Malware Analysis Report

2024-11-30 19:08

Sample ID 240310-g4whyaea98
Target XWorm V5.3.7z
SHA256 4d274a49cb04b5de876fd1c22ef6a42dd1625a33b4c045c207fd1fbc0a8f3b6c
Tags
agenttesla xworm agilenet keylogger persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4d274a49cb04b5de876fd1c22ef6a42dd1625a33b4c045c207fd1fbc0a8f3b6c

Threat Level: Known bad

The file XWorm V5.3.7z was found to be: Known bad.

Malicious Activity Summary

agenttesla xworm agilenet keylogger persistence rat spyware stealer trojan

AgentTesla

Xworm

Detect Xworm Payload

AgentTesla payload

Executes dropped EXE

Uses the VBS compiler for execution

Obfuscated with Agile.Net obfuscator

Drops startup file

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Opens file in notepad (likely ransom note)

Suspicious use of FindShellTrayWindow

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-10 06:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-10 06:22

Reported

2024-03-10 06:52

Platform

win10-20240214-en

Max time kernel

1800s

Max time network

1790s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.7z"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk C:\Users\Admin\Documents\XClient.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk C:\Users\Admin\Documents\XClient.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\AppData\\Roaming\\XClient.exe" C:\Users\Admin\Documents\XClient.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\perfc009.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh009.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh00A.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc010.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh010.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh007.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc00A.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc00C.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh00C.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc011.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh011.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc007.dat C:\Windows\system32\lodctr.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Program Files\7-Zip\7zFM.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Documents\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Documents\XClient.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\Documents\XClient.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Documents\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\Documents\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate C:\Users\Admin\Documents\XClient.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0 = 50003100000000004e580a9310004c6f63616c003c0009000400efbe4e580e8d4e580a932e000000b35101000000010000000000000000000000000000000f9463004c006f00630061006c00000014000000 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\.php\ = "php_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 78003100000000004e580e8d1100557365727300640009000400efbe724a0b5d4e580e8d2e000000320500000000010000000000000000003a00000000003715f50055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0\0\NodeSlot = "4" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0 = 4e003100000000006a585735100054656d7000003a0009000400efbe4e580e8d6a5857352e000000b45101000000010000000000000000000000000000003b81dd00540065006d007000000014000000 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\.php C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 03000000000000000100000002000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell C:\Windows\system32\OpenWith.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\telegram.php:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
N/A N/A F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
N/A N/A F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
N/A N/A F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
N/A N/A F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
N/A N/A F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
N/A N/A F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
N/A N/A F:\4c3f295d499a0e4fe06bed3c14\Setup.exe N/A
N/A N/A F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
N/A N/A F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
N/A N/A F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
N/A N/A F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
N/A N/A F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
N/A N/A F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
N/A N/A F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
N/A N/A F:\559daf81a1cb3122d599b6c59065\Setup.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Documents\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe N/A
N/A N/A C:\Users\Admin\Documents\XClient.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3084 wrote to memory of 4404 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 3084 wrote to memory of 4404 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 4404 wrote to memory of 1052 N/A C:\Program Files\7-Zip\7zFM.exe C:\Windows\system32\NOTEPAD.EXE
PID 4404 wrote to memory of 1052 N/A C:\Program Files\7-Zip\7zFM.exe C:\Windows\system32\NOTEPAD.EXE
PID 4404 wrote to memory of 3924 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe
PID 4404 wrote to memory of 3924 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2136 wrote to memory of 2056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2056 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.7z"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.7z"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO43100149\README.txt

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.0.1412446766\1107708480" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1468 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e768c8c-d378-4ea6-a686-86674374e787} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1796 2c1632f3158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.1.136112083\1561317928" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {464e56e5-e0ae-4cc4-80d7-f85c8f8d611a} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2152 2c1631faa58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.2.197623608\1544599160" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2668 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8eae8b6-a7c9-4785-9f41-dd4bca44e5ce} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2964 2c1674da258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.3.518542900\1017934777" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd0a2a8c-17aa-4e2c-887c-e711ab10c10b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3408 2c165e10158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.4.790196201\2035127841" -childID 3 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82a961d4-a3ea-4584-983a-e67603d7419c} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4200 2c165f50758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.5.496112914\123480724" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e57c03f-4c1c-4eb7-8de6-f950ea83c4d9} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4888 2c15822db58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.6.1964946419\1823380225" -childID 5 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65af23c7-1dd7-40b7-a9ba-d0f43dd0c78d} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4792 2c169a87358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.7.782984577\1162338407" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e4dc556-9abc-46f2-b376-4a52602c9227} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5196 2c169a86a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.8.183340857\2130098373" -childID 7 -isForBrowser -prefsHandle 2716 -prefMapHandle 4608 -prefsLen 26514 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a101bd6-17d0-4cd1-af19-a5a4074e5cbf} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1520 2c16a861858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.9.720380631\238483592" -childID 8 -isForBrowser -prefsHandle 4944 -prefMapHandle 4960 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b573fac6-d30e-4378-9eea-0694ffef7f73} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4316 2c16b362e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.10.1261740061\1803182618" -childID 9 -isForBrowser -prefsHandle 5092 -prefMapHandle 5028 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a453ebd3-b9f3-4166-8fec-1b08978a9b5c} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5496 2c169a86a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.11.1297652320\414197335" -childID 10 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37189d9d-0917-47ce-9785-8747bb86aed0} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5348 2c16a863958 tab

C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe

"C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe"

F:\4c3f295d499a0e4fe06bed3c14\Setup.exe

F:\4c3f295d499a0e4fe06bed3c14\\Setup.exe /x86 /x64 /web

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.12.339671722\1142303740" -childID 11 -isForBrowser -prefsHandle 5172 -prefMapHandle 5156 -prefsLen 27438 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbacee3d-ffa6-4372-837e-173a7653683e} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5144 2c1674dc358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.13.992913219\298105311" -childID 12 -isForBrowser -prefsHandle 10452 -prefMapHandle 10460 -prefsLen 27517 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aae0b2b0-0fd0-4877-b5ae-546cc21a0bb2} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 10440 2c16a862a58 tab

C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe

"C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe"

F:\559daf81a1cb3122d599b6c59065\Setup.exe

F:\559daf81a1cb3122d599b6c59065\\Setup.exe /x86 /x64 /ia64 /web

C:\Users\Admin\AppData\Local\Temp\7zO43186BD3\XWorm V5.3.exe

"C:\Users\Admin\AppData\Local\Temp\7zO43186BD3\XWorm V5.3.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO431159B3\Fixer.bat" "

C:\Windows\system32\lodctr.exe

lodctr /r

C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3cc

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.14.1353164301\2093578753" -childID 13 -isForBrowser -prefsHandle 10260 -prefMapHandle 10212 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f882b873-fdfc-4b0f-a4a7-114e916d3449} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 10036 2c16ab0cd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.15.197897002\66223970" -childID 14 -isForBrowser -prefsHandle 9844 -prefMapHandle 4344 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b046a201-d2d6-4707-af66-1083cf25ff8d} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9848 2c16745fd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.16.173682328\1959396079" -childID 15 -isForBrowser -prefsHandle 9560 -prefMapHandle 9564 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6696aae-0080-4c4c-8ac3-f4fcdab4011e} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9552 2c16b14f958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.17.1467407934\435550339" -childID 16 -isForBrowser -prefsHandle 9432 -prefMapHandle 9436 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59cda812-d8a6-4fd2-9cbb-d1db6ce40331} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9656 2c16c1f4358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.18.1675564274\557625459" -childID 17 -isForBrowser -prefsHandle 9212 -prefMapHandle 9220 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d06cc7ab-dec2-4ea0-a7ea-5c7c6249221f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9228 2c16dcb4b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.19.1144334962\1872850773" -childID 18 -isForBrowser -prefsHandle 9052 -prefMapHandle 9048 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f3240c2-8bde-4363-9162-32a866462494} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9188 2c16e231558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.20.1484388542\1469895230" -childID 19 -isForBrowser -prefsHandle 8872 -prefMapHandle 8868 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fe8a75-a9ad-4072-94f5-7d8d4e13b0b0} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8880 2c16e231e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.21.108427010\1498976393" -childID 20 -isForBrowser -prefsHandle 9076 -prefMapHandle 9544 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e51e99e1-7b39-4b0b-98c7-9236f53d71fd} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8624 2c16e425758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.22.1666425175\1368026097" -childID 21 -isForBrowser -prefsHandle 9708 -prefMapHandle 8996 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {248c81e9-1096-4a70-b9f0-467c99e3c0df} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8428 2c16e639858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.23.825066818\178257242" -childID 22 -isForBrowser -prefsHandle 8348 -prefMapHandle 8252 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e710285e-7336-4650-88a6-31a7fcb00950} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8268 2c16dcb5158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.24.639983562\2005668221" -childID 23 -isForBrowser -prefsHandle 8808 -prefMapHandle 8892 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb183052-1a2b-4ce0-a788-e9bbdd4885c2} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8728 2c16f093a58 tab

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\telegram.php

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.25.1334460282\451771722" -childID 24 -isForBrowser -prefsHandle 10064 -prefMapHandle 10068 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87fb9048-1793-4b99-b8da-326f04f7a57f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9268 2c16b305c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.26.1633466451\1422317398" -childID 25 -isForBrowser -prefsHandle 9640 -prefMapHandle 9436 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35797f6d-5058-4db5-851b-b4f4acccff6f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9724 2c16b306b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.27.797599673\260465153" -childID 26 -isForBrowser -prefsHandle 8016 -prefMapHandle 8280 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b396ca7-45bb-434a-b3a2-5ef01ede9e6f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8352 2c16745fa58 tab

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1vjwmxqv\1vjwmxqv.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES891F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8F62AE2B2B914860A45A8C2CAB9BC544.TMP"

C:\Users\Admin\Documents\XClient.exe

"C:\Users\Admin\Documents\XClient.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.28.1644562716\136913544" -childID 27 -isForBrowser -prefsHandle 8876 -prefMapHandle 8676 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4c30f5b-ad0e-4a61-bb34-af678133c154} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4676 2c16b9cea58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.29.1078586189\992412714" -parentBuildID 20221007134813 -prefsHandle 7748 -prefMapHandle 7740 -prefsLen 27658 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {015db2df-20b4-4e97-8dec-79f77288adee} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7756 2c16dbd6b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.30.12151158\919403900" -childID 28 -isForBrowser -prefsHandle 4608 -prefMapHandle 8344 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1435066-ddb2-4e3f-974d-0f6b1e7a69bc} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 10440 2c16f10c858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.31.96750385\1659603580" -childID 29 -isForBrowser -prefsHandle 8032 -prefMapHandle 8040 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {465f43bc-8560-40a2-bc55-6d97b60d8ddd} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9712 2c16f109e58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 54.218.225.239:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49935 tcp
N/A 127.0.0.1:49942 tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 239.225.218.54.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-5hne6nzy.gvt1.com udp
NL 172.217.132.166:443 r1---sn-5hne6nzy.gvt1.com tcp
US 8.8.8.8:53 r1.sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 r1.sn-5hne6nzy.gvt1.com udp
NL 172.217.132.166:443 r1.sn-5hne6nzy.gvt1.com tcp
NL 172.217.132.166:443 r1.sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 166.132.217.172.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
GB 216.58.213.14:443 plus.l.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
GB 216.58.213.14:443 plus.l.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:443 www.microsoft.com tcp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
US 8.8.8.8:53 e13678.dscg.akamaiedge.net udp
GB 96.16.110.13:443 e13678.dscg.akamaiedge.net tcp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
GB 23.48.165.137:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 e81481.dsca.akamaiedge.net udp
GB 23.48.165.137:443 e81481.dsca.akamaiedge.net tcp
GB 23.48.165.137:443 e81481.dsca.akamaiedge.net tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 e13678.dscg.akamaiedge.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 e81481.dsca.akamaiedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 137.165.48.23.in-addr.arpa udp
US 8.8.8.8:53 13.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 99.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 greenid-prod-pme.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 greenid-prod-pme.eastus2.cloudapp.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.akadns.net udp
US 52.167.30.171:443 fpt2.microsoft.com tcp
US 13.89.178.27:443 browser.events.data.microsoft.com tcp
US 13.89.178.27:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdcus03.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.akadns.net udp
US 8.8.8.8:53 onedscolprdcus03.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 cs1227.wpc.alphacdn.net udp
US 8.8.8.8:53 cs1227.wpc.alphacdn.net udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus17.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus17.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 download.microsoft.com udp
GB 23.44.234.47:443 download.microsoft.com tcp
US 8.8.8.8:53 e12671.dscd.akamaiedge.net udp
US 8.8.8.8:53 e12671.dscd.akamaiedge.net udp
US 8.8.8.8:53 47.234.44.23.in-addr.arpa udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.213.14:443 plus.l.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.3:443 id.google.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 adservice.google.co.uk udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 13.107.246.64:443 part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 w.usabilla.com udp
US 8.8.8.8:53 w.usabilla.com udp
IE 54.216.138.85:443 w.usabilla.com tcp
US 8.8.8.8:53 85.138.216.54.in-addr.arpa udp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
FR 52.222.161.46:443 d6tizftlrpuof.cloudfront.net tcp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
US 8.8.8.8:53 d6tizftlrpuof.cloudfront.net udp
US 8.8.8.8:53 46.161.222.52.in-addr.arpa udp
US 8.8.8.8:53 w.usabilla.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus04.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus04.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus15.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus15.westus.cloudapp.azure.com udp
US 20.9.155.148:443 gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com tcp
US 20.9.155.148:443 gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com tcp
US 8.8.8.8:53 gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com udp
US 8.8.8.8:53 148.155.9.20.in-addr.arpa udp
US 8.8.8.8:53 onedscolprdwus15.westus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus04.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus04.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 8.8.8.8:53 gig-ai-prod-wus2-02-app-v4-tag.westus2.cloudapp.azure.com udp
US 8.8.8.8:53 gig-ai-prod-wus2-02-app-v4-tag.westus2.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus09.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 onedscolprdeus09.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 download.microsoft.com udp
US 8.8.8.8:53 e12671.dscd.akamaiedge.net udp
US 8.8.8.8:53 e12671.dscd.akamaiedge.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus09.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus09.eastus.cloudapp.azure.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 8.8.8.8:53 gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com udp
US 8.8.8.8:53 gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus14.centralus.cloudapp.azure.com udp
US 104.208.16.90:443 onedscolprdcus14.centralus.cloudapp.azure.com tcp
US 8.8.8.8:53 onedscolprdcus14.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 100.21.251.158:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 158.251.21.100.in-addr.arpa udp
US 8.8.8.8:53 tinyurl.com udp
US 172.67.1.225:80 tinyurl.com tcp
US 172.67.1.225:80 tinyurl.com tcp
US 8.8.8.8:53 tinyurl.com udp
US 8.8.8.8:53 tinyurl.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 225.1.67.172.in-addr.arpa udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 104.22.74.216:443 btloader.com tcp
GB 172.217.16.238:443 translate.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 172.67.170.144:443 www.ezojs.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www.ezojs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 www.ezojs.com.cdn.cloudflare.net udp
GB 172.217.16.238:443 www3.l.google.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 172.67.199.186:443 the.gatekeeperconsent.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.19.214.37:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.114.74:443 static.mediafire.com udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 g.ezoic.net udp
GB 142.250.200.10:443 translate.googleapis.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.19.214.37:443 cdn.otnolatrnup.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
GB 142.250.200.10:443 translate.googleapis.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 go.ezodn.com udp
US 104.19.215.37:443 otnolatrnup.com tcp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 37.214.19.104.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 prebid.media.net udp
GB 142.250.178.10:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 142.250.178.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 172.67.142.121:443 go.ezodn.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 104.19.215.37:443 otnolatrnup.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
GB 3.162.19.143:443 cdn.amplitude.com tcp
GB 172.217.169.34:443 securepubads46.g.doubleclick.net tcp
DE 54.93.147.185:443 btlr.sharethrough.com tcp
DE 54.93.147.185:443 btlr.sharethrough.com tcp
DE 54.93.147.185:443 btlr.sharethrough.com tcp
DE 54.93.147.185:443 btlr.sharethrough.com tcp
DE 54.93.147.185:443 btlr.sharethrough.com tcp
US 34.120.63.153:443 prebid.media.net tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
DE 18.185.180.173:443 tlx.3lift.com tcp
GB 13.224.81.88:443 tags.crwdcntrl.net tcp
IE 52.211.239.186:443 bcp.crwdcntrl.net tcp
IE 52.211.239.186:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 143.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 88.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 185.147.93.54.in-addr.arpa udp
US 8.8.8.8:53 186.239.211.52.in-addr.arpa udp
US 8.8.8.8:53 173.180.185.18.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
US 8.8.8.8:53 api.amplitude.com udp
GB 172.217.169.34:443 securepubads46.g.doubleclick.net udp
GB 88.221.134.90:443 qsearch-a.akamaihd.net tcp
US 8.8.8.8:53 a267.g.akamai.net udp
US 8.8.8.8:53 a267.g.akamai.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 90.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
BE 64.233.184.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
BE 64.233.184.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 156.184.233.64.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
GB 96.16.109.9:443 e6603.g.akamaiedge.net tcp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 54.185.172.28:443 api.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 28.172.185.54.in-addr.arpa udp
NL 198.47.127.19:443 pugm-amsfpairbc.pubmnet.com tcp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 b04b437c5a5f057d7a4900be0ae509c1.safeframe.googlesyndication.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
GB 18.165.155.172:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
GB 216.58.204.65:443 b04b437c5a5f057d7a4900be0ae509c1.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 d2avimlm6gq3h9.cloudfront.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 d2avimlm6gq3h9.cloudfront.net udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
US 34.102.146.192:443 oa.openxcdn.net udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
GB 216.58.204.65:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com.cdn.cloudflare.net tcp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 172.155.165.18.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 8.8.8.8:53 images.mediago.io udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
US 8.8.8.8:53 trace-eu.mediago.io udp
GB 3.162.20.8:443 cdn.mediago.io tcp
GB 3.162.20.8:443 cdn.mediago.io tcp
US 8.8.8.8:53 cdn.mediago.io udp
US 34.111.60.239:443 images.mediago.io tcp
US 8.8.8.8:53 images.mediago.io udp
US 8.8.8.8:53 trace-eu.mediago.io udp
US 8.8.8.8:53 cdn.mediago.io udp
US 8.8.8.8:53 images.mediago.io udp
US 34.96.70.87:443 invstatic101.creativecdn.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 34.111.60.239:443 images.mediago.io udp
NL 35.214.168.80:443 trace-eu.mediago.io udp
US 34.120.135.53:443 oajs.openx.net udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 gtrace.mediago.io udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 8.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 239.60.111.34.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
NL 35.214.168.80:443 gtrace.mediago.io tcp
NL 35.214.168.80:443 gtrace.mediago.io tcp
US 8.8.8.8:53 gtrace.mediago.io udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gtrace.mediago.io udp
NL 35.214.168.80:443 gtrace.mediago.io udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 gbc6.fr3.eu.criteo.com udp
FR 185.235.86.177:443 gbc6.fr3.eu.criteo.com tcp
US 8.8.8.8:53 gbc6.fr3.eu.criteo.com udp
US 8.8.8.8:53 177.86.235.185.in-addr.arpa udp
FR 185.235.86.249:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 gbc8.fr3.eu.criteo.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gbc8.fr3.eu.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 249.86.235.185.in-addr.arpa udp
US 34.98.64.218:443 google-bidout-d.openx.net udp
US 104.19.215.37:443 otnolatrnup.com tcp
US 8.8.8.8:53 download1638.mediafire.com udp
US 199.91.152.138:443 download1638.mediafire.com tcp
US 8.8.8.8:53 download1638.mediafire.com udp
US 8.8.8.8:53 138.152.91.199.in-addr.arpa udp
US 104.19.215.37:443 otnolatrnup.com udp
US 104.19.215.37:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
GB 54.230.10.111:443 woreppercomming.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 104.21.96.72:443 www.ovardu.com tcp
US 8.8.8.8:53 www.ovardu.com udp
US 104.21.96.72:443 www.ovardu.com tcp
US 104.21.96.72:443 www.ovardu.com udp
US 8.8.8.8:53 www.opera.com udp
DE 35.157.234.97:443 www.opera.com tcp
US 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
US 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
US 8.8.8.8:53 72.96.21.104.in-addr.arpa udp
US 8.8.8.8:53 111.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 97.234.157.35.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 e11604.dscf.akamaiedge.net udp
GB 216.58.213.14:443 www.googleoptimize.com tcp
US 8.8.8.8:53 www.googleoptimize.com udp
US 8.8.8.8:53 e11604.dscf.akamaiedge.net udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 216.58.213.14:443 www.googleoptimize.com udp
US 8.8.8.8:53 174.85.84.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 static.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 172.67.170.144:443 www.ezojs.com.cdn.cloudflare.net tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.16.114.74:443 static.mediafire.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 static.mediafire.com udp
GB 142.250.200.10:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 104.19.214.37:443 otnolatrnup.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
US 172.67.170.144:443 www.ezojs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 104.19.214.37:443 otnolatrnup.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 104.19.215.37:443 otnolatrnup.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 130.211.23.194:443 api.btloader.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.178.10:443 translate-pa.googleapis.com tcp
US 172.67.142.121:443 go.ezodn.com udp
US 8.8.8.8:53 g.ezodn.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 g.ezodn.com udp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.19.215.37:443 otnolatrnup.com tcp
US 104.21.87.79:443 g.ezodn.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
GB 142.250.178.10:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 104.19.215.37:443 otnolatrnup.com udp
GB 142.250.178.10:443 translate-pa.googleapis.com udp
US 172.67.142.121:443 bshr.ezodn.com udp
GB 172.217.169.34:443 securepubads46.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
GB 172.217.169.34:443 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
N/A 127.0.0.1:7000 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.114.74:443 static.mediafire.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.234:443 ajax.googleapis.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.234:443 ajax.googleapis.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
GB 3.162.19.143:443 cdn.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 52.41.106.252:443 api.amplitude.com tcp
US 8.8.8.8:53 static.hotjar.com udp
US 13.33.52.56:443 static.hotjar.com tcp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 script.hotjar.com udp
GB 54.230.10.124:443 script.hotjar.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 device.maxmind.com udp
GB 3.162.20.77:443 vc.hotjar.io tcp
US 8.8.8.8:53 vc-live-cf.hotjar.io udp
US 8.8.8.8:53 device.maxmind.com udp
US 8.8.8.8:53 device.maxmind.com udp
US 8.8.8.8:53 vc-live-cf.hotjar.io udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.184.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.184.156:443 stats.g.doubleclick.net tcp
US 162.159.135.22:443 device.maxmind.com tcp
US 8.8.8.8:53 252.106.41.52.in-addr.arpa udp
US 8.8.8.8:53 124.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 77.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 56.52.33.13.in-addr.arpa udp
US 8.8.8.8:53 22.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 d-ipv6.mmapiws.com udp
US 172.64.145.79:443 d-ipv6.mmapiws.com tcp
US 8.8.8.8:53 d-ipv6.mmapiws.com udp
US 8.8.8.8:53 d-ipv6.mmapiws.com udp
US 8.8.8.8:53 79.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 104.16.114.74:443 static.mediafire.com udp
US 8.8.8.8:53 app.mediafire.com udp
US 104.16.113.74:443 app.mediafire.com tcp
US 8.8.8.8:53 app.mediafire.com udp
US 8.8.8.8:53 app.mediafire.com udp
US 104.16.113.74:443 app.mediafire.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.204.67:443 www.google.co.uk udp
BE 64.233.184.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 sessions.bugsnag.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 8.8.8.8:53 sessions.bugsnag.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 sessions.bugsnag.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 35.190.88.7:443 sessions.bugsnag.com udp
GB 142.250.187.234:443 ajax.googleapis.com udp
US 104.16.114.74:443 app.mediafire.com udp
US 8.8.8.8:53 7.88.190.35.in-addr.arpa udp
US 104.16.113.74:443 app.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafireuserupload.com udp
US 104.16.126.23:443 www.mediafireuserupload.com tcp
US 104.16.126.23:443 www.mediafireuserupload.com tcp
US 8.8.8.8:53 www.mediafireuserupload.com udp
US 8.8.8.8:53 www.mediafireuserupload.com udp
US 104.16.126.23:443 www.mediafireuserupload.com udp
US 8.8.8.8:53 23.126.16.104.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 upload.ee udp
FR 51.91.30.159:80 upload.ee tcp
US 8.8.8.8:53 upload.ee udp
US 8.8.8.8:53 159.30.91.51.in-addr.arpa udp
US 8.8.8.8:53 www.upload.ee udp
FR 51.91.30.159:80 www.upload.ee tcp
US 8.8.8.8:53 www.upload.ee udp
US 8.8.8.8:53 www.upload.ee udp
FR 51.91.30.159:80 www.upload.ee tcp
FR 51.91.30.159:443 www.upload.ee tcp
FR 51.91.30.159:443 www.upload.ee tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 app.mediafire.com udp
US 104.16.113.74:443 app.mediafire.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
BE 64.233.184.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
BE 64.233.184.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.184.233.64.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\7zO43100149\README.txt

MD5 432355e07e5399ff85ee44dcca189dda
SHA1 189f4a720b7288a13ba84be02e3c9d19a14092c3
SHA256 1c1995a3eaaf9e9e2a177b21541737231b33abcfdcf9b866495b19029cc52121
SHA512 646918e701aacc9decdbf4676ae5df5b0e6d920d67fed95fd621160804dbfcbdb4722f9171e828465e166116748dd2e53bc12c3b90d265af4b216b2602db0241

C:\Users\Admin\AppData\Local\Temp\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe

MD5 1d9b3f35068b44a010eea7515db3ad6d
SHA1 05c1ea62f38efe04ec9591c5fb63ad3882ee9263
SHA256 00c6d090a7f78c548dd7d7b518749d6b014ecc7929ce05f849a46df4c63577df
SHA512 de159eb9503593edb32eefb6a2ee0215931d5071a695359a03f134c6cd53fa50e4cc4d71896e9196628239f741196ef12d35e510612921348230bf1db25b4056

C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe

MD5 92fcb691c4a48e618d23e6adeec2cb5d
SHA1 51e135164bc679dc6f6b68e4cf6e38ec961e79a4
SHA256 c7ed3bd06ac569f9b31fd20859dff9ea238939d7a6cb12a24edb85df5f91c78b
SHA512 1f61867bd9436d6a968a2944e6ede02043e6a08001d416670ff561f78b1e8b70ed3d138ecd658185dbc7932de6328c49b541d4ecf13496063193c96c5af4a4dd

C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe

MD5 41570e397d617d61ee9efa16bd174cb2
SHA1 9e2f4d2971babbb99ff92b6a87fa64d39a69e9c1
SHA256 e779d11a6c5c914837f973422883c029bc37c5eab77f21f16223c1a40c6e891e
SHA512 c52bdcca71ca37efa44fa105634da73b72e5b97dd13aaa28b23c189e1e4006b18d21ebb4bf98463f30643c8a98a0527f88942739679840c783a1850c43f71ce9

memory/3924-148-0x00007FFFA5460000-0x00007FFFA5E4C000-memory.dmp

memory/3924-149-0x000002C7A6DF0000-0x000002C7AA068000-memory.dmp

memory/3924-150-0x000002C7AA3E0000-0x000002C7AA3E1000-memory.dmp

memory/3924-151-0x000002C7C4800000-0x000002C7C4810000-memory.dmp

memory/3924-153-0x00007FFFA5460000-0x00007FFFA5E4C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\pending_pings\b54e1144-e4be-4291-ad82-c36736fbaeed

MD5 29f379f6a7039d4e37c36c480e8393d6
SHA1 5e4ffe4e8460f3333f3badb2c16ce2b98173787e
SHA256 423a4ce8c645b32418323cf57c4a09122e259cdf5752576e6be742ca8a66ed43
SHA512 504f8708b4e648ba8ce5a9cf3b7a3f372a5c4d8a8ae23f56d09bf05fc3c2f3df28b7eb3d8147f014e3b6e8cfb55538a59a815a2c1e65a9c16e588675fa9d3837

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\pending_pings\408dfa12-d3b6-4bda-b520-08cec59dfe05

MD5 6e9067de87cf1ea1ffdf30b4db1adb53
SHA1 a144be58b2d06745417be4870289bdaf3b6be21c
SHA256 44a2c18450249aa0dfe88c23d86dc523adca860c8d87504a9486eae9af86081e
SHA512 21c3fa8b8c2d57f64c86b16ec23ce70533dcf198f53fe828f4a216c9db5534e430b56c595200ee8dcd1ea8f7a976a118bcd78e9d9fa3738b7adeb1c6b04a0e30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\db\data.safe.bin

MD5 a7a3c69b399f402bb0dae0e3e0cd0472
SHA1 08a3a0993d0e66e2b0bd361b75096d01e9c7fbc0
SHA256 6a1fb70a560b39f2c2a45ac7dea47f83f3c48ed4e909a86f64383f3682b83f4d
SHA512 99a5eec26a2fc14c58de09f6d3414680b93892ad271c00890c9c051ba3ece5df975b12d3c566160cd03b3a084d891df315eab729e827530bcd508281f12fdca2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a469497d9c45c833cd619eee4c84f564
SHA1 e042a60247ed243a2abdc8c528ba1b5bd86a47aa
SHA256 c2ec23df5cecd28a4ed84131921662e0eeeb0ab9f160e72b5fea85d753d15c08
SHA512 1588aab6f85e243cf1e0e78ce9dd4a9e49429a8191c98561c560d21f64e3992bdb5b55e66fa6d6cefe7d61e7fb5675e4b8d2f264385e389771df04553752e1a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e07d8a745747198b21a23a8cbd7d51e2
SHA1 a267995a577a3181ffa5a14e8de7e07175dd74b2
SHA256 bdad500e6d4ca298bf2e1239c8b21714effb4740b5c6d5ef795ec897fba35c2c
SHA512 e94669edc150b189ffb986075422069b653d48ece4a5080a60b2276ea74984f950fe12e62b5cff48de2807459b52825a9bf0aa78bc56f68a37884a66cabe3d02

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js

MD5 f610f222e0bfe809fa46673443677421
SHA1 19ba666843e5a7d0dd1954a7815061bbe7d04286
SHA256 935851b4258fd0f1fb413ad311a8855ec1a30d665c1da8fda00d431f18ba791c
SHA512 b6ec291613a987a6f75386f3065a382a2bc67ae61f963b967ead5f5531256a0d4a889c17a2beea201f1022a9609e22306e955d6c3cf81d564b5067b4f55096c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a5840673033a13d4a8af4418ab1087e2
SHA1 b175f3c2b54280d545483629124316d919f4a5d6
SHA256 6bad54202569f49a9000bbfc6de754ea7937d340dc7a269d7972844c1ae53f21
SHA512 5739ddcf311cf036d5834360260cc9f9525ba4e2497100087ffe0c97ed4466c804c738cc5cb4798af669a4ac36b8bbff3dc47d1dc312bf976328e4ca08ff16bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js

MD5 8edb5a8c1e09a0108f08fb5b5e619c70
SHA1 9ad97f5b784f4cc9d4c628c71853cebb546ebfd2
SHA256 75f28bd93368f0bf9a89753c854f3b6ba28b58fa4d92d1400582841fc7e6f272
SHA512 b8f474beebcaf5177d0d03e1d51ce37d53258ad2d25895c4189b4cbaff240d44cda399f1d078ceafa0e990eca1403bc06b8f5531b3fedd56f29ce4ed66172443

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 aaef03bdb9b041bf877f5ed225e95fc0
SHA1 b4ff94b97d15bc5be9f588ece5145cbb31477a8e
SHA256 e231098d8fcde31c99bb1988d3142c0985c279a04a15cf9ed89e758daa3d23d7
SHA512 244e0e50866b8d11953636b62e9b4f2a6191768781ef361e94230da51005afc0a8022cdcab8aea2974cc96fd3f897910ba50a360ab9a387737e9cdac93a7a326

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\25671

MD5 2a0481f137ef734e4240ff8f8ca12876
SHA1 f4a17edb41ecf8b176bbb2c540a93c6f724bce27
SHA256 316dab6c32313650e30273c81d94b0efaedf7a2d2882aa26ff447a9a744354c1
SHA512 11f962da2cbcb8a8d0188bf39071fc526e434f0f6cc3f56eb496879b137abe11b0c30e13cd752d9539fb89180ba0ec62655f53f85c5fdcaea337f5704fa69787

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d017d761e905a5e09c19353c111f2f2a
SHA1 671f1604940e714a56ee73834622ad0574fbac58
SHA256 c9080bdd55d518d839136adca88328ae4dadd2f89effa49decb831a274941a3a
SHA512 bea731ee9830b7c2a7f9f8e5cec2aa99ad1abbcf4af0ff67d33631339015aa232fa4d86a64d9cff0bc3b025fa473fecff4e08c3e8f736f373e820591c99abfc9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dca9e09f0ca6c65b42b0db0b4d6ce022
SHA1 64e85970ef4bf66b9bcc08037026f891f2458c77
SHA256 4ae7126de21b3e38f6f7363419585b533b73cc23236b61f4346206ed87637f01
SHA512 223c90ab1365a3d7a05b39dad00534dcdb72a85d8bd59a50aa54e35c9a552f6249085f2031a96adb948fede95415d008efc866650c4ab502bb2b9596e14050e3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6ca7f24fa802989314069b1c5e4b27e6
SHA1 f4316e6ab8dee01ce8085f3660632cf1d042ceb7
SHA256 a72301d941d12e563d42749f7bcbb10ccec62e65dc47febe553f034709c4c994
SHA512 bdb18ae1f652b13d5d306f6d2d22e240568ee1ebd43b475cf77c6caa45cd658796730b38d88bdb699a8826e50aebcd791d1514ad11ba01567f3720471f0ee51b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 72e0cdfcfff1c6be4489dde5e2796086
SHA1 e229de6ee2a5d0dbe703997ad4ea9db404402fbd
SHA256 1d5649f02f0701bf6061e583794a2d3a417a305218397967fef96b86b3e6ebc8
SHA512 daf6e3872e860eb2f93a8763e9478ed7d0a781e15cb857c6ff2e7b3991cd5e956c268925401d2eeaae99d94ae277207e2557a8796494a25686691ab22ae8e604

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 99128c4f8334acc4d1c7ed37c5a5cfb0
SHA1 5867323efb5d2a696fa114d9810de7d5f17c75a7
SHA256 cda467371ef7641081a190511199684cd8f0e54bf97c21205c0f30d3b52eda39
SHA512 d29bf38bbc7389114723e4978fe5aa48eebbd7334b23ccd74ded14105ce6961820f223d8b72a3ac4fb9c834637076f0cb0afe58bd055c6b4d33a3e87b2e40f29

C:\Users\Admin\Downloads\dotNetFx45_Full_setup.Fm_0kYmO.exe.part

MD5 fc668d59f66c0a28616dfd9c613bbe06
SHA1 3a8112e00b943cd203448300077225ef4eaa168d
SHA256 2bbea7c370063e5fbf2971196ebd7c422c3aeb32832ba2c64846bef57228554a
SHA512 97bd4e039e9f5ca25a3bfd4dafa1250df9f74fdc4e8416d3e72badd689e07f605f9d911b538d16eab6e14b06286d6354d61cee1ed9856b2d584f1e4141b0c171

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 38639caa8af4df08e6067136b6cf9f50
SHA1 01a75e71397222006960f66796415fdfd5f13440
SHA256 37fbf9729346f620777b09dcc1fc1fc29ee4de5d44e57b2dc6dc2e75636c013b
SHA512 31f7617c4fc4bd8be927d74f6678961ab25a8bf93ceea484b5151c9e75da8885be918f7d4423681c2aef817719cbd2bc496e55cf5ba7c702a163ab5b19a3a422

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js

MD5 900a80edc58004d18a5ff36266c042ea
SHA1 ba3f0a9a0b8c19050fb5bbd7af166eaebbdb92f4
SHA256 9da64c78b16830cf01c9ed29019f6441967d4a58cc9c564e7f7f0929cdee4c90
SHA512 28054c5859aef75ce33bf8194f4b7bcdf9491a1a031b5ba9f9b316449bf5bfaa45f9d2d0bf934604149b4b77ce42b80a5698ec9a82a498ba507e05908af46791

C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe

MD5 b3f682dd9782efff6cd60de4d1605bb2
SHA1 b6377b036ef0b61a8936dcda9c9b87a00fa9a722
SHA256 013f7c76f911dacf9d838df58328a47b8caccbfcfd47360a44ffcdbefb5c8f2e
SHA512 ec441ff113292598e25f159ff15cacb66678d8a8169096b2da66ad5c8df5c611866ba6387022eaad933fa1d5dea0d0e72ed2af88e9510c6e142e59faa9ed3ab6

C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe

MD5 8950600dcfba48bf4c3eb1229ac69f79
SHA1 0b4eed75d594620cb6596056d9311e55e38896a6
SHA256 6c194883843b416255877d08cdc1a028f9bab128c9b7828bcccf4b20a8f028f9
SHA512 14a2c0ee82e4ef286c2e45584b41181f75e9e997a3b9312b9e984cfc00e6b862157b65b162c32a1455f377e2491254441f83bf4e806f038c7fdf8992bfad27cb

F:\4c3f295d499a0e4fe06bed3c14\Setup.exe

MD5 8b3ecf4d59a85dae0960d3175865a06d
SHA1 fc81227ec438adc3f23e03a229a263d26bcf9092
SHA256 2b088aefcc76d0baa0bff0843bf458db27bacc47a8e698c9948e53ffc471828b
SHA512 a58a056a3a5814a13153b4c594ed72796b4598f8e715771fc31e60c60a2e26250768b8f36b18675b91e7ecc777ef27c7554f7a0e92c2dfaba74531e669c38263

C:\Users\Admin\AppData\Local\Temp\HFIA78B.tmp.html

MD5 716b967e75d60719e94aef7580d0879a
SHA1 619c265ef07b01655c3233ef03a7dc2078669f22
SHA256 0479fac737b1375ac12a5a2f33c471e0caf570e0ebc32abdc5161b079bb773c4
SHA512 abe09bca075c00eaa8d9e1a45dfccee7800d75756e1b8954913051fe25475740d49e62c22cf238554e1784811a0a1c8e65a7dbff470b7b44e69cabb37c237360

F:\4c3f295d499a0e4fe06bed3c14\DHTMLHeader.html

MD5 cd131d41791a543cc6f6ed1ea5bd257c
SHA1 f42a2708a0b42a13530d26515274d1fcdbfe8490
SHA256 e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
SHA512 a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

F:\4c3f295d499a0e4fe06bed3c14\SetupEngine.dll

MD5 e9c972015a30ced238bba0f8f06ad56d
SHA1 64ceec44cb92c7245c5ef0d875f8f964fdf28f1b
SHA256 c8e4da192c890b7a49034963a41919e2d7bd9a318b4cdbe76ada7e946da1f7e9
SHA512 693c1bcd7d237869484f235fcceafa3d0937e2f4f30cce85bed438a79c9a280ba69af4230907780edb1de68fb6090ba68e1dae91c14ac3b15d4192a6204395d6

F:\4c3f295d499a0e4fe06bed3c14\SetupEngine.dll

MD5 43bc7b5dfd2e45751d6d2ca7274063e4
SHA1 a8955033d0e94d33114a1205fe7038c6ae2f54f1
SHA256 a11af883273ddbd24bfed4a240c43f41ce3d8c7962ec970da2d4c7e13b563d04
SHA512 3f3068e660fea932e91e4d141d8202466b72447107ff43f90dea9557fc188696617025531220bc113dc19fdd7adf313a47ac5f2a4ce94c65f9aeb2d7deda7f36

F:\4c3f295d499a0e4fe06bed3c14\SplashScreen.bmp

MD5 0966fcd5a4ab0ddf71f46c01eff3cdd5
SHA1 8f4554f079edad23bcd1096e6501a61cf1f8ec34
SHA256 31c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3
SHA512 a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce

F:\4c3f295d499a0e4fe06bed3c14\1037\LocalizedData.xml

MD5 94f3480d829cee3470d2ba1046f2f613
SHA1 9a8ffc781afb5f087b39abe82c11e20d3e08b4f3
SHA256 eceb759e0f06e5d4f30bc8a982f099c6c268cff4a1459222da794d639c74f97f
SHA512 436d52da9c6c853616cf088c83b55032e491d6d76eeca0bf0cb40b7a84383a1fcffcb8ac0793cdea6af04d02acf5c1654d6b9461506ee704d95a9469581e8eaf

F:\4c3f295d499a0e4fe06bed3c14\3082\LocalizedData.xml

MD5 e58efac53fe2a16be9b99d0aa33baa3d
SHA1 7f2fecb6c4ebe9374a04f374d43465d968b3e33f
SHA256 64baa04b7ebb5ee833f43493497e99a6f2584bdc763a7c24700693cb89b35a0c
SHA512 b9b2e07e845e6bb509d4471cbe3c848836938e507308293f7c083c54cef61911a06110a5616c216ec72c39ce887b2e7f5961688809a2dad787d131ef2780d22e

F:\4c3f295d499a0e4fe06bed3c14\2070\LocalizedData.xml

MD5 6930ce4e8e28f54a0db5d919b6babd0e
SHA1 0278bf717168c061709e60ca754c8dc6e32b92d1
SHA256 4bbb7f8a9743a5a21711156dc978dc8683b3edcd9ca32e4c6a38dbe6f5001e04
SHA512 904dc390c6cad81e60159683fadc5e8556585b32f1f9482accfedf3ee6b14cd8240e2225e3ce8a0338da93162cef601c4e9798327a1bc390e62b4eb2fc59cd4c

F:\4c3f295d499a0e4fe06bed3c14\SetupUi.dll

MD5 c6760e8b45ffa0cd56b843bc498b919d
SHA1 9faa762fcd06b2c216122c31a387d6d9cf5a6558
SHA256 26f324b3d8e7af4994459e118d20ef5b0abb332075432dd42c6597833486e269
SHA512 b83f7eab3ee1ef167f81c3ddfa6a578540fb0da2efd15b54650fcf5b35cdb6f54229e04887a6f66a78c4e20cdc21119db4e0f0ed3799eeea3d2e4a308ff3f54a

F:\4c3f295d499a0e4fe06bed3c14\graphics\warn.ico

MD5 b2b1d79591fca103959806a4bf27d036
SHA1 481fd13a0b58299c41b3e705cb085c533038caf5
SHA256 fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11
SHA512 5fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2

F:\4c3f295d499a0e4fe06bed3c14\graphics\setup.ico

MD5 3d25d679e0ff0b8c94273dcd8b07049d
SHA1 a517fc5e96bc68a02a44093673ee7e076ad57308
SHA256 288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f
SHA512 3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

F:\4c3f295d499a0e4fe06bed3c14\graphics\save.ico

MD5 7d62e82d960a938c98da02b1d5201bd5
SHA1 194e96b0440bf8631887e5e9d3cc485f8e90fbf5
SHA256 ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5
SHA512 ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

F:\4c3f295d499a0e4fe06bed3c14\graphics\print.ico

MD5 7e55ddc6d611176e697d01c90a1212cf
SHA1 e2620da05b8e4e2360da579a7be32c1b225deb1b
SHA256 ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed
SHA512 283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

memory/4728-950-0x0000000002D00000-0x0000000002D01000-memory.dmp

F:\4c3f295d499a0e4fe06bed3c14\Strings.xml

MD5 8a28b474f4849bee7354ba4c74087cea
SHA1 c17514dfc33dd14f57ff8660eb7b75af9b2b37b0
SHA256 2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b
SHA512 a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

F:\4c3f295d499a0e4fe06bed3c14\1033\SetupResources.dll

MD5 541d0525f83b665b9237bfe3e3483031
SHA1 ddc3b3dbf0524c38328b1dcbb7207e265b7d67cc
SHA256 6612a68898b89bcc6f1b74c11d4ec33a4b230ab567aed78d31e0120509ef2990
SHA512 bf6f131b0d26c6785991e1b4c460668e82e01fe949dbe94bd0ed4fb2be0cc38d50dc266f03ef491f33f447b7d724e045a486410e265561b77c3205964cab55ff

F:\4c3f295d499a0e4fe06bed3c14\SetupUi.xsd

MD5 2fadd9e618eff8175f2a6e8b95c0cacc
SHA1 9ab1710a217d15b192188b19467932d947b0a4f8
SHA256 222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093
SHA512 a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

F:\4c3f295d499a0e4fe06bed3c14\2052\LocalizedData.xml

MD5 759eb338d738ca6c531b9d5b06591b3b
SHA1 c9ed5ada615ccacd887a0d07ee25dfe1d7fbc00c
SHA256 a4c3bc545fc028935ad6ec4bd8ce51a300fab8a0b128cca89a8c14923d437b16
SHA512 82e6b969dedfdda477f6fb7fcb50a0acad0b26b9b4cca9f1adab5323c6c144da6c0bff34e39e0ef7b39f37ab5808f0064eace99867f7cd258e91aeb5aa5baef2

F:\4c3f295d499a0e4fe06bed3c14\1055\LocalizedData.xml

MD5 ddb64b6c4fc498c27d291edaaf65a536
SHA1 e312eef1e9a485c5c6fe4578bbe1dd0cadbb1e3e
SHA256 027180d93ceb875227a1d76a018b870cd1d09e143ffa1632b31c322b92dd6a35
SHA512 ddb55169000052fb27caeeb349939925c7df1535c5c697da7cc2be3224c2c8ebe64328d865d1dfdbad4c1e0588853c5309e31de747f71b7f3bc9b6a9eb4335c1

F:\4c3f295d499a0e4fe06bed3c14\1053\LocalizedData.xml

MD5 984229d90d2e75f49cd9de5df014e484
SHA1 fc32854972f189305a38c11a62ef457cd94026c6
SHA256 c884f515f337e977d4cf1a19ff693c753813ede2e52a9dbe8f6ef25184ccae8d
SHA512 23101cc1b6c17f10a8d53c59c4e9bf6d24d03d781fa1a36fcb89315f2257ea4a1bd652bdbc81845479a88f00f1db52b35a0bba311a9885c7503689f9c25e49c2

F:\4c3f295d499a0e4fe06bed3c14\1049\LocalizedData.xml

MD5 1c8ad8f7aacde7ac59bfd9730cfcae80
SHA1 815c79113429b37d34c7ddff46ceccfe58b4cddc
SHA256 4faa58922f623685f05386ce518c0243e3f310db5ac64c58e5b4e91a3e4477b7
SHA512 27d5871f862756945c66397d539c79bf6032ec0d6a06255ad6b57ad1df3c1e8c87dc55dcc3febfb4bd1ce4eb24f3268fab30b1df3fd1c035d66410337db73785

F:\4c3f295d499a0e4fe06bed3c14\1046\LocalizedData.xml

MD5 c13b50e2a7f6e7e9343500771cf2d247
SHA1 0b679d20dda94224a5ddd80863a2a32de1cc6f1e
SHA256 3f9bf4eee9ece4a0181ea344344230d73d711aba2fa9248834e3b7547a3062cf
SHA512 32daea597a34f60ca5b73648d66663e4723c0d588af4ce08f76240aabbecd3a35abfbfd5e22abd8eac8ca64a9f2b3edadb8d1c24bc31f53ce5cd902dba3fc5da

F:\4c3f295d499a0e4fe06bed3c14\1045\LocalizedData.xml

MD5 95c6472f2c8329ec1c10f7df3a31c154
SHA1 624d46235912dc169913ba77caa7889219e2c394
SHA256 197722527d1ad65a10a29ecec04f029abc549eb5d05bc07a68107ad6dd4bd35b
SHA512 28149ab0c041dc35f717435f3c2218700090fc38723219c1cd40ec7f777c68d99dd08b6a42014ead8fb1e309637b6c33aa5dec0518dc1b72273c7a6fd7ef06c0

F:\4c3f295d499a0e4fe06bed3c14\1044\LocalizedData.xml

MD5 a459afdbe20f5d4c904d3e3700ee9191
SHA1 22570b1de34c11796390057537269145a2c63438
SHA256 0ac4bcf5cee39ad42070e34393303ffe3ef27e71c8d9522f3dc01e12f93dda03
SHA512 b01536c774121ba9fe25014bb802b45449ba46529af8ad59f3ff93e339e7443238b268716ac051d24ac9eba093e5d66fd5c5faa2ca17bf744ec31e50627159ce

F:\4c3f295d499a0e4fe06bed3c14\1043\LocalizedData.xml

MD5 898d2a1a5fac4d1a028aa11e0ed9f9b4
SHA1 343795fbc1bbf1b0982dc9e70501721433fba892
SHA256 73130da9b103f1812ca69cfffdf5750e74b0228cd40e0325a7f14e799aaf21a3
SHA512 fac3fd81d803c1029df6a3cd93060c950b0ba399fe074d438c4867d55468e7de9aa77bbd7b51fe866f6849684408c853d70956e94de39d4f61019825028a25e4

F:\4c3f295d499a0e4fe06bed3c14\1042\LocalizedData.xml

MD5 ad25367f86144f29946df3b3866e7dbe
SHA1 cc8470dbe0bfe9394742d639d9caeec961a27928
SHA256 90d0885f929059358fe76e61b560b3d188abbe7c041babefc82038f6faebb7eb
SHA512 66a343d1405e377bf2d303b0ec896814a46248c05dfe61a2c3167ed1c915964f7f57b335bd7fae324461e65e5ee6bc2384eff28f71c4325eb3c4f89611659afb

F:\4c3f295d499a0e4fe06bed3c14\1041\LocalizedData.xml

MD5 5ab13768b6c897eff96e35f91b834d25
SHA1 54f04c73a57a409e4c1fe317a825ee2ed4ddcd10
SHA256 87b5ce86b0134ea82215dcf04ffbf7f5c8a570f814f82b4c7ba6106195924c6b
SHA512 ee98f34723a1593ef12589ea9657f8d9a3c9dc8a3fb5eed6f8bb026c6656a3ca6fec8243745ed7fbf406019b6e2b42762c1ee74d26c0f70cc9da272291fe680f

F:\4c3f295d499a0e4fe06bed3c14\1040\LocalizedData.xml

MD5 5e805353cb010fc22f51c1f15b8bcaa1
SHA1 9360f229aee4fed6897d4f9f239072aa22d6da9e
SHA256 02b83ebd2689e22668a5ee55a213091fdc090dfee42c0be9386f530d48af8950
SHA512 275d7c7c952a352417fe896c5be07f5a4c50ff51569cb04ab615cda6a880a8e83f651c87f226a1eb79d8286f777488bfaac2636a1a2057cf5db83037b3e1214f

F:\4c3f295d499a0e4fe06bed3c14\1038\LocalizedData.xml

MD5 818e35b3eb2e23785decef4e58d74433
SHA1 41b43d0b3f81a3a294aa941279a96f0764761547
SHA256 3d8b2c8079cf8117340a8fc363dceb9be102d6eb1a72881b0c43e1e4b934303e
SHA512 98ae09da1be0ebe609d0e11d868258ab322cdc631e3105296c8ce243d821b415f3c487cbb4cd366bb4bdb7f0f9447a25836e53320b424a9ff817cac728ff4ae2

F:\4c3f295d499a0e4fe06bed3c14\1036\LocalizedData.xml

MD5 75bf2db655ca2442ae41495e158149c9
SHA1 514a48371362dfa2033ba99ecab80727f7e4b0ee
SHA256 1938c4ffedfbb7fea0636238abb7f8a8db53db62537437ff1ec0e12dca2abfab
SHA512 1b697d0621f47bb66d45ae85183a02ec78dd2b6458ef2b0897d5bbbd2892e15eaf90384bc351800b5d00cb0c3682db234fac2a75214d8ade4748fc100b1c85b2

F:\4c3f295d499a0e4fe06bed3c14\1035\LocalizedData.xml

MD5 de5ccb392face873eae6abc827d2d3a7
SHA1 50eab784e31d1462a6e760f39751e7e238ba46a2
SHA256 6638228cb95fc08eebc9026a2978d5c68852255571941a3828d9948251ca087d
SHA512 b615a69b49404d97ce0459412fbd53415dfbc1792ed95c1f1bd30f963790f3f219e028f559706e8b197ce0223a2c2d9f2e1cac7e3b50372ebef0d050100c6d10

F:\4c3f295d499a0e4fe06bed3c14\1032\LocalizedData.xml

MD5 8ecac4ca4cc3405929b06872e3f78e99
SHA1 805250d3aa16183dc2801558172633f718a839c4
SHA256 b9e9740a1f29eeaf213e1e0e01f189b6be1d8d44a2ab6df746eebe9cb772f588
SHA512 6f681c35a38a822f4747d6d2bcacefc49a07c9ca28a6b8eed38b8d760327419b5b469698bed37366c2480a4f118d4d36c6ae0f3c645f185e39a90ff26e749062

F:\4c3f295d499a0e4fe06bed3c14\1031\LocalizedData.xml

MD5 f8e3a846d4aca062413094f1d953075e
SHA1 09f2aa5b5ef693051862965c7c1063d31623f433
SHA256 5a929328125673d922e7f969769b003f5cb6942daa92818a384d50ac755174c2
SHA512 95fead89ac87c700615deef0b5c75aa818172cb387fb5e7178d0a96adb4a60abe86c3793f1174ad27b3a12fe29a371682a032d83d2c63f50a223e37a9d5fc7c6

F:\4c3f295d499a0e4fe06bed3c14\1030\LocalizedData.xml

MD5 53aa67d27c43a35c6f61552ee9865f55
SHA1 504035de2fe6432d54bc69f0d126516f363e1905
SHA256 5d08b297b867179d8d2ec861dbf7e1dfdb283573430a55644e134ee39083157a
SHA512 7a284076f6f204e5be41eab3c3abb1983fbbc21669130cc7e6961a7b858f30caf83fbcb2ef44cfe712341ab664347df29d58b650f004608b015e61e4f5d4f47b

F:\4c3f295d499a0e4fe06bed3c14\1029\LocalizedData.xml

MD5 51130f3479df72fe12b05a7aba1891d3
SHA1 fbaf9c0269d532a3ce00d725cd40772bc0ad8f09
SHA256 8845d0f0fadfdf51b540d389bbb0a8a9655cf65055e55dcd54fa655576dd70a1
SHA512 b641e22b81babbde85a6f324851d35f47bd769fc0cff74911010ae620cf682f9c7bc4d946d2f80a46a9851f3cc912625991c8a3876f1d958ea4d49d8791d1815

F:\4c3f295d499a0e4fe06bed3c14\1028\LocalizedData.xml

MD5 ff41100cc12e45a327d670652f0d6b87
SHA1 cb53d671cb66d28b6eb7247a1a0c70a114d07e6b
SHA256 ef3de7ab3d80a4d2865b9e191d2311112b4870103d383ae21882f251bbde7f0a
SHA512 f8a2f8db5957a43aa82bd7d193b2ff2a151bba6a9d0ad2d39e120909a0f8939123b389ebb4244a417f9e4d8e46629c49ac193c320231cb614253612af45281a8

F:\4c3f295d499a0e4fe06bed3c14\1025\LocalizedData.xml

MD5 d84db0827e0f455f607ef501108557d0
SHA1 d275924654f617ddaf01b032cf0bf26374fc6cd5
SHA256 a8d9fd3c7ebb7fee5adb3cafe6190131cebfcbeff7f0046a428c243f78eac559
SHA512 1b08115a4ea03217ce7a4d365899bd311a60490b7271db209d1e5979a612d95c853be33d895570e0fb0414ab16eb8fd822fe4e3396019a9edd0d0c7ff9e57232

F:\4c3f295d499a0e4fe06bed3c14\1033\LocalizedData.xml

MD5 24fde6338ea1a937945c3feb0b7b2281
SHA1 6b8b437cd3692207e891e205c246f64e3d81fdd5
SHA256 63d37577f760339ed4e40dc699308b25217ce678ce0be50c5f9ce540bb08e0a7
SHA512 9a51c7057de4f2ec607bb9820999c676c01c9baf49524011bb5669225d80154119757e8eb92d1952832a6cb20ea0e7da192b4b9ddf813fa4c2780200b3d7ba67

F:\4c3f295d499a0e4fe06bed3c14\ParameterInfo.xml

MD5 4925613d29bc7350130c7076e4c92c1c
SHA1 2821351d3be08f982431ba789f034b9f028ca922
SHA256 9157a0afe34576dfea4ba64db5737867742b4e9346a1f2c149b98b6805d45e31
SHA512 3e69650e4101a14ef69f94fa54b02d8d305039165a0bffc519b3cf96f2dcbcf46845e4669d29ccc5ceb887b2f95fc4756265b19d5c17aa176d3d6dc53ed83f77

F:\4c3f295d499a0e4fe06bed3c14\UiInfo.xml

MD5 d8f565bd1492ef4a7c4bc26a641cd1ea
SHA1 d4c9c49b47be132944288855dc61dbf8539ec876
SHA256 6a0e20df2075c9a58b870233509321372e283ccccc6afaa886e12ba377546e64
SHA512 ecf57cc6f3f8c4b677246a451ad71835438d587fadc12d95ef1605eb9287b120068938576da95c10edc6d1d033b5968333a5f8b25ce97ecd347a42716cd2a102

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js

MD5 0dc07cbc67fa94e7cbee8fda996a014d
SHA1 6c4b30c0b5e429ed3e2e53384eb5c2a3c045f7a6
SHA256 a2d891635d990fbf1353a4791ddc2c9191934b63754086883d2ec943070d76ca
SHA512 ae9b43c61f43f3b02217a15343897a1623bd2eaea6f9778f9bc7125e6402094c56539a0ab852705936571655c3f8aef098f0a514fbaba8056eb373838f72cb3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6725957748e5f4883cd64f30e377e2e0
SHA1 0f17c23e28d5a31959ef03f62ca2b96e5c45e0a8
SHA256 05897a58733bf62fb6b0c05d5d49f5b46f1f0aae11116bbdb8b3aa12efc2496c
SHA512 70d12ddb6c97aa5012668d17335af2eb22625708316fadff794fa67448d561214f6ca40269b4e91aee042e7eec4fb7df455b9459834f8e4e74d3827e0f99e46a

memory/4728-968-0x0000000002D00000-0x0000000002D01000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\19971

MD5 c84dfd518362449e4273fa3f3b237908
SHA1 a4eb46c894c0f5c2334fc669ade93ba7cd85d253
SHA256 134d82d757f520f3049ca49ccc31b48b21f22a20a2a892f3dedcb72b790bce35
SHA512 941c5dde105a1b9000429ff6d18c6c5a8b899cd70b514d7306774f8ff4afabe1a572b00e6a9ff4dd4b75e6de78c85b5cbd05fbcf80af91a57d9d6968bf2264f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 10f09213bc24d26baaa2dd88e7f59cee
SHA1 ce8549b1e6ba37157e9f10846d436defd3bb7afb
SHA256 f99b03e56a4848f157e1ff22862dc79abdaf168e3bc89b871124650340fdc75e
SHA512 15202c1a0766f8d8f008e2c8f247166cbd09f5b7d387ec4eeaedeb5fb92dd070429e72f495eb0f561d6dc83b476c13af336c311ee1ff754fc2bde6242f62ff62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\213F23EC71F31B1E827CD8F739A11D7F3AA746A3

MD5 a9b6f9e8a2f8405828d0d5259c87da73
SHA1 f52dc04e34a444eaf813f344d6616164556d02e0
SHA256 a10a66b046685bff9e2d387b5783c834e9159de950bfbfe2d3039cd9c661c66a
SHA512 322763198e5ae72d0d734836643ea7b8a66ccbf1f0679daefdf7a61d6d7b9bc5e47e0b407493acd18602662b38251a8f75efab8898c6a5e2ffa5c2467b4b70d4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\8501

MD5 beade991e1893d1e5ad45b2601a5e1dd
SHA1 e5136879a7c5a1066cbefb5edc320bf3fedbf4e7
SHA256 91dba21ef2bd9817e2841bce4b5607ace3e877f7344c45146ba6601c6850fb91
SHA512 ee8a1d526ece0bd5a96563cb07db7841bf82b99ac9ef0c3175dd26a5bda486cab599e631c72724b5e47fe711a0d822c7f00b55afea5837a9dbd93f8a971c58ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\21564

MD5 e206a790e94ae29b32c08f148fce21b2
SHA1 7ece78fbcd0047a3158d53ee3520a0573e8e4f27
SHA256 e413c9f8f83eca0890bf02e958ad359c61c90c4bbe569558554e0ff11cea75fb
SHA512 b986a7b725ef0744295ed88481d4b83bea9873eae91ea815c60e7ead1bebf3af26bf9601fe7d7db97793b42afbe46e9e1c18eae473b1bbb26c6fd7279563d30e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js

MD5 f9bd315e5f27f0aeea6ec2f72d503029
SHA1 2e37489bf2e124c29f2795e171b2b65545942941
SHA256 34f92bf6a13d0c4e7b7314669641424fb9431ea761773a325fdae7dfcb617020
SHA512 e439a63112992dfd8a2d55f8bf3c135cce51f66e728a3747593edd7b6bf417578e7a03de956fa65d389333c1993544711671ee87907e9f867ccc8ca64b522015

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 140f06d829b82728e353ba044814e8af
SHA1 e947ed4c5854bb0943ce5dcf27c56006a9d45217
SHA256 70d5fd66db67e902c7a3f3edfc32f8beec7d538feb1e53091f476714a22e60af
SHA512 eeb626e15b7f230d1819fc89e6360fa7f617ac8ea38d407bdf65cc446fd5b418bbb80e5232b0878000fdda7c815b78c947dffa62e5dc2ff75d80543ae54c6f51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 814be2a661c2982729b1d3aa79850240
SHA1 0956e7953b44bc28fc6a4669d88002e88eea90d3
SHA256 1c045f315f26b409d03ffe48a0f44e160572a429d21eb91d5b5c10efdf3a34c1
SHA512 2e19f27d869c285bd957499dea7fb0a757799336ac1e851a0b39f648fcf09f7255dff09e500bd6aa4f6c35c99c19cd82154fb8fc69aa149d7690ba98cbe4f08c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6032357b4d4cd049e5c14588db230bb3
SHA1 169b0edd10363e5c286e1cb156ed49441769deb3
SHA256 94be77df3e359a3f23d41c4c9427dbbc9b3b08ab8aec144501d8208a3f7f2cac
SHA512 da035aed1a8c40b4f56477419397ee3c1a6372cc5ec018dcdcb52517ae1e0acccded530f167febe2304cd8fc737a9375d6f18dadc4a2f3bc3c42e7c26cb56fb5

C:\Users\Admin\Downloads\dotNetFx40_Full_setup.vD7A5XXD.exe.part

MD5 c6daa9c6badbc7b053745f4ab0bb26d2
SHA1 88bd792d0a1944544e2b9fb4fff2489c109e85c7
SHA256 30ddc398c44b4cc6949c360ff793142c9661e6c9d05b5eecd01b05c7ebfbb55b
SHA512 658e6e47d1650ab2e2c0c0309708900b3edfa2368099a4b8a3fe1c3a835c7aca37cdcda0b933cffd0dac43711bfa92d8a756a2ca562c6503108e4ae9ce3d7aa2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\jumpListCache\5sYPQ0xGWYphUEsxMFc3eg==.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe

MD5 53406e9988306cbd4537677c5336aba4
SHA1 06becadb92a5fcca2529c0b93687c2a0c6d0d610
SHA256 fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
SHA512 4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99

F:\559daf81a1cb3122d599b6c59065\Setup.exe

MD5 006f8a615020a4a17f5e63801485df46
SHA1 78c82a80ebf9c8bf0c996dd8bc26087679f77fea
SHA256 d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be
SHA512 c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

F:\559daf81a1cb3122d599b6c59065\SetupEngine.dll

MD5 84c1daf5f30ff99895ecab3a55354bcf
SHA1 7e25ba36bcc7deed89f3c9568016ddb3156c9c5a
SHA256 7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd
SHA512 e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

F:\559daf81a1cb3122d599b6c59065\UiInfo.xml

MD5 8b8b0a935dc591799a0c6d52fdc33460
SHA1 ce2748bd469aad6e90b06d98531084d00611fb89
SHA256 57a9ccb84cae42e0d8d1a29cfe170ac3f27bdcae829d979cddfd5e757519b159
SHA512 93009b3045939b65a0c1d25e30a07a772bd73dda518529462f9ce1227a311a4d6fd7595f10b4255cc0b352e09c02026e89300a641492f14df908ad256a3c9d76

F:\559daf81a1cb3122d599b6c59065\ParameterInfo.xml

MD5 7213da83e0f0b8ae4fea44ae1cb7f62b
SHA1 f2e3fcc77a1ad4d042253bd2e0010bcb40b68ed3
SHA256 59e67e4fb46e5490eee63d8b725324f1372720ade7345c74c6138c4a76ea73d9
SHA512 86186ab0f2cb38e520dd1284042eced157f96874846eb9061be9cf56b84a1cab5901a4879e105a8b04b336bbc43b03f4bdf198d43af868be188602347db829e0

F:\559daf81a1cb3122d599b6c59065\1029\LocalizedData.xml

MD5 0b6ed582eb557573e959e37ebe2fca6a
SHA1 82c19c7eafb28593f453341eca225873fb011d4c
SHA256 8a0da440261940ed89bad7cd65bbc941cc56001d9aa94515e346d57b7b0838fc
SHA512 aba3d19f408bd74f010ec49b31a2658e0884661d2efda7d999558c90a4589b500570cc80410ba1c323853ca960e7844845729fff708e3a52ea25f597fad90759

F:\559daf81a1cb3122d599b6c59065\1028\LocalizedData.xml

MD5 967a6d769d849c5ed66d6f46b0b9c5a4
SHA1 c0ff5f094928b2fa8b61e97639c42782e95cc74f
SHA256 0bc010947bff6ec1ce9899623ccfdffd702eee6d2976f28d9e06cc98a79cf542
SHA512 219b13f1beeb7d690af9d9c7d98904494c878fbe9904f8cb7501b9bb4f48762f9d07c3440efa0546600ff62636ac34cb4b32e270cf90cb47a9e08f9cb473030c

F:\559daf81a1cb3122d599b6c59065\1025\LocalizedData.xml

MD5 c5bf74c96a711b3f7004ca6bddecc491
SHA1 4c4d42ff69455f267ce98f1db8f2c5d76a1046da
SHA256 6b67c8a77c1a637b72736595afdf77bdb3910aa9fe48d959775806a0683ffa66
SHA512 2f2071bf9966bffe64c90263f4b9bd5efcac4f976c4e42fbdeaa5d6a6dee51c33f4902cf5e3d0897e1c841e9182e25c86d42e392887bc3ce3d9ed3d780d96ac9

F:\559daf81a1cb3122d599b6c59065\1033\LocalizedData.xml

MD5 326518603d85acd79a6258886fc85456
SHA1 f1cef14bc4671a132225d22a1385936ad9505348
SHA256 665797c7840b86379019e5a46227f888fa1a36a593ea41f9170ef018c337b577
SHA512 f8a514efd70e81d0f2f983282d69040bca6e42f29aa5df554e6874922a61f112e311ad5d2b719b6ca90012f69965447fb91e8cd4103efb2453ff160a9062e5d3

memory/4412-1562-0x0000000002850000-0x0000000002851000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2222578136111a386f8f811b493396a7
SHA1 22f47e52f422e7e4211620e0f9473211fc283b56
SHA256 827ff05e8686366e57885451ba5d5d69231ad77aa079034dcbc000dd1ba69595
SHA512 87240757f9848c3e510414295bc459264dd029d0bd3c024d519b0688e7c6dfb1c2260d1c5bf37d871614cc2439e0157a22c387317127a6004f03a40a80887ba9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 be8cd8ca49990d4626a02cfd6bc2d8fa
SHA1 3e978e4d54b81dc59bba8bebcecfee5454cb9c23
SHA256 38975405e1102a33c384712f36ec26aa6749d3e82237853c15e4dfb972235afc
SHA512 b3609c92dac78c40001b52176a547ad24a194b0420c3f953d633da2c99d2220e840511ee4870d4c1e0aafae8a5315610eae98658b70f9e6f2c3c4f6de99a429a

memory/4076-1659-0x00007FFF97500000-0x00007FFF97EEC000-memory.dmp

memory/4076-1661-0x00000227E9E20000-0x00000227E9E30000-memory.dmp

memory/4076-1663-0x00007FFF97500000-0x00007FFF97EEC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zO431159B3\Fixer.bat

MD5 2dabc46ce85aaff29f22cd74ec074f86
SHA1 208ae3e48d67b94cc8be7bbfd9341d373fa8a730
SHA256 a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55
SHA512 6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3

C:\Windows\System32\perfh007.dat

MD5 0845cebf933086a66e207aae57a427ee
SHA1 ecf8587f451664c64e121f840f2c2f441ab2b78d
SHA256 7795c8ab095783b73f1752a4f38749d7c7f1685e2260257911784c371fe02071
SHA512 bd3a6fb855a163129d5c55caee9b3325eb541db43e3c606352e5825fc8c496fdef84c788fe7db5551393aef5fb802c6374a923c2d0aa072b02963d43ceaa8993

C:\Windows\System32\perfc007.dat

MD5 c5ab9298b0503f20e6f88fcc902563ca
SHA1 b8fb62b4e2ebad2222d882ba43d437ffec14e55c
SHA256 140abd66468171331b2fac4e032ba8ea0a762c72f25eb613616861674cdc8144
SHA512 1f13de06ec0bcc8a78faa7bd708b9563b07df620b246cf68e8d84ea797924cb4e71a1eab93bfcc55e25a6653cbc525a9dcb12dbafcc0af5a17fb0dc216d6a305

C:\Windows\System32\perfc00A.dat

MD5 9abcc480d2a0cede7fd7393e50c0333c
SHA1 de6d9114c9632e4683fd7a03251d0de34893f64e
SHA256 2ddbd04182af159fbd282610381b9a265ebced2338fcafccba93556ac710f09f
SHA512 4be9e6a999a89188b0bf20849f6663914a44c67acd382514fd554d87fb72bff3ca1cdc9a11e163085e5638ef8c16d35383bf9611e409aa07b249dcd9c2dfdc49

C:\Windows\System32\perfh011.dat

MD5 41f2dbe6f02b3bb9802d60f10b4ef7a2
SHA1 f1b03d28e5be3db3341f3a399d1cc887fe8da794
SHA256 eca01d5405d7e8af92ea60f888f891415ea2e1e6484caff15cbaf5a645700db2
SHA512 1c7b85e12050d670d48121e7670e1dab787e0a0b134e0ab314dc571c3969d0f9652ff76666bb433aac5886ca532404963a3041a1d4b4352e3051c838965fd3b1

C:\Windows\System32\perfh010.dat

MD5 4e277d7a9304103e3b68291044c7db6b
SHA1 b23864c76259c674ac2bc0210dab181bfc04dedf
SHA256 5dc2192236274fda886a0c0f396646f9292000ba33bd0e2061a65bc06639be16
SHA512 094477571cb17d7b19f6e81ef237c579f03c944745499b2e537d77972da89f8f4baa0825c3f79993d96116aa071bbc776a96f55cf8ab3f60698c2c4e03e36957

C:\Windows\System32\perfc010.dat

MD5 afc0429d5050b0057aea0a66a565c61a
SHA1 73f4910cee7b27a049d6dfe291bb6c8a99c6dc8b
SHA256 f6847323dd961aef9230bca3409a01b7c4e5e16dcca8a2e2417c9dc750871cf6
SHA512 a33920642f3ec69c04ff61b09149a57ea91e76bb8d51f1d393a31b5079a3f83939863d6a924bf2a2982786b2825bb634e3d0c0920c7bc0bf6a91e214ef8555bd

C:\Windows\System32\perfh00C.dat

MD5 d5972cca5d434d4ca1742fe0a5ddd5d4
SHA1 a3cdc3ad50ff9ba19722f2e2cb76f95b60bd92b2
SHA256 f85cfffd1414d3e975f430a1e2f2a3b473ee8995a961dfb103fe18d5bf06e321
SHA512 2ce34cf9b868fda0852e6b0d805171fcfda00c0c6cf044bf8831e6fa2aef4933ae00a8eaf757c09d67c30ae7ab58136959351f7d04d8ba6921f51fc87378565c

C:\Windows\System32\perfc00C.dat

MD5 0cfd5298e63f44351ebca47f6a491fbe
SHA1 b86c08b13f0e60f664be64cb4077f915f9fc1138
SHA256 562261cc16c6e5e2e3841a1ba79083293baa40330fb5d4f7f62c3553df26ccb3
SHA512 549e5c28598ac2a6b11936aa90f641dfa794c04dd642309d08ef90a683d995d8f2d3a69ee2ecd74adae5beb19e9de055e71670922d738bd985657ffe75ebe235

C:\Windows\System32\perfh00A.dat

MD5 893d78f82b3994cf86b3c8c80cd7ad6a
SHA1 a68cfd50ebc35eee62c84f0fd74d20d1e0bb1476
SHA256 411b7581b0af88caa8c75409dc83ac8b521ba4d987d9347402438be16d31097c
SHA512 7f7cc32aca4f023f34e4ab7a51fbd0ca0b0ea51fde6d79b9a4322bee9b4d55800a981b2d97007ceadfa609767b7d84e9eebd8b3e92f9cb68855625a25767f42b

C:\Windows\System32\perfh009.dat

MD5 367662b55faba4e0728f3c296daa92a7
SHA1 1775899bd0f1bb5cf945910db18aa3a9d4d15b7a
SHA256 c2ea1af1c970468f522e354c8e47b121b66a0d0428a8400f4a5cb03216368ce1
SHA512 283e9cf2bf6fe904b530bd188347641c1d30b27c95d89552e18aa33be1c7e2840f10a09868a2862ee53bb805cef2cdbb31b8db391ca140b5dda27058dcad11ce

C:\Windows\System32\perfc011.dat

MD5 d2e290b16307caa1dd426f08b6224b4a
SHA1 d45b5170af096ac4bc9f78a44be251595316b77f
SHA256 fb62613c279eea286bc6ae7c4065cb225894b0ffadabcb0a6f239fca4cf6306a
SHA512 5f47de23b06fe51c0fb29fba9f09fdc3ac7b1268fcbdd6810a5d2a0739af726535929cc30730a651c1820f86726b4263dfe2735375e4eff0c12550a17a8dc800

memory/4904-2907-0x00007FFF96F70000-0x00007FFF9795C000-memory.dmp

memory/4904-2909-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2910-0x0000017FDBCA0000-0x0000017FDBE94000-memory.dmp

memory/4904-2911-0x0000017FC18E0000-0x0000017FC190C000-memory.dmp

memory/4904-2912-0x0000017FDC190000-0x0000017FDC472000-memory.dmp

memory/4904-2913-0x0000017FDBAA0000-0x0000017FDBB22000-memory.dmp

memory/4904-2914-0x0000017FDBB30000-0x0000017FDBB8A000-memory.dmp

memory/4904-2915-0x0000017FC18B0000-0x0000017FC18B8000-memory.dmp

memory/4904-2916-0x0000017FDC010000-0x0000017FDC178000-memory.dmp

memory/4904-2917-0x0000017FDBEA0000-0x0000017FDBF52000-memory.dmp

memory/4904-2918-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2919-0x0000017FDC480000-0x0000017FDCDB6000-memory.dmp

memory/4904-2920-0x0000017FDCDC0000-0x0000017FDD9AC000-memory.dmp

memory/4904-2921-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2922-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2923-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2925-0x00007FFF96F70000-0x00007FFF9795C000-memory.dmp

memory/4904-2926-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2927-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2928-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2929-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2932-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2934-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

memory/4904-2953-0x0000017FDB950000-0x0000017FDB960000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js

MD5 5df68341fbaee798cfbac6aabaa2c49a
SHA1 ef3d4b008c7748a868a76649feee55db425b20c8
SHA256 a35c000cf4d05b6466eb80aa65f8f6f0662a539801712a8acd0d0ff872474b65
SHA512 7b4576ed0a22291c418aaf320c7c5532615edeec57c6b31e188ef36bae4bd2f219faeef05b78c884e19522ed0eee47346a1b9293e6e1bebaaf6966c6ea9787c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2565f151293c4ad00cf15daf1751728b
SHA1 2a376ff4c595142f838b7fbe55cddb8d40bf54ad
SHA256 410785ded9f211f1d48bd1d9e101c1ea00af4c47655a68c4d6b28da6b3083276
SHA512 2c2ab85c3e1d884d24f7ee8451db8fc99da3fad428c08c32b708d6e65c69144f71016a7f357280a468b1737b9c4085244afb2cfecc9ffe38a9cf9eddf4717c82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1f8742e079e241b4b8e83b205d048b93
SHA1 76f5cdf77d487fbf3567ae4e16730cca8abc5a44
SHA256 f8d201af9b466d712fef728c750cfe5dc97ef773d19dc234353b517fa2acd063
SHA512 1734f620b465d2507f209f4be63abe4f8cd9c05dfef0b4c26b033092b0e15fea3e3ff3861a325b00ae696fa2435d82e70132e95789b42f87e303c803e0725d3b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\2236

MD5 3e720c80ce90e9e7ab52eee16bed3b7e
SHA1 666ab29b7aaaf068828093cc8157a28fb3227544
SHA256 421a8159551ab16d0d7bcc3c084ed673a1bdc2c027520345259467442d708d8f
SHA512 4aa7ff4fb51783f89d06300b2e1fb9b0cc194172195fb12583228b2c1e48e69e101840386437d98ae91ce538813d801193b529f361d84c40348bcdae0b4629ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cd80401368854a373a1e016cbe4bb42f
SHA1 58b7d5ca6a3d410d1c7606f69942a054899a5532
SHA256 f4db6fe5952a646ba29ec31eab37e9e134066e1b02bfc41136f8b72675c4806f
SHA512 950ce0f4a71b403a3d18790942935a1546a5d97d1053c562238656af4483e7d4e7ca3d4b1e9e6d56c884c3e18ddb16b861fc66f1359af002d21bdf6de22c81e8

C:\Users\Admin\Downloads\q8zHt-Hc.php.part

MD5 99387e841bb52d4de9766fd081db1fd4
SHA1 b0429fe731dcf50fa603b5573d17bdad2a6bd035
SHA256 bfe2766ed7baa371515ea1396a845baae6393ed411e7ba7dd4d933955cf0c0eb
SHA512 a6623c7951cad8b9d944d68c02bf930762698aace345c828ebd129b1c239977c100c8a76b4bad72809bc38060524a22eb9edd9691a9bbf66143db58f2404c9bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js

MD5 9356dd79cea003e34ad47282f60fe326
SHA1 7b1fc6e38ea35ae23ddaf0ce006c2f465404bb50
SHA256 6106913cda906ca5bc3b0a31964ea3dd0666dedc2bbc58309a963b3e08c4b661
SHA512 b3b9d37b9b8bf0fc900b2f3bdc7e583c555c4f556256f5f7a02e0845e0f976c4cc9bd2578eab119bc6f98ae9894ffce378b88e5add797820cf73c330d10355d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 30e97d6ca4ac67d8bb6afeafae0c2fb4
SHA1 f15ed4573a5d0369150b65ed271faeee3b4b89e2
SHA256 9e96079150a343a8b9fa9f16fd7b00c72d8d803d2a2c5aedac0d8efec29cbb8d
SHA512 234439b3252ff6d5ea1910f643b2622c458a9300aabd0ff99ed956f9cab84e5a438f0c3407e596bb3c895c7344c6fecdc3a1929600475efa227f37e0b6bd03fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2c653cd528af653ee339ee0e33cacf62
SHA1 fc50c4d0ec96714f7a24818641d1b0d58804d989
SHA256 e9c637cff3176d420f3037ea97fe500f7fe7d166b6209712fc9fb5ff81020ce5
SHA512 69380d3f92ae3b486da9c736a3595b334ae06436de22cf6d1a500a40a0d5e4e361e7766fa3820a18b1274044eb8abc3728037902766ac4a3aa3d63b3de94c176

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3L7OBC1LBDT83GQJ147C.temp

MD5 abb8415f0db45696c9aa59056c272959
SHA1 e8e82fddd5087b4b9b1615c6f104943372870186
SHA256 48f08537dee7ad55cd0dde66d4ceaa472f1c1cc9268a5ad9361b3154d4ba00d7
SHA512 6206e1cd69c2c60cf209222c7702af8b1b73890877f8d8acfc3a13163e86048b40e7a19af1a4f7a93260e96da7b2e0de41adefb47470d6a7445454657b0961f6

memory/1904-3441-0x0000000000240000-0x0000000000274000-memory.dmp

memory/1904-3442-0x00007FFF96F70000-0x00007FFF9795C000-memory.dmp

memory/1904-3447-0x000000001B060000-0x000000001B070000-memory.dmp

memory/1904-3450-0x00007FFF96F70000-0x00007FFF9795C000-memory.dmp

memory/1904-3451-0x000000001B060000-0x000000001B070000-memory.dmp

memory/1904-3452-0x0000000002550000-0x000000000258A000-memory.dmp

memory/1904-3456-0x0000000000C00000-0x0000000000C0A000-memory.dmp

memory/4904-3459-0x0000017FE0CE0000-0x0000017FE0E7B000-memory.dmp

C:\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v98_NET4_x64\System.Data.SQLite.DLL

MD5 1b1a6d076bbde5e2ac079ef6dbc9d5f8
SHA1 6aa070d07379847f58adcab6b5739fc97b487a28
SHA256 eaadfbcafd981ec51c9c039e3adb4963b5a9d85637e27fd4c8cfca5f07ff8471
SHA512 05b0cb3d343a5706434390fe863e41852019aa27797fe5d1b80d13b8e24e0de0c2cb6e23d15e89a0f427aaeaf04bf0239f90feb95bfc6913ca4dc59007e6659e

memory/1904-3480-0x00000000008A0000-0x00000000008B2000-memory.dmp

memory/1904-3481-0x000000001C980000-0x000000001CB3A000-memory.dmp

memory/1904-3482-0x0000000000890000-0x000000000089C000-memory.dmp

memory/1904-3483-0x000000001E730000-0x000000001EC56000-memory.dmp

memory/1904-3484-0x00000000008C0000-0x00000000008CA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\SiteSecurityServiceState-1.txt

MD5 8c7d5e2e1aca6afdcbecdd783a85dc7e
SHA1 bc2fb6de1c5640b80794c02d462134f1a27f0e7e
SHA256 bab5e7aac17f7b4703d1df9b94b6d1df7d8b440f606bc8572a1b6600a338c774
SHA512 e994dbb31362b13f9282fb4a6f10bb9027d63b820179f6e65200026264a9a6bca1f9a6d7dbc03c68cb83bd8eb4f7dc24545a5fad164aebc32aeb9d738c338594

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\10648

MD5 e6eafae82ac1d53d84ade786f3306c04
SHA1 4e58c1b273b53f10170d812241a67459115070cc
SHA256 e3bdfdbccde9150107cd00fdcf5d50562dcc1297a65e5e84554ecc868c7dd462
SHA512 9caf70dcb8cfd48e709a65a366de1e745b06b5fdf9f5592c0810bca45bc9038358fcd1a3e21aee01e09c56e2e26ae97b1467b84fe9d58392b94a91a7175f2b15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 80991afcda6de5027e40407f6125b88e
SHA1 740a7a027d0f9c3c228710b4909a1c749cf8e6e3
SHA256 2bd6b57d99439e1019e10076302f01d4165944c61714dd4265320e0721c1b98f
SHA512 46239097c380d498a2b9e21b4ea5d0e30a5d514315bbd540af4ea6871eb6286f47bb880825838986c1ce55de8f57564dcec7036967c6688998633af1adb627af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\32102

MD5 0d170673554218f176db3a319c0d7f07
SHA1 4fd71329539db3a29cae77c63fee862fd4f227db
SHA256 1777d18ffa64ee608cfbdf59a63f53ae76dc97f121cb95ab823f682b7f892b6e
SHA512 0f60edc6bbc264ad0071c32565d0dca580709dd392f46c7e9855706223805d699e4580de97d0768d60433bcc894ebd26a432ee22a213b3e13e6e0357c1eb4f8d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\6DEB29D17C485651349B02343DA2A7FC2D115161

MD5 79f93cb45e015aaf57f423f1e1391fc2
SHA1 c8ce059315d4f6e10448536c703700d7b3634033
SHA256 301fddc9935ec6c1582bb4972ead28b892181317ec55bf7337e6d9b350349d88
SHA512 6dfc6409960feb790413138422e1a7a014245f4851adb5789052d098515eeb7a82332867d930c8d2ca15410af3869a76e8e3b3c424164ce366053b83fb45a1dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a791dcd4aed87624d184f8be5a3bc0a5
SHA1 381f08b66dfb9fe2d25a3db0da20c0a18921ee73
SHA256 2250ea15ae63cb67d8a0f313bfaf48d59f410a5871f2e517d3703d8a2179b4f1
SHA512 9b4a96bc2f49ffa7c62af63777d1503a48469b32777cea6eb67b5f0a0fb6529847ae78047e93c5f733ec40819e7acf7bbb1ea240c62c77f32c7c0245f2d63a4b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 499721a05e4e45990b4fa0f309f86773
SHA1 b9f4c625d52f43cfa60ee91a17ce7548f2d6f909
SHA256 e58f0edd40588fba88334d0d2aa3926f5455f3f9c1e222204ef0da2c1cacc4f0
SHA512 48468ee1aa0a950685e9ab4bfd1e8b83cf2c17a30e7d6e96156f1913b1888220eebd1675a05c2619a7f028d6ae1fdb25597791ae20c0d8663d2ae9d7d129039d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\655BF3A2A93E26139146DF1A34B70AAFD95900DF

MD5 29885123d46e3ab8fd151c5cf4924503
SHA1 00fa0f229b8ff24636b66c506d8690e4427e97b8
SHA256 509a3fafd71881c9f844398e7c61784d2e90fe9c41427c838963afcfb1d4fbfd
SHA512 f46e8ec46df5282e70f22c510f7d49914495a51c86dea4e8c00d388379c59d382a2ee6ff433fe59cb216bece1e874cc26cd5e9a9e1edea331d9349fff72eceb2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 821c21c7c606cca24049552386689bf6
SHA1 8654c52a8e15d4196200fa6333687e1e65b26c82
SHA256 899a39a27dd86a6672bf2a211510d601b77acb1c11fb3a31f3a5bac4cc1ff120
SHA512 9e41e5930cec56370db2155788ff32a6715201b8dddbd24269fdede62f7d75a8eba599199f475114a1eba5f6457779bcf6e2d94768ef4393f216bf64adc1a846

memory/1904-3749-0x000000001B060000-0x000000001B070000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3441c6eb3c07ddbe002550e9060ecafd
SHA1 b74779685325e78f2ce3e09701d146535d72b891
SHA256 4b5b1fa7ed64a005c4b94cae387a0d6b9625e8a146bc3eb4c4211941671619c5
SHA512 e084e3055dd3d2f549dfb790a26b4b91dbdcd4d7f0b0b63ef4de3d563baf0169df0445cd232697dbce4dd4980d57342709fb5e29eef69eb9fbe2c82b6e21f90d

memory/1904-3805-0x000000001B060000-0x000000001B070000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9072825b543fdebdbac630a0cb21bf26
SHA1 b0a84c0ceb020b43a4c10c6d7e88b92aa3c2d2e0
SHA256 42f52128a2d3aa3bb871d2201d7311ebeef2edfb7ecbcc4b40004b5f88889c8a
SHA512 3a5029dd2731c68fa9a0f5e9eeb664d0f5edf7b3f9335a7761d0416f1ce920e0c89629bffe3965736141dbeab03520d151c5c05afe120d424d3802e1db6db5b2

C:\Users\Admin\Downloads\HwFRdWFS.exe.part

MD5 f46c7d1b3bb2fe7ece358588cba4921d
SHA1 3d5817438568c964d328839c6cf7c9963f11f5ac
SHA256 0440542d21dafe98763066fd040e3b3612ada0f0c0c457b67acb3e4103a86322
SHA512 b591839b1c32c2aa8bdda4ac7bcb42c864f98630b72b91f35a552a7539144e6ce7a2772169534fdd37be3d980d76f8c13ea6099e8c525c3f2bea2bdcd9e1c256

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2bd86c0ab6d657c3a96c312a478edd01
SHA1 0e32af8f3262ccb071a179d12cdc0d6e04dd7823
SHA256 15b105acb4e8f0e9caece99828e99cccc8a09882c95ceb3abfb18322a8b45108
SHA512 ed61345f84b396eeca1d47698b8969be13e12c313b4c6b092549fd983260a4995e3001a745de14e9155d28b767767cdb7b2fa301765c1a1fab2383f66efc7163