Analysis Overview
SHA256
c7c2b2c73f6ae3c30477b2577c0e97c86c1a8af5752efd32e7603b55b5c12aa2
Threat Level: Likely malicious
The file qrcode_i.ytimg.com.png was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
One or more HTTP URLs in qr code identified
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-10 07:37
Signatures
One or more HTTP URLs in qr code identified
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-10 07:37
Reported
2024-04-10 08:07
Platform
win10-20240404-en
Max time kernel
1800s
Max time network
1597s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\qrcode_i.ytimg.com.png
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.0.1073067006\570924553" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cd348f8-4bcf-43e1-8b67-13d6a953f865} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 1812 297f49d6558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.1.2115949036\1772614955" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {330f526d-28f3-4c95-9a69-5c6a104bab5f} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 2168 297f48fb058 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.2.516777584\925253619" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2800 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb812088-10ed-4695-8292-1da88bdf1ea7} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 2924 297f495d558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.3.506150478\600665705" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3404 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {476e5634-25fa-4666-819d-37866572a4a3} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 3420 297e2667558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.4.2104936914\930037441" -childID 3 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f480b01e-cfc9-4f2a-bac5-05a7599d9e1d} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 4280 297fa905c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.5.1614004139\1819132578" -childID 4 -isForBrowser -prefsHandle 4752 -prefMapHandle 4820 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be1fe52-c0f6-461b-b569-04d4a12f2847} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 4792 297fae0fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.6.206451373\1397990850" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9adb0fd0-845f-4d31-b9de-dbb2a3e320fd} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 4964 297fb066058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.7.262197437\235657700" -childID 6 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5faa983d-212c-495f-9242-ed08d6cb72ee} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5164 297fb065a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.8.2078102733\233183501" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 5548 -prefsLen 26514 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a345481-f582-4557-bd0f-fcd98950f1f7} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5512 297fc006b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.9.2085787977\6726559" -parentBuildID 20221007134813 -prefsHandle 5552 -prefMapHandle 5572 -prefsLen 26689 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb6f51f-3187-48af-b300-417595a9ed39} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5528 297fc85f558 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.10.533708466\1146182956" -childID 8 -isForBrowser -prefsHandle 5972 -prefMapHandle 5968 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {078973d6-7fb2-41dc-84ce-b2814de40868} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5992 297fca11558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.11.1626873027\591988426" -childID 9 -isForBrowser -prefsHandle 5144 -prefMapHandle 5060 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd04c833-29af-49cb-af12-7038545c51e8} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5044 297fa95c958 tab
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.12.704822124\1211129702" -childID 10 -isForBrowser -prefsHandle 4796 -prefMapHandle 4344 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {febe637a-66b4-4bcf-944d-f3fe4ef13572} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5180 297fae11358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.13.797474319\1254072715" -childID 11 -isForBrowser -prefsHandle 5672 -prefMapHandle 5736 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c56fa42b-366d-48b2-a6ac-c7b81311ba1e} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5680 297fcf3b558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.14.1712336903\349770030" -childID 12 -isForBrowser -prefsHandle 10296 -prefMapHandle 10120 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2264678-28c6-4ab8-8a45-e28e61bfe0ae} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5508 297fc006e58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 52.10.78.57:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| N/A | 127.0.0.1:49772 | tcp | |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 57.78.10.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49778 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| IN | 142.250.192.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| IN | 142.250.192.35:443 | id.google.com | tcp |
| IN | 142.250.192.35:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 35.192.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | innovamat.com | udp |
| NL | 89.106.200.1:443 | innovamat.com | tcp |
| US | 8.8.8.8:53 | innovamat.com | udp |
| US | 8.8.8.8:53 | innovamat.com | udp |
| US | 8.8.8.8:53 | www.innovamat.com | udp |
| PL | 18.244.146.8:443 | www.innovamat.com | tcp |
| US | 8.8.8.8:53 | dje99phmewnyp.cloudfront.net | udp |
| US | 8.8.8.8:53 | dje99phmewnyp.cloudfront.net | udp |
| PL | 18.244.146.8:443 | dje99phmewnyp.cloudfront.net | udp |
| US | 8.8.8.8:53 | 1.200.106.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.146.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7cea9137da574c4ea3dbdf47ecc5be9e.js.ubembed.com | udp |
| US | 172.64.148.75:443 | 7cea9137da574c4ea3dbdf47ecc5be9e.js.ubembed.com | tcp |
| US | 8.8.8.8:53 | wc.js.ubembed.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | cdn.rudderlabs.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| PL | 18.244.102.127:443 | cdn.rudderlabs.com | tcp |
| US | 8.8.8.8:53 | d330tt87tgwpr0.cloudfront.net | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | d330tt87tgwpr0.cloudfront.net | udp |
| US | 8.8.8.8:53 | assets.ubembed.com | udp |
| PL | 108.138.51.43:443 | assets.ubembed.com | tcp |
| US | 8.8.8.8:53 | assets.ubembed.com | udp |
| US | 8.8.8.8:53 | assets.ubembed.com | udp |
| US | 8.8.8.8:53 | 75.148.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.102.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.51.138.108.in-addr.arpa | udp |
| PL | 18.244.102.127:443 | d330tt87tgwpr0.cloudfront.net | udp |
| US | 8.8.8.8:53 | api.rudderstack.com | udp |
| US | 8.8.8.8:53 | api.rudderstack.com | udp |
| PL | 18.244.102.54:443 | api.rudderstack.com | tcp |
| PL | 18.244.102.54:443 | api.rudderstack.com | tcp |
| US | 8.8.8.8:53 | api.rudderstack.com | udp |
| PL | 18.244.102.54:443 | api.rudderstack.com | udp |
| US | 8.8.8.8:53 | cdn-cookieyes.com | udp |
| US | 8.8.8.8:53 | contentfit.innovamat.cloud | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 104.22.58.91:443 | cdn-cookieyes.com | tcp |
| US | 8.8.8.8:53 | cdn-cookieyes.com | udp |
| IE | 52.214.96.52:443 | contentfit.innovamat.cloud | tcp |
| IE | 52.214.96.52:443 | contentfit.innovamat.cloud | tcp |
| US | 8.8.8.8:53 | contentfit.innovamat.cloud | udp |
| US | 8.8.8.8:53 | cdn-cookieyes.com | udp |
| US | 52.37.125.87:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn-global.configcat.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.prepr.io | udp |
| US | 8.8.8.8:53 | contentfit.innovamat.cloud | udp |
| US | 8.8.8.8:53 | cdn-global.configcat.com | udp |
| US | 104.18.28.31:443 | cdn-global.configcat.com | tcp |
| US | 52.37.125.87:443 | api.amplitude.com | tcp |
| US | 151.101.2.132:443 | cdn.prepr.io | tcp |
| US | 151.101.2.132:443 | cdn.prepr.io | tcp |
| US | 8.8.8.8:53 | j.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | cdn-global.configcat.com | udp |
| US | 8.8.8.8:53 | j.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | 54.102.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.58.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.96.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.125.37.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.cookieyes.com | udp |
| US | 151.101.2.132:443 | j.sni.global.fastly.net | udp |
| IE | 52.209.139.15:443 | log.cookieyes.com | tcp |
| US | 8.8.8.8:53 | log.cookieyes.com | udp |
| US | 8.8.8.8:53 | d2wy8f7a9ursnm.cloudfront.net | udp |
| US | 8.8.8.8:53 | log.cookieyes.com | udp |
| PL | 108.138.50.16:443 | d2wy8f7a9ursnm.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d2wy8f7a9ursnm.cloudfront.net | udp |
| US | 8.8.8.8:53 | rudderstack.tools.innovamat.cloud | udp |
| US | 8.8.8.8:53 | d2wy8f7a9ursnm.cloudfront.net | udp |
| IE | 34.252.163.106:443 | rudderstack.tools.innovamat.cloud | tcp |
| IE | 34.252.163.106:443 | rudderstack.tools.innovamat.cloud | tcp |
| IE | 34.252.163.106:443 | rudderstack.tools.innovamat.cloud | tcp |
| IE | 34.252.163.106:443 | rudderstack.tools.innovamat.cloud | tcp |
| US | 8.8.8.8:53 | rudderstack.tools.innovamat.cloud | udp |
| US | 8.8.8.8:53 | rudderstack.tools.innovamat.cloud | udp |
| PL | 18.66.233.2:443 | static-cdn.hotjar.com | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | 15.139.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.50.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.163.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.233.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.88.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | bam.eu01.nr-data.net | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fastly-tls12-bam.eu01.nr-data.net | udp |
| US | 8.8.8.8:53 | fastly-tls12-bam.eu01.nr-data.net | udp |
| US | 185.221.87.23:443 | fastly-tls12-bam.eu01.nr-data.net | tcp |
| US | 8.8.8.8:53 | app.innovamat.com | udp |
| PL | 18.244.102.48:443 | app.innovamat.com | tcp |
| US | 8.8.8.8:53 | d1ckwmabdmfyhb.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1ckwmabdmfyhb.cloudfront.net | udp |
| PL | 18.244.102.48:443 | d1ckwmabdmfyhb.cloudfront.net | udp |
| US | 8.8.8.8:53 | files.innovamat.com | udp |
| US | 8.8.8.8:53 | cdn.inlinemanual.com | udp |
| US | 8.8.8.8:53 | cdn.tracking.prepr.io | udp |
| PL | 108.138.51.62:443 | files.innovamat.com | tcp |
| PL | 108.138.51.62:443 | files.innovamat.com | tcp |
| PL | 108.138.51.62:443 | files.innovamat.com | tcp |
| PL | 108.138.51.62:443 | files.innovamat.com | tcp |
| PL | 108.138.51.62:443 | files.innovamat.com | tcp |
| PL | 108.138.51.62:443 | files.innovamat.com | tcp |
| US | 8.8.8.8:53 | djlvfnogbw24v.cloudfront.net | udp |
| GB | 89.187.167.9:443 | cdn.inlinemanual.com | tcp |
| US | 8.8.8.8:53 | 1679634902.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | 23.87.221.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.102.244.18.in-addr.arpa | udp |
| GB | 143.244.38.136:443 | cdn.tracking.prepr.io | tcp |
| US | 8.8.8.8:53 | tracking.b-cdn.net | udp |
| US | 8.8.8.8:53 | djlvfnogbw24v.cloudfront.net | udp |
| US | 8.8.8.8:53 | tracking.b-cdn.net | udp |
| US | 8.8.8.8:53 | 1679634902.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | tracking.prepr.io | udp |
| US | 151.101.1.91:443 | tracking.prepr.io | tcp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 151.101.1.91:443 | n.sni.global.fastly.net | udp |
| US | 185.221.87.23:443 | fastly-tls12-bam.eu01.nr-data.net | tcp |
| US | 185.221.87.23:443 | fastly-tls12-bam.eu01.nr-data.net | tcp |
| PL | 18.244.102.54:443 | api.rudderstack.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 62.51.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | fast-api.innovamat.com | udp |
| PL | 18.244.146.49:443 | fast-api.innovamat.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| PL | 18.244.146.49:443 | fast-api.innovamat.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | 49.146.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bam.eu01.nr-data.net | udp |
| US | 185.221.87.23:443 | bam.eu01.nr-data.net | tcp |
| US | 8.8.8.8:53 | users.innovamat.com | udp |
| IE | 52.214.96.52:443 | users.innovamat.com | tcp |
| US | 8.8.8.8:53 | users.innovamat.cloud | udp |
| IE | 52.214.96.52:443 | users.innovamat.cloud | tcp |
| US | 8.8.8.8:53 | users.innovamat.cloud | udp |
| US | 8.8.8.8:53 | student.innovamat.com | udp |
| PL | 18.244.102.52:443 | student.innovamat.com | tcp |
| US | 8.8.8.8:53 | d1bchgn4ya66s3.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1bchgn4ya66s3.cloudfront.net | udp |
| PL | 18.244.102.52:443 | d1bchgn4ya66s3.cloudfront.net | udp |
| US | 8.8.8.8:53 | tracking.prepr.io | udp |
| US | 151.101.1.91:443 | tracking.prepr.io | udp |
| US | 151.101.1.91:443 | tracking.prepr.io | tcp |
| US | 8.8.8.8:53 | 52.102.244.18.in-addr.arpa | udp |
| US | 185.221.87.23:443 | bam.eu01.nr-data.net | tcp |
| US | 185.221.87.23:443 | bam.eu01.nr-data.net | tcp |
| US | 185.221.87.23:443 | bam.eu01.nr-data.net | tcp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| PL | 18.244.102.54:443 | api.rudderstack.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | register.innovamat.com | udp |
| PL | 18.244.146.49:443 | register.innovamat.com | tcp |
| PL | 18.244.146.49:443 | register.innovamat.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | users.innovamat.cloud | udp |
| US | 8.8.8.8:53 | gateway.innovamat.com | udp |
| US | 8.8.8.8:53 | applets.innovamat.cloud | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| IE | 52.214.96.52:443 | gateway.innovamat.com | tcp |
| US | 8.8.8.8:53 | gateway.innovamat.cloud | udp |
| IE | 52.214.96.52:443 | gateway.innovamat.cloud | tcp |
| IE | 52.214.96.52:443 | gateway.innovamat.cloud | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| PL | 18.66.233.122:443 | applets.innovamat.cloud | tcp |
| US | 8.8.8.8:53 | d1ecifsh34r90d.cloudfront.net | udp |
| PL | 18.66.233.122:443 | d1ecifsh34r90d.cloudfront.net | tcp |
| US | 8.8.8.8:53 | gateway.innovamat.cloud | udp |
| US | 8.8.8.8:53 | platform.innovamat.com | udp |
| US | 8.8.8.8:53 | d1ecifsh34r90d.cloudfront.net | udp |
| IE | 52.214.96.52:443 | platform.innovamat.com | tcp |
| IE | 52.214.96.52:443 | platform.innovamat.com | tcp |
| US | 8.8.8.8:53 | platform.innovamat.cloud | udp |
| US | 8.8.8.8:53 | platform.innovamat.cloud | udp |
| PL | 18.244.102.52:443 | d1bchgn4ya66s3.cloudfront.net | udp |
| US | 8.8.8.8:53 | 122.233.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rudderstack.tools.innovamat.cloud | udp |
| IE | 34.252.163.106:443 | rudderstack.tools.innovamat.cloud | tcp |
| US | 8.8.8.8:53 | rudderstack.tools.innovamat.cloud | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 12d986e3002240ff70817aafaaa5d65d |
| SHA1 | f5a8f1b87df3dfeaac9ac346dbaa8a98322d176d |
| SHA256 | f126889544cd65bddd5b894ff9efcf04605362d42877b02ba22ba117aa621bf7 |
| SHA512 | 222159d7834dd1c01c09bcd2059b7b0e802cc6f6d4df685a0398d824c8ee99125f4c9c290e7fe320c8235d0b0a9b95e7dec4e53ff85739d9fc82e8aa0323d4e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\96e97991-6c81-4895-9afd-6a71d9058c08
| MD5 | 74ab9e73b99afa029ebeeaa1fd89de5e |
| SHA1 | 68a15baf846cb458971613938e9c057ebe6451d2 |
| SHA256 | 14e5a88402955fda9587cd22b762c5f5785ceaed89a4a024904b4dbce969f0f9 |
| SHA512 | 542fd264af3b878595e5d467ea77299d7c75c0ae57b8f0c9eeaadb77acae5fac2dc187edebf501ed1201ae01cfd24b597a73477da464bb1eb3cde748e0f68449 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\91600d37-270f-403d-a466-2b014e4ea4e6
| MD5 | ef55c0e1295d5601788fd1dadfb2d886 |
| SHA1 | b2277875b9b3955d39cd26ea366630647678c77c |
| SHA256 | 1042d34fad9db027a60fe649995080be4e1b3a1dfc2bda7c256bfa3752a4641a |
| SHA512 | 59dcfe4b1298a82a4e45e9244a4983bf4d471c1675b8226663160e308525d0d9a7b37018b1a63d4966afb78cb88064b3e42f6d9a3477d1d9778022567bd65575 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | ad5c39702c19ebe15549edb6809cb492 |
| SHA1 | 698b1843618e1e827b3d12b718eb6e64c6b1a18a |
| SHA256 | 3dd16730c0d6fbfef82d9c8eb8e1b7501bad8e3e251ae263fd9b9ad1c71aa474 |
| SHA512 | 793da8cb1bd847e36c3f0dc7ce74cf8173ff1f3f47d930f26c0c86064177a69bc7b8eb4b1276f25569e7b7447a6ee14ecdd26f9e83e39808015223277473e097 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b0327f28eb03839057e4c93f5e35fb66 |
| SHA1 | d82f09fef3726903287135b9fecda015e3cae4f7 |
| SHA256 | 63929bb50fb7b8cf26725c656485c89f7a6866e5882ada11e0640a3441df5c3c |
| SHA512 | 19ccfc4e80c60a2d3235520fc38ea039f70995a4b67eba4df986071f5e57cb93a54480973fe804f1956b0a13e2f11ea5a1dffed4accf94133d8117693244e84d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 4de4b2faec2f66a1f8ac1428a73e6ac6 |
| SHA1 | 6ce55b33618bf4782c28529c0ca8c0cbff4db6cf |
| SHA256 | 37d6c349bcb085e5f31ba688edd42fa41125c0a9133bde13b2cb9efcdd6f829b |
| SHA512 | 8ccb2a7d54145cfa136720a89c271a24ee2be7dfb852817678fffa41cfd1ee07fb47b3a26ec02c63fea2ac0ecafafba82a41b0aac939921c9a6a3b14854b27e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | f7e824689b8992070045e87ef0b354f7 |
| SHA1 | 83dcceaddd185fd070478404f577bc811d6a84c0 |
| SHA256 | 09135e7e28988126c2be65d679e4d6e4775a1294dd18e1b4dce3b2b9aa81dd06 |
| SHA512 | a1217f1bdb8e1a7dd7f5b9efcdc129044a2d36e987f063bacdbd8a21a96e24a299ac6d30727c5e78082fe1402f8a1aa51d94482bac00a03bb43db16cf13b951f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c7407624b09537c41b20e584abcf5e0a |
| SHA1 | 077aca09378a7a3e5f2b45780276d844ff9f37f0 |
| SHA256 | 5e18fe8e62866907d2f0cf86c2fbf3fc32c94b25bd21394ec4214784398164a3 |
| SHA512 | b80e6df17fe50e2a2931f420274c1ad4c1d0563aa2e28c07b5e4800b50006485196adaae737f041cfe4d091be8670bebf06cd06844144dd8a2ff47132e06234e |
C:\Users\Admin\Downloads\MEMZ.exe
| MD5 | 1d5ad9c8d3fee874d0feb8bfac220a11 |
| SHA1 | ca6d3f7e6c784155f664a9179ca64e4034df9595 |
| SHA256 | 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff |
| SHA512 | c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 2a4ad19ecd7341cb9d383729ec424a44 |
| SHA1 | b8872d4157520989622992ac44d51a3f06c87a17 |
| SHA256 | 003b1162ed44d5a603f5f349433d2c521057ec679509b4835df8566b3827d9a6 |
| SHA512 | c9869fb0cfcee62f22903e4905bc891d82cc9e21a7eeca7c60f0518c90badd8d3693681a4b1174c35ce6e29504a0cb0c1bfb09545fdc91e06b10f16e1f65cc94 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e68ef8bb590a0b93fb168808b30677be |
| SHA1 | 5e44f61d9e288ef0d5c3db30e73f34dc02992b90 |
| SHA256 | 0d3b19fee11be366a960c1fcfb385c0e2c94b041dce0747586d6f53578d8f51d |
| SHA512 | ca9abd79dd2a5612cfe04868d72d718e5456eed6328a47c77fd1309d83d03753c9cb4a7863e7fffe60a7795753a51fafcfd1589f9c365c677b9dafd8525498c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3e54833dc88d91d98dfd5b598afc1082 |
| SHA1 | 346fe2553b2828ec1ba1ce2379843c09103e2ec0 |
| SHA256 | d9078a9cc5ac2982f8d2e904ba16a418a422a6c325940f6875eae685e14abc8d |
| SHA512 | 425982190d8b9693974944cbf09515677a0ec6f235081ecaffa6fc3e8e0bad110bcbfb8abba15b28c05641b252111c8e5ffa46788646180d25398c80b45acd91 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3e28cd41a1fbb0d3703f4859d51e1db3 |
| SHA1 | e6b28f7633814db7ea6fed893f5143341b15b882 |
| SHA256 | 618161de6bfd9c130094b2ae4baba684dae4384b8fc73578791076d6c7ed9999 |
| SHA512 | 3ddfa1c5977e8ee56a5135e4a76a91ab9b7699fa6a22bdb5c8dd478dda107d26fd77534e93ae6a522fc0c8e07620c82365ad11428cd56e74248d3fd71894b900 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18301
| MD5 | 3e798c9ded13bf3d98898e1c569a52bc |
| SHA1 | 8868be1c37deb5bd1744dc26eea75ebf658063a2 |
| SHA256 | 1bc57b7b15c7f0f1791e821c6b30a19bd6c89514c19bc9ffa4296e0c146fe5b3 |
| SHA512 | 56ccf18c6eced1e8d01e6fb7e28979512af02ed3835c49fe07d167945f418e5792a54e1938e5d2878403a088837490bfe7934c03b9e272a9f828663b2ead69cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 42ce03367fca5e47454eb5ea53b7e6fa |
| SHA1 | 97afc97206e1edd7987021edeee7d1566820ea64 |
| SHA256 | b7f5b49634f6b34b22a248f7238cbf1d6f32da983603f49dcb280b2cb62971d7 |
| SHA512 | 5fd597f91f14ab069dc96179c5dd2aa4429a9369c44431292657f1bc47b0f7272549d58d04352b4051bc34ce264523326a84f819da34eaacf40ddf3fb5f999e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c0bbdd7029ea46e57caaf3b9b33c27c7 |
| SHA1 | d987db5dd130016d1c41d99af35b8e776ae7207c |
| SHA256 | 53380a80ada4f5bed0c9ec5e9cb4cd060984839e9428d9bedccbc2e3cb891805 |
| SHA512 | 7a857e088a715c8a1537e12ee17c84d9b1274fed2d896b365b80b07207a896717315538c1e9ee0645f377af3fd2d59e5c9548afe7cea87750aafa283d5fd746e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++app.innovamat.com\ls\usage
| MD5 | 820740e338909dc92d872c6faf187d77 |
| SHA1 | 9aaa382bb08efa7004765805f7f4cfa93c8d5a3e |
| SHA256 | de9d34b5e6c380f877ff4efdc01a643e654e164c104b131d4fd3b8cd14e1dfe4 |
| SHA512 | 28bc5b45ce04ede009d2de9bbec2efae67930141a53c52316a7db4c2cbb4d083f0c2a4dbea37856e6c72e8a640e7a8786b3254f6ab3e600bd1ffde24287ed6b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fc38ed614a3540de0ccfd4f8dadd70f0 |
| SHA1 | 9dd56f8a91d302c66ace79cfb38e0513a2bfd6d9 |
| SHA256 | 68fe32d711b4394825d9dc339c201e79f3d16aaf8a20ca331d9c201119f2bd92 |
| SHA512 | bd1d962bc817b6e1ab06168c50fb7f495f5131e2353aa9953d7c91f54097ac3d9ec05ef2cc847df111d37d7d77ece6282d3a49d98cf39ae55f6474dd0f4f12b1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\10192
| MD5 | 265b60e4559708dc23d41f4715a005bf |
| SHA1 | b4b37ed025fc87533cb0ba612821f83bd80e4713 |
| SHA256 | 7826b99921eb9bc312f353e266e21a9b4fe7618da99b4d25cc2b85eec291b063 |
| SHA512 | ddb75433f669d67ef68015fa914666c3b7e70878589e5680786ccd8f4525a6726ffa76b26c7d919d30da15f8f637a602c088e8059f8848ab8b96f3b5047b0968 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\170
| MD5 | e638e3b153dd62c45c556a91a8848a68 |
| SHA1 | a52c871f9b3c150b9a6c7666bc624a9da1fb32c7 |
| SHA256 | 60d3bd15f325ae94eae9fa33d3689b20915204c1aeff8908766917fdb3a730b5 |
| SHA512 | 8b2fa9deb685a8beb6bf81ef6cbedb8fcf8c5f75f9cb6206251e055a7a21e68984e18affe26eaa514df3f1aac63bbb96af71d46d84445d71a4b1cd824b7cb064 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\26071
| MD5 | 738cae3322c4aaee77bac3c98f271365 |
| SHA1 | efbc96a6b5b13c5870a6cc572b5df09792ec0f56 |
| SHA256 | 7f82dd9b8e53fe42e846a23a5b6e39ad44a0436c1b59711004ccabd78cec18d3 |
| SHA512 | 388e2d0d545a527d65d52cb2dd7debc787af3b8c97acedda4c8353f6189e03a4825245966c1eb89f13dd2d46e6641d4bb6e96902dc475fefd5e54bebafd5fb74 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25397
| MD5 | 273f6dfe692bfd9f2775a48566d8245d |
| SHA1 | 3ddc4386c852b3500328b4d3531dfe8e7715acd3 |
| SHA256 | d4f7b47ae9c497db5c084ef87f04b6957b5d36aa70ed821b69e6b33b92bcf3ea |
| SHA512 | dc97a07ceceeadcd6a50ae8e9b4c1dd3296ef74ef44d7c37b67635f08d10b17be3077cc71465b716b57e0b788aa915a9344f6dfd52dfe9ab4ddafae459da8503 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6b811e1e9deca8b78803e3619fd8eaee |
| SHA1 | 72819c8505bd92b77fce05d97a484d99631eff09 |
| SHA256 | 51d5abdeb49e25476fdeb0d44c80b7a684308dfd3e65f85c13e095fd3d4bcf8f |
| SHA512 | c893e5b56f3bca5d4b73c0b5c27c96ecb43729d3dc98dbecc850175bf1e6612095924fe216a047b807e6123fe9537f25e11522d72a8299aac7eb60963fec13e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 35f245956725728237221b4ad3449fbe |
| SHA1 | a68cfd4090b1729a6ca3b74813d5249c5a860933 |
| SHA256 | ce1132fc8e2ea1b16a9b4fd190a90a29a1ae41d954cb5b199c9c2f6e04e9b0d8 |
| SHA512 | cdf248a02403ca90720ecf1694792010de9abc7a0beff0f62f32d044174a491ccc83abf705ae2c9d267b4b9d61f6e2e119d97bfb86c1901e8d5875292c44efa4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++student.innovamat.com\ls\usage
| MD5 | 57fb6a8e57193e75d033402687e3be4e |
| SHA1 | 8252252cba3b1aca39c44b259e2970513760a922 |
| SHA256 | fb2a8a53ba1824e3409b112873bcab98cec37df11b12a80927bccf3493fe60bf |
| SHA512 | e1fabdda9a7cc2c82ff25e322f5ad4e650830fb8f66b04557f1b433ebf5b51a7d4610d7e5402bf7081167eac043403bdd9c5a82517ba794be16afdbcfa2eca43 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++applets.innovamat.cloud^partitionKey=%28https%2Cinnovamat.com%29\idb\3470826767CtascehueqdeFRehtc.sqlite
| MD5 | a47d17d17be67e776a7472421cf53654 |
| SHA1 | 2e8d342fcf683d8f87f75cb642d5fef53fa5f924 |
| SHA256 | 0e5f43cf8235dde149c26ab34aa6a047ef997560be9b421b648820d9e9ab2f90 |
| SHA512 | cec2db10b7eb452559c40d3b24536d879bfedbbae67db65956c7d23198a641b447d37afd9f937b39958a805eece7e1af3130f80c6c8af7fd61d34ab54731145f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ed3672ef7493f445366c6493d405129e |
| SHA1 | 1d22087f998f607606649985e591cd685aeebeb8 |
| SHA256 | 94b58051dc293c96a05ad41cb19b189f17adff1a50511a7f396f5bbbb148773b |
| SHA512 | 3ebc53098111eb797545f074b563c6b68593e1165a526cbbf7947c8271eb03dbbc62d137d7345d5e45096f308e3eebd2007d56cb57ed6b4ab91f8a33504f97d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 21842306982ca6b1ced57d439eeaffa3 |
| SHA1 | 251d59f03908246a4bbc451a104c3ee087830c5a |
| SHA256 | be1c4384315a6402a1cebb2bf69104503779ca95d149e2323890623e9658cec5 |
| SHA512 | 65832ded65b01900056025fe08680e8f811209498fe537fe6488d520bfab1335b339172c43db753bbcbab3717bdc142e148688fb90fb6762bcce19926c9dccde |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | 9b442eda5dd96bac0a5a91c645cf4944 |
| SHA1 | c95e4c94d69752d81f4f01c3b10699aecc603315 |
| SHA256 | 44afd193ad7789e9400ec5bf909579167292fcbf46e0a40ee23743d4d237d127 |
| SHA512 | f6845ae2646d04cabe46add788a4650f9e2142cbb547e7041d83feb17af01c4a11b0ac391fab5f497ade487b1d33682cd9a67f220c3ec4333dc9ffb716e0c891 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | bf48422a5d3a62b289bc7d218ea9ff04 |
| SHA1 | 421a2829d40a9da8359c139e15292edf0be4be7e |
| SHA256 | 2358667ec0e8b7c6bfe7a2751a969a3dd0e229c7712e69a646e9e3c12b4797ab |
| SHA512 | 1c0b0217aa4d9dd96dbf37a91acbc137088a0b8cbf8b036be7eda67e03334cb9b34266694e61405b1098a032a41e6bda6b445dd536ef52aa89b8aadbed0b1478 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++student.innovamat.com\ls\usage
| MD5 | cd78fdf22acef3382e352ca0da560f78 |
| SHA1 | 6b0b0652cf0694644cbe501e6a3868801cbf7b88 |
| SHA256 | d53c3c884859fc16fcba4cb3b473b18af27499bf32151f6e874f13ecf80ff55e |
| SHA512 | 577f6f056495a644453a4d23949dce78cfce21191c7eb7d091fa523b1f36237f8e68916114896c78283fe375db0b58034d22edee7aa5bddbd995ddf9990d1b36 |