Malware Analysis Report

2024-11-30 04:50

Sample ID 240425-xbtfwade97
Target 6958ACC382E71103A0B83D20BBBB37D2.exe
SHA256 078f586ebb8a22305540fb5982b2521f1b82e4317f286e13bab680fff0a9d164
Tags
smokeloader tfd5 backdoor persistence trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

078f586ebb8a22305540fb5982b2521f1b82e4317f286e13bab680fff0a9d164

Threat Level: Known bad

The file 6958ACC382E71103A0B83D20BBBB37D2.exe was found to be: Known bad.

Malicious Activity Summary

smokeloader tfd5 backdoor persistence trojan upx

SmokeLoader

Downloads MZ/PE file

UPX packed file

Executes dropped EXE

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Program crash

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

NTFS ADS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-25 18:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-25 18:41

Reported

2024-04-25 18:50

Platform

win11-20240412-en

Max time kernel

552s

Max time network

553s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe"

Signatures

SmokeLoader

trojan backdoor smokeloader

Downloads MZ/PE file

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\2503326475_del = "cmd /c del \"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_HMBlocker.zip\\[email protected]\"" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Windows\CurrentVersion\Run\2503326475 = "C:\\Users\\Admin\\2503326475\\2503326475.exe" C:\Windows\SysWOW64\reg.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Illerka.C.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\FakeActivation.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\winrar-x64-700.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\TaskILL.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Spark.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\HMBlocker.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\If Chrome flagged a file as dangerous - FIX.txt:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\lnjector.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\winrar-x32-700.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected] N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\shutdown.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x32-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x32-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x32-700.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1048 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 632 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1968 wrote to memory of 5536 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe

"C:\Users\Admin\AppData\Local\Temp\6958ACC382E71103A0B83D20BBBB37D2.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5728 -ip 5728

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 384

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.0.1907360803\1966607342" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1724 -prefsLen 22035 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77becaa6-33d4-4ac9-a5b3-079311a455f0} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 1848 1eb75a0d758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.1.336114364\2084581169" -parentBuildID 20230214051806 -prefsHandle 2344 -prefMapHandle 2332 -prefsLen 22071 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e3ef49-5323-4dc8-8045-f632f10c36fa} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 2372 1eb68b89358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.2.1509245540\1142995903" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2976 -prefsLen 22174 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a724918-07dd-4ef8-ba67-857aade1fa18} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 2952 1eb781ce958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.3.1662021721\1416082818" -childID 2 -isForBrowser -prefsHandle 1216 -prefMapHandle 924 -prefsLen 27575 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c8e3901-d24d-4fd9-8ae8-76ff428b04f6} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 2524 1eb68b78a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.4.669197413\2064979228" -childID 3 -isForBrowser -prefsHandle 5012 -prefMapHandle 5088 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7958e2e0-6bef-49bf-b093-568832da2e89} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 4888 1eb7cec6e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.5.1970303041\1845364099" -childID 4 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74f44f4b-04e2-4f42-a537-76e88036ee05} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 5232 1eb7d804758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1968.6.376337002\1663224524" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87672121-2504-45e4-9e06-5a40c42ff972} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" 5420 1eb7d805058 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.0.1386834474\1157809011" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81a5c646-d451-4806-a9b5-df9f6119e711} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 1832 1fc71622e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.1.652108951\558495344" -parentBuildID 20230214051806 -prefsHandle 2328 -prefMapHandle 2316 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dff5fff-a805-40d7-96b8-c9bee196920c} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 2352 1fc64888a58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.2.1991912724\1313886896" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2732 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d72417f-0ae5-41b8-8dee-9693aae49c4b} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 2724 1fc74314658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.3.182996537\1489883517" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3280 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4c91a8f-1335-4602-9bd1-9dd119880201} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 3472 1fc76b8b358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.4.2127091922\1087442689" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 5008 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dea201d-3427-482c-ad65-3b6de98eb4c4} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 5020 1fc788e0358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.5.246968356\2101813462" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84834f6d-40dc-4f0d-b0a2-197d62af912d} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 5156 1fc71d05f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.6.1135433657\425658736" -childID 5 -isForBrowser -prefsHandle 5332 -prefMapHandle 5140 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05e42dc5-218b-401a-abe5-6cc6b7680604} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 5380 1fc71d03558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.7.343396478\1461460799" -childID 6 -isForBrowser -prefsHandle 5676 -prefMapHandle 5572 -prefsLen 27693 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d3783af-6096-4c54-9617-be98cd6bcdda} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 3700 1fc79bceb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.8.903168647\1664761725" -parentBuildID 20230214051806 -prefsHandle 5764 -prefMapHandle 5676 -prefsLen 27693 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5250af1c-fe29-4c9f-ae55-4a2ce3a97816} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 5788 1fc78a0cb58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.9.39686784\1244052639" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6088 -prefMapHandle 5028 -prefsLen 27958 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f95a331-83ab-44b0-86b9-0d074317abf0} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 4852 1fc77403258 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.10.1993166332\684512834" -childID 7 -isForBrowser -prefsHandle 6280 -prefMapHandle 6064 -prefsLen 27958 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff35196c-44e2-4e7c-8e3c-64b74d659bd3} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 6288 1fc79fc1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.11.1859402482\1732220592" -childID 8 -isForBrowser -prefsHandle 10128 -prefMapHandle 10136 -prefsLen 27958 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c70bcdcc-4467-4e5b-a46f-45b36183341e} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 10092 1fc76ca6158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.12.624154258\1259406510" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 9684 -prefMapHandle 9688 -prefsLen 27958 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75d44e33-cad5-4d52-817c-384a31b88d18} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 9680 1fc77405358 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.13.1116257015\1893730562" -childID 9 -isForBrowser -prefsHandle 9528 -prefMapHandle 9532 -prefsLen 27958 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbc79939-4101-448d-8736-d48fdd7e15b8} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 9520 1fc7a0f4f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.14.1937062809\474311977" -childID 10 -isForBrowser -prefsHandle 9340 -prefMapHandle 9088 -prefsLen 27958 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17b23a70-0630-4211-8688-a7891cb8576c} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 2964 1fc7a95a358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.15.805823160\1132221155" -childID 11 -isForBrowser -prefsHandle 8892 -prefMapHandle 4252 -prefsLen 27958 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {175a559b-936a-4de4-8291-5195dcaa7d94} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 9244 1fc7abda758 tab

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004CC

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.16.1453204131\1774194887" -childID 12 -isForBrowser -prefsHandle 8576 -prefMapHandle 8604 -prefsLen 28190 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8557997f-c20a-4ec7-a25b-f939b770ddad} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 8588 1fc78bd0b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.17.955526149\1768950799" -childID 13 -isForBrowser -prefsHandle 9548 -prefMapHandle 4364 -prefsLen 28190 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77cccf95-37e9-415f-99ea-33c679ea957c} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 8376 1fc7a663858 tab

C:\Users\Admin\Downloads\winrar-x64-700.exe

"C:\Users\Admin\Downloads\winrar-x64-700.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\db458a907996457099467cd5a2622871 /t 1728 /p 1576

C:\Users\Admin\Downloads\winrar-x64-700.exe

"C:\Users\Admin\Downloads\winrar-x64-700.exe"

C:\Users\Admin\Downloads\winrar-x64-700.exe

"C:\Users\Admin\Downloads\winrar-x64-700.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.18.919138964\1407076767" -childID 14 -isForBrowser -prefsHandle 8820 -prefMapHandle 9064 -prefsLen 28199 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57caf35e-be19-4585-b235-3e8496427875} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 8812 1fc78a0ce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.19.1006379394\1237998611" -childID 15 -isForBrowser -prefsHandle 9092 -prefMapHandle 9232 -prefsLen 28199 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7074a967-06f1-4401-b020-f7ffa8c24c47} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 9160 1fc74313158 tab

C:\Users\Admin\Downloads\winrar-x32-700.exe

"C:\Users\Admin\Downloads\winrar-x32-700.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\56dfdedec03941eeafa0c551881ed009 /t 2916 /p 1148

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.20.643259925\1896650277" -childID 16 -isForBrowser -prefsHandle 6264 -prefMapHandle 8100 -prefsLen 28208 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3803e537-3db7-43e6-b6f9-d65030d83b7d} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 6496 1fc79bd1858 tab

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.21.962760949\1476556287" -childID 17 -isForBrowser -prefsHandle 8400 -prefMapHandle 8388 -prefsLen 28208 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eecf10e-14a7-4cbb-a741-cc0c617f16d8} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 9424 1fc709f9758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.22.1923407242\1190056721" -childID 18 -isForBrowser -prefsHandle 5740 -prefMapHandle 5488 -prefsLen 28208 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2481dced-d486-4d07-b96a-bff6d3df4748} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 5744 1fc7b33d958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.23.324922017\1526012648" -childID 19 -isForBrowser -prefsHandle 5452 -prefMapHandle 5468 -prefsLen 28208 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d76242fe-5d37-4db0-b4ab-4533d9c5c050} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 5356 1fc709f1458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.24.380036188\572092772" -childID 20 -isForBrowser -prefsHandle 7304 -prefMapHandle 9416 -prefsLen 28208 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9578106c-9bf0-4276-bb97-f1525e9bc539} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 5496 1fc7c963d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.25.1790453400\1086295053" -childID 21 -isForBrowser -prefsHandle 9456 -prefMapHandle 7252 -prefsLen 28208 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee765851-f115-4413-bc29-f95c04c428bb} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 8468 1fc709f3858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5596.26.70832528\1033665551" -childID 22 -isForBrowser -prefsHandle 8840 -prefMapHandle 8976 -prefsLen 28208 -prefMapSize 235121 -jsInitHandle 1316 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7ac9cd4-a9e1-4d2f-be6c-88c0d63e10d5} 5596 "\\.\pipe\gecko-crash-server-pipe.5596" 8768 1fc7e406d58 tab

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3612 -ip 3612

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 1228

C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]"

C:\Windows\SysWOW64\shutdown.exe

"C:\Windows\System32\shutdown.exe" /r /t 6 /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]\"" /f

C:\Windows\System32\PickerHost.exe

C:\Windows\System32\PickerHost.exe -Embedding

C:\Windows\SysWOW64\reg.exe

REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]\"" /f

C:\Windows\SysWOW64\reg.exe

REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f

C:\Windows\system32\mountvol.exe

mountvol c:\ /d

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 44.233.67.78:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
N/A 127.0.0.1:49785 tcp
N/A 127.0.0.1:49791 tcp
N/A 127.0.0.1:49921 tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
N/A 127.0.0.1:49934 tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.200.14:443 www3.l.google.com tcp
GB 142.250.200.14:443 www3.l.google.com udp
GB 216.58.204.78:443 plus.l.google.com tcp
GB 216.58.204.78:443 plus.l.google.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com udp
GB 216.58.204.67:443 id.google.com tcp
GB 216.58.204.67:443 id.google.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 216.58.204.67:443 id.google.com udp
GB 172.217.169.22:443 i.ytimg.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.180.6:443 static.doubleclick.net udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 216.58.204.66:443 adservice.google.co.uk tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 74.125.168.166:443 rr1---sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.166:443 rr1---sn-aigl6nzl.googlevideo.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
GB 142.250.187.238:443 play.google.com tcp
GB 74.125.168.166:443 rr1---sn-aigl6nzl.googlevideo.com udp
GB 74.125.175.105:443 rr4---sn-aigl6nzk.googlevideo.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 74.125.175.105:443 rr4---sn-aigl6nzk.googlevideo.com udp
US 173.194.140.135:443 rr2---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.135:443 rr2---sn-q4fl6n6r.googlevideo.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
NL 172.217.132.38:443 rr1---sn-5hne6nsk.googlevideo.com tcp
US 173.194.140.135:443 rr2---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.135:443 rr2---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.135:443 rr2---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.135:443 rr2---sn-q4fl6n6r.googlevideo.com tcp
NL 172.217.132.38:443 rr1---sn-5hne6nsk.googlevideo.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.6:443 static.doubleclick.net tcp
GB 142.250.180.6:443 static.doubleclick.net udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 142.250.178.1:443 photos-ugc.l.googleusercontent.com tcp
GB 142.250.178.1:443 photos-ugc.l.googleusercontent.com udp
GB 216.58.213.3:443 www.google.co.uk tcp
GB 172.217.169.14:443 youtube.com tcp
GB 216.58.213.3:443 www.google.co.uk udp
GB 172.217.169.14:443 youtube.com udp
US 172.67.1.225:443 tinyurl.com tcp
US 172.67.1.225:443 tinyurl.com udp
US 104.16.113.74:443 static.mediafire.com tcp
US 104.16.113.74:443 static.mediafire.com udp
GB 172.217.16.228:443 www.google.com tcp
US 104.16.113.74:443 static.mediafire.com tcp
US 104.16.113.74:443 static.mediafire.com tcp
US 104.16.113.74:443 static.mediafire.com tcp
US 104.16.113.74:443 static.mediafire.com tcp
US 104.16.113.74:443 static.mediafire.com tcp
GB 142.250.187.202:443 translate.googleapis.com tcp
US 104.16.113.74:443 static.mediafire.com udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.187.202:443 translate.googleapis.com udp
GB 142.250.200.14:443 www3.l.google.com tcp
GB 142.250.200.14:443 www3.l.google.com udp
GB 142.250.187.202:443 translate.googleapis.com tcp
GB 142.250.187.202:443 translate.googleapis.com udp
ES 18.172.218.26:443 cdn.amplitude.com tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
US 54.191.236.249:443 api.amplitude.com tcp
GB 216.58.213.3:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com udp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
BE 64.233.166.157:443 stats.g.doubleclick.net udp
GB 216.58.213.3:443 www.google.co.uk udp
US 199.91.155.91:443 download2350.mediafire.com tcp
US 199.91.155.7:443 download2266.mediafire.com tcp
GB 142.250.187.238:443 play.google.com tcp
GB 142.250.187.238:443 play.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.204.67:443 id.google.com udp
GB 216.58.204.78:443 plus.l.google.com udp
GB 216.58.204.66:443 adservice.google.co.uk udp
DE 51.195.68.163:443 www.win-rar.com tcp
NL 172.217.132.38:443 rr1---sn-5hne6nsk.googlevideo.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
GB 216.58.204.66:443 adservice.google.co.uk udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.204.78:443 plus.l.google.com udp
GB 216.58.204.66:443 adservice.google.co.uk udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.204.78:443 plus.l.google.com udp
GB 216.58.204.66:443 adservice.google.co.uk udp
GB 74.125.175.70:443 rr1---sn-aigl6nzs.googlevideo.com tcp
GB 74.125.175.70:443 rr1---sn-aigl6nzs.googlevideo.com udp
GB 142.250.178.1:443 photos-ugc.l.googleusercontent.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
GB 172.217.169.22:443 i.ytimg.com udp
GB 74.125.175.105:443 rr4---sn-aigl6nzk.googlevideo.com udp
GB 216.58.204.66:443 adservice.google.co.uk udp
GB 216.58.204.67:443 id.google.com udp
GB 172.217.169.22:443 i.ytimg.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com udp
GB 216.58.204.66:443 adservice.google.co.uk udp
GB 142.250.180.6:443 static.doubleclick.net udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 142.250.187.238:443 play.google.com tcp
GB 142.250.187.238:443 play.google.com tcp
GB 216.58.204.66:443 adservice.google.co.uk udp
GB 142.250.187.238:443 play.google.com tcp
GB 142.250.187.238:443 play.google.com tcp
GB 142.250.187.238:443 play.google.com tcp
GB 142.250.187.238:443 play.google.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 140.82.113.22:443 glb-db52c2cf8be544.github.com tcp
US 140.82.113.22:443 glb-db52c2cf8be544.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 2.18.121.197:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 197.121.18.2.in-addr.arpa udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp

Files

memory/5728-1-0x00000000006E0000-0x00000000007E0000-memory.dmp

memory/5728-2-0x00000000006B0000-0x00000000006BB000-memory.dmp

memory/5728-3-0x0000000000400000-0x000000000044A000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\activity-stream.discovery_stream.json.tmp

MD5 4036ae5e66a032d0dd731a7dae089e8a
SHA1 ff559157219bb804422e4f22c0c564217150df75
SHA256 72f3edd38cf4faf845931722051df592ef1e4d526be4e0054ea163906fcd2211
SHA512 db9f93c7c3e752b1d381169f10e3a8c15496b2a10504ea8edf88305f8e90539c61d6dd549124b04ff378ae31f66fdb5df31d4d3b904bed6bf613946b8a2649bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs.js

MD5 5081c698af9f8497df183e47b09d29b6
SHA1 0888c3ac2ac938022c45e18687f69ff3d534b123
SHA256 156efa6f41e6185759e1f9fbf5eb482b4f4e5bb0271e158615dc42d1e0db1123
SHA512 2c538d06d819825dac2afebbb6373c1f23a89f418af40332b4d6da3c8bd7fa71e381d6c742da8322f2414a1b3fdefec916fc7a3832d8557aec4ca8b27224580d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs.js

MD5 7274c6e25b8ca0178d142b1076894a30
SHA1 e3f277c93f1102cf576d4626d45ff3fa705b0e9f
SHA256 5f8f628d40cdcda09418832fb8dc1f4776b5c5eabc216819fe063b3028a5f043
SHA512 fbad63eeeb29859d4a601b62c9ad9c2db200a313794c9ac5490bd7e0792eda74cd065ec0be98879a9f935e9b3b29ca33010f7297c292fbf300d050e58e50c74c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore.jsonlz4

MD5 353c221916d6187f2d2a1d1936518db9
SHA1 e464222605555388fe83d2f328dfd39a94b82623
SHA256 d101f7438741691bf7d0e9ebaa4bc16814eaccebb20e0f9bfe8237536894c390
SHA512 2cfa924532958ca62163aaaf3b600c9bdb93a560e7beb53b12f050dd6c082d5d6db4db2ab1e67ac05060409bbf0e051b95c7992d2f5616e6ba098bf6c0906234

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs.js

MD5 3a9f08db95a1dbd136b7a230a7f36bee
SHA1 d63daab3c00fc6475d4fb9df24dc364396cac143
SHA256 2d73e785e3f2ec2f49257a0538964c4828ac7798f5a33be1290de4704e82953b
SHA512 a69cdb35e581701d22e9d05993e39214e459688794fd4d9eba1cb3870c83717b7df5b8a17266f3f8b8b20cf0b5897c2a86f5a2455b124850f55200b1f0c169a5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\startupCache\scriptCache-child.bin

MD5 1cccc94526280e7fa5fccf0a8c451996
SHA1 27f0a1debd398e042bf5cefcaa5b2716b12c846f
SHA256 9c03e70a608efefc68aedc2363cc07455932f02de92a91bdb5db967d09c43405
SHA512 4139fa2b85b4b3349c684706cccb6d06244716d29c66638cf79654683bc390f7cc821b7693294634c0b04eff57faf9136379d51e93d6618198adac4f11c7c69c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\startupCache\urlCache.bin

MD5 5caf30a718cc1bc0921ea212ad3410cf
SHA1 cf729bce262ec8a09060a0dd582130cf9f0807e8
SHA256 878847dae4781a1ab2ea3329e9dccefeb698fa8855d8a8209cbc8aaec77dd3fa
SHA512 6fa088e4cc5a887561bcce6c8556e5b82b641640b96f098bf1dbc71170a01a5d75e8f4952be5be5f478e6be8388572ca0a8730d8795d2f8e3c21b7bccb8e0b6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionCheckpoints.json

MD5 e08ef355498ae2c73e75f5a7e60eada5
SHA1 c98b5ab80782513f6e72d95ab070e1ed7626c576
SHA256 d1a98a30522d1bf882574df5ed2793bba5c4fdf0381788babea0846f6946745c
SHA512 a0550e83ecd1cf632b4e54bf43744ee9f7c0a8dfcf9a043e018c00d4ca0bba606cfcaaa469b204e7c9dffec1f79b91e16cd4f1c94ff512c45d3dd25b7174e859

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 d3318de6e447135eaece79e06f6f0ebf
SHA1 7630cd02c7be812eff171aab62f84d5780780c21
SHA256 8ae2e51f92ad52a4af60dab5e5c2ccc1c63d44eaa31ad7a49bccce6b5f9829f9
SHA512 e2dae9a5a02d8a53cb43b010e958272c649d3fced9956d6fef236664914c9798c9a6958833c75fac23f04abe83c51662fa5645ded6a2e715db709edb012793d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\SiteSecurityServiceState.txt

MD5 a5e93a13f752a6ad19d7c9f0944c7994
SHA1 f47a83d7a7ef3cffe183fccce23a64dfc93b43b0
SHA256 60d5cf87d804f085ca25008f9f63d100706679e8ec8df1526941faa61cc80c7d
SHA512 2896f91fd6442d320bbae16c056460eaa9291477758317072af85d0ffd785552bb3723e044d2b201087f987220ef927844ad2312c93a61bf78e5fac1236df285

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\datareporting\state.json

MD5 3e32e2cc1ed028dd8ff9b06f50a4707b
SHA1 b3910351bd8e13ad1479db699cf6fac6544a5bef
SHA256 4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c
SHA512 4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

MD5 548d8b56c56b4f9e18dd141bc613e06e
SHA1 95ed549ed07bd74a5f3f5b489462d91732911a66
SHA256 100af27b873854008aa44510c2c0a1dcda5462444a4399a1dc8ddab97c817146
SHA512 f4bdfb061bf9875e3846b8a16296b71979d97b213104fafb45e0ab8daf70bd9c5420132e200f3dec06c9ced3b15e547bfe79743f4c1c9ba2175985bdd186f62c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 d24a80f3072c6c0da3b855a0aa1d9e62
SHA1 212281a1a65b07432fdd5d6751aeb0cc9a2f99f8
SHA256 11970dbb45d444fccf25d9cbfa78e0b9c7c490674423486dcede48428155201b
SHA512 0c4ccbcacf1062b2e13bb1f185f9fc90be7927feae294c5f1d5c3c96760b27f33d687a2cc753624632640abf0cd81e10ae538b4ca2cfc1fcabe6fb3630f8f264

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 ab9c06ed0045496640e69ee9c1ab9a1b
SHA1 e332066ec83eef7315f5872a8fc750df041f3bb0
SHA256 c1d86d9476bfe48ef3528fddf86e9f03034ac6f589342404bee53646acf137e7
SHA512 34180b89f121805ce0ce13c6f3b6af6f1055ad3a7e78d041f7356bdba442546b17b358db812e584eb8e75acab6ab74ebb02646e3020d5cbb653ffac9666f03f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\protections.sqlite

MD5 49397db0486dc59d607907a086f40c9b
SHA1 08742ce9db9569062def08e99eea8470702feb7d
SHA256 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512 fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\datareporting\glean\db\data.safe.bin

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\AlternateServices.txt

MD5 774868251174088b5c4016fedceb35d3
SHA1 c432754c7968b1be46f29a8cdf49fd171c864c84
SHA256 66e8ad9956648501abd4933718e61fb68d49bc0900ca700186acb5b6449ff999
SHA512 a9b379c603ee29cd8393228fa5c71d325fa5f1d2c0db9cd98b8a744f3baa39aefc51e67544e04fe8fe9c05382bf993f6c83a8dbe1fca7f48029a747990b61975

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 2d08e1731ecf56d078c3290992a99f1d
SHA1 83132ef237adb80c56754fa3a00b8549a691a85a
SHA256 57420873cf9fc9ab587e6158d5441e43bb15a73b8c6fcc856ef2b3826d6f354f
SHA512 2b5335328d16b807313c8aba5e7c220afa828f4c8ea6aa291c4cc78da71ad298a797b393d00cfd8a7f874ab975c4d76c22ce650b31443635bfef961a723bffe6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs.js

MD5 801c2eea1524ef5a5f569b01114452de
SHA1 2ef4c8ee020f7207c2209d963b3606339325e173
SHA256 45b49301e529f5edb3d15151422fb7e36814401e0d2d6e514398eb96ace55da1
SHA512 2099361b953b0f121cc1387c36b5fa84e2f24656057dbbb2e9e6f40ea76fed5842de97b4a74eaa6e53a623d28650776d280c5b3bfbc49af3639ecc2df1245851

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs-1.js

MD5 59faaf013a9ce46a972757ca868ba434
SHA1 3865133c4fa07f62a43186392ee23c125f69b115
SHA256 aab54efa35ad3f9ad54b19e205668ebb8e06ce81bf581fbbe6093a0f50e65b4e
SHA512 fac266e65e2dd89381e63eefb96fe5dd8465d8d461507027224819f01871ea56bca8984d149a67d59fd6f13508d038f2a8cb85aeadacfe72a09d6b190cc7204f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 26e067f35c3a96f5b97922960e4cd9e6
SHA1 721c741edaa069155e7f2f82b02e34153ce40172
SHA256 7c6c8c671c0d389b36e8bd509a1cb7f6fefbd8c3723c09eb8a6c9fec6e68ba57
SHA512 32b912cc2fd70a6a37ba23f002116d0015b060629a2afc044345cc293858a164d69cb87ddd231ed2eb197177d909879084d711bf14dbead053cf4a09719df34b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fefe17b88323bf917a8c999eb11e04c0
SHA1 d3c65e805a280a81b4a057846aeb650891b6ddb5
SHA256 96a90513729ed06e8b4277aeb5ffab258f6c7f32dca427d7a15b277995536bb4
SHA512 b2e5ef4af25ead38cc641e0f5e129df93d6d404be3a327ab09172a4dd9314b125d75f3f0e77ff2eb65a536f5670a0a6f00748bd3809dc744737a5280ad0279ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite

MD5 dd8d24169e58b84f02a868151664b41c
SHA1 8ec0255f26e64084243674f47ec5d826468748fc
SHA256 729451048c8b44e1e9dc39180ba54d34321e8cdad6abc9e8f7c5439c5f825c86
SHA512 377a03123f9330c40b166f45c2f7a427aca300c247b99457e3b6ae8d0fa208dac6a8a8bb3e5e4dc4dc0b4281eefa789457c9f98d81973e2f73870b96124daa56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\default\https+++www.youtube.com\cache\morgue\78\{aefaf366-0d7d-4589-9bf8-b1cd88a9be4e}.final

MD5 c56eb487f8a8ac051b7f77aec8723fcc
SHA1 28c79695cdf697244a39025d0733782cfed674ad
SHA256 744c1035113e6ce3a45bf478610ec82f86771b0717ed58da48594c6017e4d5eb
SHA512 a530a3f0fcdbf86d722c45b3ce97966c69d08b277e13b786adc3ae2394203257b0e6d5cc0923e047345cb898eaca28d9177b812b07af34fa1140b5b5e7fa3f5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\serviceworker-1.txt

MD5 8c8ae77ea1c46fd8214e1c664873c15d
SHA1 9f1919f239010719b641627f65d344f18b13643c
SHA256 502c865df63798891c2871b2805f36e2df61616a40b13b4103ab819e8bf0fa7b
SHA512 c3f71a8f065b05451dfb6c9cea4dca9c56a1113612955bcc6ee7ca49e7e280797bb32710766e935c4a821c782a89b8ab907103ee5ae79817effe1ab4cfe6dad9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\serviceworker.txt

MD5 cdb11b7664981440bd111243fa5b9f05
SHA1 7c2d044ff0aa138d0292e1395a3b73857c062a24
SHA256 14161ae149fa7b0caa4cebba018aa71d01788d59cb9128ef90b9bf101fa77bb7
SHA512 90810ec78c39cfa8c0178b386b19667ea49051801e805bc44cd3b4734a9a4e42f38ad2081c431a13304fc96e5b68f83715ebd021004f07ad56c00c5544a56ba3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 d35a5b33dedf4e602a7f025ff65d40da
SHA1 a1a526f2c4938f2e9e03300a9557c86f37a9b9b9
SHA256 a9709cd9c98bd64156caa86d067e437e36629c789c08c9f4d792fd5014f0029e
SHA512 75cef9cc95786889a1c5e702ea0f2b398fd226af76fd7139cc973ad1b125d3ecdeb69f889646a78e492be916705bae08451adcbadca90249b05bf3b2377b3258

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 af1db6e4cec6d785401504785e6385b2
SHA1 d1ea9b75d6a49de4ce07848ee90a28909d930ef1
SHA256 53a1ada547e6611c31cfa13b25410c52dc42bfa455289e94280c60946d6ecd32
SHA512 ce9d24742509ecfa6bdd81a8e8750b99a39bf91ee82a5b0a064886ba047579c345dacb028f85d4f37ee819015ec20c287c15735c62f8354e8797b28ac1adc9ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\default\https+++www.youtube.com\cache\morgue\59\{5090c702-560d-4e93-80f7-d870f95eba3b}.final

MD5 872b016004ebfd798759e0f6d3a615c1
SHA1 2512102c8e78017ee9e93ab6295d996a12060f7d
SHA256 e1b0c638896fd66cf983ccd0bfb47f9ec51f7a0c8164d337cdc7b4ef0a7387b8
SHA512 a10b1a78eb3bcda24e6834e1c14ac7017cd2433f3168bb0982d7a71a2d025ff5e0730d6f8137b024df9bd5242ddcffd63fd2ee6c8e7440057993f8c95c6d416b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\8103

MD5 a8c876f60bac9ecf03b1a163d549c6ff
SHA1 29a7cbe77b19eb0375b6c1aa585ef51dd3b4ea2a
SHA256 c06d7a01baf19c72dedf15f345438bcd90e765b8f5579469d8d115378369ef06
SHA512 4a79ffc2a85eb84f4e3331d8487013a18f929b689897d5a542bcff280c340d7a21e411bcde730a1d062421619b9d68b41af71b6f849e938eb51cf926400e578d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\default\https+++www.youtube.com\cache\morgue\157\{ca3935d2-f094-4d3c-87ca-9a6a81a5919d}.final

MD5 109b5873c7d723be16b23fddf8cc1874
SHA1 85a5089640859e16000be1fbacf2565be3bbe346
SHA256 431755f236286652617e17c7105a9c0e5ced17608ea8768ed603a6ec44c6cf83
SHA512 a8a367b0ab823857051b5b372361e3dfe0ce161dd550d6bb6df351e2ecfb9f7092e1e656e56633c7605e4e819cf146e13cb8030a21bff5cbc64fcb704f65e31c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\7B06541CD75D2743A119B96202786C3000C282E9

MD5 e4b582acc355931f8fd88f3f918ba91c
SHA1 01b92492be9fb93acd62d14ec8556ad133672e0b
SHA256 ca8d3480a5f4738ff2a0273121c6c3ee1ee5167e67898ed4b6720fb845ceff37
SHA512 06e6d9588fd2a5a94d5a4779ddc7eb917b9ca40750dec458a8d96775c8935852b38fd4efb2cfaf7fce6316926aee3975cfa200ca37a2ed68673d87e765269e42

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2

MD5 2fe8c67bdce61945234d2395907b053d
SHA1 dbdea8b7bda7c74111d1899689952e5a28f90538
SHA256 1762969ce00f3e164b8382846277cfb27f6d0a6985a570e2186b880edce864f0
SHA512 8058fc410b7c976804fcb3c6d5b2fff92dcf0ed67469834fd62da64ae3a81a89cbc257721d1f15bb6d16323b2c8d5b7fb5ea248a0e5b6efc5c8d1be4ff66c755

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\A4CE164F50B862A9A4129172EAE07F4D83D47575

MD5 6670715e5c9a306ecd02256e7cdd26b9
SHA1 313142b2ea05262f8ee788fa72dba722ca300e6d
SHA256 5ba9bda3f5713a2445d8966cdec19ae52fc9d378ecae13ee07ef06ced773ae40
SHA512 9872aecb718300de451dff9b4524a863fd4c863b959ee6255f26dd4c1fb1c8b3ac9a6637db84fe5e53b056ae245d86b7a0c5075dee1422693646163ab1d9deb8

C:\Users\Admin\Downloads\lnjector._VUhXuZ8.rar.part

MD5 c6897cb0761439960da064224c78c0bf
SHA1 bef31b773982a5207c192f0d0b8b4c465d2cb561
SHA256 173d336f2efe29ccf85e88d030f60e407b119268fba9fd52e804076e22b1120d
SHA512 a218b1d99c7960a5d55ce467430fe295b14217ad0a2d44137fb8ee5037fe2b4a3df581cc81234736f6ed1c6b8412e1f9f034d4bded2b08ce6ddd01d868cf5b31

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\datareporting\session-state.json

MD5 88f3bb97b41c16aa6a2bef7fb9a5c3ca
SHA1 f8ad0d595d78445c466090f6392bcc243387144d
SHA256 6d3fc1b18c7ef73fc839120edd14bc7f94097cba051868242f6c75929c693e63
SHA512 6e439929e30635cf0262e506a92af77b19ea6ac9cbfca51cf29c9a22668ad0ca0a20346fdce3f6cd0d6654baf98905f2d5ec9deb2e854f8d0ab10612599ea23b

C:\Users\Admin\Downloads\t9WrtiAw.txt.part

MD5 e8f0cefc6a8ca4a9a0814a2fde168dc1
SHA1 03c1a8c9e7dd5a4f9fb41ca85f80f89fb9a518f8
SHA256 24abfca2adb35d75d9e7fde1ac713ad14cd486d2c664344d9c392e663ff38dde
SHA512 ac7f4b087d1b388db4c43ad59ce023c0650ec247d7a526123fb1f3f9a21d80bb28d6787e5501dd87fa38f83c0c862126ad0e65ca8d240ca5a181004e49dbe45f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs.js

MD5 4994860e909987b0723fae1a10809137
SHA1 76995a8562b929e2af73ef596ac84b99a567bffe
SHA256 b40e8156bff64dc058431d8459a989e1d409de232293d745d1835fac1bcb7cf5
SHA512 0096ac435e0131666d7a47eec382118f4046980699fd8661bcfb94d62a8bc4adf37cf3cc649e12b928cca352dd3cd7a8eb47b1aab0398e17a1b605cae2d7c01e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\downloads.json.tmp

MD5 51e6587226fd47578d7b0b1bf47e84f8
SHA1 e439bfb4f46be1f69c5e0a18a1335d66f1136382
SHA256 b6c2db7c5496b44ca4d170acd7c12f1984d8bfd6b7364b8a08557b9cee56fcdd
SHA512 653b45a60cd2b4a5a12a6f1da2be047eb25464e624516af7d40177a79acb02da752a2c59a6f46e4a0b800573f1ca387f4138d1f6647277615604a5edb0d37b90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6c3a7a7463f34088e05fb1eafb5f0d48
SHA1 4e12319dac08f087f829604608aee2091f83df93
SHA256 a4db494eaed77e3132ad11aebd264ecb36ccb78ee242e33019df7dc844fefc96
SHA512 a46eb93ca384dd842d34c958fec47a36c33c0007b2c47875d9397331ee5a2882da955c6884408595026039e6e01f879ca27d48f4abe7c95aec2a35cb41cab07a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\default\https+++www.youtube.com\cache\morgue\171\{e64f147a-46f8-4cc7-be3e-b097394d5dab}.final

MD5 bd0a4b212ef709bb160b7441282ad2b5
SHA1 d76316e3c49a022ce3f4e13c4f0000ba59f1e236
SHA256 fd17793c1ada82acf9c2444ad2582bc1906d3f30b80f5c750abcbbc019829940
SHA512 e71e28113f290ce5683f3f4660e8431112393b15dd98d148d8a3cd2d2c15885498a287df36091907719d005cac9c1552c9c7345bee6fd6cdfd8e7330beff812b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\22720

MD5 8ec0dd9bfd308261366627e357a0b047
SHA1 98452abdf3e77c184038bc5365a3ab76742bce28
SHA256 390b82a36d05b24f93532def666eb5a72862283850a1f13e0fe12add997cc953
SHA512 3b1ea27f368c0ad93ffe036eeca5648238db1e891012be1d4ee62c70fe197d70fa7dd115c3964fc1f6efd590dc246b073d688141ca5e9d3e5f4c9055321f0b47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs.js

MD5 a7ca3355ffc1693d924172a3d12f9639
SHA1 3339548fc5d7393856e96b039a24ac132bf381e7
SHA256 addb9b667de25a1c3d570db50ea45bc4ebc518628f20ee47fd84b6ef94b9f66b
SHA512 2dfee4bd00f9165584fdc7322e10c386abfae78e85c519e97b8a2a9e5c6b42599b41a08b736ddee546905e8bb9fede9a7bc76b72527ac834232dc6f48fc5146e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0d1787630bb994db290ebec8f09545c2
SHA1 a3ca0c252e407ab26591eb34a0edbd05f3c605c4
SHA256 5900bac98c32f1689ad0d3f236cac7f9de2bc0fe98a98c04baf1afe840740bd5
SHA512 fef0993add21d63718374e8acb1140a98fba51347a7f694287faa9a9e6da3b92afde3803bdcf6f6f04ead44bee228c9095de9accb7f0327ad6195517d488c767

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 19ee0c0aa8d7f084d2b50aeec913a04d
SHA1 3e4e05681eab008fdc430aa87613a96f1054b6ec
SHA256 cf3b51a17c46e0dc90d515a445e6b31684a69db39efaceae3d480a6416f4bd68
SHA512 c413019f6f944b4e66f6740b018863933400cf3dc1caa18aed9aa8cfb9b4861e4581a92682cd878c8dacf08eb4ab70e63c7a6f95b1d1365b80a177a6b89776c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\18673

MD5 937a2e0b575696fd97e5de7eeb690b04
SHA1 50e7b5d830b6a9337fef3541fff2830d9ed1a6a1
SHA256 1d5d84407e36c136dfc980b0cb967c1dfd9a4c6f20b5c2d467273896913ccbe6
SHA512 e41b193e9ca5a173b8904e45623bc22ae74e49788dd9162fca8283a3c7a9c05d3202765e61d17643213a41eea6992b3888192ba20a66b5fd80853434f5c8a459

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7df0b652e328f49564b0b71fec80de3f
SHA1 471e567beb884b972c57e5712043ce9cac13a719
SHA256 e39e9f0d4bcdf757ef4b660056ce3a7fb2a272c48cfe95abeaa630d93371ae03
SHA512 c33fa5640e676fe73d220c52f2eddbcc4c45d0463de1f361c5f7afdc26f6878223909b1f8299590b5f1856cbd529f06da22333aa35ea3184d3aa01d39ca3ad14

C:\Users\Admin\Downloads\winrar-x64-700.RQuymOFB.exe.part

MD5 a9e4f34c8f3a478d57e9a079996365f1
SHA1 e1618ba38050c292caf23a3252b0fe81517cfa82
SHA256 4d97905c9c66e5c9577bc6cc76c8378798bffe9cac2620f5c64d20dfd68555fb
SHA512 123e63b682f419860910d583be689ed5eab90008829546714a3feac6b81ef4bd14c2ff5ece1f145ff0e4eec40c53e5a0a8263c0b34c2e454a0a87a81f405a037

C:\Users\Admin\Downloads\winrar-x64-700.exe:Zone.Identifier

MD5 7daffbf0861b9d78fe9fdf9932bafc2b
SHA1 d30affdaf363971ea035538e04713450042fdd91
SHA256 60a33283cc2a8383edd5d0916e89229103fb3d944eb5fba4425c7d97c0af41c1
SHA512 cf50a525604f3cda5226ec869adca5978e40a01632ce73e53fdd12716eedc3955a1130e92534b4929f8b131f2f6d3a1d7828d9fd48648468114dede401fa064e

C:\Users\Admin\Downloads\winrar-x64-700.exe

MD5 48deabfacb5c8e88b81c7165ed4e3b0b
SHA1 de3dab0e9258f9ff3c93ab6738818c6ec399e6a4
SHA256 ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24
SHA512 d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bd988667e9f6e463625b50fe64ca60b8
SHA1 b78ef77e577a9ffad54c85322852411cbf618e75
SHA256 f926e353e1273b6ee73ba5eb5f85070f37fa8ae41c78767a7c1f69776b792c9f
SHA512 bb61fa50cbd89fea6cfcd4d7f0cf903810e9149b78bad7ab821f6b2dc59c1b6aa2dcd42d48cc67572fe8bb111f9e72efbd10643528b2d81a3811b50714a10a54

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\874F18BED7CB5132715B8A78AD866AC231B4B3F3

MD5 1aff2fd756c5a304b58a32aff9614884
SHA1 323f4a30cd93ca246d28c3b320baf4ecd786eb7a
SHA256 dfcab8c400ccb8a1a71036a8f3b5315c3b94dab1cfcba499e66005532560f3ef
SHA512 7749019d48279a5c73662962a7f44f19b66ea8c8cfc0f85553d772df0d112b2d2948cbc4ad9f64ff086d2d0b20926f36debce9f494b18b2dac9b9740d91ec1fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\79B0DDE3FA8DCB1BD2B4CA2ED3EB8F3088226A6C

MD5 4f17201025654ff59ea007d00ea655ca
SHA1 409202d45e982c71bd0861cca645e859de3eecc5
SHA256 3333927adaa73d42cbe93233a5deeca59b7702356f172a5fea21d66bb8b6d4ce
SHA512 817b3134290541ac88b67e0e3e460c8461095f6865f173bad6bf0598e993db107fe58841370669d98dae159abd8520e2fc87613783ac0381a2e782e3d7e2e396

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\7667

MD5 36fd88db251d89c4c13facd3bff927e7
SHA1 ed1101b719db55182189d18d5dc566088cc288f7
SHA256 92a2d4ce912b3bf2ae6a0a9a9744b80a06927f704e9f0c76a4e3884784720cee
SHA512 49354164463d1d77073278811d8c5a5b586c8002bde0484a602ab3bc476ca5bb653dd38fb6090cd5bc4399d52e4e8c8dcd92e3957b24390e4926dd3bf337671b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e8d25c1808df87112f2b490bf7729eb2
SHA1 413fbf9a6c67e75b99ef220e02dda0ab05f79250
SHA256 2458d71e075e4476ce17758dcdcdc20ac6e89fa6019c6d04f2481f7e02fa5071
SHA512 244df10cbe55e3f6de9c3be725a63a2332bc7d4528195fdd14fb370b2b7b018b62d9d3af961975fe7da5712f6b2a9731b81afe7da0855adacaa2a1d6dc1d2ab2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\D130F82865217CFD4D1A849B68A02EF7095D5DA7

MD5 d8b644acaf3ab543d401885171daabc6
SHA1 9c2d41185d4be3347c4513b0fda995c73cd28130
SHA256 dd8b6cdb7a9809820126b1ddc570eec910c4ff2a0e397a3db1685857c798ac74
SHA512 b53a9aeadd5e4fd10cdab0634e9858a1dab4cf14874a6c561e3189a1ebcf478e12a5eaa315e20c41a2b31fe09135a797c97b4d20688a64398cc5607af775a4fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 347e61bfdad96d3b54a086ebf48012bc
SHA1 88e20c9c811baa9134eaeb67e6f49ccacfeda8f3
SHA256 88795e2bf1686ff00a65f0a3627a05680f326cf71ae360e5e4d23cf2e35d040a
SHA512 b81a0b102ff97107a93fb09b2a5cb49a93a0f3c33aaa9166200104d7ebbd398d999d7949ffa525d8d5d071d68a7d258cdf321dc0dd43a8306f558a4828b63ab9

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 96e6e524a1efcaa25f44050dec4800cd
SHA1 b9715e1e8f57049527957eae03c053bfb1eb8880
SHA256 92963a271f09cf456fceb337c55409ffae5e84413c92781cf70e87269e130f4a
SHA512 ba3d5688994ed3f088284bd39a49d20a461d1073dcbdf104e1bd96c8aa2927474e6f6e3699f607c040327f6b5ba27bd898ee0bbeb5041c21f9a47251950f7e41

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c300b5cc1a0300902e79e2f4976a4942
SHA1 dfd7a439871ecbc7e6d8834878599e993014236a
SHA256 3d473c77ee0f335f8815bf4991bbe55f52bccd8535819faa89ca4e45d8d90e26
SHA512 1c24a323023509102a82eccef141fc8d64c891e0f16349b4dbc5894f1a0a03b2673d41696452329be6bc3df4a2f09b040cb527dbc2815bcec601787f1006f838

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\jumpListCache\VmSPrUl3sf2nmi9HLTd+Vg==.ico

MD5 180a2c257c44b0c5fc17e711e028e113
SHA1 a3820b6c60d3695e7ee23ecc9db84fbf71c98a8f
SHA256 63dfb4b8df6f971be76607a5d56d4fa9570f7dafd6bd7c0f0efa3dba163471c9
SHA512 67e85cff042f54f62bb5f8afa1f40308bafaa74afbb7e0807269c2f6e4f8385685203fb497f0eb6e95c3f53dc894f3c9ea6bc913731b0f3b688291c6625f38d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bd7e8af78b76ff295bd89d88c2a9c760
SHA1 a8beb92d80cc0819a30127eaef7961681b5c2943
SHA256 1fee36d21822eace3ebc4eb276c3970c9d4e7e5239d4f8eacf8e3d95f7316310
SHA512 67c99e5c46d0ac001c72a88fb1c97e31562961679e860957f25fde4d2101b9fac9a15ec02b6175db012d5a93c087d2f1294f034b3191811cf55849c9a961d81a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\59875D4FD8FDE636AA808191362C474F23273812

MD5 7a9fde09aaccf1def8ece2ad6b3a6800
SHA1 2945943e5dad0bc71955f0bb9236e735b26e4feb
SHA256 78e47594de6238ce2154f76eb329d1ae52945ad756569153340ffb838fceba6a
SHA512 657811fc7aba245a6c7938e3c22a0bffc985ff181ecf453903bd4fe16194268e5cebd8481d821925c19cbe023cfa0ee491603f3136e02436bd88347887e98cb6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\364583549B0419606F6E9E71FAB57390C4EE8230

MD5 eb0e4d8dc7d2199ba0be7214b08fc63e
SHA1 3c41daa825b4beb5f1ab2bd7f60c03c7fa9022c0
SHA256 c99f8e1c2ef55afeadd253613ec72651a726b0161931dda0090b6900edddf507
SHA512 09abec82668aaff383cf24f0c42daed99e235ab7afe563f3336101820c43d99a876df5cb9f4c1a0feb624401f2024907e9b18c33af2f046fec951ffa00a98794

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\19686

MD5 7ac2f8aa1aa4fe5267c2143bc251808e
SHA1 750b05fca1b41cfd5c8b41b84c223d5679274a4c
SHA256 faef33d50f53dad981bab1b8732af81fd5ff628012c29bdca6dddebd6c533c78
SHA512 4606c262df29c4d899345377c20391ea09bea5e42318a573f4fabcf155d722d4340b49fb5cfffd9fe660a23928d9e8a441fc00ab7457c0df4c1fe9706d28ac0b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\26600

MD5 8d73a252f81a842d76c5797f40eb1c25
SHA1 89c2ccd94984ee6f3ccc5b5b3d4e037757261338
SHA256 1da39e0be5b742bc5157c586026ecc3fdbe17c8f763d06a1b7a6614729c55844
SHA512 ca4155226c407a40f19ede118ad5f6467c537dcc48e0b85973f4de6d662c0889cbcd1daec16637a28c937b4a581a2a45e848ed7ea9e195ba9b3b802823d92b00

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\7249

MD5 a0e19c447dc3b896b31d962316f42acf
SHA1 4c7c3acdeeab3c3bc443979b5cb9c57684fb3bdb
SHA256 8987972f349179301df875f203b302fc54a3b732bdccb3218c9dc2292eaf5939
SHA512 e4f11317580acfb09576f242d530851331dbd26f9e113d1ded5a15d499bfb5b2eabc76846c1bbaebc8a9e27f636af40712be81c99e4417b4fd66c87bc305df43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\C6C50C6713E04181F50351E2F527C1DEE7EF3488

MD5 b237027315b7902bdba9de3058a2be87
SHA1 2d4c2998ae0a37f26a4188b7566576bea5474eed
SHA256 4d3d5b7e1fc775888277859f2ff0aa2a705c41f82ddcabe8879425a66b98d4a6
SHA512 4d48a365fc5b3fcfdd630c0f866bc95b27b590e64ee036882ea41b53917c5d2a3c269c82707737c75941099a76b2560ecd7dcac74eb7f739df735220ad735134

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c3b02238d2bab07e5c81024ee7fb9a69
SHA1 2c74acbae913344cb69cdb800f7f09b7007d7ed5
SHA256 3de599d72a76787eb11dd603b8f3bce28062e604a0fd31e06eec573cc1a5cebc
SHA512 9b930a6a9c9db40f9fd5c8a4098e6785589cd1a6902496e285b40be0e56bc5783b250926e5a01938fa313c90423fe1c8d1270c9033f6ca1322981a04b2f530c8

C:\Users\Admin\Downloads\winrar-x32-700.zm6Dj19q.exe.part

MD5 9705151134535d17d62208323feb0fb2
SHA1 fa16338038a0dc08f688f5b380e498bf0d1c38a5
SHA256 dd5954195892e1b3a3e1be9dfad8a15908617e60bcd3205f912e440b401195b6
SHA512 3aabb652fde0760f3b82004e274c34278b010fd97108b3b2c8d8d3d5b0453b95e35591214c8d798851b6d9480936caa322de1316a8b54eb34ae035a099e6f24a

C:\Users\Admin\Downloads\winrar-x32-700.exe:Zone.Identifier

MD5 1ea42bfed4dd61ea1aedde88102cdd84
SHA1 d7929daad6b7ecf74f2faa0099e15250efd5f887
SHA256 727540bb3280aad267ec40f126a6a71b3312576acad8f941bca7ae6860a21df8
SHA512 4c9fdbc88dcc28f21c1a2859bab3b0ca8626cda1382727af03f65789672ea08d1d69763b641c3bea04b04e9a37b4cc1e0630755f4675bb2a57534d49a4d71639

C:\Users\Admin\Downloads\winrar-x32-700.exe

MD5 ec2c341f6c3d83620f63f614cfda8866
SHA1 5bc64af5cbf6011eae548555eedc173228587eb8
SHA256 709b6d062ef270090e1ebc7f349afbc778e1d4949190179212f5363cd3c77aaf
SHA512 eb54c05d7dfaf1fa9c9c384e16de928223978ce6472905f455b26efa2c0881c54eb06ef9243a7b386097429e10a86bc7b85af89ef4fcf97f2a9e4d16b4f0b396

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ddbd825dd6d0e137ed31d8da8f35e209
SHA1 5d63586e1b7db901bcd7d172c802465dd7fba9d6
SHA256 7b22d77981e6eae95a02dd8388edb34543fc99230dd6a577901d5c162cea39e7
SHA512 68d65a8ec50d7373c0f9b10a7df142d6f18c4a48ffea018d720af0f26cf3f82d1a37ffbc2eb0ef9e3a69dd2945d2efb6e7b823b31a03bf74433985b90af6b5ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 469dbb7d793d6c2537db0046f18a08af
SHA1 9fd16f073f4712011b089ee120438efcfbc824db
SHA256 cbdb22f74f2be994c8b4e866b3fc5964ff8ef59b717982343a340a88abd06e8b
SHA512 6f08b331e2fa2a28d3c30f1d04da61fa814149ddc4d818f1b035c3f79c621de832929ed21ea3139ef1c7f6158d20cc6a6a7c59c0aa31c2674868fff78e40e0f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 630437a5630199bb474d54c321acaa8f
SHA1 6a05a5000f466e8b3d51927e58ce45dddce4aa30
SHA256 9492dc73bedf661aa7bed9a4a63af5e9b5f412af29a91d0b598f58f2bc8124e1
SHA512 889743eb41ea7340aff1dfa58118d6024f6a8cc00a3c0a93acd1af68570d926e57d6ead9c34db58f45ad1ad57a49426816543ea13a277b405e71da461f7d5bb9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\4000

MD5 ed4d952638b9aa32c8ad44e86e146983
SHA1 b578776c3ec92c38702036809d633ee9b3e569e1
SHA256 5e38dc20c649c4690c6fccfe65fc6ed7c387670907f99e7f633d7f3b0694cab2
SHA512 0f9be7ded6e40062d68644a84a71dc8e9f6e34b7ba6d61c15f50ef53485dc621bb15f025fd29e23de211cbe3e04bc3eaf45d152699ef976a5a3d1c7986d79864

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\286

MD5 1ca8794f0f83f38b6322c5cde75d7118
SHA1 b4d7bfdbc4c8dd8600bd7ae7643ead9103e075f3
SHA256 600e58a2bd320cf694a36b1cfdef984304d3a70da8d6348675cc81965e770d42
SHA512 94949583d3ba7e47c237914bcf9f737359fb45989df3ebd74295ebdcbc676cd46c43a7474acf09c59aaeb71b9cdf1c07577f52f049fc1f1c7459fc3870cc6ed6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\storage\default\https+++www.youtube.com\cache\morgue\129\{25a07273-bff4-4448-adf2-503a84ef3281}.final

MD5 8ac57a5560abba4795300d1fb7889644
SHA1 7d017c0544b2d8d9d74028d7a1e83a8af58b0b9c
SHA256 0a03370521411f98a3c0ec76256793c5305cf0abfa2b1daea2e7ca7d97118b32
SHA512 12cd4fb0636c0e8e603c75dfb04e1a8c7cb971ddf4071b5e264ecbbe6e18d38c0d242953ba61e6237d69ec4f8b8c63fd77aa6a6b9cf47e163e08490e728356d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\DCC312A0CD69894ACC9F7C943581C40CEFD6A2D9

MD5 0bba09c675e080cee84fce18187b7d8c
SHA1 ca4f7bb740b03c5aa9d56207762fe3d73d37b49c
SHA256 3e5952e6b802de336b773a25182ad27ae6e6da5b03e00f11940164636fad752f
SHA512 85d060c422e2b752d6affb3421be10dd043b20aa1d82aab1f04db2646a8ad7802c96fea3e0bd8020ef0cd7469e3126513de25932e8208b23ccfaaa9a71f917ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\25424

MD5 78600cdfbba8b15892d8aa1cf6ab3830
SHA1 f83937d15afd0d01448974bc8858d6d228f16ce1
SHA256 b6298e12cef8d1632d34b415affe832d7852b4550b8b82a132e10e0229d53b69
SHA512 75240fcd7f30216887f620e164a2dca6baef4ccd4c48daab0aceff01af88859ee13e61ce95a86f23e9db5557780a4c29bbc89334d932b8a827de748845b3eaed

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\6863

MD5 fedfeddd40f1acb3e3cf61283b8809e3
SHA1 5fd90fa460685328b7cb89dcb16e10e08561dadb
SHA256 93165af46defc1dac8e10200836ff89d18326622fe794d54f804e6e3b1596c4b
SHA512 176353d22df72d7a0879a4e8c5c99e53586b973918a00945ae5d0b1d19ee97f489276ebaa28c29e82fe22b5f4515580d1601da2dd17d9b802965ab5ce6f65e4f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\1051

MD5 3b9e09a218d2f79fa70dad4f2913f381
SHA1 22866a886a9883ac0ca053ad88b3f6bd7dbfd087
SHA256 a9c4baf8ff9a60a53af647b16c49bbdb331f68d050ccf20ba4b58f9ec9846eef
SHA512 c514a08e6569f94efa2efc6f08196a72d45508d417040af29796c9e4911eb77d8d22a7004e2d064911e39a8aad471ccfd5957d4bd0b3ae7f03e4b0e0544110a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f719455042f4d600c97d229d0b0ff42f
SHA1 258da62a88957ead6ffd9b0715b007fe89ad49ec
SHA256 f4e350102c7dfd55bf4b11d40948f50ee0cd71a65667ebc705c2ab1019cd3b62
SHA512 36b2f8d9762edc2562c78496ba1eeaf9e7b8264bd2e7a2b0cd0ede89569e4994837985864a80baddf77b282e3341b750bf51d0a71bd170d6a8b98e26084e96ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\BCBF3E7ECCFAFC4632A02F4C88A42560D011AD0D

MD5 734d683a9f31caf3d388a24390472e45
SHA1 37ef02114a76ddb090f10ce2468caad239bcc842
SHA256 67d6fc2f4310b459240b25947a526b6f1ee9a25ecec5e43b6523d4a92f3bf47c
SHA512 53fee36fdadd2a05129c630546194ba07f4dd8ec33dc05008e21e5fabf9d43cc04e6a9e5eda6e10834e05577015f5970759bdfa01dd7544d78e0f9e7933e4289

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\6D1DC7CD85C56A9E13A3E871A90368CDE7FF3C5C

MD5 8004c067fd9e1b8dad68d1b54af34f3e
SHA1 8990608e3161fe9ac8415a56fadccb58c51aec68
SHA256 86beb66ee58306f5c2798b97531fc919d2471d33c33c7bd837cce2dbda04ba55
SHA512 5812b502e4a3e8b11b0615b307801b095e080e102c4d6f336f1d68dbab221bec59942da32f881c895789ee52c270811c5778607ac63ce33a3ecea99c3a7ac952

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\3911

MD5 3dde916b1732e321ac26ff135038ccbe
SHA1 90ceea28d7a69d1217785a851cd60e588cba68ed
SHA256 22bc3a014e7019b1f2f1387c078709a8a24630e2acb9a18a4feeecaa5fc95721
SHA512 92f964e6d5def93270901d994d1d9cb483134726f74975d6e65a8e1c1d14fb98ccf2d66ebc3040934d76c8786b1f534f8f6ebe017db4fd467bf1a25ba75b86ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\A6BA0F611E1504F6577C8F01757CF8D6CD21DDF1

MD5 76056c51631d429c2053a42ef730a1b8
SHA1 5ae4fb5e392ea7668e92b1584fd3503673a3d51a
SHA256 232f1b985ce2a2aa537a8ef2a0c14905959e7bb99c035cf0ac8ee82a59f033cd
SHA512 a7646bededeffea96553b3053636e90b2d557c3065f56331cb536db4479b5e7fe5cb8d60735e208fb5ea4d26448d45b81345f0ebafe36bfd689e930ea25d3fbb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 57f5971484dfea6a022280d7d4fa0042
SHA1 231aefde6d2fdc07202be4793ae3e4d7139d8cbb
SHA256 73ca57b4b88825a79fbfe83cb0e1dba13dddd3cf1d1e942a0c34d48a8d668d92
SHA512 ebebde111a7d1be0e2b6e322bce0fe1e201adf01abdc0ab73391c56e83055b973e603794a86dafe78d46c26bd88d39687528411ea07130ef57a9c0422beb5cbb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\535

MD5 56326b4bee124a821eed2546329fa62f
SHA1 23063f2912427ccf934e4587fcafa75341690569
SHA256 f34d8829f29516c0f31e06c695bd911d51c28bf5144a7177efc811326a9274af
SHA512 411604123b816e768f2f17524363a703c9f9877ff01441ca07b2d41cfa9805f930d75cea6709be3205623e3ababc4134621ec19fa2ac2ce696f181ed0716b626

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\11353

MD5 88762f15ac9698c478209678830568b4
SHA1 8de5f2aafa4254b2ea3b836874739558a16ae2bb
SHA256 73e29caf7371beb5ef8a7baaeb0cf760564f2145f502d4591deec478c2c236c9
SHA512 2e135e3ac3b8019beabafb3f0fa6f23c0275de41ca45ef5e218dd535ff88e9366eb91e26e5a3c143d457b799c97d92ac382db32eb9ed691a9ac3b284e59d392a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\2B460708F1E03CB69A98D839273AA8237910F8DE

MD5 2bc87eb643c189b11fdd0af0258149d6
SHA1 a28b423a95b5a4b47d1e6317546e53c28b84031c
SHA256 64fcaeb80267f43ada72309aca15c84249531116d86c87c10d08c329e27cbd23
SHA512 6ef6ad6c6051087bebc194a8bc3ca61c60a1e7df41eb390324ef0b00dc537224641f86b8c4e60cd21a756e9157363e8dd3fcb15ea4fa1fcb81253f064ba07aea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\4CD5C0360F360185A7DEAEE78892DF18666AA26E

MD5 f4a6589eb123811a52c0c110efdc1b8e
SHA1 4a0cc94bc057dc6f0ead822113c94b6a75fc80dd
SHA256 44e78596267e8cee4881c478bb3abf091d90e2504dc5366230b611f5e7953eb3
SHA512 d4ad81812ef15e8afd6ff53d6b732053b9fbb54fde5c42ab6d254fb8884ca4879e3547ac13046c4ca05dc554e790f1396f9a2dcd69d38e8319f7207a5194ea2a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\2438DD710BB32CBE9ECF512D0E79C68C966656A2

MD5 c188b3e1f9f98ee81e75c874a059b7c8
SHA1 c36388e3d657957fb0d1e883645eefc2ec813a03
SHA256 e71551568c8da361afc80f7cabdca7161f67e53f1715a898af4758c0b4a1feaa
SHA512 0ee206e0b72dba0e1f572da56d0ebe2993ce7d459b6d31e8ad7b929a402dc7a00803060b746dd4652197b925ba1c2e368a7bbbff451681619f09e67d8d9cc380

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\13561

MD5 7bd2d74c77554f6671e54afc112309e4
SHA1 3ffa84c30b14cc8639fe8f26627fc6bd52e1ef1b
SHA256 e863603e5472e697c2c9f2db9e9b8ee197ab232bdd1bd173ecd86ca748ee47de
SHA512 56f91c4a6328e7f3f4c87d93644f69e86df369a2d88d3c70573afb1a5f38278f2650e3ffcc12cf70831f7cdf77057f2a9b2844f7bb77b5adc7f7b898a7bee62b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\EEA635937718FE928AF2CEFA219A01C223C0A102

MD5 839111ac3305239fe820a0714fafc2f3
SHA1 9fbbeaf7a23c46b801c7b8eda5e3fa61a704bb8c
SHA256 ed9ba642ddbb97634016ce36a0157f783fef1261d64b110f277a7f902798e3d0
SHA512 d9e1a23cf5db45d882e69e2ec5bb27aba335927a85aa2608e00964662c66e8e22d4b02bb0f1d489f95650915f9d3a42e8dab337c5820d60cb9dc764e0b24ce1e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\D7A0DD2B67E5C8ED5E2C6B10617C937206220201

MD5 7ee4e2cfbd75cd67caf720855ce692be
SHA1 c1df924c8600e8f55479dbb39ba8a8e5dc409ef8
SHA256 a4f75d6e25f994b959aba1db11c8830d126efc24b8ba823c83905d2966d49d10
SHA512 a3562307da6d7744eebc5ab18829f0367612552b2b8d253a6de821e86d4e9d0bf4311f2f441710af04598abb34ba261512db50d1d28f0321e209a22055b50870

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\1D17CB7B6439BEC2972EA0803774A90EC9817EDE

MD5 3fe3af34194cc4b135e66e4ccba1167b
SHA1 ffd5c07bbe0484cf7d6cbd66ad982cba13563afd
SHA256 11cadda1c979e4106767571c0161d785259f3dd33b1482c9088dc39ef4920ae7
SHA512 136eeb875699f89c26ddb2fa0f3cc9fe5724d03b88631e0d1a5930a25b138e859d9d0efbe8657ea15573a71094cc8221dc0eebca554900978bf55d33b8ed9e58

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

MD5 c6b030100fc56b8e2c85e761d6b0479d
SHA1 08baacc949c4cce72d8a74ba06c673ea486c0e70
SHA256 068e9229b28d1a77691591615010753b3adc396070b7d0a3f1486de98b260f18
SHA512 26894185b28f285b98badaf32ae36c6bd0671c94cedfbfc4f04b312d6fb202919663e15e163a3a9c7b3888f55850e3b0d4c6972be980088199202be5092716eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\9289

MD5 7608c546529c784fc0c90e73eaf43458
SHA1 712e1224b22adba29bfd70d2d1e738594f44c8a3
SHA256 e7146791afb43b8830f172ec8cfe3da9c969f27a210ee231db2b3ee00dc100cf
SHA512 1822389fa8d09b789da02d49f556c20d6cde73e30a0e78f7688f616564edde249a4b9b83fd55d26e87f3b81b0395ddadad241c537b181bcdfd83723e12847ab8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\doomed\22398

MD5 fd3ea32c28d65de835eeb45ec4faf513
SHA1 3b3ee862403ed1700769cb172af493cf511df2b4
SHA256 5e863dbee131232121cef6e58c9a51fb34cd7aa79d3e1a744d7c781fba31d382
SHA512 0b096f3881efca805993c069d7dc9b230e512f1c2401e9039316591457669d7108816418ef3c99150b0e7e1a731f48deefbc7246d40416f4df4a812dbae5c284

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 574b969b4f5c7f72451d193aaa6120e8
SHA1 422efa7541714990e14be0e71482ef048879cf35
SHA256 74cf4cf099c3a36aa6b26b93dae81f615154a9ecd91994a850d0286dbb18dc98
SHA512 5ca81c38186b256546148da8b80d1bb880fd530a4c7b67d9469d05804ae3720d34e37ff53143bb5bf8e893578ebfdbef8b140e05ec7f0409cab7688243ce3b1e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 34611defb97a86fcb0d4da8ac05afa14
SHA1 c58177587739498adde094acebb8d1f2c6d8a603
SHA256 ed62e55c0b227ca199192241b2871eb38b4ee07b6ec64023d636b155c0cafa4c
SHA512 a50e943d4c68b8265455b3808f5f3df75312d6119d906dedd32104fbe0cddf9a89826ade4c4972ef8f9a953090de2bbff8dcc42934c2e9e445a9ded4aa1d6e86

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ff38c5985fc6bdae430895036cc8fb8a
SHA1 755c80cd8c9b12963d8e19e348792a753c5e6360
SHA256 180a15ec4f56d4654404c58b03735cd3de8929c9cc4f6bc980fc38604e1541e5
SHA512 30c771e81dca0ff7ddcb0980f8afd27dfc7745edddd72843cb7c360e3f7bee38244ab9dfe203d69677835a07ea8d5dc77322b21ecd98dbac8d0b27eb5f1f9c6e

C:\Users\Admin\Downloads\3q6JNacx.zip.part

MD5 a7a51358ab9cdf1773b76bc2e25812d9
SHA1 9f3befe37f5fbe58bbb9476a811869c5410ee919
SHA256 817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
SHA512 3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b1f23e28a41138400b4fb53eed085880
SHA1 da9701ee5ee69c7a6a801e3afbfd2c51c67a9325
SHA256 6f2cf36a3f07f618cf94e34bb11dba942a8328e1241dc1b2684df69c6e3db046
SHA512 f992bc638187d4e5542b9925fe84f8b7a1d88ce021a4e227bb96acb32929c0edcfd6d6ccf89d79a76b297ddfbe256bc9cea81b5a040e5a4bb9418c36bdcb0297

C:\Users\Admin\Downloads\jlI4hhPp.zip.part

MD5 f3f982622520af32cc86d3a22f352af0
SHA1 99b7c8a8afa3cfc7292893d7b2253a581249d9d4
SHA256 653b5c625dc6f24dcab5aaf33e77fd3c994f4783884c21d0a71b5c1fefbeb4e1
SHA512 27482f0293b88c1a31dd1132401b4df19d3636f1a31f2b607ccf9a28dde0165381d65d9d0c492ab6c300bd1da0aac9e8df8c7cb3394cea35c90ce1a544a0576e

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-6334

MD5 860168a14356be3e65650b8a3cf6c3a0
SHA1 ea99e29e119d88caf9d38fb6aac04a97e9c5ac63
SHA256 1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9
SHA512 0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61

C:\Users\Admin\Downloads\JRQ12ldZ.zip.part

MD5 69977a5d1c648976d47b69ea3aa8fcaa
SHA1 4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512 ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

C:\Users\Admin\Downloads\3DFzgGp_.zip.part

MD5 9f7249077b949c96bfa3fbafc38e4ee2
SHA1 1fec3d58de9f782dfaabc323222f89adea6b7d05
SHA256 519fb20d9caba12bac93c363bb64d8bade4971fad49e8bf489d1e512784c28c0
SHA512 088ce74aee633ae25ef764555f1a2686f32efde5b28cb1afebad9926ab69f574506e3dc68b7b2d8f966bc19b96b50f9cbbd28beed0afd70cdad6d77581e072f6

C:\Users\Admin\Downloads\Illerka.C.zip:Zone.Identifier

MD5 dce5191790621b5e424478ca69c47f55
SHA1 ae356a67d337afa5933e3e679e84854deeace048
SHA256 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8
SHA512 a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

MD5 ad228954a6d3fc2c8be5358f1df71b22
SHA1 d4230af6bf10e102325517108be83558aac8d71d
SHA256 3dd39020a99f8c0e2cdde4f55e1202a4a02d034b632b247a07700579b49f2ce0
SHA512 351a9ea1e9f5d07a6ce43aa2dc68b0320274655359cf36f55ebff67c0e10c966c0d3e87301ab9fc483ea083a93923ffdf90ad36ca58e631a0cd23d8ed0a05662

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs.js

MD5 6c74ffac190bf28d1d9935909a761278
SHA1 3f8791fff3ae89f69f076e7235cf931f33aa20ae
SHA256 a43b48f220371a3a47e1955d272c41e69559189b1ff097061bafae44b9418f7d
SHA512 c6de6b0855f6d14c058c9f66d1fc2590e8ae8b7a2976c5da047427d61f9f75de83ef899ca64c9174042a7a6f06803970bcae94602a453d17bfe704d5c8e0f470

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

MD5 28703e9bcfc8c6f3c4f7be219a2bf1bb
SHA1 d84c771af6b6efb9b23b1b3f9aaddc20de1d2d28
SHA256 29c8124bad94f42a310d272646989a899ec9a05a9a6db9f385b3e0ec297d1c6a
SHA512 c56ee5e612996397c83f2bc8494025fa3e18168c44b42d037859353848b71e1e84f4828b59c8ec61e84ba38f07c6fa2f12be931f4ed08a98cdb858df73842c7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs-1.js

MD5 2749dfd516ea9173ee41ccefbcfd7d4e
SHA1 7c2b351dc3dd3ba5955348eb70927049577f4103
SHA256 b554b7f95ad7df8756bf95dc7cb4c1a09b963a7da04db460e7609c32be6c6a90
SHA512 8820909045d96cc9ea355801f91bbc7988ef1adcc9d8142dc11910e83392b1995957fe5583e7496f5ff36a03962306666270b2169b4f4a5cb5afdf9a152d3189

C:\Users\Admin\Downloads\vPe6M1yA.zip.part

MD5 5968e8a8caa61b46ba347f8c521c1f2e
SHA1 88f9a7ce6e77d191c9a57ecf238ef5e9e9ba6c7c
SHA256 a181f8925c8c66614be38de89e6dc38cf85715379a10de8d9f9d70b04891ca35
SHA512 6b0659ff7a5548cd1b752a72a70b147d1c9676dce14148430961a7b5204d4e3a42de5530d423ebb879f8e5c72785a45e5b20bd40cbf93cfaefe981534e96cbe3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c069ea8b67c9a912126389c39487944d
SHA1 3edbfedc5548065f87c7fcbe07218bd95c8890c3
SHA256 587659d942dafd071cd1b3a54044f16f0a40bee19caba40d3210430275cde056
SHA512 97c3a7969c04c64f4d44d61670436afe65b91ead8a6d9816afc2380551b87beff0248841fb014999f876708fbd6bc962cb16612e57f7a3b2d07ed8080cc13f30

C:\Users\Admin\Downloads\-bAQrJEP.zip.part

MD5 6db8a7da4e8dc527d445b7a37d02d5d6
SHA1 4fcc7cff8b49a834858d8c6016c3c6f109c9c794
SHA256 7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984
SHA512 b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0d44b9334877692a742d0540050fc5e8
SHA1 5d769baece695e0b31798c426b83f4a3f41eb921
SHA256 179ea00600d1d6117868da353c8047997c16ba08d77810b43d6e496d424bcbcf
SHA512 f5a81807bdd8b0a646518c16c7bd1a5142564b40b79afaf3ddf51016444e0350b276418a4fd9151b6c8723dce72127cb0256b5278bbcf61f660a0c484b614b2b

memory/2964-3046-0x0000000000110000-0x000000000011E000-memory.dmp

memory/2964-3047-0x00007FF8AE0C0000-0x00007FF8AEB82000-memory.dmp

memory/2964-3048-0x0000000000A60000-0x0000000000A70000-memory.dmp

memory/3612-3049-0x0000000000AD0000-0x0000000000B42000-memory.dmp

memory/3612-3050-0x0000000005660000-0x00000000056FC000-memory.dmp

memory/3612-3051-0x0000000070600000-0x0000000070DB1000-memory.dmp

memory/3612-3052-0x0000000005CB0000-0x0000000006256000-memory.dmp

memory/3612-3053-0x0000000005700000-0x0000000005792000-memory.dmp

memory/3612-3054-0x00000000058D0000-0x00000000058E0000-memory.dmp

memory/3612-3055-0x00000000055F0000-0x00000000055FA000-memory.dmp

memory/3612-3056-0x00000000057A0000-0x00000000057F6000-memory.dmp

memory/3612-3057-0x0000000070600000-0x0000000070DB1000-memory.dmp

memory/2964-3058-0x00007FF8AE0C0000-0x00007FF8AEB82000-memory.dmp

memory/2964-3059-0x0000000000A60000-0x0000000000A70000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ln14indr.default-release\jumpListCache\ZP5PyZ1LS8OR0NMohz5N8g==.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\prefs-1.js

MD5 702cd015b7267058b1a7bb244ac12421
SHA1 6e9a1542b7749befc7e272c76717ab5b05c6b364
SHA256 a3f7ce4e287615dcf1965c95b1577340a51272c8774b936d3f7a416cfe47967f
SHA512 d62aa7e979a6d179e2aee14e00e9859d25dd045f824f5b097a70a48c2a9a8f62a9ebdd4ccb9222466d7be3617a7798a4952a9427606812c1398128e5cb7ca6ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ln14indr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

memory/5916-3149-0x0000000000610000-0x0000000000611000-memory.dmp

memory/5916-3148-0x0000000000610000-0x0000000000611000-memory.dmp

memory/5916-3147-0x0000000000610000-0x0000000000611000-memory.dmp

memory/5916-3150-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2964-3151-0x00007FF8AE0C0000-0x00007FF8AEB82000-memory.dmp