a314561068ccb6313033aaa415b5d
SHA512 0c0e0763a9d3268886707c487440540a58b803b8f00b031ef643cf027d35c32fd5c4e03f05ee8805e8e7bebae1f590c7fbd9ebfd7c96ad8c46845b65243a814d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\D300D9946A14FC7F3EB4B08E33BCA151E5DE15C4

MD5 6bc87fcad011ee728c4973728c642788
SHA1 ee9d445b2b30a6279109d7c2923b7916e14f4e23
SHA256 74e680d3030f4c12396ab9ec7b1bae99878b47f0d27ae8092c9bada5c32f6641
SHA512 af886f1801ae4b85c7f2fba6489ebf8b6fc0c537bf7ad1c0e99a0ae0aaa952f66dbc112059f7af792359fecb624ec13301ed4988699eb7a811902642462ca50e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js

MD5 8778ba3040fe397d9ad11408f6c55239
SHA1 e2d42a1e62cbd0d29bda5166aec02bd8f26a8014
SHA256 53dc59927fdb22959712d6ea4db7eb1fe35920dda3af3817c35548e7c2e7154f
SHA512 bb63f6e4be573f14b5b302d31e4c74c5b93f638c3f25c581ef59fe210511b1659ae16663dbcf0183a1b6dac724072123a9022451fbedde219be300b296a8e92f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b7b3a6d6d793185df2bab747b6c74c8e
SHA1 1e4b610fb96d13edc0f5d207437abb3bd650fa1b
SHA256 5ac52163f3424312c2bcd4b7614759c42ea130ba1c87fb28ab953ad9ce7e0627
SHA512 1c0d6ba96669074509f8c5d0712dce47e2d645c4ec828315568b933cfd9ded003328cb614c71e83d5c93151869117e885bce9aa37452d11cc5beba9f8686e39c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\70DBE5F90BD35EEC6D4A07D16DB46EC38E379124

MD5 f93d24478e5ecac3cd9b1b8ff0f9125f
SHA1 d3102f50a9673a2137319640f98fc15236884175
SHA256 4186722641f8ad68c829255686d75d03f2d3995882ce640cebe549320d53a718
SHA512 3ddd828ce74c199795006a909a25244a2a5e625b1f132a488d37db617395ede9ad67a2a9dbe62568af976ae4a400504defaa77bdd0685b4c084e2d42b00201fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js

MD5 8715c157b1c2dcb03d0c521027286072
SHA1 09116a5554067c49f8c2253e32e309531482de62
SHA256 631ed7766aba951f7ccff539fef9da90c4d92afdd5e12a953bf9cfd65954063d
SHA512 b34cb36e2f4f7b4dac4a8d8300137e20db3268bc2495a0d202c45364d7dcfba011980f14d1d365509be22a87e89af21d891ab825104b90a4ddf1c79791c495a3

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 707349642dd02c6970558d0200b6c053
SHA1 18e157e0db67a7231bd3f8405a4661d50ed1ec2c
SHA256 5118b997114f715f5a0a1894cc17569bb5880162b64d3152a0f93999b4238e14
SHA512 73569fdab2b85287ed12746c7042a3bc6fedd00cff6d8b83c800270ce6db4f102e8586b3393c970d78ac5f215c2cc7f5a7c4c73d0575500526317560fec21aa0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js

MD5 e53476d2b752cf67124808f651beaacc
SHA1 6021913339e8f2c0ad07d1902640b9aa6a440302
SHA256 34510aadb4c7da6bb10cdd6a6f831e6d23a4a4a1a64cc6e12348a778a99eae9a
SHA512 e5afbb76bf526b94bffdb4c52d02f1dadd423091a35595e359e0d151c13477dff829b8f3ef6d2e0e81b87c1b542390703632dccadffcfe392cbd1ab4949d8c5a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\147E5E1246191AC165404E383F38CE5B0C49E10D

MD5 720925766a686d1b031d85c9a0c0e8d3
SHA1 4c9c35a4b7ea61448ecedb419c55b8c4aedec045
SHA256 8066da6a395a96fb1c2261bd8863647279a7725909a788c5075002ceb1b5e32f
SHA512 a1e24dafe18a5de2e9d7f64e8a0d835ad225d7e375248cc963af66dec9f8881ec7c3f1ae76e3e35e5aa53285c2bdfb644d3b2d3ae13c53c52209b4f84536b520

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\recipe_attachment.json

MD5 be3d0f91b7957bbbf8a20859fd32d417
SHA1 fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10
SHA256 fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7
SHA512 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\broadcast-listeners.json

MD5 69cd45450f25f26a459671be685da616
SHA1 958a21f4450bbbe4b9476e8ed24b9f5675019ec3
SHA256 ea2fec5926fd1de1ec171bbe83c4485519e19d1ddc49e8220db226f02a1c8014
SHA512 ee43b75bb85b7f603b044a057f4d82c53e46acd2d74c3df7db86518b60f94a611f9ca72c356ed6d5e5350c163d8fb2aa01e26968d75ee999d105e0b1a0efff08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\targeting.snapshot.json

MD5 adc2f248f2d6f9a4fb27f1775830390f
SHA1 2a77ca8fec3e13b7d2d591a4348eb5c792fae045
SHA256 787db287c7a8b001ce6abc4dec0f6d1ac52e46ca5e79b8c7ca1fb3b9da3a9ced
SHA512 991148e35c9328e52c2bdd2eacd59f29b60b7b56ba1e315fb601c9b432bd1b26f194b6ab9988daa400802457ec752068e01278f2f8523b9f3f1b14bfdfa5da55

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

MD5 c82700fcfcd9b5117176362d25f3e6f6
SHA1 a7ad40b40c7e8e5e11878f4702952a4014c5d22a
SHA256 c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780
SHA512 d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

MD5 2d69892acde24ad6383082243efa3d37
SHA1 d8edc1c15739e34232012bb255872991edb72bc7
SHA256 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a
SHA512 da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_sports.json

MD5 ce4e75385300f9c03fdd52420e0f822f
SHA1 85c34648c253e4c88161d09dd1e25439b763628c
SHA256 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14
SHA512 d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

MD5 6ccd943214682ac8c4ec08b7ec6dbcbd
SHA1 18417647f7c76581d79b537a70bf64f614f60fa2
SHA256 ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b
SHA512 e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_science.json

MD5 7a8fd079bb1aeb4710a285ec909c62b9
SHA1 8429335e5866c7c21d752a11f57f76399e5634b6
SHA256 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32
SHA512 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_real_estate.json

MD5 9899942e9cd28bcb9bf5074800eae2d0
SHA1 15e5071e5ed58001011652befc224aed06ee068f
SHA256 efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a
SHA512 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_shopping.json

MD5 97d4a0fd003e123df601b5fd205e97f8
SHA1 a802a515d04442b6bde60614e3d515d2983d4c00
SHA256 bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6
SHA512 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

MD5 b1bd26cf5575ebb7ca511a05ea13fbd2
SHA1 e83d7f64b2884ea73357b4a15d25902517e51da8
SHA256 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0
SHA512 edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

MD5 a92a0fffc831e6c20431b070a7d16d5a
SHA1 da5bbe65f10e5385cbe09db3630ae636413b4e39
SHA256 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c
SHA512 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

MD5 39b73a66581c5a481a64f4dedf5b4f5c
SHA1 90e4a0883bb3f050dba2fee218450390d46f35e2
SHA256 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17
SHA512 cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

MD5 36689de6804ca5af92224681ee9ea137
SHA1 729d590068e9c891939fc17921930630cd4938dd
SHA256 e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52
SHA512 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

MD5 5b26aca80818dd92509f6a9013c4c662
SHA1 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f
SHA256 dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671
SHA512 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_online_communities.json

MD5 37a74ab20e8447abd6ca918b6b39bb04
SHA1 b50986e6bb542f5eca8b805328be51eaa77e6c39
SHA256 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f
SHA512 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

MD5 df96946198f092c029fd6880e5e6c6ec
SHA1 9aee90b66b8f9656063f9476ff7b87d2d267dcda
SHA256 df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996
SHA512 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_games.json

MD5 4182a69a05463f9c388527a7db4201de
SHA1 5a0044aed787086c0b79ff0f51368d78c36f76bc
SHA256 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85
SHA512 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

MD5 0ed0473b23b5a9e7d1116e8d4d5ca567
SHA1 4eb5e948ac28453c4b90607e223f9e7d901301c4
SHA256 eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b
SHA512 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_finance.json

MD5 e95c2d2fc654b87e77b0a8a37aaa7fcf
SHA1 b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc
SHA256 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e
SHA512 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

MD5 6c651609d367b10d1b25ef4c5f2b3318
SHA1 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4
SHA256 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9
SHA512 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

MD5 80c49b0f2d195f702e5707ba632ae188
SHA1 e65161da245318d1f6fdc001e8b97b4fd0bc50e7
SHA256 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63
SHA512 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_health.json

MD5 11711337d2acc6c6a10e2fb79ac90187
SHA1 5583047c473c8045324519a4a432d06643de055d
SHA256 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565
SHA512 c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

MD5 70ba02dedd216430894d29940fc627c2
SHA1 f0c9aa816c6b0e171525a984fd844d3a8cabd505
SHA256 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34
SHA512 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_reference.json

MD5 567eaa19be0963b28b000826e8dd6c77
SHA1 7e4524c36113bbbafee34e38367b919964649583
SHA256 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49
SHA512 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

MD5 250acc54f92176775d6bdd8412432d9f
SHA1 a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65
SHA256 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54
SHA512 a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

MD5 bb45971231bd3501aba1cd07715e4c95
SHA1 ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a
SHA256 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d
SHA512 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\personality-provider\nb_model_build_attachment_travel.json

MD5 48139e5ba1c595568f59fe880d6e4e83
SHA1 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78
SHA256 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa
SHA512 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7083f0b8ce97e0d1fec216c7e988c020
SHA1 a71154b9b98e5cd533a98134ef478de651fe4501
SHA256 8ca47f5c3c2e1f6e9fc47b844007601f78c6f2017a50e2abb326b12ae3973fa9
SHA512 1ff5428513f55de0ed825a030b95c950fa54910b7683ec4913bb5d56631cd3d4122f92ee529a317917cbcce98ae8265a388740e024025cf33c72490b06b64dc6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\bookmarkbackups\bookmarks-2023-08-13_11_LD5QI6px8hKMnQ5QvCX5fg==.jsonlz4

MD5 6d65598d17a98ff38af1cbb847266e5e
SHA1 0874e2b5da234eeb522371f973ac7a408d23f967
SHA256 e0c0610d2deca9bfe2e69ce446ae6b661a0736f1391f79b38bd2ebe93ebc535b
SHA512 e4c08f1d5e9fc27968d7a9b449dffc3555be50d9a1776260273abf07db61608ffa67ebb49df3aa74c5c538a5f560e198ca9a3a3f4a4d109ed492f7902d3880fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\7859

MD5 3f84ea365b58dae56ff465632c80359f
SHA1 33667e04a6ca20f819527ba7ada4f87789611c8f
SHA256 388e53eb867c87971a03286afaab45797fcb982abde7e22e98deb6edd087edad
SHA512 293ff0f4a08a0b622f0e5ac240897abd9801d323005757dd43437015e34974126b6b963e7ee44aef4383f48e214e1d37f013251d5aff1bd2c19b7ffcbf86d36b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\9849

MD5 508fe5c30ae46511b7c3c6ce489efab7
SHA1 1cbce2b956ae43406db00d78484c69e196e4f4a0
SHA256 a3804e05a04901d9cc97834ccf85917ab13bb941560be19daf0fa3ad43033896
SHA512 221c3f757ef5d38768a0d85d9dd165db5169fbb39b9ba5faa8aec2d2de7a9ca3e030b2e909dbdb17daa442bc79a9a0b6c79d76ee048e680aa9a60f925f9e2949

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3459e55eb86acbe6da1f8b39ff3ffcc9
SHA1 a87f9c0110fd0ddbe767dc1effdc295224ed7a06
SHA256 2e9632550f9ae7523a658a5690771e03c637a0dcb6d4359bb555e33a38747d05
SHA512 41f2d4efcf49b627669acf655d0d5e3007235b29ff147c32a852e3de581b1a9713bf750da786017f524b1b2d49d92a02b6cf5340a34f5c2f23bc564c78d0ee05

memory/5044-3190-0x0000000005CF0000-0x0000000005D4A000-memory.dmp

memory/4740-3193-0x0000000000460000-0x000000000046E000-memory.dmp

memory/4740-3194-0x0000000002630000-0x0000000002664000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpD12F.tmp.crproj

MD5 52516eedf32c7784ce8aac538ff30991
SHA1 04779602796e99b757e908fc74fecd502248823d
SHA256 31b01e715bbc62f5784f03e9d2cd338f92abbcf4b758ea59862d71086c501b7a
SHA512 611ea580c98d6c91d7040b531a657750f84ccfbaf68d717502dd01713a0309f40a9244ccd68feec5648cbd7be23738d81a3de8603fbdf64a302e2fa991194de4

memory/4740-3197-0x000000001BD50000-0x000000001BE4E000-memory.dmp

memory/4740-3196-0x00007FFF26550000-0x00007FFF27011000-memory.dmp

memory/4740-3198-0x000000001BD40000-0x000000001BD50000-memory.dmp

memory/4740-3199-0x000000001C3C0000-0x000000001C3E6000-memory.dmp

memory/4740-3201-0x000000001C450000-0x000000001C4A2000-memory.dmp

memory/4740-3200-0x000000001C390000-0x000000001C3A2000-memory.dmp

C:\Users\Admin\Desktop\da\stub\build.exe

MD5 688f58d1558d5fe79cd7a75a5726f02a
SHA1 203ad0b3b2d05bc77eda4a770df7771a49926ae8
SHA256 c3ebd03138272124cc2ea9d12de27947faa9e5782a670954d21be1590e9b8839
SHA512 8b9c4ab2fef336d7051e3533cc54a03821a3c068a2ea6364e47a4c07c7eaa8207f8f77b6bd1eb654f48bfd3282d56d52cd6c74e65b6e034feecbc3b7314047fa

memory/4740-3210-0x00007FFF26550000-0x00007FFF27011000-memory.dmp

C:\Users\Admin\Desktop\da\build\stub\build.exe

MD5 11026b6c848590ad239cd2c0b5d17fa3
SHA1 a0d00e2ee4d2e568b69d34ef2ed430b86b689208
SHA256 70554bd8627dec69ee0c23b909ef7c20b4bbd65a1aaac73ca2b6e24994e3d61f
SHA512 04db17a51fa1dd3788e1c72c9c81ba0cd563dc05e6e2ef424323a83c9b56358ad6975970ab1ea4b33415831f36bc7609740b59e93a1605ad1f1be8fc9c1488f9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 70cf877d59985b15e1cf6c58a18f0116
SHA1 1573d50816f0d76a95370df20035fc44f6fa0e22
SHA256 f4730b2a3458efbb1614e5395530eff3b642b9ce6b24c8d780b85fd91e6b1b1f
SHA512 54ed1326d93c773d8f3b66b277ec573bc3c19649194416b54c53cf6e12d19aac639d6031f51f30b33c9426e6d0ffce76495c7859a6f3760ebf0c786a7e2da2dc

C:\Users\Admin\Desktop\StormKittyBuild.exe

MD5 11026b6c848590ad239cd2c0b5d17fa3
SHA1 a0d00e2ee4d2e568b69d34ef2ed430b86b689208
SHA256 70554bd8627dec69ee0c23b909ef7c20b4bbd65a1aaac73ca2b6e24994e3d61f
SHA512 04db17a51fa1dd3788e1c72c9c81ba0cd563dc05e6e2ef424323a83c9b56358ad6975970ab1ea4b33415831f36bc7609740b59e93a1605ad1f1be8fc9c1488f9

memory/3980-3232-0x0000000000CD0000-0x0000000000D20000-memory.dmp

memory/3980-3233-0x00007FFF26600000-0x00007FFF270C1000-memory.dmp

memory/3980-3234-0x000000001CA20000-0x000000001CA30000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js

MD5 2366e84929c103671f6a9cd970964036
SHA1 4177f89195a77cdffd5c0588bbb04c119400ad67
SHA256 63fd959f8ed2ba250db80e91301a95d73966b48ad2972c004b82dd1a528a9148
SHA512 3939f85e75ca32fa0fc87a44c6225085111eaa72a44b006d227b531b1c5117cf142ec6de3b2d593a17dc202687b8b1982aaf2ec74e080935c3c196ca42133525

memory/3980-3249-0x00007FFF26600000-0x00007FFF270C1000-memory.dmp

memory/3980-3250-0x000000001CA20000-0x000000001CA30000-memory.dmp

C:\Users\Admin\Desktop\DotNetZip.dll

MD5 6d1c62ec1c2ef722f49b2d8dd4a4df16
SHA1 1bb08a979b7987bc7736a8cfa4779383cb0ecfa6
SHA256 00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c
SHA512 c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2

C:\Users\Admin\Desktop\AnonFileApi.dll

MD5 7a2d5deab61f043394a510f4e2c0866f
SHA1 ca16110c9cf6522cd7bea32895fd0f697442849b
SHA256 75db945388f62f2de3d3eaae911f49495f289244e2fec9b25455c2d686989f69
SHA512 b66b0bf227762348a5ede3c2578d5bc089c222f632a705241bcc63d56620bef238c67ca2bd400ba7874b2bc168e279673b0e105b73282bc69aa21a7fd34bafe0

memory/5044-3262-0x0000000075150000-0x0000000075900000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\places.sqlite

MD5 e34411d056463548fc1e26a9ec14a3df
SHA1 9ff3829a23513fd46de8574da4a73ac76c8ee128
SHA256 34df9a09aeb62b2e44f0f02b7e3d02357904aebad29fa5d45de16ff824ecd258
SHA512 decfa9b26d2d390e20c57228fe0792d6818faa5f7d5f08b2ea2e7c2ff71cb2afdbf35eb984de9dd38687ec97bef41db8ec278a14ec384d173129435277affc5e

C:\Users\Admin\AppData\Local\Temp\tmpA31B.tmp.dat

MD5 e34411d056463548fc1e26a9ec14a3df
SHA1 9ff3829a23513fd46de8574da4a73ac76c8ee128
SHA256 34df9a09aeb62b2e44f0f02b7e3d02357904aebad29fa5d45de16ff824ecd258
SHA512 decfa9b26d2d390e20c57228fe0792d6818faa5f7d5f08b2ea2e7c2ff71cb2afdbf35eb984de9dd38687ec97bef41db8ec278a14ec384d173129435277affc5e

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\Browsers\Firefox\Bookmarks.txt

MD5 2e9d094dda5cdc3ce6519f75943a4ff4
SHA1 5d989b4ac8b699781681fe75ed9ef98191a5096c
SHA256 c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142
SHA512 d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\Browsers\Firefox\Cookies.txt

MD5 116e26afafeda5d10642e5d8a9a6a7d9
SHA1 3974e10aa16b5ec90bdfee364b3eeed9d45c710c
SHA256 1a073810c09b25f94244e2dd627b61ad0780e5819df26572b70d44250d9cdd5a
SHA512 41967a599e5e023fb8c77a3d12a87f0e29e37c27a6e58b1cd7af5d3af012af19671391350d2862c560a25e39ffccfd8eb12f2561e1984136502e130f1b10b347

C:\Users\Admin\AppData\Local\Temp\tmpA31A.tmp.dat

MD5 4ce478657e7304100e2bf74a7edd8f09
SHA1 e4ab6fdeb3a85e64a738ac94141c2c468426f945
SHA256 c96b4bc9098072b705c51ae2f16c7809e99459220e4d54211ee5866c26c789d9
SHA512 443627ca95f55068dcfb89d2ac6dcc989788bc91e2defa717bf2caf16afffbbb28206cc3b5a6af3a82c73e47623bfb160bf76a3bc03ecc8580db67fba5c1f3f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 4ce478657e7304100e2bf74a7edd8f09
SHA1 e4ab6fdeb3a85e64a738ac94141c2c468426f945
SHA256 c96b4bc9098072b705c51ae2f16c7809e99459220e4d54211ee5866c26c789d9
SHA512 443627ca95f55068dcfb89d2ac6dcc989788bc91e2defa717bf2caf16afffbbb28206cc3b5a6af3a82c73e47623bfb160bf76a3bc03ecc8580db67fba5c1f3f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cookies.sqlite

MD5 a75b823448c0ce98bf827d408f81b04e
SHA1 a55df8cd555c94ced8977c65cf822b4cc5b42d9e
SHA256 8bdb96577bc80363b852b6123550c3bc81c3461cff84dec38b96d9498f08bd09
SHA512 be6c49903c6a03fa441804cce2b1d2a9577f47a28df7d02be3b77fdde0546b58b8c03ae5c1646c38d0e2a7708b11b4a03b20b539069441ba510eb728eefc6a89

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\System\Process.txt

MD5 2c045b7d068387c4b8b8ce5546e7c6ed
SHA1 61dfd0af9168c36c8a1e223ec4ae764d1154df31
SHA256 795293187dc24f3c3808d949d544bf53045f043c33f5e92b3e1c79e0e678ee27
SHA512 1aa27d60421115e90a5b502697455ea90ee4598cdc0298562a0ac63f861458ff8049b02f27d8b831c70fb08e2d67a14f55068a2455971570537c93a920f45bf7

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\System\Process.txt

MD5 697edb918cccf1c9136ee79c905122a5
SHA1 95fa4880d1e29239507e3a26bb5003f567b5f6f6
SHA256 fecdbce68298bafb7c213c477ab1dc32e10589b0ce03a4affb09422d00512f09
SHA512 4bcb539f07515c12112ca3b369e06d0cdfa9d236b8bc08eba54102f25e5e1651a4639464abe3c4e9a48992c39e59c29e17ef7fe8c8b7bf8e25181303704798d3

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\System\Process.txt

MD5 697edb918cccf1c9136ee79c905122a5
SHA1 95fa4880d1e29239507e3a26bb5003f567b5f6f6
SHA256 fecdbce68298bafb7c213c477ab1dc32e10589b0ce03a4affb09422d00512f09
SHA512 4bcb539f07515c12112ca3b369e06d0cdfa9d236b8bc08eba54102f25e5e1651a4639464abe3c4e9a48992c39e59c29e17ef7fe8c8b7bf8e25181303704798d3

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\System\Process.txt

MD5 697edb918cccf1c9136ee79c905122a5
SHA1 95fa4880d1e29239507e3a26bb5003f567b5f6f6
SHA256 fecdbce68298bafb7c213c477ab1dc32e10589b0ce03a4affb09422d00512f09
SHA512 4bcb539f07515c12112ca3b369e06d0cdfa9d236b8bc08eba54102f25e5e1651a4639464abe3c4e9a48992c39e59c29e17ef7fe8c8b7bf8e25181303704798d3

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\System\Process.txt

MD5 d8dae8d0a533aedff966eae731a79922
SHA1 2c122fc1fd359996c430ea06a451b6df7a8932d9
SHA256 9856f7ae31d94e7134f13ed0d6f2a262181013a0e624559e7b2257874efda3e7
SHA512 587c441bf92190c1534f6b17e26de57e6b4877ddb61fe99a28c8a33381efd11a52c07c3f956c95ad5aa97b9496a864411c0baf005d8b4b5c88b1dfdd55461028

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\System\Process.txt

MD5 e77f0581411cb224199be5197152a406
SHA1 b8494cd7f6e57a4bedebd933ec0d7b2682d4f0e6
SHA256 c481032dda20d88e3a6be90bfb21d54149961de7c2031ff7fbf556380e16788d
SHA512 3e52032be32672a0f238a93e3814680e5ce68d01c056f4c063a3dcc671f811e58db5028b2104876b32c28659ef8ab4baaf2bdc69e9544c4ec7f51e45a8cd060a

memory/3980-3427-0x000000001CA20000-0x000000001CA30000-memory.dmp

memory/3980-3428-0x000000001CA20000-0x000000001CA30000-memory.dmp

memory/4616-3432-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3434-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3433-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3438-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3439-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3444-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3443-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3442-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3441-0x000002631AA00000-0x000002631AA01000-memory.dmp

memory/4616-3440-0x000002631AA00000-0x000002631AA01000-memory.dmp

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\System\Apps.txt

MD5 64f130279f029698405596e267ab4afd
SHA1 de08a5ed3f96fc2f6c18609050756a0b9f13f96e
SHA256 bce19d2628468286a30d798997af0e5318e5b0fff6c7a0cf76597d1fd6c8b4b9
SHA512 b14db060be4279fd17bda0941f38e8ebfbd1198d2bff76eb9cd781eaab6eb14f2aa3505ad8ecd1df2e303fe22b8887f0a0de1515df766aadb78e47efc89aac32

memory/3980-3470-0x000000001CAB0000-0x000000001CB26000-memory.dmp

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\Browsers\Google\Downloads.txt

MD5 03e636b3be2ff25668ffab6c83a1d0c6
SHA1 0a50365088a6ee69bc7dd06f6ad8a9f01554d747
SHA256 1b0cc4986b73d2b761c6206f571c4ef379f702ca6aea16cf1fb416282c632eab
SHA512 20ea6d4cf2e68b75385fcbdc3f5269de78c543eb45a17c268a8dba766817331c87515f06ae5a1798a2c340aeedaf730907552ae1c3260c9d0f0fac417c060382

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\Directories\Videos.txt

MD5 1fddbf1169b6c75898b86e7e24bc7c1f
SHA1 d2091060cb5191ff70eb99c0088c182e80c20f8c
SHA256 a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733
SHA512 20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\Directories\Startup.txt

MD5 68c93da4981d591704cea7b71cebfb97
SHA1 fd0f8d97463cd33892cc828b4ad04e03fc014fa6
SHA256 889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483
SHA512 63455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\Directories\OneDrive.txt

MD5 966247eb3ee749e21597d73c4176bd52
SHA1 1e9e63c2872cef8f015d4b888eb9f81b00a35c79
SHA256 8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e
SHA512 bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\System\ProductKey.txt

MD5 71eb5479298c7afc6d126fa04d2a9bde
SHA1 a9b3d5505cf9f84bb6c2be2acece53cb40075113
SHA256 f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3
SHA512 7c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\Admin@MNHMTTDP_en-US\Browsers\Firefox\History.txt

MD5 9c0f638bff4b5843af923544bd1bf729
SHA1 2b970a5caa29128716cdcefe6442257c7bde7a77
SHA256 7c818ef124ffe3bbe5a4249f8ee7b942a30c7b56c983dcb8cf48bd039dcf60d3
SHA512 431dedf2a31c93e6d80c817f51bbec7547f6ed71284dfed9aef6e8aec61fa593df6621e5693290e0e8f3a962b59dd541470499485616a3afc6b4cd03b7015e7d

memory/3980-3559-0x000000001CBC0000-0x000000001CC44000-memory.dmp

memory/3980-3561-0x00000000021B0000-0x00000000021C0000-memory.dmp

memory/3980-3562-0x00000000021B0000-0x00000000021C0000-memory.dmp

memory/3980-3563-0x00000000021B0000-0x00000000021C0000-memory.dmp

memory/3980-3564-0x000000001CA20000-0x000000001CA30000-memory.dmp

memory/3980-3565-0x000000001CA20000-0x000000001CA30000-memory.dmp

memory/3980-3566-0x00000000021B0000-0x00000000021C0000-memory.dmp

memory/3980-3567-0x00000000021B0000-0x00000000021C0000-memory.dmp

memory/3980-3568-0x00000000021B0000-0x00000000021C0000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\0d079b4a9a4a8c8cb07d51e3b56989cb\msgid.dat

MD5 8f14e45fceea167a5a36dedd4bea2543
SHA1 902ba3cda1883801594b6e1b452790cc53948fda
SHA256 7902699be42c8a8e46fbbb4501726517e86b22c56a189f7625a6da49081b2451
SHA512 f05210c5b4263f0ec4c3995bdab458d81d3953f354a9109520f159db1e8800bcd45b97c56dce90a1fc27ab03e0b8a9af8673747023c406299374116d6f966981

C:\Users\Admin\AppData\Local\Temp\tmp68A5.tmp.bat

MD5 d74512c3272e2250f29c74bdcf469796
SHA1 c3ba9a5d397ffef4cb54ada7f65aa31f4e0c7408
SHA256 0950193de50df57af97aef10c1d2dfc5c9eb1503d74475702029663846f7335f
SHA512 26cceb5e093e4a9fc6f5164a07d3eff2dc82fd7920213670b2e8da8a93a588c4e7365aaf7d2a9331eacb89d250c8940ea5628769dfadba25b9c74044c7dd83e1

memory/3980-3595-0x00007FFF26600000-0x00007FFF270C1000-memory.dmp

memory/3980-3596-0x00000000021B0000-0x00000000021BA000-memory.dmp

C:\Users\Admin\Desktop\DotNetZip.dll

MD5 6d1c62ec1c2ef722f49b2d8dd4a4df16
SHA1 1bb08a979b7987bc7736a8cfa4779383cb0ecfa6
SHA256 00da1597d92235d3f84da979e2fa5dbf049bafb52c33bd6fc8ee7b29570c124c
SHA512 c0dce8eaa52eb6c319d4be2eec4622bb3380c65b659cfb77ff51a4ada7d3e591e791ee823dad67b5556ffac5c060ff45d09dd1cc21baaf70ba89806647cb3bd2

C:\Users\Admin\Desktop\AnonFileApi.dll

MD5 7a2d5deab61f043394a510f4e2c0866f
SHA1 ca16110c9cf6522cd7bea32895fd0f697442849b
SHA256 75db945388f62f2de3d3eaae911f49495f289244e2fec9b25455c2d686989f69
SHA512 b66b0bf227762348a5ede3c2578d5bc089c222f632a705241bcc63d56620bef238c67ca2bd400ba7874b2bc168e279673b0e105b73282bc69aa21a7fd34bafe0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 8dbee40d38cb0833941e16e6e31ae015
SHA1 4556d4148ca8043e4a02c6c6fa9509194b8e10d6
SHA256 6ab701b72fc1ff339ae13f2927950ce22b3d9fe307caeb4de93181eb4f2f9b4b
SHA512 05cef4583be9648ac2913951aa8fcd23a36a434c56022ea29e1f2f859f101f73784041f7cdb105217e1540da503a5fc48459e5e8d200d683ba6044c968170fd4

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Builder.exe.log

MD5 d332f41f61c5ac52726d5fb804dda95b
SHA1 d9975525578becff07a1270f35b9c194e20b302a
SHA256 06c044c4c117e29c98e251164abc41202d797e8e5b2b8ce636cc722434af8f4c
SHA512 e460b3e7ea1d39e4015a36d9241892f271b2f8f9cf03e062e821b6730f4bd042e15241cb621001423df4e3930b24e07d544130e9f0887dc13fb37ecee8f32847

memory/5992-3612-0x00000000751F0000-0x00000000759A0000-memory.dmp

memory/5992-3623-0x00000000751F0000-0x00000000759A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a4532f6b4cdcc39f002f023cb6310dd7
SHA1 3203a9e48c624bd5e362ed2b88f007f59648a3a2
SHA256 4699e105759ac56c3debde4484472305c72fd34c38a8ba52ea90130c6f02cd6c
SHA512 7fcb12035c1dbd041ab8fa8315c5a2a8020535df7d300b7551f96442322218124fe55c24f1a2f65a089075d8e9d5c4200d9efa087c29ab3ebba0ca8e05f88adb

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Confuser.CLI.exe.log

MD5 3308a84a40841fab7dfec198b3c31af7
SHA1 4e7ab6336c0538be5dd7da529c0265b3b6523083
SHA256 169bc31a8d1666535977ca170d246a463e6531bb21faab6c48cb4269d9d60b2e
SHA512 97521d5fb94efdc836ea2723098a1f26a7589a76af51358eee17292d29c9325baf53ad6b4496c5ca3e208d1c9b9ad6797a370e2ae378072fc68f5d6e8b73b198

C:\Users\Admin\AppData\Local\Temp\tmp6E5F.tmp.crproj

MD5 52516eedf32c7784ce8aac538ff30991
SHA1 04779602796e99b757e908fc74fecd502248823d
SHA256 31b01e715bbc62f5784f03e9d2cd338f92abbcf4b758ea59862d71086c501b7a
SHA512 611ea580c98d6c91d7040b531a657750f84ccfbaf68d717502dd01713a0309f40a9244ccd68feec5648cbd7be23738d81a3de8603fbdf64a302e2fa991194de4

memory/5148-3646-0x00007FFF26600000-0x00007FFF270C1000-memory.dmp

memory/5148-3647-0x000000001B760000-0x000000001B770000-memory.dmp

C:\Users\Admin\Desktop\da\stub\build.exe

MD5 02b20ac29b06c44d174a4dc5ce584be4
SHA1 9ca6fd36c81a65dc9c61ae63ffcc9e8a5750d886
SHA256 0f2e0c0ee87df2c27f9f767b75b4d75612eccfb9943cdcc3c861cf4825d1bd17
SHA512 806d6da7019af987c1ca140278dcde9172276a2b6795d9bcab3e0b049cc7aa35a9a4ef26e4a3687ba876473168229dc3bbcb5e4808e589aa41b157a6800464a2

memory/5148-3655-0x00007FFF26600000-0x00007FFF270C1000-memory.dmp

C:\Users\Admin\Desktop\da\build\stub\build.exe

MD5 74b9da59436b57c6697ff25a34dfface
SHA1 a5cb9793f64299a3a405b88ee42568273efb0158
SHA256 fef6e9bea10dfccaf27e730be8ef9ada2d68ab6d49d7461b6ca19f09e358efeb
SHA512 d4d12d5429bf02460acefbf54b5cb2ba6952fc71829242b8934808fbca07d9323295de641cc0ba2f643e849cefdba84fad4c352a38154f21c092ed1b95348264

memory/5992-3657-0x00000000751F0000-0x00000000759A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 de2be3f7a1b652b7e7923ea82c7e5d49
SHA1 41fa8f394181ceac5cae26511c813adf8e6df317
SHA256 419b28595bf72b1c57ea3a47ee47a9026c8e7a566bb4b3591b569440ef65d43d
SHA512 4a2ad705df44bb97abb619cb457aaef5fecaca313b03f200a6cfe61a4191cb58e2b1ed7a275dc8860c6cf0a58b2d241f3701a9152cd3f4ad0de1877e8e34e9c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\entries\5F02FB0B043BC627818F29C29C4E65A7A5C9E619

MD5 ca10e3c1120c112f822fec643e15d97b
SHA1 365546debb1126563ce80da8497a3c019ab7d989
SHA256 d1e75a1d0f3a9a2a829aacf56b17e36d170911fa53f2e6894aa2243c1cf3f385
SHA512 839782834fd1686dac19e40734833b0e83847c2f273e6ce4176ee4db56c3441893f17533b70c49a093a2e16f4a1c6e3e53342feabcb6e6b607c9078f4f4f705e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\storage\default\https+++www.virustotal.com\cache\morgue\242\{f3fd3439-8197-4c7f-97cc-99b22eb077f2}.final

MD5 d0ad3e960ec576bcd1448ea281cbc55a
SHA1 dcccacedc92bb684a2b84eb233c08747957ce19f
SHA256 5ea76a671968b27dae79c2fa5dee377a7f430915edfdc5d827719286de518a18
SHA512 f47d5c033926b7abc3ce75e5b36aa433a08316aac9463ab1965e494efc1c7863973e2bd2f618046b8d9d87049a543958c3eb6f6b0909a2abb2e3b4e0acac9739

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f78b215fe32b9aaf16115ecac8596220
SHA1 8604bcf17616091f71581522c654bb2f96727104
SHA256 2dc8ab91ceacf9b8f3243cf6bcc1b45bd4c451b40c2b314ff38e2ff92c82d304
SHA512 3ed7754c4f48b97530536650c3642edfe03a2fc2b407a2da11f5d1d71bde5e4584da9802a45c590f3263cc64572594d02959a3c68602a68fcebddf6a3da68403

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8b0180baec64514553a44e37400d7367
SHA1 5f6381eb353ec3c2482ebefc4fd7d2708f3901c5
SHA256 715929193faa1471ab5d1ea91a24a8f711a425d8beef6223cb7c24d7cfc13007
SHA512 c9ddb7ab39f317b5be5e5fade41a48819d592849b7773f2ce5a248e82dff7fa243de27d37c99045ca63da12e003b6286bc9e222c409bfa09d7f9bb9cd2821bf6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\5812

MD5 07150b40d4b4c0a09a1c14d1f9271bfb
SHA1 cdd654efaba4950e32b7bf702dfe423cc0cc1939
SHA256 39b94bd27c332645b96de555075f51fc34e2f82eea5be0a439f047ade225177a
SHA512 5282b54505d3a15a157ae0513ac34b883cc71bb54ce9a21fc2383084a3b3818ae839fa5638b35248ae4662a0f0a8c798102e185da8aed8359461041ff42c9cf6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\28988

MD5 ebf9340e75c3edf8e5970aac30369c52
SHA1 b7d6626fa711a4f0cd580bd1210f02fcd5181960
SHA256 3136455f884c3e40bb1bd37ace7f2ea6416cbc8f50ade723b9192b4a9b73dcfa
SHA512 545a7a53a6dc763a3068b61ade26e6b5ab2783457ac75e4721c8cf3101afe07c394ae4d9bd42f969bbaa74e5bd44a126e76f901bbd9854ecea730246380e6c28

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\15570

MD5 2c308079722c22ee0e8fb520b11df203
SHA1 98c5115d7902ca462d69faa00aca4cfde77edfd8
SHA256 038c8b89273a0f85ac925d4ce544f425f0c6c442ecb62c602f73e53f15dbc29e
SHA512 59c25184e49e0dfe5635a95a3b9b7acd566d0ffda13f67dd0f38a12ebd4f2c20dc6742be1da574db3a8097dc1efb1d61bf26406562b55cc7c84fa1b5c0aef0bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\9467

MD5 322e549b7c06cd358554a983019d3420
SHA1 3bfb5cdeee80c1cb919db86a1f31e6f5a4076909
SHA256 7adf1def6459506d1615515d21b4bc446107464fc249b821560779a96862224e
SHA512 e75195e03a01b6a3d0aa4103252dd8844e6f963fd77afd523ec30b022de997e8ea3c2874e867176b308737e814b0d86776c6a2eb8801803c69c361a71e371687

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\3141

MD5 246d98d1000fcbb4ed7e782218f149a8
SHA1 69fead9a025b2edbef740d851268552c6cb7bf37
SHA256 eb47cf0b52f4680749be9f8a81c1b61db9c331b8923fb1605747ffa822f9deda
SHA512 8bbf5101222850d597adaec86176420dce96a675037de84cd0e6edb8f91ce2f031f7bd170664917cac333176597c5868f75dc74f6b5d4e3eca8927b641239794

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7e7a39bde2b7166f706d91e0317d00f0
SHA1 e8518a4fc1f85ffa38234ac7549bddf9a2bf71a7
SHA256 9f7427bd8f1ffe5d1c0db1c14748d505cee0c0ed9497023540edd3280d16bd29
SHA512 22a609509df58b69471e77c79ffcf056e8368da7b1ef18d28d411cb35cc43efc04827e1881c672d861c354234429a6adecf5cbb30c8fb29a6b3889aa74ead196

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\1090

MD5 86e794b2f44b7719dfdc9d5ef3131aa7
SHA1 318c0441bf4fd9e4f8c0c59a52aea6c5a9dfe2a6
SHA256 09e4c7524844beb5976aa35ed48e12de29046f671f6a5984a0997235ca691afe
SHA512 af40b4df94eed2d75e7105594094a4be5269cfcbfecc4d91180e60b35249b0b0933be0d9ebfaad9fa36d10834dc9105cd7c17375cf44009e11db3cef7c1b8e35

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\25163

MD5 2edaa17cb5e776fc1dd9991d20c5ce82
SHA1 1da8f0f97ecadf65585637f7bb691999a1dc9614
SHA256 c2f5f472e4e1a419a48b118fd36d280f91342527edbae17a5c51b99fbea8f7ff
SHA512 1c86d5aa5223169cfac0f138a9c84fedf8e841acdb5115f13d11c10091f112b07468be6e5ad7d77cf46a76edcd71f887ea21961cb5cd4b4e59d17e9a97bc6543

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\18164

MD5 9d0e31760a83f9ce7afe8c570544ea29
SHA1 ba0b1202b5a6ea3442255e61034866f37b52f03e
SHA256 4dbb1ede55e8f17f1324b26337fbf47f21818f06f34dc9f2ab1507f8081e2b2b
SHA512 3d033966a3521aa9d3ed5287506f37c473fb96e8f1782f3d28eb53c35ba004265fe22ee5be5cc394df52d03c6abbcccbdd033cb05ae042f0f99b8f1a76ce1e6d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\cache2\doomed\1367

MD5 bd7ac60c11d9023f02982f173860f2b8
SHA1 9c3c6a2c7c88d8ba1348f2bf156887940764821a
SHA256 80962351f9e6d8b94aa900161e735b449795bbea6d96738875a5c20930deb6bf
SHA512 60908a5db12d584d1404d1a6f906241e5b5c7c34311c2a5f65d191209969ae0aaa0adde7a0c3363c7b8da87a92d81ee2130baa64f38b08a2967826fa25457a7b