Malware Analysis Report

2024-11-30 19:09

Sample ID 240308-nexg9see9y
Target MrsMajor 3.0.7z
SHA256 eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
Tags
agilenet evasion trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2

Threat Level: Known bad

The file MrsMajor 3.0.7z was found to be: Known bad.

Malicious Activity Summary

agilenet evasion trojan upx

UAC bypass

Downloads MZ/PE file

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

UPX packed file

Executes dropped EXE

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Modifies registry class

Checks processor information in registry

System policy modification

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-08 11:19

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-08 11:19

Reported

2024-03-08 11:21

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 1844 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2368 wrote to memory of 1844 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 50.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 197.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 72.135.221.88.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-08 11:19

Reported

2024-03-08 11:33

Platform

win7-20240221-en

Max time kernel

874s

Max time network

875s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Downloads MZ/PE file

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Windows\system32\ickr0a.exe C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000" C:\Users\Admin\Downloads\NRVP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\Downloads\NRVP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\NRVP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Users\Admin\Downloads\NRVP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\NRVP.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2384 wrote to memory of 2056 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2384 wrote to memory of 2056 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2384 wrote to memory of 2056 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2520 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2520 wrote to memory of 2216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\MrsMajor 3.0.7z"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6639758,0x7fef6639768,0x7fef6639778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3300 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3712 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3720 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3440 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3704 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3640 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2624 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3872 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3656 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2564 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1364,i,15192219771014358401,3450607788940395189,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.0.1842216642\540344216" -parentBuildID 20221007134813 -prefsHandle 1272 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f1c24ba-93d5-47bb-96ad-54e69988f03b} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 1372 101d7b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.1.1686324368\1211327568" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1508 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb55e87e-1a23-4077-8290-4382f167a2e8} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 1524 41ed958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.2.1439737008\297154859" -childID 1 -isForBrowser -prefsHandle 1940 -prefMapHandle 1876 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e33f9fa1-22ee-4156-8a16-f96ce8539d2e} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 1916 1a46f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.3.860121184\1731987542" -childID 2 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee71608b-e10f-4fa2-b216-d6c4032151aa} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 2764 1c697258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.4.1918342307\424525858" -childID 3 -isForBrowser -prefsHandle 2916 -prefMapHandle 2732 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {863638c0-e090-4289-8d44-86aada3fd128} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 2924 1c697858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.5.2049889357\441986876" -childID 4 -isForBrowser -prefsHandle 3680 -prefMapHandle 3716 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {232b70b9-34e6-4a81-98e1-21dcc07754a4} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 3732 1ea18558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.6.1581272258\995745990" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18e1205e-643b-4bc2-8527-fb97bc48bf93} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 3840 1ea16d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.7.1148912354\1012309207" -childID 6 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6845eb7-d84c-4f59-8754-97be3d4f8712} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 4016 1ea17058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2644.8.1916393819\2075065282" -childID 7 -isForBrowser -prefsHandle 3000 -prefMapHandle 2084 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79b23ec5-9da4-42a9-83cf-163119648d9d} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" 3044 1a394058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.0.1017919519\1748920072" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20873 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43f6cc81-9516-4d8f-9775-f48daaf8cad0} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 1304 11fe9358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.1.218567199\1983010159" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 20954 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdcc6831-f4ad-4289-8ee1-4113e1febcb6} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 1492 d6fe58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.2.1407301468\1500771666" -childID 1 -isForBrowser -prefsHandle 1976 -prefMapHandle 1972 -prefsLen 21057 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2905755e-5fc4-4fdd-b7d2-1b9f86e4b225} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 1988 19e35558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.3.649065072\161420033" -childID 2 -isForBrowser -prefsHandle 844 -prefMapHandle 828 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67f3478-df53-4302-aabc-b05a4bb8dc36} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 644 19d64d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.4.284221318\1388177393" -childID 3 -isForBrowser -prefsHandle 2648 -prefMapHandle 2644 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3be0ee7-3b73-4bbd-8f42-253cb76ceb39} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 2660 d5e258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.5.1749599296\757538190" -childID 4 -isForBrowser -prefsHandle 1112 -prefMapHandle 3248 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf10a4c5-c685-4336-b028-212baa4382f0} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 3292 1aadf858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.6.494547413\101568002" -childID 5 -isForBrowser -prefsHandle 3300 -prefMapHandle 3260 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e30e786e-0f5c-463f-964b-5416ba9e8a23} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 3348 1b7a0a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.7.608799816\9092567" -childID 6 -isForBrowser -prefsHandle 3516 -prefMapHandle 3352 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4f9b3d1-62b1-4b1a-8e05-1cc2e4e15c84} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 3528 1b7a0758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.8.343486546\143206395" -childID 7 -isForBrowser -prefsHandle 3992 -prefMapHandle 3984 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6383e61-5dd4-457a-b16b-64dfcb1f4128} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4004 1df3e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.9.508597519\903532479" -childID 8 -isForBrowser -prefsHandle 2404 -prefMapHandle 3536 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab35ae40-efb4-4de2-b388-c6a593f5756d} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 2916 1f89d558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.10.1634039807\986062212" -childID 9 -isForBrowser -prefsHandle 3336 -prefMapHandle 1096 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a27986e3-9862-48f7-8413-a4bffaa33cc8} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 2316 1ba7fe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.11.443390496\1986634632" -childID 10 -isForBrowser -prefsHandle 4316 -prefMapHandle 4328 -prefsLen 26235 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34334a77-bbaa-439f-8959-9a746717f902} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4304 1f89c058 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x488

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.12.1888096855\967500735" -parentBuildID 20221007134813 -prefsHandle 3216 -prefMapHandle 3232 -prefsLen 26500 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29b51a15-b77e-4f42-9bc4-605a6c993f54} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4188 22f55858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.13.383415645\1448973318" -childID 11 -isForBrowser -prefsHandle 4180 -prefMapHandle 1696 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bf9ad6e-1387-4744-95b9-1e1f5e489f23} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4320 22f58e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.14.327996471\276191467" -childID 12 -isForBrowser -prefsHandle 4556 -prefMapHandle 4552 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6723e2-0baf-44ae-b7a8-d58718ca9278} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4496 23518258 tab

C:\Users\Admin\Downloads\NRVP.exe

"C:\Users\Admin\Downloads\NRVP.exe"

C:\Users\Admin\AppData\Local\Temp\7zO808E769A\MrsMajor 3.0.exe

"C:\Users\Admin\AppData\Local\Temp\7zO808E769A\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\C83F.tmp\C840.tmp\C841.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\C83F.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\C83F.tmp\eulascr.exe"

C:\Users\Admin\Desktop\MrsMajor 3.0.exe

"C:\Users\Admin\Desktop\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\29CF.tmp\29D0.tmp\29D1.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\29CF.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\29CF.tmp\eulascr.exe"

C:\Users\Admin\Desktop\MrsMajor 3.0.exe

"C:\Users\Admin\Desktop\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\471E.tmp\471F.tmp\4720.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\471E.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\471E.tmp\eulascr.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.15.543171601\376647444" -childID 13 -isForBrowser -prefsHandle 8680 -prefMapHandle 8684 -prefsLen 26540 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9cb020e-7cde-4596-a31e-db9ac3bb49f6} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 8668 1df40f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.16.1903885186\1747506443" -childID 14 -isForBrowser -prefsHandle 8520 -prefMapHandle 3916 -prefsLen 26540 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86a4614d-275d-41ac-816e-4a7a1d44b7b5} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 8500 1ed8c558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.17.1901558381\1994887743" -childID 15 -isForBrowser -prefsHandle 1604 -prefMapHandle 1844 -prefsLen 26549 -prefMapSize 233496 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6cabe41-b620-4216-aac9-3c26d766ed23} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 8352 22f55558 tab

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.0.669101126\607486153" -parentBuildID 20221007134813 -prefsHandle 1140 -prefMapHandle 1132 -prefsLen 21147 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd5f23a4-049f-42bd-b0f9-4cfdc67b7de5} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 1204 3ffce58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.1.1656588635\968774257" -parentBuildID 20221007134813 -prefsHandle 1344 -prefMapHandle 1340 -prefsLen 21192 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {accbd0f2-ef5a-4d64-b756-39cffca179de} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 1360 de3e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.2.1499209528\1909268089" -childID 1 -isForBrowser -prefsHandle 2008 -prefMapHandle 2004 -prefsLen 21653 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31eab290-f1bd-4b86-9273-d67c7dbc541d} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 2020 19a84858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.3.1576727865\1334750308" -childID 2 -isForBrowser -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d1c63b5-a580-4ddf-858d-5836a813e82d} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 2400 1b845558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.4.2020622535\209079735" -childID 3 -isForBrowser -prefsHandle 2640 -prefMapHandle 2632 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0ae559e-c949-401a-a5e1-12a8bcafd718} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 2656 1ba45c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.5.1541664387\1291620654" -childID 4 -isForBrowser -prefsHandle 3444 -prefMapHandle 3416 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9efb1c8-ab91-4695-bffd-8c513d2ae2ea} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3464 1e528158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.6.1458454125\650364782" -childID 5 -isForBrowser -prefsHandle 3572 -prefMapHandle 3576 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4efdf05-487f-489e-b2bb-8d578fe755fa} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3560 1e528458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.7.133776361\1111505234" -childID 6 -isForBrowser -prefsHandle 3768 -prefMapHandle 3772 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb29604-9c28-407b-a43c-a3ec4250fdff} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3756 1e528a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.8.618166640\78719810" -childID 7 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c49880c3-3871-4e7d-aa25-b24f773e2478} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3920 217a5e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3440.9.1863570548\1173776626" -childID 8 -isForBrowser -prefsHandle 4280 -prefMapHandle 3532 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f42c6cbd-fd77-4a13-aa13-ef4f55c38afa} 3440 "\\.\pipe\gecko-crash-server-pipe.3440" 3508 d66858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.0.534316440\1410453845" -parentBuildID 20221007134813 -prefsHandle 1144 -prefMapHandle 1136 -prefsLen 21147 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4510b69d-febd-4231-bf49-55eda294a298} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 1208 9eeca58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.1.129125241\1105308888" -parentBuildID 20221007134813 -prefsHandle 1348 -prefMapHandle 1344 -prefsLen 21192 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4deff07e-01bc-483b-9c18-322758de2795} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 1360 ddfe58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.2.328895013\224856657" -childID 1 -isForBrowser -prefsHandle 2020 -prefMapHandle 2016 -prefsLen 21653 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c71c7658-75aa-4640-8197-3b4bd6a6fa33} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 2032 19b40e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.3.656322496\759131724" -childID 2 -isForBrowser -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed584078-92d4-4a8b-a104-3fbdce5cb4e5} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 2320 d62b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.4.923620512\181383984" -childID 3 -isForBrowser -prefsHandle 2748 -prefMapHandle 2744 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {091c96e3-cbe6-4829-aa36-048a9934fb3a} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 2760 1c20a958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.5.842238193\1734067274" -childID 4 -isForBrowser -prefsHandle 2500 -prefMapHandle 3288 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7099640f-093a-4126-9834-a75305a646b5} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 3344 1b34ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.6.563305416\690121109" -childID 5 -isForBrowser -prefsHandle 3452 -prefMapHandle 3456 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47adfa5c-bfcd-425c-ac05-e779070879e5} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 3440 1eb39458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.7.610553547\1270511021" -childID 6 -isForBrowser -prefsHandle 3664 -prefMapHandle 3668 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62b3f66b-5080-4138-aba8-969750dbb892} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 3652 1f4e7558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.8.2030135319\299733750" -childID 7 -isForBrowser -prefsHandle 4120 -prefMapHandle 4080 -prefsLen 26831 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d690552-e7b7-4c35-9843-d222634a732c} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4132 1a03be58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.9.847227309\952128400" -childID 8 -isForBrowser -prefsHandle 4516 -prefMapHandle 4520 -prefsLen 26840 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc0996c1-acf1-4b50-a82e-1108cd1522e8} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4504 22e69e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.10.1978208145\1240663439" -childID 9 -isForBrowser -prefsHandle 4692 -prefMapHandle 4632 -prefsLen 26840 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7917bd73-c411-4daa-9b8e-c1af1d4ea8a9} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4704 234f7a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.11.1920506939\472600139" -childID 10 -isForBrowser -prefsHandle 8808 -prefMapHandle 8816 -prefsLen 26840 -prefMapSize 233536 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64651f3f-89f7-4017-9f57-22bdc9940786} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4852 23af3358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.12.988183621\177030868" -parentBuildID 20221007134813 -prefsHandle 8640 -prefMapHandle 8808 -prefsLen 26840 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3a34d5c-4534-4c3c-be3d-4456db26f979} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 8648 24490058 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.13.1622245378\155460820" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8540 -prefMapHandle 8544 -prefsLen 26840 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ed7429b-0eee-4423-aabd-e4067f766337} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 8528 2471b858 utility

C:\Users\Admin\Desktop\MrsMajor 3.0.exe

"C:\Users\Admin\Desktop\MrsMajor 3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\4B81.tmp\4B82.tmp\4B83.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\4B81.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\4B81.tmp\eulascr.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x574

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ya.ru udp
RU 77.88.55.242:443 ya.ru tcp
RU 77.88.55.242:443 ya.ru tcp
US 8.8.8.8:53 sso.passport.yandex.ru udp
RU 213.180.204.24:443 sso.passport.yandex.ru tcp
US 8.8.8.8:53 sso.ya.ru udp
RU 213.180.204.24:443 sso.ya.ru tcp
RU 213.180.204.24:443 sso.ya.ru tcp
RU 213.180.204.24:443 sso.ya.ru tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 77.88.55.242:443 ya.ru tcp
US 8.8.8.8:53 yandex.ru udp
RU 5.255.255.70:443 yandex.ru tcp
RU 77.88.55.242:443 ya.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
RU 87.250.247.181:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 favicon.yandex.net udp
RU 77.88.21.36:443 favicon.yandex.net tcp
US 8.8.8.8:53 yabs.yandex.ru udp
RU 213.180.204.91:443 yabs.yandex.ru tcp
RU 213.180.204.91:443 yabs.yandex.ru tcp
US 8.8.8.8:53 static-mon.yandex.net udp
US 8.8.8.8:53 hdrc.yandex.net udp
RU 87.250.254.189:443 hdrc.yandex.net tcp
RU 87.250.251.92:443 static-mon.yandex.net tcp
RU 87.250.251.92:443 static-mon.yandex.net tcp
US 8.8.8.8:53 rostelecom.ru udp
RU 87.226.162.216:80 rostelecom.ru tcp
RU 5.255.255.70:443 yandex.ru tcp
RU 87.250.251.92:443 static-mon.yandex.net tcp
US 8.8.8.8:53 egress.yandex.net udp
RU 87.250.251.42:443 egress.yandex.net tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 54.218.225.239:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 ya.ru udp
RU 5.255.255.242:80 ya.ru tcp
RU 5.255.255.242:80 ya.ru tcp
US 8.8.8.8:53 ya.ru udp
RU 5.255.255.242:443 ya.ru tcp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 sso.passport.yandex.ru udp
RU 213.180.204.24:443 sso.passport.yandex.ru tcp
US 8.8.8.8:53 sso.passport.yandex.ru udp
US 8.8.8.8:53 passport.yandex.ru udp
US 8.8.8.8:53 passport.yandex.ru udp
US 8.8.8.8:53 sso.ya.ru udp
US 8.8.8.8:53 sso.ya.ru udp
RU 213.180.204.24:443 sso.ya.ru tcp
RU 213.180.204.24:443 sso.ya.ru tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 5.255.255.70:443 yandex.ru tcp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yabs.yandex.ru udp
RU 87.250.250.91:443 yabs.yandex.ru tcp
US 8.8.8.8:53 yabs.yandex.ru udp
US 8.8.8.8:53 yabs.yandex.ru udp
US 8.8.8.8:53 hdrc.yandex.net udp
US 8.8.8.8:53 static-mon.yandex.net udp
RU 87.250.254.189:443 hdrc.yandex.net tcp
US 8.8.8.8:53 hdrc.yandex.net udp
RU 87.250.251.92:443 static-mon.yandex.net tcp
US 8.8.8.8:53 static-mon.yandex.net udp
US 8.8.8.8:53 hdrc.yandex.net udp
US 8.8.8.8:53 cryprox.yandex.net udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 cryprox.yandex.net udp
RU 87.250.251.92:443 cryprox.yandex.net tcp
RU 87.250.251.92:443 cryprox.yandex.net tcp
US 8.8.8.8:53 egress.yandex.net udp
US 8.8.8.8:53 egress.yandex.net udp
RU 87.250.251.42:443 egress.yandex.net tcp
RU 87.250.251.42:443 egress.yandex.net tcp
US 8.8.8.8:53 egress.yandex.net udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 favicon.yandex.net udp
RU 93.158.134.36:443 favicon.yandex.net tcp
US 8.8.8.8:53 favicon.yandex.net udp
RU 93.158.134.36:443 favicon.yandex.net tcp
US 8.8.8.8:53 avatars.mds.yandex.net udp
RU 87.250.247.183:443 avatars.mds.yandex.net tcp
RU 87.250.247.183:443 avatars.mds.yandex.net tcp
RU 87.250.247.183:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 an.yandex.ru udp
RU 87.250.250.90:443 an.yandex.ru tcp
US 8.8.8.8:53 an.yandex.ru udp
RU 87.250.250.90:443 an.yandex.ru tcp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.90:443 an.yandex.ru tcp
US 8.8.8.8:53 ysa-static.passport.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 log.strm.yandex.ru udp
US 8.8.8.8:53 log.strm.yandex.ru udp
RU 87.250.251.15:443 log.strm.yandex.ru tcp
US 8.8.8.8:53 log.strm.yandex.ru udp
US 8.8.8.8:53 favicon.yandex.net udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
N/A 127.0.0.1:49975 tcp
N/A 127.0.0.1:49983 tcp
N/A 127.0.0.1:50230 tcp
N/A 127.0.0.1:50247 tcp
US 8.8.8.8:53 tiny.cc udp
US 8.8.8.8:53 tiny.cc udp
US 157.245.113.153:443 tiny.cc tcp
US 8.8.8.8:53 tiny.cc udp
US 157.245.113.153:443 tiny.cc tcp
US 8.8.8.8:53 drive.google.com udp
GB 172.217.169.78:443 drive.google.com tcp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 drive.google.com udp
GB 172.217.169.78:443 drive.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
GB 216.58.213.14:443 plus.l.google.com tcp
GB 216.58.213.14:443 plus.l.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.213.14:443 plus.l.google.com tcp
GB 216.58.213.14:443 plus.l.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.213.14:443 plus.l.google.com udp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
US 8.8.8.8:53 content.googleapis.com udp
GB 216.58.204.74:443 content.googleapis.com tcp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
GB 216.58.204.74:443 content.googleapis.com tcp
GB 216.58.204.74:443 content.googleapis.com tcp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
GB 216.58.204.74:443 content.googleapis.com udp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.204.74:443 content.googleapis.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 drive.google.com udp
GB 216.58.201.106:443 peoplestackwebexperiments-pa.clients6.google.com tcp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 216.58.201.106:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 216.58.201.106:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 216.58.201.106:443 peoplestackwebexperiments-pa.clients6.google.com tcp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.201.97:443 googlehosted.l.googleusercontent.com tcp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.201.106:443 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.97:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 172.217.169.74:443 peoplestackwebexperiments-pa.clients6.google.com udp
GB 172.217.169.74:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 172.217.169.74:443 peoplestackwebexperiments-pa.clients6.google.com tcp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 ya.ru udp
RU 5.255.255.242:443 ya.ru tcp
US 8.8.8.8:53 ya.ru udp
N/A 127.0.0.1:51310 tcp
N/A 127.0.0.1:51314 tcp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:51522 tcp
N/A 127.0.0.1:51529 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.55.242:443 ya.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.com udp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 77.88.21.119:443 mc.yandex.com tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 5.255.255.77:443 yandex.ru tcp
US 8.8.8.8:53 favicon.yandex.net udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
RU 213.180.204.36:443 favicon.yandex.net tcp
US 8.8.8.8:53 favicon.yandex.net udp
RU 213.180.204.36:443 favicon.yandex.net tcp
US 8.8.8.8:53 yabs.yandex.ru udp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 favicon.yandex.net udp
RU 93.158.134.91:443 yabs.yandex.ru tcp
US 8.8.8.8:53 yabs.yandex.ru udp
US 8.8.8.8:53 yabs.yandex.ru udp
US 8.8.8.8:53 hdrc.yandex.net udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 hdrc.yandex.net udp
RU 87.250.254.189:443 hdrc.yandex.net tcp
RU 87.250.254.189:443 hdrc.yandex.net tcp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 storage.mds.yandex.net udp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
US 8.8.8.8:53 storage.mds.yandex.net udp
US 8.8.8.8:53 storage.mds.yandex.net udp
RU 87.250.250.90:443 an.yandex.ru tcp
US 8.8.8.8:53 an.yandex.ru udp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.90:443 an.yandex.ru tcp
US 8.8.8.8:53 otvet.mail.ru udp
US 8.8.8.8:53 amc.yandex.ru udp
US 8.8.8.8:53 amc.yandex.ru udp
RU 87.250.250.254:443 amc.yandex.ru tcp
US 8.8.8.8:53 amc.yandex.ru udp
US 8.8.8.8:53 otvet.mail.ru udp
RU 5.61.236.236:443 otvet.mail.ru tcp
US 8.8.8.8:53 otvet.mail.ru udp
US 8.8.8.8:53 otvet-static.imgsmail.ru udp
US 8.8.8.8:53 img.imgsmail.ru udp
RU 5.181.61.0:443 otvet-static.imgsmail.ru tcp
US 8.8.8.8:53 imgs2.imgsmail.ru udp
RU 94.100.180.102:443 img.imgsmail.ru tcp
US 8.8.8.8:53 img.imgsmail.ru udp
US 8.8.8.8:53 imgs2.imgsmail.ru udp
US 8.8.8.8:53 img.imgsmail.ru udp
RU 5.181.61.0:443 imgs2.imgsmail.ru tcp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 r.mradx.net udp
US 8.8.8.8:53 filin.mail.ru udp
RU 94.100.180.102:443 img.imgsmail.ru tcp
US 8.8.8.8:53 limg.imgsmail.ru udp
US 8.8.8.8:53 an.mail.ru udp
RU 94.100.180.36:443 filin.mail.ru tcp
US 8.8.8.8:53 filin.mail.ru udp
US 8.8.8.8:53 limg.imgsmail.ru udp
RU 217.69.139.211:443 limg.imgsmail.ru tcp
RU 217.69.139.211:443 limg.imgsmail.ru tcp
US 8.8.8.8:53 r.mradx.net udp
RU 95.163.52.80:443 r.mradx.net tcp
RU 95.163.41.56:443 an.mail.ru tcp
US 8.8.8.8:53 limg.imgsmail.ru udp
US 8.8.8.8:53 r.mradx.net udp
US 8.8.8.8:53 r.mail.ru udp
US 8.8.8.8:53 r.mail.ru udp
US 8.8.8.8:53 r.mail.ru udp
US 8.8.8.8:53 r.mail.ru udp
US 8.8.8.8:53 www.tns-counter.ru udp
US 8.8.8.8:53 www.tns-counter.ru udp
US 8.8.8.8:53 b.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
DE 87.230.98.78:443 b.delivery.consentmanager.net tcp
GB 195.181.164.17:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 www.tns-counter.ru udp
US 8.8.8.8:53 b.delivery.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
RU 95.163.41.56:443 r.mail.ru tcp
US 8.8.8.8:53 b.delivery.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 217.69.139.58:443 portal.mail.ru tcp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 bs.yandex.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 xray.mail.ru udp
RU 95.163.59.208:443 xray.mail.ru tcp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
US 8.8.8.8:53 bar.love.mail.ru udp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
RU 193.0.170.53:443 bar.love.mail.ru tcp
US 8.8.8.8:53 trk.mail.ru udp
US 8.8.8.8:53 egress.yandex.net udp
US 8.8.8.8:53 bar.love.mail.ru udp
RU 95.163.41.56:443 trk.mail.ru tcp
RU 95.163.41.56:443 trk.mail.ru tcp
RU 95.163.41.56:443 trk.mail.ru tcp
RU 95.163.41.56:443 trk.mail.ru tcp
RU 95.163.41.56:443 trk.mail.ru tcp
RU 95.163.41.56:443 trk.mail.ru tcp
US 8.8.8.8:53 bar.love.mail.ru udp
RU 87.250.251.42:443 egress.yandex.net tcp
US 8.8.8.8:53 egress.yandex.net udp
US 8.8.8.8:53 egress.yandex.net udp
DE 87.230.98.78:443 b.delivery.consentmanager.net tcp
US 8.8.8.8:53 otvet.mail.ru udp
US 8.8.8.8:53 otvet.mail.ru udp
US 8.8.8.8:53 ad.mail.ru udp
US 8.8.8.8:53 otvet.mail.ru udp
RU 95.163.52.80:443 r.mradx.net tcp
RU 95.163.41.56:443 ad.mail.ru tcp
RU 93.158.134.90:443 bs.yandex.ru tcp
US 8.8.8.8:53 bs.yandex.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 bs.yandex.ru udp
RU 95.163.52.80:443 r.mradx.net tcp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 likemore-go.imgsmail.ru udp
US 8.8.8.8:53 yandex.ru udp
RU 5.255.255.70:443 yandex.ru tcp
RU 5.255.255.70:443 yandex.ru tcp
US 8.8.8.8:53 likemore-go.imgsmail.ru udp
RU 5.61.236.241:443 likemore-go.imgsmail.ru tcp
RU 5.255.255.70:443 yandex.ru tcp
RU 5.61.236.241:443 likemore-go.imgsmail.ru tcp
US 8.8.8.8:53 otvet.mail.ru udp
US 8.8.8.8:53 likemore-fe.go.mail.ru udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 csp.otvet.mail.ru udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 5.61.236.236:443 csp.otvet.mail.ru tcp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 likemore-go.imgsmail.ru udp
RU 194.226.130.226:443 www.tns-counter.ru tcp
RU 88.212.202.52:443 counter.yadro.ru tcp
US 8.8.8.8:53 an.yandex.ru udp
RU 213.180.193.90:443 an.yandex.ru tcp
RU 213.180.193.90:443 an.yandex.ru tcp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 storage.mds.yandex.net udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
RU 87.250.247.182:443 avatars.mds.yandex.net tcp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 strm.yandex.ru udp
RU 87.250.254.45:443 strm.yandex.ru tcp
US 8.8.8.8:53 mail.radar.imgsmail.ru udp
US 8.8.8.8:53 strm.yandex.ru udp
RU 95.163.59.228:443 mail.radar.imgsmail.ru tcp
RU 213.180.204.158:443 storage.mds.yandex.net tcp
US 8.8.8.8:53 storage.mds.yandex.net udp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 94.100.180.102:443 img.imgsmail.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 1763936445.verify.yandex.ru udp
US 8.8.8.8:53 ad.adriver.ru udp
US 8.8.8.8:53 ad.adriver.ru udp
RU 87.250.250.90:443 1763936445.verify.yandex.ru tcp
US 8.8.8.8:53 ad.adriver.ru udp
RU 195.209.108.36:443 ad.adriver.ru tcp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 ya.ru udp
US 8.8.8.8:53 xray.mail.ru udp
US 8.8.8.8:53 r.mail.ru udp
US 8.8.8.8:53 ad.mail.ru udp
RU 95.163.41.56:443 ad.mail.ru tcp
US 8.8.8.8:53 ad.mail.ru udp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 r.mradx.net udp
RU 95.163.52.80:443 r.mradx.net tcp
US 8.8.8.8:53 r.mradx.net udp
US 8.8.8.8:53 r.mradx.net udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 portal.mail.ru udp
RU 217.69.139.58:443 portal.mail.ru tcp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-5hne6nzy.gvt1.com udp
NL 172.217.132.166:443 r1---sn-5hne6nzy.gvt1.com tcp
US 8.8.8.8:53 r1.sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 r1.sn-5hne6nzy.gvt1.com udp
NL 172.217.132.166:443 r1.sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 217.69.139.58:443 portal.mail.ru tcp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 xray.mail.ru udp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 r.mail.ru udp
US 8.8.8.8:53 rs.mail.ru udp
RU 95.163.41.56:443 rs.mail.ru tcp
US 8.8.8.8:53 r.mail.ru udp
US 8.8.8.8:53 otvet.mail.ru udp
US 8.8.8.8:53 otvet.mail.ru udp
RU 5.61.236.236:443 otvet.mail.ru tcp
RU 5.61.236.236:443 otvet.mail.ru tcp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
US 8.8.8.8:53 otvet.mail.ru udp
US 8.8.8.8:53 otvet.mail.ru udp
US 8.8.8.8:53 ad.mail.ru udp
US 8.8.8.8:53 static.pulse.mail.ru udp
US 8.8.8.8:53 static.pulse.mail.ru udp
RU 5.61.236.241:443 static.pulse.mail.ru tcp
US 8.8.8.8:53 static.pulse.mail.ru udp
RU 5.61.236.241:443 static.pulse.mail.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 194.226.130.226:443 www.tns-counter.ru tcp
RU 5.61.236.241:443 static.pulse.mail.ru tcp
US 8.8.8.8:53 r.mradx.net udp
US 8.8.8.8:53 r.mradx.net udp
US 8.8.8.8:53 recostream.go.mail.ru udp
RU 95.163.52.80:443 r.mradx.net tcp
US 8.8.8.8:53 r.mradx.net udp
US 8.8.8.8:53 r.mradx.net udp
RU 194.226.130.226:443 www.tns-counter.ru tcp
RU 5.61.236.241:443 recostream.go.mail.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 recostream.go.mail.ru udp
RU 5.61.236.241:443 recostream.go.mail.ru tcp
US 8.8.8.8:53 recostream.go.mail.ru udp
US 8.8.8.8:53 xray.mail.ru udp
RU 95.163.52.80:443 r.mradx.net tcp
RU 95.163.52.80:443 r.mradx.net tcp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
RU 217.69.139.58:443 portal.mail.ru tcp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 xray.mail.ru udp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
RU 217.69.139.58:443 portal.mail.ru tcp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 xray.mail.ru udp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 bar.love.mail.ru udp
US 8.8.8.8:53 bar.love.mail.ru udp
RU 193.0.170.53:443 bar.love.mail.ru tcp
US 8.8.8.8:53 bar.love.mail.ru udp
US 8.8.8.8:53 bar.love.mail.ru udp
US 8.8.8.8:53 xray.mail.ru udp
US 8.8.8.8:53 common.radar.imgsmail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
RU 217.69.139.58:443 portal.mail.ru tcp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 r.mail.ru udp
RU 95.163.41.56:443 r.mail.ru tcp
US 8.8.8.8:53 rs.mail.ru udp
US 8.8.8.8:53 r.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.41.56:443 rs.mail.ru tcp
US 8.8.8.8:53 trk.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
US 8.8.8.8:53 portal.mail.ru udp
RU 217.69.139.58:443 portal.mail.ru tcp
US 8.8.8.8:53 xray.mail.ru udp

Files

\??\pipe\crashpad_2520_GMZVKZRTNPTEWXJM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT~RFf782efc.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 069ba000d04c1c25a7e548a7cc405ebc
SHA1 39da2a7c0abde8bedc931b8b99e455bf4662e70e
SHA256 495a1f84f081598c7d7f6c362820bdd60dfae2d5a5d82db242f9a13890754073
SHA512 2b4865095855ac91ee180936c2483ae3fa67c852ac756d63ffa5a69bd693cae5d368bf6a584ea1b852452f11ce406bfd988791bd62c4453c2ed3e3f42a4432c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 074d7c0ab0352d979572b757de8b9f0c
SHA1 ca7dd3b86c5e8a750401b8d6d773a9cc3af55b81
SHA256 46a06c3ec01cd4c5d5d8bb131febc48e3b1eeac94a47fe0718dfce6af821f83a
SHA512 00de9f645ca784322b005c73302aa573ab0665e8334533e7408326f0c84c12f3d056f39a2197d5c4bb8092f3b09dec4b79ec73de1b5d161951c5c48b9548216d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar9CF2.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 741d7fbaa2503eb4413b6c4a868e4b61
SHA1 92a6f9d708e80aa1c4af483427e4f3948404026a
SHA256 27c3992dc9f574af5902635412cff29ef9bd2100e9b6b9eb0c1adcd1654d595a
SHA512 cca7a7d0299769bea4c6fd62c335dac521c8c7c8918e419e1b6dd9a457830b71945d4b1731a1b1fc774f3ccfce020e6e2a95c6307af3dbfa45075cb9d6bf1928

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8df9e3b1bb1c5fe1564daa42fb540e9b
SHA1 bb1d96d924cf76cbf80d651926705c5848c0a64a
SHA256 4aef278ef6a48f261b71796cb1e65490000b327cb75a2fe254ba4676deae988c
SHA512 c888f15e9279a2dfb03f877eea4f7b86249c975943ddda39d8d18cf37215d6f53c6b013dda14bbbf5381d99c1e23bfcc761435c7588f56be01c3576e6e292e06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 749cbd7d2d4cef69dcc8e67575edb8d1
SHA1 421acf6ae349d98825e6e067ddc4d1ee57c612dc
SHA256 f8e2059573956f46c1282f5d912bfc1f56dab4c2a44f8126e0bf1b809abd482a
SHA512 1e2e1efb4f20d91069156e0e21ccf0761455d51b7d1cdaff1a1ca7a949e8f4938ade71f264dd89c8fb3f2847fd923c1773e7ed26d3fdd24754be8df27571a478

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d8e953be1b60a96c7d3c5bfc451b919c
SHA1 5a933e7ae2127f313e5db345136903ad3edafef5
SHA256 4d9bd5cbad98126681f7f79a46ca588862351baef7269601016e8bd6748b5121
SHA512 0d52952771332609e1b808f65356f54331db57aaacf4c586479a0277a585764900dd57e2b6d68bc67e825adf6ba164eb2e185026752331df5b338aff522d52a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b7ae32554254751ba05d1033e0379e45
SHA1 5cd65ee6df0859077b1d618086f78783c06d31d6
SHA256 6ac722d0bcf7e8c71a099176ae207c1c868bf4497e2fe139e5f54cf0b7d273b4
SHA512 7beaa63ea80e61b57c5cbb0210db7945fb65da0e203e849ee7b9a143f19f4b4bbac14923350378c002830d200e96b8d6929b77eff2cae626259155ddf1c46b69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d51e1f68d4f6a038871706bac17c82df
SHA1 f219cb5d1fd95fbce915e83c299359fbd03e9d72
SHA256 018b6c26092c5ad027ff500ba84333b3504a59c96db2cc7bd22ba19d14ed9ca6
SHA512 6e09e6fbd9fd5b3106bd29e81e8f12bed363fc510aa89fd74fad814872c46dab90efa6a119e4b9bdd43de40d74c6b30d02ceb0abb0b6bd51241a525bf5c08f6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 018ef275157b81bea323bbbec1e10a88
SHA1 3672738cd6fdde0b0faa53bb6286a41928a5fbd4
SHA256 c32023d10718c17e3aae373966ce06fdeb6eb2523f07fa1e620a8b468ebf60e4
SHA512 d0eee1458c8e511b769247478ddba0c5d7b678102974981c540ea463ce62c49c92f8ddae2f91d4bf66d997275fc78fe2949cd6345acd0130a4bdb9d357e3da7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 16619cb5d5b126b7de5590281616bf9b
SHA1 5643945d39046b31580ae028e9482d9191d3a591
SHA256 9113b0a47b50e1d56deb2ca0ceea9fc51306a792c3dd1fd5052185513279e1ac
SHA512 9ab46984367dd62dc683a9b0dd57630e3a7f83cfe707f775881b4b3fd1a062fcb2fb07462509d74d74c89a7259b04f4057afbfdd99861e8449f590f511cd1e68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d58a015e2789241dc8924eaec562300
SHA1 c6d0271255e2192fa9915f22d272b27a4a83052a
SHA256 4dbb67e2bf722e4bb6fc3cf08ebf72fe1781ad9dd36e2344d895d2eb409a3ab3
SHA512 33a49bc29e95741304153ba9f664fad6893b50332f545b55507d2017d1ed5d1cb82fa45c0b735b41880cd1a73c6b06d0f5b2ea14c06ae6331cc8ba616665bdf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f6c0672199512c4b5a511d3a6935008b
SHA1 18c4d3192190861aebfd924e8a8c015ae18d4099
SHA256 e01a47e2c672618b95a13a2e06ff0b00c2dc34669ec591ec426076543565c1b9
SHA512 2ee4eb8138ecb186bfc1097ad16f5bdbad7c0eee99694961c460e4e9e2a579502a134181c0b4a364e6b93a90edb73cfbc19b955844b18cf8d42203be5c6c9c50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7af3560c-ab48-4a4b-a191-d2314d0144ec.tmp

MD5 410b86ef5bd940948c3f2fc08dcd10ea
SHA1 b94bae5fb25d26e1adca4a9c11e91e0bc4b96cef
SHA256 fd58e72bb6cf7a2a337ec328d09aa841a6a40f930c6f752bdf154b6bb9965943
SHA512 12c2fa03e703f5b9ad03cc12699bad753473c30eec2b8c1b5b5ef963ef6176c303027b1bdf8f67fe53d93e490e3a65fe7eff499c6eeff940c32b379bf46941a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 40df20fc637eb40ffb1c565f33e495ee
SHA1 d343e166296a93e6252db8084c65b974a277b08f
SHA256 73d9ea572f305a40bdfbd4007633c3dcab4057cd7d082929d507c3e966630671
SHA512 a24df2a19fab0b477aa95a7c7798e9f259fb7745857d925557801a3479f58b0f8d24894f29315df35051ce7cae11d4e0c59608ed27f05792858c122bea99c72e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin

MD5 1918cdd5e75716c53cc334a4c1bda5dc
SHA1 e70b354623d700be5a6cbc2388ec92e1a5f6397c
SHA256 98fac87913ca46214aff2e54472978227c7e2e14f5c9a349b86fb078f528b2ef
SHA512 cc27b0fc3201425487b1a948b9cbd48ca0cc5a502696524a30d11185e61a783262556a033825c98279257c526472d920ff7d16e5fd0690aa5ceaf6394bcb655f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\b958ebdc-0b36-4954-b523-890595ef4f76

MD5 1cdb82896ecdd8f360e564572cbcab75
SHA1 9ea249464b1f1b2098957cb2dee41d23ea42191b
SHA256 10f50fc06222442d0288bdb71c8a8699df5a3ef88849b7e59aababb0317514fa
SHA512 1baf253f5984c4e9b8ae8e3250d0bd019adb70b3742f2d2858fa3c4c9935c23c3278f360c8da94e9210eedca52ea8b28a06f7327dc2e9f439d01c49dd2d05515

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\7144cac1-e347-49da-a31e-f3375c4f3738

MD5 1849bff8d311c66c84b172f8974bdb63
SHA1 658e7cc4d3b40745e2ee145208ed250769b74b03
SHA256 1cc358648247f653e5874e5e3dffca4591128e6021d21dca543860d8ca27529f
SHA512 a2bcd5bd26144cc981ac8f7771a6d472ec27e1325f8c6ba38af15da08f90c8039efc5dee3512f3f20d482be8513fff52b8f1ca8aabdc51655d94a45e76caf95c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8596b01a2ba0d6e24544daeb72b76658
SHA1 d9ea6b0acc606cd1e221262627ea216f012a9901
SHA256 9335910137318255a55a9fb6a2eae46e0ca923f4c57aef9793e0aaa69d03d5ea
SHA512 b9c06d56883466724d96ea05d7abaeb9963b042b10a6a3258bd1be63c38148c96d4e3e0391cc9a208b746dde7af51397072f8db6512609a70f504a8db5c4f1e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js

MD5 44ed4ebd6177826dcdefe3daf2edb32e
SHA1 69323fd1633d470758855761810e4174d11326af
SHA256 863e3ae5f72efd3d26d9f3454624b60e84d45080635c85c17f429fd46914111a
SHA512 5e6e7006660e619bb82a19833743783faf1c8144bd6a3bbc040abf72837a153aa3c3a52a8e3b91716ecaadaedecc6ba98708e5f7b95f74e99e439fa3fa3d465e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4

MD5 64e60e09f753fe887d712293798934b0
SHA1 aa35782654ad10e6f009ba4e64d81d141158f81a
SHA256 9974f164bec2da18d6a8dd78c7e624d1a6d54975e0d4dd2069daf6b13c04dd0e
SHA512 e037f5671c0b1b175afcde6f7aafd5afd1c2cdc191e1437dc837c038afaaf9d3f174f3fd4a179b303e499eb221891534a612b439e3618f9e023fc6c95366c921

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs.js

MD5 5389ad75ba723921dd5d2cfc56fcbec5
SHA1 7f7dce4bae0c7aef3217eb0b2c70a319d58374fe
SHA256 eefee09188d7694c4d391378b371c7a038eea8f9973e598e97fd50d12b7bd7bf
SHA512 ed59222f5af7d07b222ca31e93a66c986466d24440f8a7965fbfacf2c55389293cf92c814cdffcd91f9563d406d00d07fb489cf964c16552e038814180794722

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\startupCache\scriptCache.bin

MD5 0e66abd7793f1c0d892e2d1d99d0addb
SHA1 ee70e4fa370fa2f91ad6d8c2ae34aff32a0e9b83
SHA256 00fb20757d12cd24d76b6cbd8b8fac32b066d809ae8d88af8b8540c21a3dc08b
SHA512 f76b16f5f1fae0cea7799f4480af90bcfa8c9f3d55cedc46125d1f41c32b090a0b50715e71ecb501a2bc5a9dce72bc4db2cd2fab38d511359e86d739fb8f6506

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\addonStartup.json.lz4

MD5 4e493678a5f10b40d3e731dbe739c850
SHA1 65122b29f6db32b4bec10708c1f4c5bad181e842
SHA256 4d083a33487384e56dea0d5df8fbed64641a55a3b8d9d488b302f4d2dc1902ee
SHA512 d5c98f53891345a12e8c2fd0a4657d463fcf67ab43e3d84480e1b813ee069812b571dbf232ffc02abbad65d10b9b8f8f1162a7ebfa4927180bf5ba11a8935421

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\xulstore.json

MD5 05e1ddb4298be4c948c3ae839859c3e9
SHA1 ea9195602eeed8d06644026809e07b3ad29335e5
SHA256 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA512 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\startupCache\urlCache.bin

MD5 21cb9dfbaa83ce582f1ded04bdb1be37
SHA1 c3725457a5b257705773dcfd7d3d9d4c1d1e9950
SHA256 a9053da609f76ceebd8bcfb0ebc377cc02a7fe56b410ea351cc5425e01a5f370
SHA512 77679912305162aba35330f4184fa8314d2b9773d998571bb69dc49e01238e8aec0abbdbd3f1a0275fefdba833dbf1a21514f680a7f39d8f514cc39dd6e45423

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cookies.sqlite

MD5 3871f18270647a4308d31f1d31fc706b
SHA1 5654a3c0b451db9a83966182854ce8f0db60a8a2
SHA256 9279210cfab08e47f49e401fd090b2201257ccbd50cad005a743718dbbc74d9d
SHA512 b7abd496012af4e265b5c0ea60891a68e2d8e81cf3324452b0a12d327b2f9eb30b9b8af705483c2615fb7a734600c9a102c3a00e7ab56f1bce1f2f676bdc6b2f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json

MD5 362985746d24dbb2b166089f30cd1bb7
SHA1 6520fc33381879a120165ede6a0f8aadf9013d3b
SHA256 b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA512 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\permissions.sqlite

MD5 216267fcfa4b971ff44f165d28406d53
SHA1 727b2b2ef85b2e929a5e877ad00ac8f405bb26ee
SHA256 e65fc4ab60cf2daf3d40353484fa664f0c71a74459dba2e4a9a67f4b5bf990f6
SHA512 d1bfcf0c9fbd312671ca08852f7079a0eae3fe50103a03116f8719dffa106230c48c30035488018b7098ab9f23e0dd43a022c32dda6e3ed8bde3a058f6af88c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage.sqlite

MD5 41d26d2ab8a408607207f5f4c2562b82
SHA1 fd577276440d4b3df8c664354bf0fcc998d90889
SHA256 21cbfe1ae41a3f09a3208c41a08d0cfaec8f5bbbad65ccd52f76d3b18322659c
SHA512 e01d2f01c135c31d3e4f28f69c90274a39a2856166c1054b8a76f4f37f96d8e5f0fd0d159f4212d4f4d3e10b962275fbce7a8f36b4992606d0e4d05f02951971

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\SiteSecurityServiceState.txt

MD5 d3eb35d3f3d075169d581c0ef2f861b1
SHA1 48d57af65717a977ffd190610dd508a24425915b
SHA256 59b4900a6085d411be430b57f63cf2ef82ad7284c786ea4aea40b13eeb671d22
SHA512 2aaba516996ae63faa9068744f8a8b173bbf265d883d0faa6b0c0cfbba28ea11a05d3506b980536bbf94793ca4160066fa5147bed0cec89d8a32c178a3296575

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cert9.db

MD5 fd20a6944a7fdafbbe752fd977a58cc4
SHA1 1fa54e9d9e0206b0666074ef8c45e9eb02f872cd
SHA256 9f5748721578baa512b9de8d1fbbfd1b29cb253c1a35a4bae5c77e3c3a8115b9
SHA512 e6c397df36fde5b3bd40010becbdab5ed42c41ca08b11cddd6442ae86a544efc7e47d4b44f49a61d730e1ba25f436dbf4caf241789ae4d9ca9f0abae9b99396d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 a46948310da0ce4594c6efa1a0a26c05
SHA1 ee5a8117510c777b89c54e2b9beca31d59df217f
SHA256 5c9bd6bee1972f305f23dfe83ac7f5492c6eb856514bf5ce2472b95d7b14d36c
SHA512 ead774374531411e029fe3d5e70f6bee715ec718813fc55722c664fc53bbe5a053eca6a532de9b855600b45fe07059bd10023b693a8e6fee3f2448ebc5cc49c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 19ce6301e8b3e965570bb28bbf301803
SHA1 289fc4188e91d3081accd7440260337935b95b08
SHA256 874ec2446561e6b2fee4198c3556a228069a70987794d2365b05a85e4d28e83f
SHA512 2fef87424454d8d5251ad86513111d93eb4b9020267b75cb71fa34d6d79e00f8897a3307b05fd8a173c25eb15901ed47dec3d02c99d5681ee840d6eae1dd59cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\AlternateServices.txt

MD5 ce0df69a2ccf79e5ae46eaafa9cb47a2
SHA1 610f356a95a28dfbc29e0957566b1eb087aed4f0
SHA256 374f8b03361c6f8bac455b51fe03fbd135d5e020b18dae4bd2682f3ef8ab42e3
SHA512 3cab4ad2c2db52bc34f1a131df34cf47c69bc0e448c52ece79f26f0202f64b68ffa7dd18becc4d742739a0d87118504e35dc847080f6c79772342544f54b0110

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\favicons.sqlite

MD5 44233678928b56254914eb5e713cc7f5
SHA1 30162d2349d11cedceb3e3fe814d2b497dd702c1
SHA256 609a8e99ec7ea234c203a9fd6145edd69b71d06231f00dd952d17da4fa429306
SHA512 32f3bf420b060184d06aea479ed181f530c0044f55d5bc73569465f120609d0c1868ed9e25007e3845412e4765ed79130e3cd9d7d0a9cb3cd3dd004b18963107

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\places.sqlite

MD5 39c70aa946435f07fbabc9a6887e264c
SHA1 2a4ed1f3f89f4eb71669b98885c5df23143c1e60
SHA256 7b595143ef62486200e566fbc70ad9331aa763894f773631ec154c017a5689ab
SHA512 b36806facaa0f70296f12fc2c02258839054b0b9142f90941add69959dd5889c43dd67d75ccbf5f133be0b6203c3b0e77f8df8b79c710819a696fa10fda91df7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin

MD5 255329103bc7b00eb421b841d2f7e905
SHA1 b921feee88f9546f6ec28f8ddb7e1bd2089b3e5b
SHA256 6beb20509acf5041365fff9c3276b60214855fb85282cfd4b69e42281613b62e
SHA512 bec35c7223c3cc87f6777515bb619f326446d8440822b3151ab88cdfb05d46c0cce0c4c632d860fb0c90704e92042cf4525fa4ff24f247fff294a1255a546ea9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin

MD5 d815d2cf7bd80bec9f574ba25bea4ae7
SHA1 e4e3c59df1267283b24b6825818520bb36bd1f83
SHA256 2e8cd06f94edf1ef01f34e54dcd246fa034c336acfb83f5932fe5c679f745db3
SHA512 0eaf7c93ebc104ad7c708d057a9b61c13a4415e06b1c57ddf615db24628b4fb0ce5e924c3b3787fefd8832613a45263f780ec8d77182196631c1a28a7f203e63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\protections.sqlite

MD5 deeced8825e857ead7ba3784966be7be
SHA1 e72a09807d97d0aeb8baedd537f2489306e25490
SHA256 b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54
SHA512 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\f931166d-78a1-4d9f-8dd1-8db5c0179cb9

MD5 8b1e1c8d97127ff20519113aa9efd676
SHA1 227f42cefaee8f7c6b99ff773fa534f5d1c1084a
SHA256 c093ff75995c82c770fd56eec25df075cefb9d7c26017e31be0bc34787725721
SHA512 0cd31daf72fbd19518a2aaa0bb0b1ea6e8391574726b568dcd8e8c93bf2f6865404e44177dc48a8de8d41725c07fca8839e4f88f35955453a62f4f32a9fcf50d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\f5e1a94e-1658-4dcd-a707-08981189427d

MD5 a4c5b17b9eaae6a39dfb91d40bdd0ec3
SHA1 f826b4daabc93652a0d2e69df26e69875a5723cb
SHA256 73bc84c90005b0851161ea81d5793e00fcc15d7ba2175773ae1e91925c7cd2b5
SHA512 b01ecb33c9685938fbb44da3c61b0ef8f2f760d2d306939cb952669f5d8f833d6e316365e7540f85dabc37c96915a5fe3f550ebc45e146e5620754ec70289ea5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\events\events

MD5 649acc55d6097e46245c29ffe2f64a9d
SHA1 16ca663f8c326b046b8929422999bfa8cc9125c2
SHA256 34d6eb2bb2b86c135cdac256ad6caa24accb8f790a89624aa9a9fed29ee75318
SHA512 0395ba6cf6d14189c523fa4c70ea4397b3d02becba4daf4fb9e592d78e90f69315e5a3779a0f5fa2349a1e7999781ef434bd07854bfcd15e9f1843fb1626f1ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3541452453a2e6dcb307522530246a69
SHA1 ed242f6608b1dfdbb847550f2e54dfb994ea6bbb
SHA256 55492da638d2a467bfbdac84f543cc752c5953ac470c2b090b37fd45f3b9eebd
SHA512 c542158bf113fce242681f57ae6f3a40aa41e483abd5f067f31494cac1040e3e63d10a94474c479622357aeab43f75636f1865838ca853ab67a818c62b9348f9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\E0D8E0A445AF8F02405C79C5D32DC0FDFAD0416A

MD5 ff024bcd4dfe470153a501a9f9ca7594
SHA1 72c830f35a7cfa69ce64c75f06fe754ad0a10ca6
SHA256 3bd3ba692a4362859fc1e57311de7610bb530cefd3ac673501232d3ac9c172c5
SHA512 252f8e923077348b6c8f9924693cae4e90a5f82ebdb6046db3ca26a4f600657586ea7fc4c39f06fcbe84a9f5464c33d44a348d042b412a5e88f0dd12c5a44a9d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\142D557E34659735E53B8E66CC66008080747169

MD5 4cb4ffe04fae793fe6ca5be468368ad0
SHA1 05f2c6c56dbeffafa494e4d603b91710ef4f6362
SHA256 3ad5023283262c2f4360c85fc4edf4ae089923f3d1f3ee98a003c5b4f39538b8
SHA512 c441bc3816fecedbdbc6dc932fbfeed5865fcbdcd9105f9c27e05e1b1e14c9bc697d585181ebfe8c28a5956d6e6ed4bc77b67907d8be9fb2b97fa449c3e34f6e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\F5F00877EF43D24CEA3C2440FA5F69225F1FF686

MD5 ea6e35db16d2876d86eeaea66bb4eb43
SHA1 5115fb1739f06d2a3c0282bcb50e1abf14de66ed
SHA256 cb2b1c80126ce7fef364cac80dccbdb2d59be840016057f29d352984e41a498e
SHA512 f2ab2109c95ce94a5d7bd1b03c09b9f438e1764771232dfd716684f1c22f4ffe1acb4b39904c79db912eee1df9aa9c8ee7a24ea0977e703e83ba973a9daed5b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\56A173C485939B5DCA974C835E7D11179BFF0B5D

MD5 9834b13681dd6938825c8ec6fb00ce0f
SHA1 6bce1016c3683bded30583e52b8cbbf2386ba16d
SHA256 8cdc8cdcb1392aaca254c455d98e51906921714823a0fb2ba6b390a4f4fd00de
SHA512 3668549e746fd6f03b47d60728467228bc9536302716213bf4d02493fdb6e16704124ddf5dbc41711a425796340cc31cfb8693e0fa4df55b8d9f2c54a53254b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\2EA20B497DD72C2F14B695D3E1E74179424E2AEF

MD5 5a8d915cfed6e57ea7a8cb65b42aac4e
SHA1 e740b8709d3041ae55dc9d6e3fecac29c98b7c75
SHA256 421d3ba52e2e375ddb4d7cf6819b1bb37df31a2f1136f93d621510a1b9ea6133
SHA512 334cb0e55ba5ad5a5a628e28f636315611cd01ffe8377989018244645dae25a756a7d54dfe777cac0bb9bef150c221377043c827494d4171dee9f398c766bcb2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 eef6bcc84dd364648a7480dc0c5d5ca8
SHA1 4d41dd110886d1e342073168f0c019afb27ce675
SHA256 d6f235b66e42eb2b92987fe2cd8eed8ee5b523b97a9113022ec2bb6ecc0ba92e
SHA512 81a3d3d57a6a96811b9ea1a10001fc4a1172225a120f706795915035bdcab1e3f7a3be34f25232bc5ae240e3211b25379edf806585e709ec3d010e42b73e49c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js

MD5 ee071b49bd8f16c01479ccb35f5dcfbd
SHA1 0c379b111285bb100c00aaeebbe8c7918392a6a0
SHA256 932bd81596e3a5db4e7b6a4783241ebff4e949fbcd77fe3976b72a12662034c0
SHA512 f34c8547f705c953eae8c4ad1eac0b3b553f1d4a9aa86a4675152e8194761826803d2f30ce8d24f32551ec6dfe0854d8c245ebfa826be604d77901119a7e7be0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 514f00a4a802930a40dd09a7aa734618
SHA1 4f096ad0aa7c4983674fd890ee885c74c9175576
SHA256 829ab53c4c1a2dab20c8500ac928b58b5e076d196c88eb260b93c4d59931c9f7
SHA512 d9c58f188d60749d8dc717b3da8ebd35494a443be6daadada32b98fb3a0b8245a7f2ce5a3c303a7daec211807fd59a1fbab60ac3752403fc794fe8a8c2bead66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\doomed\31591

MD5 717562822d3ed18c54ba5b721325fd11
SHA1 08069e951df16fbf87e267737753f944c396ec55
SHA256 b21b95dd49d43d85dce99dd120a49c533f75bf0b35c37b7bb6053e10cd13c37d
SHA512 d3e99f5acbcdf8cc8adf0203627080300dd187d949e005296b8ab02358754d95dcf7c9bee1ae0d4941da215f77013211eb761e222c17dae7fdc091e402b7a288

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 9fba0abff27af1f0a31aaa6a04bdfc93
SHA1 77876416072b4d7f486888baeb8eb71301512088
SHA256 c023c3b8c1ac5e5f5aaf13ffed13d447a9e3c47f96ef582520fbd29bc35c8fa2
SHA512 285369bda13dbb023ac5f4ea9aa1dac5a142d698e52b584cac8302419b17f96b1c6a6e59b8b5513e055699bfba9f47c529ca316d7916628e18cc2265b4d3ea37

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\5051CD2B52203DFA6727A7DC4F24E6F1A8EC7577

MD5 c568bf5cf07f240767b6fc7f87120926
SHA1 a902480212214239722536bc14bf0b096a3f35d4
SHA256 bd71c5225534db270d9ba27d4695821c36db56baf1a06b57df06bf72e43d0f66
SHA512 eb9087c50d85472f49289f3551bd22316be567dc3acf69446e13d693d113d1ad5ac4de3398756c70d56b6a6030007f1f3ae3fad6d4cb80b78a9bfe65990c293e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\45514F58EE166DE19E4DE720A21DDF1DA12F6C6C

MD5 541967b2a02ccad59217ad2ff74bf916
SHA1 ae5cfc5e222638ab298518e33ac47cf06b0f34a9
SHA256 d73bbe5b1179730b9e2b7477da5667174a3d58c281f22516610ff06f5365aa8d
SHA512 8efe4c475a51cf4fcb3a5c3bb2489ec03f910ba48edfd231a5207d7ee961ef7f948d64863fca0e339032bc93612a07c00e39255482144b238f97ad4113783e5d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 4035e90d5edeac0ab225553969b384db
SHA1 95257f0e7f7d83b92898a50b2ba62d9f36a1d615
SHA256 f5acf8821beccd627b1186303072520b194ac6a1f9787bbf92116949ddafe171
SHA512 0b002bbfa2a203dc9f52b18b604a99946b36c2557d6367d631acb929d7c76b40fdf88363266231ecea33c0ac59af3c5b12dc3585df66e4c1bbe97d4ddccb88de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 1951e805482871a1b7a5118411c7d65a
SHA1 7c512765b0316e6365446cd7ae1f3340509ed5e5
SHA256 04bf894fdfc792d5231580e1ce569fc2c386689d5180fafac6973c8c29c9262c
SHA512 c629e434d7392160b08249778766091c85f908d0b4fd15c54ff9b1d269e4fbdaf4861efe2cccff0b861eec5d4666767478be5d532b1c75ebee273ffa9df3b01f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 22df0a5beb32ea13e2756a8ce199f3cc
SHA1 a9e49efe01f9b6a36256ae366f3968747972eb21
SHA256 5c74609865f9c06a5a600bd0d78a2cf82920ed317bf643dbf4151b6bdb4d777f
SHA512 aede93ef497a0bad2d31e5c29ae87cbf94106f849340f033f2e30aa78509bab5bf5ce5cdb331a319f10cb7896082c7e1ac060cbb2d4724b2fa221691125e9b62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 df7e021fda72ce894925c144773f8387
SHA1 594d499102059c096a766125f63f034a2532dee4
SHA256 4e4051b4268c89f271fee4132de08016011c0b1f37dc2c4c121d0821697bf198
SHA512 a8b697ace6456adf63fa9ee6aef2090a3142cb43b9fa7eccc64c2d22172db57971ab75f1907ee33db821cf8d07f21d8f402623a23672c6dbeb6a62416cb4f029

C:\Users\Admin\Downloads\NRVP.exe

MD5 f7349874043c175bee2d0ff66438cbf0
SHA1 da371495289e25e92ad5d73dff6f29beea422427
SHA256 f852b9baeeefde61a20e5de4751b978594a9bf3b34514bc652d01224ee76da1b
SHA512 878f4bc1ab1b84b993725bcf2e98b1b9dcb72f75a20e34287d13016cc72f1df0334ac630aa8604a3d25b9569be2541c8f18f4f644f5f31ff31dd2d3fedd6d1ad

memory/3868-1613-0x000000013F4A0000-0x000000013F4AC000-memory.dmp

memory/3868-1623-0x000000013F4A0000-0x000000013F4AC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 43b005a20af6c7d8aac15dd376cb3827
SHA1 95afb45e927fa861b8007c0c4a6bcff0ae63a184
SHA256 1641f32c6898b74877a10df40e90a603a6fd37d742e9fc487d01f2fb5437c4f9
SHA512 95872327ce35df2547c72ea1d860b921abc8eb1d4c907414323fafebd7dbad2e30c7847e5f9b0984e59c8af389122e3d4df2f8463c09a10d67d701c0b6b9814d

C:\Users\Admin\AppData\Local\Temp\7zO808E769A\MrsMajor 3.0.exe

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

memory/2852-1642-0x0000000000AF0000-0x0000000000B1A000-memory.dmp

memory/2852-1643-0x000007FEF1680000-0x000007FEF206C000-memory.dmp

memory/2852-1644-0x000000001ADB0000-0x000000001AE30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/2852-1650-0x000007FEF1550000-0x000007FEF167C000-memory.dmp

memory/2852-1651-0x000000001ADB0000-0x000000001AE30000-memory.dmp

memory/2852-1653-0x000007FEF1680000-0x000007FEF206C000-memory.dmp

memory/2852-1654-0x000000001ADB0000-0x000000001AE30000-memory.dmp

memory/2852-1655-0x000007FEF1680000-0x000007FEF206C000-memory.dmp

memory/3276-1672-0x0000000000D30000-0x0000000000D5A000-memory.dmp

memory/3276-1673-0x000007FEF1460000-0x000007FEF1E4C000-memory.dmp

memory/3276-1675-0x0000000000CA0000-0x0000000000D20000-memory.dmp

memory/3276-1674-0x000007FEEFA90000-0x000007FEEFBBC000-memory.dmp

memory/3276-1676-0x0000000000CA0000-0x0000000000D20000-memory.dmp

memory/3276-1677-0x000007FEF1460000-0x000007FEF1E4C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\471E.tmp\AgileDotNet.VMRuntime.dll

MD5 266373fadd81120baeae3504e1654a5a
SHA1 1a66e205c7b0ba5cd235f35c0f2ea5f52fdea249
SHA256 0798779dc944ba73c5a9ce4b8781d79f5dd7b5f49e4e8ef75020de665bad8ccb
SHA512 12da48e8770dc511685fb5d843f73ef6b7e6747af021f4ba87494bba0ec341a6d7d3704f2501e2ad26822675e83fd2877467342aacdb2fd718e526dafd10506b

C:\Users\Admin\AppData\Local\Temp\471E.tmp\eulascr.exe

MD5 8b1c352450e480d9320fce5e6f2c8713
SHA1 d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA256 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA512 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

memory/3524-1693-0x000007FEE6730000-0x000007FEE711C000-memory.dmp

memory/3524-1692-0x0000000000A90000-0x0000000000ABA000-memory.dmp

memory/3524-1694-0x000000001AE00000-0x000000001AE80000-memory.dmp

memory/3524-1695-0x000007FEF1C20000-0x000007FEF1D4C000-memory.dmp

memory/3524-1696-0x000000001AE00000-0x000000001AE80000-memory.dmp

memory/3524-1698-0x000007FEE6730000-0x000007FEE711C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4e8c0707fd5fa58b016bd2c7d410cbe0
SHA1 6ef0042e0ff1b549a5d4efb772acf27e846911de
SHA256 0aeb7197c01a6cb131a659f02603d64a9eb79f5647d0bfe83a1bebb2a61e43e8
SHA512 d08f9277aa900696cca69af4202af7cb598df9e0e02fc29009a1029c520b60c46a45e0cb4f766a50cfde6535bdc471dc55b7644c3f806282c5848c66a9c8b6ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f861e6e91dfa8882ca3853393f3311d6
SHA1 79c69a392ccb4db313b1c949d3ce0c0b070dc9f1
SHA256 9155322b6d700bfedd66556421ee869476865b1ff125b4240efd742da0c3932e
SHA512 d5f8524ba1184d33b558966b1e40e4b61b4de5c78585e9e4da5a8a7d94fef752d02ee2737b94b213c8995d6f006079f00bb77ef2aed88951e2f3248c9bd514e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 626d96dd979cdbfe33d87aaffdb39f2b
SHA1 3c5aa86bbd0238446c2d303a0d4dc6334f531b28
SHA256 2bccb86c295e8b917e199abd4ad30456658cb185b703a0b60a4067ae10a5c564
SHA512 df4b45b6096fdc05b2bcafb5b5a906848eceb634110c25542b659e3799801c6488a82f68509409c2d6375c825c525a0940fad3b0d8effbeb4f2bff9310c17c76

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4

MD5 c5336ee7606aca9c4f870d93f3cc8de8
SHA1 f67464e95394b14f9cadb765fd40f601fd075011
SHA256 4e64c59aa14c094032adbe268dd6439cdff6645f76213f87932aac7888ea6665
SHA512 ea9d85bb4390e0a31ee5f47268b126464b478c66a61cf56dd86369d9ceb4fb8478044d78960725bbb229ce39d6f7e9d072d319d2a74129550a78ae5cb40f3952

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionCheckpoints.json.tmp

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js

MD5 cadc3b9653cf8f309f95e0bb42897352
SHA1 c5d83d8ba8bb17d10f1a936e675903f4329f0225
SHA256 85a152ee7317f371177e8de61eb63109911c3dc808423550db3514021b401537
SHA512 43f9817e113fd34bd0ae63dbfc7599cd6e58459fa397b9215b6ce91a53506a643f2bba1be7506b89b4873d7464d747d6ec236bd1625271df798bcf8e90b2eb96

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\places.sqlite

MD5 6d8df6507828aa374f79ab0a7fe43575
SHA1 1ab18415ab82825a310b8a2cefc8c772a8b698d0
SHA256 c32a3fe59234d6086f78b2634a273e9299ced2a3a49c64bc4d28abbc5dcc8320
SHA512 1e24774e180de119b2815db094bacd940a1d688c7a08d440beb2dbf4891011e7f60e3cdbe011722d2f74d39c473a075d49e0cdf8c037805e6d5c4bf57987b7b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\9c7cfb95-9ce8-4c2f-bf4e-8bc9546cb788

MD5 f6cd838a5164a33997a3249ccf1d11bc
SHA1 81d744e22f469bfaa66f8e8f5d3f6725621c1e79
SHA256 267620d901f5f40d73bacc6da8d73410d0811da730d6479104a02b644c2863e5
SHA512 a964ad4d30b3afd4faf10e09b7d54620fe429e9f7fd34d6261906716386aa645a106634624144579e4f47db8e5b63f2baf2050dd876c2b412f94e079cc39ab5f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin

MD5 9e107783f7f3eef7307657db25f28211
SHA1 19203457f03e47ade82e3a774b8cf1101ea7e69e
SHA256 f84e4c495ec186ee623b9f247deae448c76540c5c1bc1725793088efbbd8c155
SHA512 103e3ece02c901515f3da1249685f8effe41597f47ab7ecc10f5b4fb864a6dde14dbbdf49f0a579a76446321cb21c754855499d84f2c5d9e4617887e9323a93e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\d2f8149e-9063-4959-ac38-b1e26a72ba38

MD5 8e23bd2756550e94b529bc15b2b4b3ef
SHA1 2f9152d43ade7ecc25d23137e09f11cb56056b99
SHA256 dddf64c822bf65a0f22c49f2b3f9404627b6cb066c692197e6bd3136fd882048
SHA512 3284fef6069f7ba57f350294d0dea4d79f1df3d4b2f5e418b7293ebaa30c447d64dc8adff7ccf79c77d5cdc18f7fa40932fa70f1e7246c61efbdc0c4ac05458e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\45514F58EE166DE19E4DE720A21DDF1DA12F6C6C

MD5 2cf7543834f9031a65467db3a17cf9eb
SHA1 92f24dc8246c144dabf1e680a15ebee5de41ac70
SHA256 f1d3ad7a9707274c84974dcb8eadfeaf60ad2acd1e22c478b029b2641a9a461f
SHA512 cce0e74111647050d0042faa9dddf9a587cb9815a466d0ab9eb5bd73056ccb99e8a54a5991a3fff5cdf9081b2dc35e6b7d6dd8e3026c2875fa5c5230f722893f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js

MD5 04244bf003084342130f0aa517314f0c
SHA1 9a315990c0a38327921fd719edbae0e17b356b98
SHA256 fed9eaa8a0d28450d6f49d5f84dc6b3cac8821d6d69ae979f58902d09cd69f9a
SHA512 acbb736c0fa07ed7b77a586e1b2c7003f0a085d5e92b86967dd957a9edf8862de89cb506e22b15bdd560f26998c6c640ea3e1d57ba92c92d9baa10099cbfa78e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4

MD5 9459e995d1ceee2c3cee2b47605db82a
SHA1 8830fcd8463b3482db06a6543c4d3f587bd39ee4
SHA256 8a032b99fa07c3005875423db2d093ab6fdba150ecfd402fcd08d877c7cdbc81
SHA512 1e49515d4bdd7a0bf6b07a67b5527f923ab5380174fed38cba0d8e72e533e6a3849e5cfd4cad2433049f1b57d96b96ce3a9c32eea86b89fe380e3fcacf2331aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin

MD5 6f63056e8f71163b80239ec616008642
SHA1 3422cd1edad24470f967b7add9aa2bfb6a19bc6c
SHA256 be207f560a34e9a8fa3911b8812fd24cbfe07e55a5abe3a1434385495b607022
SHA512 d7882f95c4e091a1a30da3b3508af117b36f364476c286af55369f9ff394bd4f49887bfffee00e44ef3cc4c0a6b5d99948f890a6973c1020b68e932786805c37

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\4f6ff297-68ed-4bf7-afdc-f4dca1500a12

MD5 6113230e98b7c2fae0600ef4b26cc009
SHA1 d4b06b6709825c040c74b55de43ba6322c59a916
SHA256 41f30a7b805a99459dd26b8f1795a4933bb1f196a8b54a0f316e8bfc45a72b5d
SHA512 aba340100f2877f324e753b6d3493e6a9b913a702a0fc58e103a90a0f023722710d1323b74a148c6e30d46dbe35f7e69526e6c151abb667f355f71ab95c716dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\35a12714-6a06-4af0-a7f9-cde011319959

MD5 10a4d3dcb39c7b678188617f6c4fe2b1
SHA1 d3f0c692190a4cafdce85de2209b854db7174af8
SHA256 4ca6721d9f507d739d16c464719f8e85736a992026c97e165de06c7bdb22268d
SHA512 0caac411fa4448ec0b6f0c70c4741aba03a872054c5e28a41ef2bddebe34d7c75ab2cc220152c5cd793897baf784bf86e52e5a1ed99e4ab3a8340a4e5c8713c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c4e5b1e914a170a8e286aeb18d1d6088
SHA1 242fb366e345925c1643576cd2cf2d6b40cf0a61
SHA256 f48cb53332a63a0495249dcfd7b00948ae9f0018468cd50cd4ed7508719e4e00
SHA512 2afee3308d9f3034c6fdcdeb7d6d659292ad0e64fc988fe5660553f798eb2c76179019b3c2f2169568094df2d9d8fd35d767087614e3460ff6be04b0c8546791

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\0AA4F8AD27A4691282BB33C056EF241557E8E943

MD5 e06c366e948279e2287950e888cd20e4
SHA1 398fc7c79e012e5cba93f6dc9235ce466ff39c5f
SHA256 64ae45b46194563789a4d7a385395881ceb919effc2e08ce39c4102abfbcff52
SHA512 ab5454b7ad7d6857f7baa9a928de5f874530194bec7fa1fe8a587fadac92dba3c0934efae3116efaed40a9c871b5d722ce6833851ddb69f4d03d85c34ea8f19d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\044E0127D20CBD0FFD2EB21004A6C7FE4ACAADD5

MD5 cc63676a3184dcd866815c5d585ad62b
SHA1 88898a389c850e68eab896e4f77949f3eff6c3e9
SHA256 6e6914dadf3ed99f936e957d238a0e280dc43dc0e9b703c2dd2859e5832bbf56
SHA512 90601a55cffd33b8abe74a3ea06ca22a48f3c2c871bf92461502acd7e78253a8d49fdb2d69bc5fb88b68e4b3207d113aa7be0314232decb01407443f69893db5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\E78319AD973A9A8CFAB7CE6BC05E64A36C76ACA4

MD5 324254c8c21a44eecf382b9126b30346
SHA1 7d65bdfc538140e88e87434a6e90176b59bbd96b
SHA256 f7384f62b415b6119a3a29e0e8a28ed0145cb79362feae81fc17c91259641235
SHA512 920702337a1554123adb43ec470a6e6da18c98e2c1c5a37a5133b25e58f3ed1db5f52c7dec0fca89d89c814cfd6b012c2396d675504bbd54da2e5a83a3d0a5ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5e254764e493634456be5cc35286fc62
SHA1 445eaece0daa493c49718fc9c987125092f12b63
SHA256 21006908f1629568937a82a54db5ea00b00b914157110950658097f713493a30
SHA512 ea37b88ca2629861e9b088b17b2c86ab0859a7d81534e786b9b774beedaf7701f8a74659381cb650704b508c15cb5bf6eb16581847fab1401580ccccc0fc5e2f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++otvet.mail.ru\cache\morgue\61\{3652b382-0fbd-4d85-9603-910d55ee233d}.final

MD5 9b65faffbe310b762c01265a04d1d101
SHA1 20070edaf8217cb230f64f62a427bcd091a6838b
SHA256 edf8a62904857810493dbcd333d02387ec4ea6176679b2e7ad077d62ff985f68
SHA512 72920e7ae310635940e849b612792742b42738121a9f525df1cbbd688113ba9d1832edec56f418a342e32ad0f78c805e33e8cdb0a7f688eb8e3ae8dd46d7849c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\5DA867E0372C91699486E79D67D53E6E054176AF

MD5 1614b38da21536dc29df353729984470
SHA1 0baa0a4094190dc04f26fa5e80dd2420cb1d0ccb
SHA256 2562051371508dcd0de170762f1fa457dbed145c03fc8b20673c180a5809fb88
SHA512 62e9139bf9500e34837efbaef9a597afc69386471db488291503ad5bc90474866a088c6eceff4ac020a119b240ad7a86bb197c3cc8477b1b78a3acaf66ce3e03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\ADA6C86B925ABEA53D56C395ABC5915010260733

MD5 1ace4f50b388a219fadac6c4b19792f6
SHA1 6089c89c4da353e6af81e7493d7338de1928e027
SHA256 7987f78f01f74f13ce3af5ca2439215f5a3dfd6a5f54034ed8889547ef41e3d7
SHA512 71408b9c25a567f9d83521693ab9b954ace6bdf97f0c0e47bf7f1e07bdfb561a799d063f2b6c361903338d63ce9040fa5ccaa64a9c331f8f92b10584823e75b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 37dedb1bb38e65c09cfd56f6336b8a25
SHA1 6f6380d8ab3639490ffea5382598000143dbec14
SHA256 b8ad61c798e653e4c97785aec27df2b6ec1ae8edf7e8571adea5268ea7a2e4aa
SHA512 a5033277fa99b3a31f9f8d0b38a71104de955155e787686015c0aad288808dddcfeaf5e8834f6642e5f6175c507684a01ed70e591795da03384fe0b1d85ef507

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\4A8537BB969C8A4AD68681FAC66A9A74AE46874A

MD5 0dc22144db35b2c01a7fb04045f3efa9
SHA1 de3c5ef6eac91ac6dcb7a577ea933c38bcdebab6
SHA256 ae3f26faf9dfcdf86369879697c56dc81fcf7ed7c1785b67a2bc76d3ba895813
SHA512 064580de3bf6f7cb4864ec0de986c010297474cc3c51662b0f344e6fa8cc04bd3bcd59ce2d21bc3c714a158aa64cb39eeaf923ffc2422f675951277331195938

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

memory/2236-2795-0x00000000002B0000-0x00000000002DA000-memory.dmp

memory/2236-2796-0x000007FEE57D0000-0x000007FEE61BC000-memory.dmp

memory/2236-2797-0x000007FEF4180000-0x000007FEF42AC000-memory.dmp

memory/2236-2799-0x000000001AFB0000-0x000000001B030000-memory.dmp

memory/2236-2803-0x000000001AFB0000-0x000000001B030000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4b82b54e05ffd44036255d5ec07d2eba
SHA1 6aadb57b549b65cbf0d0ce7c79e20adebd8b0560
SHA256 ea1a65be225d668149b08dc57e8ba683cac27ff46c60ab7ac546f0ef5ea27cba
SHA512 dc0bfb1debe5d8f1f27de81ef3d2bc40e6677a8ed319674d29258106e3ddb8c6e0a1f0a20be553a73b0f03886e148dbe31f23ef3a50560609abc1af6f925c316

memory/2236-2844-0x000007FEE57D0000-0x000007FEE61BC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++ya.ru\ls\usage

MD5 87ae0d6b3a837a2a85d7617c8dbb6242
SHA1 3d07b0c348ceb568e9598b721817a10184be1f47
SHA256 bc03c34d123a5bff2b1e7795000b2dc24a00a7350c098852fda811385482148d
SHA512 050342042230c2dd1f188511dc9fbfa490e98dd07f55cb15f7259660d852677ef12d336baf908e38aa49d9e02929e3a96eeef1cef2bd3ff1190788661bffb197

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js

MD5 3bdc0558c3a28b88bb8602035f446b6b
SHA1 1a026bfab9263c84652258c71750f732a31fb01f
SHA256 184cbe19b622055125a19d0f8ceecc26fc1ae47a0c6762e5530293be2a650c7d
SHA512 3677fccee5fad3bd5f0ee2989c8517cf777d2664b8ff3f5385b3c226191088690e8f9c961d221db9b71f089435f534e56fa56104acb30263395341d2c0fd6d51

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js

MD5 8def8de300889b11544441f17ef51d22
SHA1 2df5316061a88fc2c92d7c2e77571ed50d62fdc5
SHA256 7b1ecd2f5fdec97ac56c7345cb6abf60373ea577e2db8890c5d35bc902c1169a
SHA512 d0d46df6ffef218a5e3deade2c947f3620f8aa7101453b8186808c0712ebe1e17c9a3e6122c094f664859d3cbb847858e178ead788a2479868129f258a39cde7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3aad700c198b991393d912c91f314db8
SHA1 cca99742d73c95091ccaafc894de1ec3c4d9a856
SHA256 ab4ab754b94b7548e0bb407812bcadaecacbf3e30e735411e9ac7a528da373a3
SHA512 eb1729574a1fa2d0a9c75e9974fa714084d8ed26149442424fc90475cfed783f4eaa5f419c84b31b8b1cfc61d86fc2bd54e8280d1e9df0eee8aa983d47f82cb7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++ya.ru\ls\usage

MD5 7d3ae5a2d1b95f328dd0b09f08cc4ae6
SHA1 fa2a22903020005a8adbe871c64ea1070cd4c20c
SHA256 941d4b70fb2d989c738f21159aa07fd0313aed6adc0d489ba7a31b793da925de
SHA512 05c5deb0b1972f9b5e0699a98da2b113ea04ff8f89ed913a94c490bf134a3337f0c31a121068bb3ee15c723367c3f4083d39180144d577be902ab4375e1065ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 10e6aa85775a4d053cbd699b5e2a8785
SHA1 7681d8a6d6582e5ef2ba616266472128722d2467
SHA256 36c0a9d7f13f9036a394547dd852302e52da3fef2afe813a1a45301d77c94ab5
SHA512 cfe260a9e7de1594ed92f459b7b3387a228e183ae22cad144645f1202df9583f2d7c96cd15803e0b166f5bd899e668b0e1cf7463ea4b42ba567d525c241dd5dd

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 60935338814f53daf53b46f1cba52b40
SHA1 5fc9abf203be0fa889495c40144f3b1f19e62aca
SHA256 2d01281c5e131248d92c61708c8725401dcfdd6680b123d728fc8ecf9fcd7aff
SHA512 9041eef5b86063fa0d2f737cc1449e964254253e6c429b2f19dd96eea88409f857a9d0e253c64f330f9ddd660208b3ab95a4fe059ee172abf42fac5d11eaffd3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++ya.ru\ls\usage

MD5 3ef717801938ae2f4a3a3f1ce2ac0615
SHA1 1c9c60c9af505b8a797c9d9215180ffb704dc7c7
SHA256 c79c58f2e96bec8f099f7896b69fe7b20f4c81fde859e817a413b794f1c678b9
SHA512 ee7cd9cf7b7b71fac9c8409b0cbb2adb48e8de07f163b0e3c4294d63ee295b2b4b7572f3b58a73f0f62133ff8443bd07fbb46ff3ebba72fa4594c125863015a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++ya.ru\ls\usage

MD5 753ccc3e8dc88a05838b3882a227604f
SHA1 04708e1d45f01e24248282c04636637f14775943
SHA256 38b7c57f105315f88e653f0b2e716874001c658317e60bd0d231b5f70d523106
SHA512 a86e13b982daff9c2a4b887137486675cb38011eae18b8c73f17759aaa3a6bf4a4e8e19841e312a4708a0e4463dcd5b18fd6ad771148606afa0ed6abbbeea4ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\doomed\10874

MD5 dab814a7d738a6e7de63bbd2385ef612
SHA1 c8410b4c271161ca1f59a5aa18280611d45349ec
SHA256 2d066fe39d4d1f568e6215fd1486526c2faa77c10f897b2fa9487a21e1f4840f
SHA512 2825a7856bd71e1935ac0dbd338120325f667e3bf289eb7bcaaace328c2233b092a87cf73ebaeb4dad521d3a9c241a762bc9f88ddba71a93db0fe92382d714f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\default\https+++otvet.mail.ru\ls\usage

MD5 2dda603fc574d307fd232b632c4e069b
SHA1 98c38a76670a8e4620bdc831b08599a1c7798c0c
SHA256 32c902765ace387d0ae040b7612259cb824ff14b36fa8ea9c7901a3fb339fee6
SHA512 45cb93b7de40a9b1388e0dda25f5a0299795177188527d1de691b2f8cdae91b6d09c4162c18cf639b89972158f6132cbe7d2bb0b7bbdad9e04e5524f6d4208d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4

MD5 c8942bd7f022db531aaf3448a67b984f
SHA1 49694ad7080d75dd5624b29d7526acae75dadbe1
SHA256 7e123aef64dc6a8d9cbf23de9c908559a4eb04f80212a8f28c53016a7f99979e
SHA512 0fedfd74958baed01d6c124de503c0ea2dca9c403d99469608ff5cd1c044df4e818164155004edba9ebe03686c825cf2f844e6af2597cd11ab80d508e62adcd2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js

MD5 37c8d79c0527744ed17804199b41b987
SHA1 01f3013593a5219c9ae1baf71039427e4714074e
SHA256 43c86d2508e13f42826a5b2830eb1748b1e125c1d7bb0fd317a5df8a372b7441
SHA512 942504ce98c39f33fb936ef32bca393f9a0ffa9bb0506f4395ee41559c13192701ea240761ce0826e35af1605b5ff862400001d3c34960989863e7db7c21623d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\xulstore.json.tmp

MD5 8c8e29dfc7492b92903124e1da454a88
SHA1 09e1ea8b5a53255747809121543598e55e38f9ba
SHA256 08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb
SHA512 bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

memory/1520-3574-0x0000000002D90000-0x0000000002D91000-memory.dmp

memory/2280-3575-0x0000000002AB0000-0x0000000002AB1000-memory.dmp