Malware Analysis Report

2025-05-05 22:18

Sample ID 231015-rp4wwahf76
Target trlogdecode.exe
SHA256 5558cbccff4ceb5ef15e7dccc016fc83d70e2875c564910a9f441ad756ef9671
Tags
agilenet discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

5558cbccff4ceb5ef15e7dccc016fc83d70e2875c564910a9f441ad756ef9671

Threat Level: Likely malicious

The file trlogdecode.exe was found to be: Likely malicious.

Malicious Activity Summary

agilenet discovery persistence

Downloads MZ/PE file

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Registers COM server for autorun

Loads dropped DLL

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

NTFS ADS

Checks processor information in registry

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

Opens file in notepad (likely ransom note)

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-15 14:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-15 14:23

Reported

2023-10-15 14:53

Platform

win10v2004-20230915-en

Max time kernel

1804s

Max time network

1537s

Command Line

"C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe"

Signatures

Downloads MZ/PE file

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2301-x64.exe N/A

Checks installed software on the system

discovery

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2301-x64.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2301-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\dbgtrace.txt:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\trlogdecode.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\winrar-x64-624.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2301-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A
N/A N/A C:\Users\Admin\Desktop\trlogdecode.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-624.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-624.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-624.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-624.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-624.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-624.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2301-x64.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2132 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4964 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4964 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4148 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4148 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2224 wrote to memory of 4148 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe

"C:\Users\Admin\AppData\Local\Temp\trlogdecode.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.0.541651477\314663621" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d586e20f-4ba7-4c1d-b19d-c8598255037f} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 1948 19664ae6558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.1.1783251956\1446487302" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e47f605a-9c4c-4002-a2db-e2e15e9672b2} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 2348 19658072258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.2.35822624\602995433" -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 3204 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bc5360c-b236-46af-b111-f7091bf46b70} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 3316 19668b24258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.3.1103797110\701391257" -childID 2 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {839c8615-0739-455d-9a98-887a363c2022} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 3804 19668a03258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.4.576574740\1781625688" -childID 3 -isForBrowser -prefsHandle 3480 -prefMapHandle 3724 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa66b047-275f-4bcd-a9ea-8c4a985dca82} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 3788 19669f33458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.5.962291935\2142825780" -childID 4 -isForBrowser -prefsHandle 5092 -prefMapHandle 5068 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {741d435f-1423-4133-89ed-a86f6a13c550} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5076 19664433b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.7.152009172\1768059248" -childID 6 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3aec813-0a3e-42f2-baeb-3d9d6e372677} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5428 1966aeb2b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.6.801944182\1597171534" -childID 5 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65d64300-44ea-4978-8020-d800ca80af86} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5204 1966aeb1c58 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\dbgtrace.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.8.1889452279\303221208" -childID 7 -isForBrowser -prefsHandle 5716 -prefMapHandle 6220 -prefsLen 30249 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7dffbe-5130-4ea9-b882-959e63a5d39e} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5820 1966c073058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.9.1859094148\932414307" -childID 8 -isForBrowser -prefsHandle 4324 -prefMapHandle 4308 -prefsLen 30249 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07236419-1286-47e8-925c-d6ca61dd326c} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 4920 1966c073358 tab

C:\Users\Admin\Downloads\winrar-x64-624.exe

"C:\Users\Admin\Downloads\winrar-x64-624.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\d2138182e4be43588d9cf23512345f40 /t 728 /p 3244

C:\Users\Admin\Downloads\winrar-x64-624.exe

"C:\Users\Admin\Downloads\winrar-x64-624.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.10.2141644732\235676324" -childID 9 -isForBrowser -prefsHandle 6304 -prefMapHandle 6264 -prefsLen 30305 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {713c8f39-833f-43f8-a997-0c26eb21922c} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 6268 19665f9d658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.11.1540085431\1528802757" -childID 10 -isForBrowser -prefsHandle 6264 -prefMapHandle 6304 -prefsLen 30314 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf62b2ea-1c67-4d08-84f5-18df953149e0} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 6720 19658061958 tab

C:\Users\Admin\Downloads\7z2301-x64.exe

"C:\Users\Admin\Downloads\7z2301-x64.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dbgtrace.txt

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\cab1757c773a4a08bd1afd37e15164b5 /t 4784 /p 724

C:\Users\Admin\Downloads\winrar-x64-624.exe

"C:\Users\Admin\Downloads\winrar-x64-624.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.12.956274679\483845666" -childID 11 -isForBrowser -prefsHandle 6408 -prefMapHandle 6260 -prefsLen 30314 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e2a0401-7b12-48fc-8b4d-3ece355477c1} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 4632 19659f3e258 tab

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\trlogdecode.rar"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\d9b3dfdf2ca3495480067ba13132b966 /t 2096 /p 4140

C:\Users\Admin\Desktop\trlogdecode.exe

"C:\Users\Admin\Desktop\trlogdecode.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dbgtrace_de.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dbgtrace_de.txt

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.13.1926698690\188809347" -childID 12 -isForBrowser -prefsHandle 5360 -prefMapHandle 5952 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d06b9926-df65-4149-b8aa-f96e97cec586} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5368 1965802f058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.15.1612471485\734597674" -childID 14 -isForBrowser -prefsHandle 9328 -prefMapHandle 9324 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2869c6b3-f674-43e8-b692-8130ba535e43} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 11064 196715aed58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.14.1591393876\7319915" -childID 13 -isForBrowser -prefsHandle 10704 -prefMapHandle 10708 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5afcc3f-222b-480b-8269-2786acb9f1d1} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 10696 196715ade58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.16.735650465\2037879507" -childID 15 -isForBrowser -prefsHandle 8696 -prefMapHandle 8684 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49c0185a-dbaa-4bbd-9986-423c4ad6e218} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5452 19670a4a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.17.398353470\589335343" -childID 16 -isForBrowser -prefsHandle 8732 -prefMapHandle 8736 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98953fd1-181a-4815-bc4c-fe5317e48627} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 8812 19670a4c058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.18.461708892\1178106450" -childID 17 -isForBrowser -prefsHandle 8812 -prefMapHandle 10848 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26e207c5-493c-42e0-a806-6c43621f93fe} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 8608 1966e945458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.19.839009609\534633151" -childID 18 -isForBrowser -prefsHandle 8660 -prefMapHandle 8632 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fc01f96-629c-4890-96f4-a5c0e4119b35} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 8592 196713bad58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.20.42664819\1516224322" -childID 19 -isForBrowser -prefsHandle 10288 -prefMapHandle 10284 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {431df3d5-8ffd-48b4-80b0-c83a1eaa128f} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 8512 196713b9858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.21.1618296142\696881100" -childID 20 -isForBrowser -prefsHandle 8528 -prefMapHandle 10844 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e2e5cc0-d60e-4815-8591-39b498e4424f} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 10512 196713bcb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.22.235291963\1342661777" -childID 21 -isForBrowser -prefsHandle 10228 -prefMapHandle 10224 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae48011e-d105-4791-9512-50f93b4dfd62} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 10244 1967039fd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.23.1593049653\1338928411" -childID 22 -isForBrowser -prefsHandle 8336 -prefMapHandle 8464 -prefsLen 30732 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f69d64-cff6-4e09-8286-5c19a9763e48} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 8344 19670aa9858 tab

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dbgtrace_de.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
N/A 127.0.0.1:51736 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.239.90.104:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 104.90.239.44.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 127.0.0.1:51743 tcp
US 8.8.8.8:53 shorturl.at udp
US 104.26.9.129:80 shorturl.at tcp
US 104.26.9.129:80 shorturl.at tcp
US 8.8.8.8:53 shorturl.at udp
US 8.8.8.8:53 shorturl.at udp
US 8.8.8.8:53 129.9.26.104.in-addr.arpa udp
US 104.26.9.129:443 shorturl.at tcp
US 8.8.8.8:53 www.shorturl.at udp
US 104.26.9.129:443 www.shorturl.at tcp
US 8.8.8.8:53 www.shorturl.at udp
US 8.8.8.8:53 www.shorturl.at udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-5hne6ns6.gvt1.com udp
US 8.8.8.8:53 r2.sn-5hne6ns6.gvt1.com udp
NL 209.85.226.103:443 r2.sn-5hne6ns6.gvt1.com tcp
NL 209.85.226.103:443 r2.sn-5hne6ns6.gvt1.com udp
US 8.8.8.8:53 103.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 104.26.9.129:80 www.shorturl.at tcp
US 104.26.9.129:80 www.shorturl.at tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 id.google.com udp
NL 142.250.179.163:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
NL 142.250.179.163:443 id.google.com udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
DE 172.217.23.206:443 plus.l.google.com udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.win-rar.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 www.win-rar.com udp
US 8.8.8.8:53 www.win-rar.com udp
US 8.8.8.8:53 163.68.195.51.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 www.win-rar.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
NL 142.250.179.163:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.208.118:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.208.118:443 i.ytimg.com udp
US 8.8.8.8:53 118.208.58.216.in-addr.arpa udp
DE 172.217.23.206:443 plus.l.google.com udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 www.7-zip.org udp
US 8.8.8.8:53 www.7-zip.org udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
GB 216.58.208.118:443 i.ytimg.com udp
DE 172.217.23.206:443 plus.l.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shorturl.at udp
US 104.26.9.129:80 shorturl.at tcp
US 8.8.8.8:53 shorturl.at udp
US 104.26.9.129:80 shorturl.at tcp
US 8.8.8.8:53 shorturl.at udp
US 104.26.8.129:443 shorturl.at tcp
US 8.8.8.8:53 www.shorturl.at udp
US 8.8.8.8:53 www.shorturl.at udp
US 104.26.8.129:443 www.shorturl.at tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 129.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shorturl.at udp
US 104.26.9.129:80 shorturl.at tcp
US 8.8.8.8:53 shorturl.at udp
US 104.26.8.129:443 shorturl.at tcp
US 8.8.8.8:53 shorturl.at udp
US 8.8.8.8:53 www.shorturl.at udp
US 8.8.8.8:53 www.shorturl.at udp
US 104.26.8.129:443 www.shorturl.at tcp
US 8.8.8.8:53 tags.refinery89.com udp
US 18.239.83.57:443 tags.refinery89.com tcp
US 8.8.8.8:53 d38u9fzbdfzf67.cloudfront.net udp
US 8.8.8.8:53 d38u9fzbdfzf67.cloudfront.net udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 57.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 secure.quantserve.com udp
US 192.184.69.252:443 secure.quantserve.com tcp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 rules.quantcount.com udp
US 18.239.50.73:443 rules.quantcount.com tcp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 measure.refinery89.com udp
DE 172.217.23.194:443 securepubads46.g.doubleclick.net tcp
US 8.8.8.8:53 d1v8205r6uwz5v.cloudfront.net udp
US 18.238.243.123:443 d1v8205r6uwz5v.cloudfront.net tcp
US 18.239.83.131:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 18.65.39.69:443 cmp.quantcast.com tcp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
DE 172.217.23.194:443 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 d1v8205r6uwz5v.cloudfront.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 73.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 252.69.184.192.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 123.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 131.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 69.39.65.18.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 script.4dex.io udp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 18.239.64.29:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 18.238.243.82:443 config.aps.amazon-adsystem.com tcp
DE 91.228.74.244:443 pixel.quantserve.com tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
DE 69.173.144.140:443 tagged-by.rubiconproject.net.akadns.net tcp
DE 69.173.144.140:443 tagged-by.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 bidder.criteo.com udp
NL 81.17.55.112:443 prg.smartadserver.com tcp
NL 81.17.55.112:443 prg.smartadserver.com tcp
NL 81.17.55.112:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 104.18.2.114:443 mp.4dex.io tcp
DE 52.58.45.126:443 tlx.3lift.com tcp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 bidder.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 bidder.nl3.vip.prod.criteo.com udp
US 34.120.63.153:443 prebid.media.net tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 mp.4dex.io udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 18.207.17.231:443 btlr.sharethrough.com tcp
US 18.207.17.231:443 btlr.sharethrough.com tcp
US 18.207.17.231:443 btlr.sharethrough.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 104.26.6.139:443 btloader.com tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 prebid.media.net udp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 btlr-us-east-1.sharethrough.com udp
US 8.8.8.8:53 btlr-us-east-1.sharethrough.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 29.64.239.18.in-addr.arpa udp
US 8.8.8.8:53 82.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 140.144.173.69.in-addr.arpa udp
US 8.8.8.8:53 112.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 114.2.18.104.in-addr.arpa udp
US 8.8.8.8:53 126.45.58.52.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 231.17.207.18.in-addr.arpa udp
US 8.8.8.8:53 139.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 1ac493e24b8883a2a4b0a65fe2c3ab75.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 1ac493e24b8883a2a4b0a65fe2c3ab75.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 static.criteo.net udp
NL 142.250.179.161:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 34.149.50.64:443 s.seedtag.com tcp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 172.67.23.234:443 id.hadron.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.233:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 34.149.50.64:443 s.seedtag.com udp
NL 23.216.240.90:443 e4536.g.akamaiedge.net tcp
US 18.239.18.12:443 tags.crwdcntrl.net tcp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 233.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 12.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 90.240.216.23.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
NL 142.250.179.161:443 cdn-content.ampproject.org tcp
NL 142.250.179.161:443 cdn-content.ampproject.org tcp
NL 142.250.179.161:443 cdn-content.ampproject.org tcp
NL 142.250.179.161:443 cdn-content.ampproject.org tcp
NL 142.250.179.161:443 cdn-content.ampproject.org tcp
NL 142.250.179.161:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 216.58.214.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.251.36.34:443 www.googletagservices.com tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
NL 216.58.214.2:443 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 www.googletagservices.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
NL 142.250.179.134:443 s0.2mdn.net tcp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
NL 142.250.179.134:443 s0.2mdn.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 104.85.0.200:443 ads.pubmatic.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 3.215.31.11:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 d1hyarjnwqrenh.cloudfront.net udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
HK 23.42.175.200:443 secure-assets.rubiconproject.com tcp
US 18.238.248.228:443 d1hyarjnwqrenh.cloudfront.net tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 11.31.215.3.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
NL 104.85.2.117:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 d1hyarjnwqrenh.cloudfront.net udp
US 8.8.8.8:53 d1hyarjnwqrenh.cloudfront.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 200.175.42.23.in-addr.arpa udp
US 8.8.8.8:53 228.248.238.18.in-addr.arpa udp
US 8.8.8.8:53 117.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
NL 104.85.2.117:443 e8960.b.akamaiedge.net tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 213.19.162.80:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 pixel.33across.com udp
US 104.18.27.193:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 193.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
US 104.18.27.193:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 de.tynt.com udp
US 67.202.105.34:443 de.tynt.com tcp
US 8.8.8.8:53 de.tynt.com udp
US 8.8.8.8:53 de.tynt.com udp
US 8.8.8.8:53 hde.tynt.com udp
US 67.202.105.34:443 hde.tynt.com tcp
US 8.8.8.8:53 hde.tynt.com udp
US 8.8.8.8:53 hde.tynt.com udp
US 8.8.8.8:53 34.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 alb-aws-fr-bruges-1875226813.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud udp
US 8.8.8.8:53 alb-aws-fr-bruges-1875226813.eu-central-1.elb.amazonaws.com udp
DE 18.196.113.49:443 x.bidswitch.net tcp
DE 3.71.149.231:443 ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud tcp
NL 64.158.223.140:443 33across-match.dotomi.com tcp
US 8.8.8.8:53 ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud udp
US 8.8.8.8:53 bfp.global.dual.dotomi.weighted.com.akadns.net udp
US 8.8.8.8:53 bfp.global.dual.dotomi.weighted.com.akadns.net udp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 140.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 49.113.196.18.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 34.149.40.38:443 u.4dex.io tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 u.4dex.io udp
US 192.184.69.167:443 cms.quantserve.com tcp
US 34.149.40.38:443 u.4dex.io udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
NL 185.89.210.122:443 ib.anycast.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 167.69.184.192.in-addr.arpa udp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 fw.adsafeprotected.com udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
NL 142.250.179.134:443 s0.2mdn.net udp
IE 54.78.81.175:443 fw.adsafeprotected.com tcp
US 8.8.8.8:53 175.81.78.54.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
NL 198.47.127.19:443 pugm-amsfpairbc.pubmnet.com tcp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 8.28.7.84:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 spug-vac.pubmnet.com udp
US 8.8.8.8:53 spug-vac.pubmnet.com udp
US 8.8.8.8:53 84.7.28.8.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 74.119.119.139:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gbc2.va.us.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gbc0.va.us.criteo.com udp
US 8.8.8.8:53 gbc2.va.us.criteo.com udp
US 8.8.8.8:53 gbc0.va.us.criteo.com udp
US 185.235.85.73:443 gbc2.va.us.criteo.com tcp
US 185.235.85.14:443 gbc0.va.us.criteo.com tcp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 73.85.235.185.in-addr.arpa udp
US 8.8.8.8:53 139.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 14.85.235.185.in-addr.arpa udp
US 8.8.8.8:53 static.adsafeprotected.com udp
US 18.65.39.66:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
US 8.8.8.8:53 66.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 8.8.8.8:53 dt-external-521234871.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 dt-external-521234871.us-west-2.elb.amazonaws.com udp
US 44.230.48.206:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 206.48.230.44.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
NL 142.251.36.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
NL 142.251.36.2:443 ade.googlesyndication.com udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 142.251.36.2:443 ade.googlesyndication.com udp
NL 142.251.36.2:443 ade.googlesyndication.com udp
NL 142.251.36.2:443 ade.googlesyndication.com udp

Files

memory/4044-0-0x0000000000EC0000-0x000000000125C000-memory.dmp

memory/4044-2-0x0000000077C62000-0x0000000077C63000-memory.dmp

memory/4044-3-0x0000000077C63000-0x0000000077C64000-memory.dmp

memory/4044-4-0x0000000000EC0000-0x000000000125C000-memory.dmp

memory/4044-5-0x00000000749A0000-0x0000000075150000-memory.dmp

memory/4044-6-0x0000000000EC0000-0x000000000125C000-memory.dmp

memory/4044-7-0x0000000000EC0000-0x000000000125C000-memory.dmp

memory/4044-8-0x0000000006460000-0x0000000006470000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\648840e6-4c84-4900-8b4f-1e9340546b97\trlogrt.dll

MD5 54ab56509d910c969b9c287fde10026d
SHA1 b0929cd61e4428d57191b0c41ad60765236bed4c
SHA256 998b95107a40360c441b4d1211f9f2e5ea9d004017baa383ffbe1a46cf08bfd0
SHA512 b16722ac2662362d6ee37620f1ab2dcee05e0a54b49dbc8bb2d93561f35f2f09e4dd8f0bc6139d57a5424a7b76c62dafef62a7f355ea1963e7fcdce180cdd2e8

C:\Users\Admin\AppData\Local\Temp\648840e6-4c84-4900-8b4f-1e9340546b97\trlogrt.dll

MD5 54ab56509d910c969b9c287fde10026d
SHA1 b0929cd61e4428d57191b0c41ad60765236bed4c
SHA256 998b95107a40360c441b4d1211f9f2e5ea9d004017baa383ffbe1a46cf08bfd0
SHA512 b16722ac2662362d6ee37620f1ab2dcee05e0a54b49dbc8bb2d93561f35f2f09e4dd8f0bc6139d57a5424a7b76c62dafef62a7f355ea1963e7fcdce180cdd2e8

memory/4044-35-0x0000000072960000-0x0000000072997000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\evb7441.tmp

MD5 c55e2ff93285f9933fc8021a29b14d9a
SHA1 e364fc4b3b92c9d622c661bd784d9802671b4706
SHA256 3a5a35788a20e0cd9bcb8f4ef394d23d59a89d75948f4be413a4dc6ec49a58d7
SHA512 fe06b8778cc77391a168525bdfc655252ec3836a052bb0f0e16a9621c275dbf5c79ee8f2a80821d1a3c37427a49f43e60523fd8fbfa9e081f6392468125ff408

memory/4044-45-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\evb74EE.tmp

MD5 c55e2ff93285f9933fc8021a29b14d9a
SHA1 e364fc4b3b92c9d622c661bd784d9802671b4706
SHA256 3a5a35788a20e0cd9bcb8f4ef394d23d59a89d75948f4be413a4dc6ec49a58d7
SHA512 fe06b8778cc77391a168525bdfc655252ec3836a052bb0f0e16a9621c275dbf5c79ee8f2a80821d1a3c37427a49f43e60523fd8fbfa9e081f6392468125ff408

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js

MD5 eb1795cafd234962a66677467d42ac62
SHA1 c47c30863103a8de34a81b9738dc2c8d903a239e
SHA256 b52b89d32fbce9f8426d6a94f78db38d890d5596b6e9ce1021b43d68b5271048
SHA512 c819b83605cb5ab53103cfdd209784a87e9acc46d9c996b32e0beb87979b70c74ebba40f4cb6aca272aa3b18f37d77ce2c8cf93f31cc10ef0bc9538c04adf0ed

memory/4044-34-0x0000000073430000-0x00000000734B9000-memory.dmp

memory/4044-33-0x00000000749A0000-0x0000000075150000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

MD5 429b066e6d6fdf203133bd94acadf7fe
SHA1 3c8c99a705c5382e0be6503b4996637be1bb3c82
SHA256 f17de5ad51cbba8edaa5e7236086bc8f02c9d432bf02aec52d8a49f4baea6b10
SHA512 256b5b6ef015839c4138371a1213a50e15edcc62f0158184ceecaf86c2e0251ea877e51201f850dcba0b6f8a0c8be64cd93efcf59955ca9df833637d6c27e6cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\activity-stream.discovery_stream.json.tmp

MD5 9708a6e5da108b04969409f50bc5fc2e
SHA1 862fb265df2cba1e41ac668536cc53faaf404657
SHA256 e3058ded1a6eb8fc1700c8b37662760810850219e8e8ee7fabb0cc08e0c470c8
SHA512 a20a9265c80a0e57bac745a4c7a16a0be29afbca1b216a60704ad34247294d43803de851e0994266b8c456f4237a6ab6f5f0e7913d09b5c9a0fce809b4e0a3f9

memory/4044-68-0x0000000006420000-0x000000000642A000-memory.dmp

memory/4044-83-0x0000000006450000-0x000000000645A000-memory.dmp

memory/4044-82-0x0000000006440000-0x0000000006448000-memory.dmp

memory/4044-84-0x0000000006970000-0x000000000697A000-memory.dmp

memory/4044-85-0x0000000006460000-0x0000000006470000-memory.dmp

memory/4044-86-0x0000000006980000-0x0000000006988000-memory.dmp

memory/4044-88-0x0000000006F40000-0x00000000074E4000-memory.dmp

memory/4044-89-0x0000000006A90000-0x0000000006B22000-memory.dmp

memory/4044-91-0x0000000006A60000-0x0000000006A6A000-memory.dmp

memory/4044-94-0x0000000072960000-0x0000000072997000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

MD5 6cab9663253f821a285cbac06c16e104
SHA1 d3bb60a284fafa08ed555c7d76012e10072280f4
SHA256 09cf45df1498e88e9f596d0ed27762c2808270a8b9ff53756573a0604ec5fa65
SHA512 49a98e6d0086be1471b7cee5d9cb8dceaa8fe5a482ef567173d0f078443f43fc4c2d7bf59fab08276e66b9276abb3286b2d2a12f73be4ea7bd4fb679e22eb1b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 60d6413a735d66cb523b73600424a5d7
SHA1 6a0a7d7d0d54e0c8cc09b35deb2ef8b5b478a042
SHA256 2432b9473fa6586510c1a05615d88ee9c13973af179f43cd2de8f9939b0ebf39
SHA512 e43dec821d90153d25fe50e07cf1f59b4cb1be017d9438e17705d3a432881c0ce0e863cae6fb5b221108a8cd4d2ec7505490205a7f233b3828df40574135478b

C:\Users\Admin\Downloads\BiisROh1.txt.part

MD5 b92f825a36cd9aafa0988309cd1c8e1b
SHA1 872f1e78a9a8060ce880141b2c8470b75a1f68e1
SHA256 c24bf9abb3ebd64cdfb56051ae7c1eaf81db37df0f4ab7e8c31954a71faa828e
SHA512 572d472ecffcf7bf4dbd290d43e607b45850fed8c1570c7247930d2e21474bf44b3fda80bb62077208cd5be33a9cc8cc8533ef0f583bc4b8ab1f3e078be1a233

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js

MD5 6a31d3f1c4b3541e01bbd3c17761d83c
SHA1 4659a1cbb7f602735f531e988fafdb978202a922
SHA256 6fd34616a4ff098956680d5630ac197ec708a031d3e45fe3d222affc0644b882
SHA512 0aaebf598d15afff1f5dfbae5eb4d374502e2823860a845b9dc7b0fe5da3c83ac6bd205ba0be1e1399892105799da446aef8195fdc6c99afa6bba41c33efbb5d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

MD5 7db1871f52abce3f6efe5242d2482627
SHA1 b31839c8e99c2e1b02b3ae287ca25e17bde6049c
SHA256 e9853e5ed8499511cc38bdf3e388f4dccacf469cc151706e658381307de806b0
SHA512 c8f5ba75807e5ad4494cf153abd543e1eb5b9ab638789a4090eb2145034b25b25e8f66eca85e66238ddc41c8085a30050930bc934866bf6e361fc783cecb924c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cc2d799e8ade531a78be8e007440a7bf
SHA1 775d4ca5b27aa311c00827a0fb0b3d0a53c89d33
SHA256 9d10e2f2f792ce7059a0e763d43cbdd57ef8c3fad2b9629f48c82eb99aa1a637
SHA512 06c9c9aa2e56c64b755d0ed243904e492a323e96f7e5ff2e0ddec444571f911b850d8bcc81c856c0f895e1e102b4da9842c79197a0e8c3068d160d76f87c08ad

C:\Users\Admin\AppData\Local\Temp\evb5F4.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

memory/4044-167-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4044-166-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\evb623.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb653.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb653.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb683.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\Downloads\dbgtrace.txt

MD5 b92f825a36cd9aafa0988309cd1c8e1b
SHA1 872f1e78a9a8060ce880141b2c8470b75a1f68e1
SHA256 c24bf9abb3ebd64cdfb56051ae7c1eaf81db37df0f4ab7e8c31954a71faa828e
SHA512 572d472ecffcf7bf4dbd290d43e607b45850fed8c1570c7247930d2e21474bf44b3fda80bb62077208cd5be33a9cc8cc8533ef0f583bc4b8ab1f3e078be1a233

memory/4044-182-0x0000000006460000-0x0000000006470000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d72b74ef25859236a2da4926468f807e
SHA1 669073fc3fb8eade9f45db4e354ae624f78f0a63
SHA256 33d8d91f2e4c928cd538932f18be3b55530e7c70fd0a201c50b95a61afd26449
SHA512 7bcc472f14ac79a6b1b81e47584e3942f69c4ec344b7113b967e0d4d21f315e86640147d95f69dfc95387d4988fbd15f0e0c4b0ece56d64691af0815c7a23a6b

memory/4044-194-0x0000000006460000-0x0000000006470000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

MD5 f18b70e5d50b49bbf61c2be04964b5f5
SHA1 31e405ddeeba12bac4c12cd8219cbc4b426b776f
SHA256 7a9d7edc402d27f544907c7ca1d7a336201ddaa95f514a4d35e1f474af0bbedb
SHA512 6a41246d404d4dc1f8296026384f63599d688fecf477986c196aecd833fe42ab1a49a0fb8d848601d5d914346c51ab87a528d5dfb777c295a9d3ae77576911e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0

MD5 24c1419dedf1d38b310d3d048309f31b
SHA1 30b5ec6a71431625f1b6ae3778a0ed3e8959d4a6
SHA256 be2a2ef9695b9e549846b9a286e056e66d402d8d863b9cc650bd5f2112845f57
SHA512 3c77b9f09597ce3b86caa846725ba2b41e9f430805d7b9bb0550db3d5d7b3e936f905df7c2c9d07d9fe214439bd9891ed25967ec05c698e1fa918cc64bc33f6d

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\Downloads\trlogdecode.kZBASkiF.rar.part

MD5 e197307a0e9201025f725e1b2f87fd7a
SHA1 771542f21aec89d4c019267a1b391bb3ea60db59
SHA256 fe55d141910a931c819326d536fdbe870f16e9cd27948de5b349537a2c77e246
SHA512 735d12953048c0569582a220b0868b8d59204f96fb03de95c013731ad93f229b8cbc8387cbe2fff76aeed723df71f82c05aa00bbbbb7e23f17c8ece95340778d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8481740f5868431c3fd00794a371a0c9
SHA1 37900457360ab163b9e055b62671e07a8aa41ebd
SHA256 5275206fc7e6e58e90496cf53a2a3b5fc622d307562c0f7c1583ce56b932ee46
SHA512 ffd84565f858b01a301def8d3fc21fc40a032981e06561e51a2322cd2e61a0715e8a1d92928362fd90ddcbe18e29b812dc919c1a60fbf55b0ec8e21ed9896baa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\59652381CC09EF2DE5C32E45EFFC61BA3ABC2A3F

MD5 36d923d273c4dbb28bdc2f052aaa2441
SHA1 305a8e159736509467b234976a29148114095d56
SHA256 f6ee334e50f01fc6d306a58de42d18ff8f7833cd05f83c6e7e57625c9b3af086
SHA512 e6c869a9080a95818287c62cc68961e9e7b95fd76348837c119e5fa7f662792fd67153a64f18904212ceb6299681118c540c268b58f3d0639e4ada0cefdbde08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\doomed\28559

MD5 97af65624b7ab85d65f2f3e83a9c6c4e
SHA1 5f465096656141ce3c813da1ce570e84466259b1
SHA256 c2320fec424adfd8ab5e4cd8a00bd646229d75ad8ec6181b86e7839156d92a87
SHA512 26381b021a29765f18066519874ca768880a0826177607f513f5ac0bdad0166658d3b2de801fd14098f5a673ce49f7316f99a2ce88311e1deaaae45a95ac4cb1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6f2d4c4d5dc7e85d4ee012994ca0bf7d
SHA1 b486d53d2a8b03a65352f45ffc8801e0f1ca65b7
SHA256 9414e33c8ed13464de6c24f05cb9222ef4a6bb8086bf3876f169ceb4b2498f73
SHA512 dd71d33fb331488ae13ba83c5e4111aa2bb12286f48e8cf67946038fe4c1f5f2ff9b981e3292a5ea4338c791fd82432e8db4dc454f23aa4a03feca01b247cbae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ff4a0b86f76c8f8f3ce8eaad33d1cd0c
SHA1 fa665676c1dbecbcc52b0a295cee8f74797a8170
SHA256 9c40952518298a8b52d0b5bb17cd0bf6a716219302f8d34682734523f6159125
SHA512 7c62cc5ce1428a4a74cbef731dc138989c9dd24c5442009ef22c9c338489279a41d52c16cd571d3f90f1ff4b38b455118499c5ec32b92f31d8bb08315793fc8a

C:\Users\Admin\Downloads\winrar-x64-624.h62qQEut.exe.part

MD5 15596b41dba42cdcce4f677fbbc86b6e
SHA1 1ed1e69e72028150f8562bff5ca1dd745874329a
SHA256 377abc9d367e61cb5c4761bf48dcfdf5bcd3822f303e0f972d7f4c8295a2ea79
SHA512 d4e0d64f71027ecc6d85479542ed682359b37446cb1dccce5fa2972f152e27f3cb91a8ec0dc61270bc40038751a58982d4678efb929a3bc6d3546e072f51a9f2

C:\Users\Admin\Downloads\winrar-x64-624.exe

MD5 15596b41dba42cdcce4f677fbbc86b6e
SHA1 1ed1e69e72028150f8562bff5ca1dd745874329a
SHA256 377abc9d367e61cb5c4761bf48dcfdf5bcd3822f303e0f972d7f4c8295a2ea79
SHA512 d4e0d64f71027ecc6d85479542ed682359b37446cb1dccce5fa2972f152e27f3cb91a8ec0dc61270bc40038751a58982d4678efb929a3bc6d3546e072f51a9f2

C:\Users\Admin\Downloads\winrar-x64-624.exe

MD5 15596b41dba42cdcce4f677fbbc86b6e
SHA1 1ed1e69e72028150f8562bff5ca1dd745874329a
SHA256 377abc9d367e61cb5c4761bf48dcfdf5bcd3822f303e0f972d7f4c8295a2ea79
SHA512 d4e0d64f71027ecc6d85479542ed682359b37446cb1dccce5fa2972f152e27f3cb91a8ec0dc61270bc40038751a58982d4678efb929a3bc6d3546e072f51a9f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8264c13be69076e52477dca9645156e0
SHA1 4cb5fef3c782d29eb14f05410f343b6dcb60872b
SHA256 90efe0a69561ec807adc946d8fef13049cb4710fa7d460eb21148656bdcfe75b
SHA512 838f4d14da12f4eb185b7a75b8d15b0e199dbc548b7b17d173c862dce42a99ecd20d56863acaf63f3677055d6be2df7eb52d6e423807d65e91e18c2eeae2ecb0

memory/4044-2506-0x0000000000EC0000-0x000000000125C000-memory.dmp

memory/4044-2507-0x00000000749A0000-0x0000000075150000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0880c9f99a9051d34ab5d6158d7d4653
SHA1 edfd440e73c152ae3349e0a2d01436d6640918a6
SHA256 4953151cc3921615e474232dd9b6411a4ae698e414e8cd137e7bec4625fc75e8
SHA512 eb4233d5415cba0f65e7fcbf74b02b13ea0d2cc4888a82a43de0f5ddb93c40fbd793e702037f8b732f8b555c7a31330b7b7925d757924b54155dae3163da20a4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ac2c1f4c1645c7db8a0804f7747a46bc
SHA1 4ab8a5ccdeb092b888d1a50ff41f1671c189270e
SHA256 d55385c50108b1fc23f7d651d5bc7659e3540d2debc2dc8bc59b4867d6709fab
SHA512 40cf3b96e6b105da61c5c306647ebaeab181225cf8deb26076a496673759ad5abc651abb2d1c034055f8b4e3e9cc4ab59cd74a264ac60ea076fc3075e27b0a62

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 0f21324285b0c2cd4955cca0df1a1947
SHA1 e9c9fe1d0685678688d9df08160c65351252d9f4
SHA256 779dbdc7d87f2c760585d08ddf52a24575ccf521e2e55a996dd3b5a346317138
SHA512 78a85e8343c6592c750d6b7b2eed2dc2d4eb772a7cbe67d8c9f71902e37d4c1ae43a429f1eac2265836732c3f7998b14889071c37efda7e3152d86a8ce65cf97

C:\Users\Admin\Downloads\winrar-x64-624.exe

MD5 15596b41dba42cdcce4f677fbbc86b6e
SHA1 1ed1e69e72028150f8562bff5ca1dd745874329a
SHA256 377abc9d367e61cb5c4761bf48dcfdf5bcd3822f303e0f972d7f4c8295a2ea79
SHA512 d4e0d64f71027ecc6d85479542ed682359b37446cb1dccce5fa2972f152e27f3cb91a8ec0dc61270bc40038751a58982d4678efb929a3bc6d3546e072f51a9f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a35b81bd08401497fc565367033c646b
SHA1 0411c6bf8c8aaed344d1727b954f831f4b585f58
SHA256 306395d3f58bc8aa1be03e89ff7d0faabf573eec022c6baf5a8c9e163c35e9d9
SHA512 71b150c430df70e48773a99628b6bc7f123aca444bb4e2b7c2049ff1993321b30ecb63c35c9a40133f69975a85b70548a42156f08cd248a4753cf9bcd1ff3c77

C:\Users\Admin\Downloads\7z2301-x64.SnVIW4J5.exe.part

MD5 e5788b13546156281bf0a4b38bdd0901
SHA1 7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA512 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

C:\Users\Admin\Downloads\7z2301-x64.exe

MD5 e5788b13546156281bf0a4b38bdd0901
SHA1 7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA512 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

C:\Users\Admin\Downloads\7z2301-x64.exe

MD5 e5788b13546156281bf0a4b38bdd0901
SHA1 7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256 26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA512 1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4129ad67eec67985d0029889a7d921a0
SHA1 3c16bb3725d886014caad9b5a331e7611dfcfe15
SHA256 758056c4bd4513e3951244c5b08099603208f277ccd3f1c2d80e9850192306d2
SHA512 579b63883da517b9b8cb6a0a15bffd3c8d42d0568f1b92edde22dcb9eb3f13babb578fcaa44fcf9fc77c9a00154f0d24cf4562c54a00609f8c82a4645fb0e591

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9bcc20749eb94d619ee4761240e0fdb5
SHA1 91cb23f4871453b11c9d61aa87222c0e38c9bff1
SHA256 f5747e62f65241b44b112ee2acc1514b43f18cb95d405b1636a3dacd0556c1b9
SHA512 1137cdd00cfaf107780513f47595de1c291907ac2f83f2cb60bc1601f60de9c8db6ecf39df3c98279d079018bad6cd89291b8a3a8e930f75a013013c0ca6b549

C:\Users\Admin\Downloads\winrar-x64-624.exe

MD5 15596b41dba42cdcce4f677fbbc86b6e
SHA1 1ed1e69e72028150f8562bff5ca1dd745874329a
SHA256 377abc9d367e61cb5c4761bf48dcfdf5bcd3822f303e0f972d7f4c8295a2ea79
SHA512 d4e0d64f71027ecc6d85479542ed682359b37446cb1dccce5fa2972f152e27f3cb91a8ec0dc61270bc40038751a58982d4678efb929a3bc6d3546e072f51a9f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 448fab886ba93b38c09db924722f1a42
SHA1 aa02dbb5e9ff46dbb3a30f7ab35da39c2be4e056
SHA256 3daf66c713aad6584605fa67231a2feeb06eac8082d199a83f908026e9f1a355
SHA512 1952c5258894b62a527ed4f1549cc0a87728b912d9d1a98351c5a627caee0b81eb62731e6d62591adbf980b033c5b6fcdf60a702b77d1de976a0509d3d4c55d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\2A251FBD27205181C6F89C26792EE2E010281BC1

MD5 012e91ef442146df752904b29e16902b
SHA1 e17812b7939bd03c8e695eabc84a24b2d2c6e3b3
SHA256 26ff82734f2ebf69c05e08a3d975a3d2dde424c1ebbd8bdb4799bb9b3f37d709
SHA512 0b44d8742713b77b0474f131363755cd6a2d99534d6bbc236eac83de2be98036e9a2a85cce137bd8d044b25f23ef4b3df20af9bed68e54a9ab45d65c9ba8d12c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\7D32DC9B716F840478815AE141F631287969E616

MD5 186d8fae1099a15f4957bc408ad1680b
SHA1 94373e36b80a22e0bdfa3f64e9616af74072b897
SHA256 f45491a9d3be01ed0d84dbf4957d997692bba81f193e81d00d2ca6f599cbba5a
SHA512 49dcc43159a9a00fde2a5e636bb51118d874a24321ae3bc77c0c17a2e2b8c7f7a791d6a08dde51d197413ec1e3818cbf91495d31fa0d8578223c7ecf725ded7e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\ADF684903229B63B9DD7248B7D1A86A01735A7DD

MD5 80a07ca39d35d6f1ff861397a0bfac81
SHA1 7b30ceeded95f1e3c26e316556b463301c00e6cf
SHA256 de0cecbfb41d5c10732be2d7255171f75b4212ae004c076250332fdb094564a5
SHA512 c487438f0fc7e9f233f1c2106418d71c2447695593be00c956d1d1b1b7b1beac42af2fa9e2a7319bbcff9dc68987cb8accc260b42d67434bdccfd1687ef672c5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 85382a9ae3369b22b2aecbe1a903ccfd
SHA1 2e270dff1480831db0ce2ce4715292c0e69d974e
SHA256 62112d3875f07050cf9b738d2fc18212c2803a4bf461c72918e883f7b57cfd63
SHA512 f5f3e635058719f1267365d1b2de97e1511f2effe87a9f79a848014a9d7f6c8db6bc601cc9c31fc7a8ed5078651db1e463c64ca680aa1e2dad91e49aff99b2e0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\jumpListCache\9xenyes57puVqAT1bjM9hA==.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0fe05f4d39523fecf3c5337ad08f64a7
SHA1 4b1a06b6cbd67e96b11b5c1d18aa6a814c21455c
SHA256 1644ca2cc573200117772ba3f93460d8785d835d4370ae42981d6dbacd1e86bd
SHA512 3a4f5ed05b56cd7077f2fc3408dea5b0cedbe185a4f3a769fb48c10582342ab2eae60c2b5d92d59f60cc5e12ee64ada43e61e9dfe0cba65ea4ec612a069d1a5f

C:\Program Files\7-Zip\7zFM.exe

MD5 30ac0b832d75598fb3ec37b6f2a8c86a
SHA1 6f47dbfd6ff36df7ba581a4cef024da527dc3046
SHA256 1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74
SHA512 505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

C:\Program Files\7-Zip\7z.dll

MD5 4e35a902ca8ed1c3d4551b1a470c4655
SHA1 ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c
SHA256 77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9
SHA512 c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30

C:\Program Files\7-Zip\7z.dll

MD5 4e35a902ca8ed1c3d4551b1a470c4655
SHA1 ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c
SHA256 77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9
SHA512 c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30

C:\Users\Admin\Downloads\trlogdecode.rar

MD5 b2f3bccf4d3a92125f3448a88a0980ca
SHA1 0dc9d71fff917b49ea83c4b5191fa2ace7953f46
SHA256 0903ab7881da7ec0262d754c78e9a0bd3b2aa11868e64c133b49b154c74746d9
SHA512 0ecc8b5266c91a0ad247eb8dc69deca55f666fed09da43aef83c3301a6fdebdda1fe64b0056a24d4f10944a9922839603683bed3993f23154ba929a033c47c5b

C:\Users\Admin\Desktop\trlogdecode.exe

MD5 92b3276355c5fd88754ae44a2da48792
SHA1 4e41028f96fe413556d54211289561d472a578b5
SHA256 5558cbccff4ceb5ef15e7dccc016fc83d70e2875c564910a9f441ad756ef9671
SHA512 faf8a8f8911ad4d6a45772c2d6fca05c59627c36ab52fb35c219802ddb582667830e69ef2a290ee6858b874bd85e85c554f55b6f6fbc2c5edaf4928512edbfe9

C:\Users\Admin\Desktop\trlogdecode.exe

MD5 92b3276355c5fd88754ae44a2da48792
SHA1 4e41028f96fe413556d54211289561d472a578b5
SHA256 5558cbccff4ceb5ef15e7dccc016fc83d70e2875c564910a9f441ad756ef9671
SHA512 faf8a8f8911ad4d6a45772c2d6fca05c59627c36ab52fb35c219802ddb582667830e69ef2a290ee6858b874bd85e85c554f55b6f6fbc2c5edaf4928512edbfe9

memory/4620-3088-0x0000000000D30000-0x00000000010CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\evb74EE.tmp

MD5 c55e2ff93285f9933fc8021a29b14d9a
SHA1 e364fc4b3b92c9d622c661bd784d9802671b4706
SHA256 3a5a35788a20e0cd9bcb8f4ef394d23d59a89d75948f4be413a4dc6ec49a58d7
SHA512 fe06b8778cc77391a168525bdfc655252ec3836a052bb0f0e16a9621c275dbf5c79ee8f2a80821d1a3c37427a49f43e60523fd8fbfa9e081f6392468125ff408

memory/4620-3095-0x0000000077C62000-0x0000000077C63000-memory.dmp

memory/4620-3096-0x0000000077C63000-0x0000000077C64000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\evb7441.tmp

MD5 c55e2ff93285f9933fc8021a29b14d9a
SHA1 e364fc4b3b92c9d622c661bd784d9802671b4706
SHA256 3a5a35788a20e0cd9bcb8f4ef394d23d59a89d75948f4be413a4dc6ec49a58d7
SHA512 fe06b8778cc77391a168525bdfc655252ec3836a052bb0f0e16a9621c275dbf5c79ee8f2a80821d1a3c37427a49f43e60523fd8fbfa9e081f6392468125ff408

C:\Users\Admin\AppData\Local\Temp\evb683.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb653.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb623.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb5F4.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\trlogdecode.exe.log

MD5 df27a876383bd81dfbcb457a9fa9f09d
SHA1 1bbc4ab95c89d02ec1d217f0255205787999164e
SHA256 8940500d6f057583903fde1af0287e27197410415639fc69beb39475fa5240dc
SHA512 fe68271375002cfcf8585c92b948ae47cd1632919c43db4bc738e2bc85ceea6dd30880dba27df9c3317531f1017624d4bd8979e6c5fad58112c7aa1189f0b844

memory/4620-3098-0x0000000000D30000-0x00000000010CC000-memory.dmp

memory/4620-3099-0x00000000749A0000-0x0000000075150000-memory.dmp

memory/4620-3100-0x0000000000D30000-0x00000000010CC000-memory.dmp

memory/4620-3101-0x0000000005CF0000-0x0000000005D00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\648840e6-4c84-4900-8b4f-1e9340546b97\trlogrt.dll

MD5 54ab56509d910c969b9c287fde10026d
SHA1 b0929cd61e4428d57191b0c41ad60765236bed4c
SHA256 998b95107a40360c441b4d1211f9f2e5ea9d004017baa383ffbe1a46cf08bfd0
SHA512 b16722ac2662362d6ee37620f1ab2dcee05e0a54b49dbc8bb2d93561f35f2f09e4dd8f0bc6139d57a5424a7b76c62dafef62a7f355ea1963e7fcdce180cdd2e8

memory/4620-3104-0x0000000072990000-0x00000000729C7000-memory.dmp

memory/4620-3105-0x0000000073430000-0x00000000734B9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\evb3C1C.tmp

MD5 c55e2ff93285f9933fc8021a29b14d9a
SHA1 e364fc4b3b92c9d622c661bd784d9802671b4706
SHA256 3a5a35788a20e0cd9bcb8f4ef394d23d59a89d75948f4be413a4dc6ec49a58d7
SHA512 fe06b8778cc77391a168525bdfc655252ec3836a052bb0f0e16a9621c275dbf5c79ee8f2a80821d1a3c37427a49f43e60523fd8fbfa9e081f6392468125ff408

C:\Users\Admin\AppData\Local\Temp\evb3C6C.tmp

MD5 c55e2ff93285f9933fc8021a29b14d9a
SHA1 e364fc4b3b92c9d622c661bd784d9802671b4706
SHA256 3a5a35788a20e0cd9bcb8f4ef394d23d59a89d75948f4be413a4dc6ec49a58d7
SHA512 fe06b8778cc77391a168525bdfc655252ec3836a052bb0f0e16a9621c275dbf5c79ee8f2a80821d1a3c37427a49f43e60523fd8fbfa9e081f6392468125ff408

C:\Users\Admin\AppData\Local\Temp\evb3C1C.tmp

MD5 c55e2ff93285f9933fc8021a29b14d9a
SHA1 e364fc4b3b92c9d622c661bd784d9802671b4706
SHA256 3a5a35788a20e0cd9bcb8f4ef394d23d59a89d75948f4be413a4dc6ec49a58d7
SHA512 fe06b8778cc77391a168525bdfc655252ec3836a052bb0f0e16a9621c275dbf5c79ee8f2a80821d1a3c37427a49f43e60523fd8fbfa9e081f6392468125ff408

C:\Users\Admin\AppData\Local\Temp\648840e6-4c84-4900-8b4f-1e9340546b97\trlogrt.dll

MD5 54ab56509d910c969b9c287fde10026d
SHA1 b0929cd61e4428d57191b0c41ad60765236bed4c
SHA256 998b95107a40360c441b4d1211f9f2e5ea9d004017baa383ffbe1a46cf08bfd0
SHA512 b16722ac2662362d6ee37620f1ab2dcee05e0a54b49dbc8bb2d93561f35f2f09e4dd8f0bc6139d57a5424a7b76c62dafef62a7f355ea1963e7fcdce180cdd2e8

memory/4620-3114-0x0000000000D30000-0x00000000010CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\evb4B22.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb4B33.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb4B43.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

C:\Users\Admin\AppData\Local\Temp\evb4B64.tmp

MD5 3c969043b0cab5fafa766225dec0312f
SHA1 dfc67c5c907994c9f1c012550b43c52a48f883d6
SHA256 c4c3a4f9b59e9f574f8418bbaa23e7dc0a5e1f6606662041a49ab088d15a21f6
SHA512 090bb455161a7971917d8cbb1a9b6997ae321f790a3acdac5f41febe8eb2e135098763363887d1cfd2b65800596a95ab1909391c806a9ef36cee24cfdacc14a1

memory/4620-3131-0x00000000749A0000-0x0000000075150000-memory.dmp

memory/4620-3132-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4620-3133-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4620-3134-0x0000000005CF0000-0x0000000005D00000-memory.dmp

memory/4620-3135-0x0000000072990000-0x00000000729C7000-memory.dmp

memory/4620-3137-0x0000000005CF0000-0x0000000005D00000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

MD5 a9194aea7bfa312846895aaee1688645
SHA1 f731fd6137804aef1793d08b8172c10a0a9d9dfb
SHA256 b455966cfa6402edcee973c65ac2bb8ea9af5de58abb2ac4f0136fd28dd79895
SHA512 bd2bf761789030c9d4c03ee36b01e8105def289597ef1e1db61bca5e008a1a2a811332c989fec3589c1d04ba9217451ac660e41c323ace10641c81d2f766950c

C:\Users\Admin\Desktop\dbgtrace_de.txt

MD5 8583ff963c385ea579635f612ab43854
SHA1 bcc377dcb118f3e53469cd5117a76d9032b54a16
SHA256 d4a8a2670d4aaf472250970d1278481271212a6581ac78599a52f45620629c9a
SHA512 5efda22e97b60318b8fed800c4f23a811478ebf525cf34f88b5cdd375e74ff3027065e9fa484db81f5ef2e4b926c78fd854e9e73fb6cbf78aa15f90e7edd4e81

memory/4620-3157-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4620-3159-0x0000000000400000-0x0000000000414000-memory.dmp

memory/4620-3160-0x0000000005CF0000-0x0000000005D00000-memory.dmp

C:\Users\Admin\Downloads\HsUiDKf8.txt.part

MD5 ff7a4231184073884fc734ec2e721618
SHA1 ce1ba926ba01dd5ec04458be426f884e1e82dd5f
SHA256 89046fcea65c727bd1c1f55334172f84ffa2d4ee3790007f49320a58aff14e81
SHA512 240d675329995d60e5bdf732fbd399f02ffb03dfffa331cbfdcee98a941a0d32d509bd6c7e08405e25385f686f72713addd573c060fd67087db3657463926933

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\DD369851F61F4AD7D3944CD684264B7C84451250

MD5 63d3a78797ea8a5e1d5dec3d29c2344d
SHA1 bcbad737fd0abfa2a4e6ba8ce4d76485b757cc82
SHA256 88202084ea2134503ae8b529b72ea3396ba3e5170881b69ddf97d2217e94a0d1
SHA512 edcb0b8f3223e22c58567e316c152f107f1593b37fe6b8e29c46fcec50fbdccccb14fda63968d365388eb53bb09c8d10eda411149447a9da8458d03a1eaab788

C:\Users\Admin\Desktop\dbgtrace_de.txt

MD5 8583ff963c385ea579635f612ab43854
SHA1 bcc377dcb118f3e53469cd5117a76d9032b54a16
SHA256 d4a8a2670d4aaf472250970d1278481271212a6581ac78599a52f45620629c9a
SHA512 5efda22e97b60318b8fed800c4f23a811478ebf525cf34f88b5cdd375e74ff3027065e9fa484db81f5ef2e4b926c78fd854e9e73fb6cbf78aa15f90e7edd4e81

C:\Users\Admin\Desktop\dbgtrace.txt

MD5 b92f825a36cd9aafa0988309cd1c8e1b
SHA1 872f1e78a9a8060ce880141b2c8470b75a1f68e1
SHA256 c24bf9abb3ebd64cdfb56051ae7c1eaf81db37df0f4ab7e8c31954a71faa828e
SHA512 572d472ecffcf7bf4dbd290d43e607b45850fed8c1570c7247930d2e21474bf44b3fda80bb62077208cd5be33a9cc8cc8533ef0f583bc4b8ab1f3e078be1a233

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 21c5451f9a5d23e9e5fe72fe8a874ba8
SHA1 2944bba179319703bb0862c3e3b664cc36928f6b
SHA256 21e8999bd70ec8e5e8677686d92b812865e9e535135765535d727bd2810e0f67
SHA512 32dbd66cbf81a1c0c58f4a56c73eada7d7728f1aa29dd094a19f04797a228555cca1dae75cb89c0394f1edbc19c48f1ba6149b45db702284183d55da66dcf21c

C:\Users\Admin\Desktop\dbgtrace.txt

MD5 ff7a4231184073884fc734ec2e721618
SHA1 ce1ba926ba01dd5ec04458be426f884e1e82dd5f
SHA256 89046fcea65c727bd1c1f55334172f84ffa2d4ee3790007f49320a58aff14e81
SHA512 240d675329995d60e5bdf732fbd399f02ffb03dfffa331cbfdcee98a941a0d32d509bd6c7e08405e25385f686f72713addd573c060fd67087db3657463926933

C:\Users\Admin\Desktop\dbgtrace_de.txt

MD5 3a4185d8f62ea5e9ac3677fbc3bd35dc
SHA1 f395de526b78d1c0c450e07ab405ca2cb623f540
SHA256 71e9427438bee5dd6756b9ca58c460809f16023d43aed0b15a52414e341abe3a
SHA512 c94810cd8ef39862687f662466a892d2364dc9cb810fcb12616b262143a34c1109a449f86b7a7105c6364e42e90364d3922333567f6d3f699f62bb3c9a7f775e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\datareporting\glean\db\data.safe.bin

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\datareporting\glean\db\data.safe.bin

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

MD5 a8c4358333addbc24e81860205be91b2
SHA1 d9445e9cf2ff08ffccf01ba4c61439cc2e39f261
SHA256 8c231cc2ed482a9e8db7a468b21c01a6128717296f7af5cc0937088e26a91878
SHA512 f91c3b01b3abb24462f3cc7bff7d9252b5fd980fef5df2b83bdc395b8756fa89083a64ec77021bd39d40ec9e943e8b0e4efcede302e104f95640319d17891232

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\broadcast-listeners.json

MD5 cc1ec5d2590dc8550aa1d92c15cc1ec7
SHA1 d41015a078c9090927a82f66b18406d3c38b92df
SHA256 eae2492a9950f23a6d031270e64058ffa5f014226de3907d56056abb38661652
SHA512 b0eff014ee01e7f71311ad0dc039167cd5cc21ae013a7c59105cf07851c132bf076ac381bf9d349c3359e1197a185639a40c04ec0a58b0ea205521098ba4f664

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\extensions.json

MD5 7c32f054095cc53b7ad40007676ba0f7
SHA1 3ac98be9687347539f2521b8b7fa241aa2e3545a
SHA256 6ce657951eede138079df2ba405d608d38b66038b7748c27549d6380024e5e78
SHA512 d8df0bb9d4f9f83c141d9e90d2a11cdcbf53fb654676331a004c67fc7a689a5b8c00963b6485732be90f7dfe92a50befbb9e77dce681def7891082265b8f00ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\xulstore.json

MD5 1995825c748914809df775643764920f
SHA1 55c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA256 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512 c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\targeting.snapshot.json

MD5 9101621c4f557592860ba011da6a0cd7
SHA1 c0a4771deee4053023c587af54ff0423e0120a66
SHA256 f3fc4841ed3d72edbc11006851b44a982e05e21216de1dc2d10a0e11fbddfdef
SHA512 141484fb0e393164d84ed62cc84d24719149baf66beebe79d5c8f7925f7a7b64f992e48dbb6ae86b3da1b474c7d4e52eb68f6108d85057dfd093f579a8fe1b5d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\recipe_attachment.json

MD5 be3d0f91b7957bbbf8a20859fd32d417
SHA1 fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10
SHA256 fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7
SHA512 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_sports.json

MD5 ce4e75385300f9c03fdd52420e0f822f
SHA1 85c34648c253e4c88161d09dd1e25439b763628c
SHA256 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14
SHA512 d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

MD5 6ccd943214682ac8c4ec08b7ec6dbcbd
SHA1 18417647f7c76581d79b537a70bf64f614f60fa2
SHA256 ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b
SHA512 e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_science.json

MD5 7a8fd079bb1aeb4710a285ec909c62b9
SHA1 8429335e5866c7c21d752a11f57f76399e5634b6
SHA256 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32
SHA512 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

MD5 2d69892acde24ad6383082243efa3d37
SHA1 d8edc1c15739e34232012bb255872991edb72bc7
SHA256 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a
SHA512 da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_real_estate.json

MD5 9899942e9cd28bcb9bf5074800eae2d0
SHA1 15e5071e5ed58001011652befc224aed06ee068f
SHA256 efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a
SHA512 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_shopping.json

MD5 97d4a0fd003e123df601b5fd205e97f8
SHA1 a802a515d04442b6bde60614e3d515d2983d4c00
SHA256 bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6
SHA512 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

MD5 b1bd26cf5575ebb7ca511a05ea13fbd2
SHA1 e83d7f64b2884ea73357b4a15d25902517e51da8
SHA256 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0
SHA512 edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

MD5 39b73a66581c5a481a64f4dedf5b4f5c
SHA1 90e4a0883bb3f050dba2fee218450390d46f35e2
SHA256 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17
SHA512 cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

MD5 5b26aca80818dd92509f6a9013c4c662
SHA1 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f
SHA256 dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671
SHA512 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

MD5 36689de6804ca5af92224681ee9ea137
SHA1 729d590068e9c891939fc17921930630cd4938dd
SHA256 e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52
SHA512 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_online_communities.json

MD5 37a74ab20e8447abd6ca918b6b39bb04
SHA1 b50986e6bb542f5eca8b805328be51eaa77e6c39
SHA256 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f
SHA512 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

MD5 df96946198f092c029fd6880e5e6c6ec
SHA1 9aee90b66b8f9656063f9476ff7b87d2d267dcda
SHA256 df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996
SHA512 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_games.json

MD5 4182a69a05463f9c388527a7db4201de
SHA1 5a0044aed787086c0b79ff0f51368d78c36f76bc
SHA256 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85
SHA512 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

MD5 0ed0473b23b5a9e7d1116e8d4d5ca567
SHA1 4eb5e948ac28453c4b90607e223f9e7d901301c4
SHA256 eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b
SHA512 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_finance.json

MD5 e95c2d2fc654b87e77b0a8a37aaa7fcf
SHA1 b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc
SHA256 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e
SHA512 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

MD5 6c651609d367b10d1b25ef4c5f2b3318
SHA1 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4
SHA256 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9
SHA512 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

MD5 80c49b0f2d195f702e5707ba632ae188
SHA1 e65161da245318d1f6fdc001e8b97b4fd0bc50e7
SHA256 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63
SHA512 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_health.json

MD5 11711337d2acc6c6a10e2fb79ac90187
SHA1 5583047c473c8045324519a4a432d06643de055d
SHA256 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565
SHA512 c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

MD5 a92a0fffc831e6c20431b070a7d16d5a
SHA1 da5bbe65f10e5385cbe09db3630ae636413b4e39
SHA256 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c
SHA512 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

MD5 70ba02dedd216430894d29940fc627c2
SHA1 f0c9aa816c6b0e171525a984fd844d3a8cabd505
SHA256 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34
SHA512 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_reference.json

MD5 567eaa19be0963b28b000826e8dd6c77
SHA1 7e4524c36113bbbafee34e38367b919964649583
SHA256 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49
SHA512 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

MD5 250acc54f92176775d6bdd8412432d9f
SHA1 a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65
SHA256 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54
SHA512 a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

MD5 c82700fcfcd9b5117176362d25f3e6f6
SHA1 a7ad40b40c7e8e5e11878f4702952a4014c5d22a
SHA256 c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780
SHA512 d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

MD5 bb45971231bd3501aba1cd07715e4c95
SHA1 ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a
SHA256 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d
SHA512 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\personality-provider\nb_model_build_attachment_travel.json

MD5 48139e5ba1c595568f59fe880d6e4e83
SHA1 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78
SHA256 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa
SHA512 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

C:\Users\Admin\Desktop\dbgtrace_de.txt

MD5 3a4185d8f62ea5e9ac3677fbc3bd35dc
SHA1 f395de526b78d1c0c450e07ab405ca2cb623f540
SHA256 71e9427438bee5dd6756b9ca58c460809f16023d43aed0b15a52414e341abe3a
SHA512 c94810cd8ef39862687f662466a892d2364dc9cb810fcb12616b262143a34c1109a449f86b7a7105c6364e42e90364d3922333567f6d3f699f62bb3c9a7f775e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fbadc22271fa0b6896af8e46ae2e0b26
SHA1 4d97df127b76e73a80ca56d2f93e2401cda55931
SHA256 8628c2cfc0dc77505b9f6db87c00992b8e792f33b5c874bd0f7124810d64806b
SHA512 3a9ae86c57be0e23c76da7205296c4bf2536153c26b05b7511f8997b9439bb6c76ae0528da108da3b70e67724d90417d15c79fc08a31e7d65d305ecb7d7374d8

C:\Users\Admin\Downloads\dbgtrace.m27D74Nm.txt.part

MD5 907245ef25e7df91c44d6cfd32dd77ee
SHA1 f73fe892e2a20e5882e5b6d24088c118bb43b9c0
SHA256 44cbb327bcb1366197a8f01605eb8cf643955fc77bc16efcca686c7bacd216a8
SHA512 5da0f2c69feb307aa773a1f0ed940090cb13b384e7b7a0fff46859df65a290a07d387fb9380fac7e46c05658f3911d6f4c8bacd5f59e975d826dd58e3eda4f83

C:\Users\Admin\Downloads\dbgtrace.txt

MD5 907245ef25e7df91c44d6cfd32dd77ee
SHA1 f73fe892e2a20e5882e5b6d24088c118bb43b9c0
SHA256 44cbb327bcb1366197a8f01605eb8cf643955fc77bc16efcca686c7bacd216a8
SHA512 5da0f2c69feb307aa773a1f0ed940090cb13b384e7b7a0fff46859df65a290a07d387fb9380fac7e46c05658f3911d6f4c8bacd5f59e975d826dd58e3eda4f83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bcfd900f763920be9712d5b29af38587
SHA1 78cc9373a28216be6e2bc4269c0dc692cc91f691
SHA256 62d2b5bbd7a2b5f9cbd67aadeba9dc25c95fb9e5972afd84b96c0af9dab193f9
SHA512 68ad7db17e69abe5704dc4acd9ebb22cc98b6f743aa25f4da6404f4674de3245663e779a67329a95fd5cddb3a2d70d18358530883bcf99caadce9710d621fb09

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\0D0BB73C78ADDE449FA633D84DF95E410284A76D

MD5 d760e8278ce5ac36c914fa444d2dc634
SHA1 f1a949f9448844af2ea812f46d5c82ba45bb05a7
SHA256 ed88ca14fd9a45ddeaf5ccfeb2524c1528433e5567f31f871b39cb7d71cb4b29
SHA512 0da146bc3d8f809a36dbf73f96309593955a35510d590ecf758d88d55c4e957fb78625a787be9cff15579f4b23531884b2617b31ebce163e967fb7718e181ec4

C:\Users\Admin\Desktop\dbgtrace.txt

MD5 ff7a4231184073884fc734ec2e721618
SHA1 ce1ba926ba01dd5ec04458be426f884e1e82dd5f
SHA256 89046fcea65c727bd1c1f55334172f84ffa2d4ee3790007f49320a58aff14e81
SHA512 240d675329995d60e5bdf732fbd399f02ffb03dfffa331cbfdcee98a941a0d32d509bd6c7e08405e25385f686f72713addd573c060fd67087db3657463926933

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\doomed\8118

MD5 4806233a96d9038edac3d6e26ce5ef9a
SHA1 dd35cc477a99576aca958014a46a486f06d7d7e1
SHA256 18b3db3037a919d6dcebdcf9159f05181e38386400a5f42a5955994ef6600f2a
SHA512 7bd7d7cccca8ccfab4547e13d067ace020fc0c622ca781239e448f8d18a699df93a0d9b7dc0ac757e669b59bbe59e5ff8063415b19fe53b70729a15d170f00b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fe16f6d724cc926a725471eba959f5c3
SHA1 56570b90c187e0bb1956e320f5b4a9761719647f
SHA256 106b05d5d79fa2c544c03aae2ef0fc5fa644af4746801bc9d2ef83e837944f39
SHA512 83f29fc2b4fa77c063981aa73779c4d35fdecfc3fad143aad6a074297413048a7af9065105f9872ccae4ca3d4c6f3b3682af6e07df871c1dca0f97c5de378f0f

C:\Users\Admin\Desktop\dbgtrace.txt

MD5 907245ef25e7df91c44d6cfd32dd77ee
SHA1 f73fe892e2a20e5882e5b6d24088c118bb43b9c0
SHA256 44cbb327bcb1366197a8f01605eb8cf643955fc77bc16efcca686c7bacd216a8
SHA512 5da0f2c69feb307aa773a1f0ed940090cb13b384e7b7a0fff46859df65a290a07d387fb9380fac7e46c05658f3911d6f4c8bacd5f59e975d826dd58e3eda4f83

C:\Users\Admin\Desktop\dbgtrace_de.txt

MD5 c57825cdfd2d991f9c3578f2d32bbcf2
SHA1 f33ce569c9b61d796be3e5ed88fbb780e32ddfb2
SHA256 6bf189d43a6bd496981e0a464b3155dabe5c2d921f63d0e37999c281f7cabb20
SHA512 5328a889c352af5010d0c84379bed8e552a03fe7e3bcf482cd63a0a1d30f6f82378b85954759c77efd43617cb347c67d46cda643f4157ab8f23a05b976a34a4e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4b734ab43f33e63e0f8c8ccbef304359
SHA1 2f93e4386b94c440118b0d4fbb90d1b0394f07ac
SHA256 6d33717ce84b9e788733f51cfe7cff76059007485bd9fb3d00ec4219aed22179
SHA512 c22bb40091cbf567b30a0a31bcbc95cf09cbad4392d47ae25aa25719ded6cdf36f531e490c5e2f56700d34b1dc665f0ab0a105cd20e1445d9dc1e243cbb55bb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\SiteSecurityServiceState.txt

MD5 61308df62e74458343f8c332769440d2
SHA1 feda674e5bf835e01d208c41ca390f81cdebe808
SHA256 c4fc2dc75d9e92628e074ac7895924c723fac570535ab60e8c3e6c083ed94528
SHA512 1e30be689592acd9a7960591fa3b847349e6af6e05c127c8c9e81fa2d339a82e2b6f07a05876ac70a8b774a17c24bbb929fbc71c394195edcb24a87e73343a10

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\doomed\26674

MD5 65e357ce5b9468ed040bc0431ef9bdfb
SHA1 7520eb3874448da8b2aad4db8be5413fd1e57b67
SHA256 733d3fa26ba316032e738ba686cba02c115e9d9ce3a2379609d2cd31607fecb0
SHA512 dc810592168a892e90a7076dbc3270a90d20382ae483be4ea8d18f770fa24b9322d1a6cbcdac818d2c8fa6db264241565b00afa2d007aa779be1152d02cc18c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\AlternateServices.txt

MD5 6936017731c147750cf37632c19ce20c
SHA1 b89edf6d3e3210d0a5a9683f5c952ddc10e7934b
SHA256 ce02eb214e7d7be9aa46799baf31cc6f052e91486f60e18f46bee4d5e2e9bdd1
SHA512 2e7db3cc0537f5f414ab085fc53a9796abda8d7dd4418d8de8cc31b66078abec3953482a07ab319ebc3e5712b518ba4c92f69437c99ba17fdd559a15f32d4bd0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 a290941711c7b5308da421e9ed9f9c81
SHA1 702781ee4b359f56bde1b4c3e538fea0e0e280cb
SHA256 b8c08fd3a2801dfc7a2ca1b3089919341447145d5b16dedde6a09cef4704e3f2
SHA512 87157f9d24addd7117c9263c71710b6d7ff55aaac615cb0e90e5b35ef7b25adc72e619b374a6e8ca3ce10f7a8a172191f9dfabf5466f8b952037440337e5f4c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\datareporting\glean\db\data.safe.bin

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\AlternateServices-1.txt

MD5 1793b741e02b4015f5980a7ee11d0bb7
SHA1 03db4844c6024480ee4f4cd0bcad511a87800664
SHA256 2ed70d53b297baeab7765610bff5ab47833a2be6f09010f401b80cc8100be9af
SHA512 195ec3d062084304abe0ddf4c52411bbbc432bcf1c05128b41f846d704e0035fa78fbb5369f0e163ba94c6092db2eab56952953fbaba99b0337b1186110526d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\bookmarkbackups\bookmarks-2023-10-15_11_+EFFcgpUIqbOq77CaBEnzg==.jsonlz4

MD5 0a8d64776c2cfaa066c6133808f38605
SHA1 41f83eab92197d6f0993d7e893bc82be26518f45
SHA256 5207405b5c51e0242e85f32402591aa1037fc7e386317967fb54ed5db4ff1f22
SHA512 6e1f0dc08dcb98eef3c355fea49e891fc18dd18401e2965ad268bb038777eba0fd0594f07a98c4004320d8b4b652503f80b33d3ddc1779aefd47c22b2906837c