Analysis Overview
SHA256
16015088c3352a8257f420555e7ce6245aa0e6682deeca79bf7e08c24e1ac3de
Threat Level: Known bad
The file nursultan nexgen fix.exe was found to be: Known bad.
Malicious Activity Summary
Process spawned unexpected child process
DcRat
DCRat payload
Dcrat family
DCRat payload
Downloads MZ/PE file
Disables Task Manager via registry modification
Reads user/profile data of web browsers
Executes dropped EXE
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Creates scheduled task(s)
Checks processor information in registry
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:16
Signatures
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Dcrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:16
Reported
2024-05-31 15:18
Platform
win10-20240404-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
DcRat
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe | N/A |
| N/A | N/A | C:\Users\Public\Desktop\lsass.exe | N/A |
Reads user/profile data of web browsers
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Windows Defender\fr-FR\sihost.exe | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| File created | C:\Program Files (x86)\Windows Defender\fr-FR\66fc9ff0ee96c2 | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| File created | C:\Program Files (x86)\Windows Portable Devices\services.exe | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Portable Devices\services.exe | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| File created | C:\Program Files (x86)\Windows Portable Devices\c5b4cb5e9653cc | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\5940a34987c991 | C:\portagentbrowserweb\Containerruntime.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\GameBarPresenceWriter\dllhost.exe | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| File created | C:\Windows\GameBarPresenceWriter\5940a34987c991 | C:\portagentbrowserweb\Containerruntime.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\nursultan nexgen fix.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\portagentbrowserweb\Containerruntime.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Public\Desktop\lsass.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\nursultan nexgen fix.exe
"C:\Users\Admin\AppData\Local\Temp\nursultan nexgen fix.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\portagentbrowserweb\WRLLAAz5wgYRSh1EMNi6f5aM.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\portagentbrowserweb\6X9rFgrS3wv5iM7PLkmLFP1j.bat" "
C:\portagentbrowserweb\Containerruntime.exe
"C:\portagentbrowserweb\Containerruntime.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "servicess" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Windows Portable Devices\services.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Portable Devices\services.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "servicess" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\Windows Portable Devices\services.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 6 /tr "'C:\portagentbrowserweb\sihost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\portagentbrowserweb\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 11 /tr "'C:\portagentbrowserweb\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 12 /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows Defender\fr-FR\sihost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Defender\fr-FR\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Defender\fr-FR\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 12 /tr "'C:\Users\Public\Desktop\lsass.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Users\Public\Desktop\lsass.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Desktop\lsass.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Windows\GameBarPresenceWriter\dllhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\dllhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 13 /tr "'C:\Windows\GameBarPresenceWriter\dllhost.exe'" /rl HIGHEST /f
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\dllhost.exe"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Users\Public\Desktop\lsass.exe
"C:\Users\Public\Desktop\lsass.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.0.481606486\1095259352" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1768 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a65362b-d512-4758-8e50-877670938cee} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 1852 2dafdfd8758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.1.1429527686\1646534139" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea4b75d2-1a25-487e-9e7c-f8e501f9ec21} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 2184 2daf59e2e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.2.177409307\34289349" -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2900 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc4b1c03-9ab2-4f59-8d5b-e8438501fcb7} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 3068 2da84cdba58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.3.877706393\509023690" -childID 2 -isForBrowser -prefsHandle 3384 -prefMapHandle 3380 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6c1d111-a9a8-4320-9d4c-8df40c169558} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 3404 2da834a6e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.4.1713544233\2081598886" -childID 3 -isForBrowser -prefsHandle 4244 -prefMapHandle 4240 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {121c761d-0db3-4b2f-86f6-5d3003b667ec} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 4256 2da86a7a658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.5.2125883994\1694393229" -childID 4 -isForBrowser -prefsHandle 4756 -prefMapHandle 4744 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5ac7c88-bc09-459f-9b57-c1920751ae89} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 4472 2da873fa758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.6.306947\1751483240" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8d31a21-9a19-47f8-96a5-ca5afba8424f} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5036 2da873fad58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.7.2029447189\45586422" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2085fcbe-ef32-4d5b-801f-32e3cf844d11} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5324 2da873fbf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.8.748528905\377455978" -childID 7 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7ad1d77-63b9-47d2-bd8f-c6a2fde7600d} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5704 2da88723758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.9.950250762\1085760762" -parentBuildID 20221007134813 -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ebc99e5-6da7-46bd-aa92-f1741739cee7} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5916 2da88b5d758 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.10.1998504364\68965365" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6048 -prefMapHandle 6044 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4d2e4c3-09c0-46b1-a539-c3b407ff8168} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 5916 2da88b5fe58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.11.892419629\1309683216" -childID 8 -isForBrowser -prefsHandle 6284 -prefMapHandle 6280 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {417847ae-5983-4fd6-9bf9-b31b97319fe9} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 6292 2da88ac7e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.12.2032108865\1731595784" -childID 9 -isForBrowser -prefsHandle 4356 -prefMapHandle 4280 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f89ab3a5-9d37-491a-940f-55b13dd5c619} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 6592 2da86aa3258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.13.566393915\2040945924" -childID 10 -isForBrowser -prefsHandle 4356 -prefMapHandle 7200 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8dd735f-8f42-4df1-91ef-623338bb401f} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 6228 2da86aa5358 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x438
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.14.1280319327\1185847357" -childID 11 -isForBrowser -prefsHandle 10456 -prefMapHandle 6536 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96cc1369-015a-4368-b14c-e15b6acabbcc} 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 10452 2da8927aa58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | a0987415.xsph.ru | udp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| US | 8.8.8.8:53 | 26.192.8.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.237.98.207:443 | shavar.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49866 | tcp | |
| N/A | 127.0.0.1:49873 | tcp | |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.98.237.44.in-addr.arpa | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 142.250.200.14:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | youtube.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | photos-ugc.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6n6e.googlevideo.com | udp |
| NL | 172.217.132.232:443 | rr3---sn-5hne6n6e.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-5hne6n6e.googlevideo.com | udp |
| NL | 172.217.132.232:443 | rr3.sn-5hne6n6e.googlevideo.com | tcp |
| NL | 172.217.132.232:443 | rr3.sn-5hne6n6e.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hne6n6e.googlevideo.com | udp |
| US | 8.8.8.8:53 | 232.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hneknee.googlevideo.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 74.125.8.71:443 | rr2---sn-5hneknee.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rr2.sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.8.125.74.in-addr.arpa | udp |
| NL | 74.125.8.71:443 | rr2.sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| US | 8.8.8.8:53 | bestsearches.net | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 35.83.105.82:443 | bestsearches.net | tcp |
| US | 8.8.8.8:53 | bestsearches.net | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hne6nsr.googlevideo.com | udp |
| NL | 172.217.132.72:443 | rr3.sn-5hne6nsr.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 82.105.83.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nsr.googlevideo.com | udp |
| NL | 172.217.132.72:443 | rr3---sn-5hne6nsr.googlevideo.com | tcp |
| NL | 172.217.132.72:443 | rr3---sn-5hne6nsr.googlevideo.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d2g4kcs2g0r8f3.cloudfront.net | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| NL | 13.227.211.177:443 | d2g4kcs2g0r8f3.cloudfront.net | tcp |
| NL | 13.227.211.177:443 | d2g4kcs2g0r8f3.cloudfront.net | tcp |
| NL | 13.227.211.177:443 | d2g4kcs2g0r8f3.cloudfront.net | tcp |
| NL | 13.227.211.177:443 | d2g4kcs2g0r8f3.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 72.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.211.227.13.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | bestsearches.net | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| GB | 87.248.114.11:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d2g4kcs2g0r8f3.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2g4kcs2g0r8f3.cloudfront.net | udp |
| US | 8.8.8.8:53 | ds-global3.l7.search.ystg1.b.yahoo.com | udp |
| IE | 212.82.100.137:443 | ds-global3.l7.search.ystg1.b.yahoo.com | tcp |
| US | 8.8.8.8:53 | xmlp.search.yahoo.com | udp |
| IE | 212.82.100.137:443 | xmlp.search.yahoo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-5hne6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | edge.gycpi.b.yahoodns.net | udp |
| US | 8.8.8.8:53 | edge.gycpi.b.yahoodns.net | udp |
| US | 8.8.8.8:53 | global3.l7.search.ystg1.b.yahoo.com | udp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | global3.l7.search.ystg1.b.yahoo.com | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | ds-global3.l7.search.ystg1.b.yahoo.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 204.79.197.237:443 | dual-a-0034.a-msedge.net | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1---sn-5hnekn7l.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-5hnekn7l.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-5hnekn7l.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nsr.googlevideo.com | udp |
| NL | 172.217.132.74:443 | rr5---sn-5hne6nsr.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-5hne6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | rr5.sn-5hne6nsr.googlevideo.com | udp |
| NL | 172.217.132.74:443 | rr5.sn-5hne6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | 74.132.217.172.in-addr.arpa | udp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nzk.googlevideo.com | udp |
| NL | 172.217.132.138:443 | rr5---sn-5hne6nzk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-5hne6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-5hne6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | 138.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nzd.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hne6nzd.googlevideo.com | udp |
| NL | 74.125.100.232:443 | rr3.sn-5hne6nzd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-5hne6nzd.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hneknek.googlevideo.com | udp |
| NL | 74.125.8.136:443 | rr3---sn-5hneknek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hneknek.googlevideo.com | udp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| NL | 74.125.8.136:443 | rr3.sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | 232.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nzd.googlevideo.com | udp |
| NL | 74.125.100.234:443 | rr5---sn-5hne6nzd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-5hne6nzd.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-5hne6nzd.googlevideo.com | udp |
| NL | 74.125.100.234:443 | rr5.sn-5hne6nzd.googlevideo.com | udp |
| US | 8.8.8.8:53 | 234.100.125.74.in-addr.arpa | udp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| US | 8.8.8.8:53 | rr4---sn-5hnekn7s.googlevideo.com | udp |
| NL | 74.125.100.41:443 | rr4---sn-5hnekn7s.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-5hnekn7s.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-5hnekn7s.googlevideo.com | udp |
| US | 8.8.8.8:53 | 41.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hneknek.googlevideo.com | udp |
| NL | 74.125.8.134:443 | rr1---sn-5hneknek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hneknes.googlevideo.com | udp |
| NL | 74.125.8.202:443 | rr5---sn-5hneknes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-5hneknes.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-5hneknes.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hneknes.googlevideo.com | udp |
| US | 8.8.8.8:53 | 134.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nsk.googlevideo.com | udp |
| NL | 172.217.132.42:443 | rr5---sn-5hne6nsk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-5hne6nsk.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-5hne6nsk.googlevideo.com | udp |
| NL | 172.217.132.42:443 | rr5.sn-5hne6nsk.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 42.132.217.172.in-addr.arpa | udp |
| NL | 172.217.132.42:443 | rr5.sn-5hne6nsk.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hne6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hne6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
| RU | 141.8.192.26:80 | a0987415.xsph.ru | tcp |
Files
C:\portagentbrowserweb\WRLLAAz5wgYRSh1EMNi6f5aM.vbe
| MD5 | 61a07f2f9e8e9b1f5175b2d60c3e3f18 |
| SHA1 | e695b0c2b43c786453bf3f6ae504f0626951d281 |
| SHA256 | 5c75708ec9e4fe419a2fd1067bd5793bacb28140177cc6b36300fbf28e7c23d1 |
| SHA512 | 8ef3529f6bf504224e7803019f1e162aead7961bc1a5115f50fb5f580570e8b04707da21a7aab4eb7f1554a3b5333597fb3335e5f6a74dabfdb0583eecb35b5d |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | eb3ad8641e3385134298c82297774712 |
| SHA1 | d6e1bd8d2646de3a13c0444116dac37e8c28f3a5 |
| SHA256 | 54f420f24220ff1225260bb3b71f044f34a46af821515295b487e78fdb7485ac |
| SHA512 | 02fc4e7f66bf22cf05d6231dc95af211097e188b989a118e3142e127b4a35a8da5b903371f68660d67f6f59179e6542143277cd3f8e05bf1752a6831d6d0296a |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 2eaed728d783be1daed7a070467bdf0b |
| SHA1 | 8b8111966966fc92271af429997d978c84e839e7 |
| SHA256 | 9f637c5801f974a88f72cc8190002746b1136dc564f6e6082c4baaf72518ffb1 |
| SHA512 | 13d12228abb8425393cc55b5e7eabc3823bb030adf6cf18b03a6d4d85e556d21ef5bdf6a390044f57c1254343d9d80adc679f12432deb7b23b79fdc4a5948c24 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | e36f3abf1b4fe80fc5c8966c916297ae |
| SHA1 | df490de100de3fb8630f55fdb55c1030c4a084f0 |
| SHA256 | 74fb6e084786e71f505aa28a9ecc25086eea396cf18ec2f049f8380e41ff55b2 |
| SHA512 | 9888ed46a5ca3604f65e9c4fb3d90f98c01e151ddccc3774a4a4f47ea03147b5e14f4752a98842d83cae3135e23d82faebd5b88ccd51bc4441268274c34c6be0 |
C:\Users\Admin\Desktop\CheckpointFind.vsd
| MD5 | 2e595558361527240ecabc59bce9b060 |
| SHA1 | 7dc73a34f7c45d29c03ba9099f68ad7afa0166bc |
| SHA256 | 21c4b0a1695c1b8e7adfafaff8e09ec18f3a59236eb387cd2e4f0893f8a05ab3 |
| SHA512 | 6e970b91532ed72f756ddc15c4f6c7fc0e9b48e36a0d0c058d25fe2e54151de066fd5e0a1cdb946b4b12966cc2eaa96439d006fb291403dcf47c0f946ad15a88 |
C:\Users\Admin\Desktop\DisableAssert.midi
| MD5 | 75b949d648f1f07fbf8a7cd680027ba5 |
| SHA1 | c86a3ce1ea6738f78cecbbc2fa09c80d20ca6b2b |
| SHA256 | 8f37b2b8acde799811fc96dbd374e6975fbf9ac8dc0b8c2e44b5d5b580222a02 |
| SHA512 | 60adabb6e14049d866f0f8d4805b409fe8e78cece56640ea17c02836a98d0ed1e8646f7a01230cd114bec95647d3b0e803afaf0be552ce54e27f8561bb9c905f |
C:\Users\Admin\Desktop\GroupRestart.WTV
| MD5 | 4cf0fb081685764817d1ae513f40b800 |
| SHA1 | 03dd764196538139ef753ed5f81af161a161a315 |
| SHA256 | 97aa4e123d5e68112fd10427b1cf93633f22bb32a6b9c28a9fec25cc273cfe0b |
| SHA512 | 04154d92a870dd698a147077bbfeee48a695f03c91358b69b3e040fbf268df8b77bd8e267a919ecd8bddafe32b95708a9f2abd21b290f58067f9f0056d18469d |
C:\Users\Admin\Desktop\ExitConvertFrom.zip
| MD5 | 175e9c921eb077206b7b2aaae535adc4 |
| SHA1 | 2250d53d896d42b445e175f5a3ef7e3df937438b |
| SHA256 | 169f26aadcc0626e511dfb5c33b148b0e7f2fc858d0298309962c27af8669438 |
| SHA512 | ae1a8ce4c422592ff37a2908b68adac31efa6fce0c7e04edcb408701633db12558521883d197af63dd40c9df1f7f6ebc4c167d5c30998c38c76d191bacb53ef3 |
C:\Users\Admin\Desktop\EnableSelect.kix
| MD5 | c4a63dd6610867f85de77d82fc2c0a49 |
| SHA1 | 892ca5708a93de8bba70d0c98610afcb43c4cdac |
| SHA256 | 65a243d3b20f5ee3c30a48b676bc7acde15ed4b70245c0932605f5d981f7ca2c |
| SHA512 | 0e93a576a4d6aa01ed87e1d8b91cdf537941779e53a3d0302432ca91b87e8a92763f3fc9392f537c44e1017fbe032d1829f64c1b9c6ec76f9ec93ca5ec2b3716 |
C:\Users\Admin\Desktop\EnableFind.mhtml
| MD5 | a801329739f5164b4beaf1a73b016a60 |
| SHA1 | fea3451cd1811f474de730505a765ebf1178b60a |
| SHA256 | 5ccebc72b58194eda04c58b2ce67461fa7e20c696d857a1cad581711c87ef60c |
| SHA512 | 7b5cf75e0e0dbfac5c18cbff2458da45c039eaef610407befe68a5405676f8f7d75f6c56d86edad5f694cc4abedbbe51d8db91af552cc136a636a26ae2b9ffa4 |
C:\Users\Admin\Desktop\InstallDisconnect.ico
| MD5 | 4c2c7ef348b3fc5190fb27a026aff4ec |
| SHA1 | 98a99bc4fe1f064b8f451db9304fc0162b2787eb |
| SHA256 | f2d847d544b6b23012fe6c45f01c0b92b7deb2c72b5880a6291d58d188c586eb |
| SHA512 | d507beb5b6c150ff9b8b08cc346ba0394c7382aacd22ad7e5ebf24f0635d7539106a14e62821639876c18ba379e8d466bb3ddec599714fd58a0a209fc020074f |
C:\Users\Admin\Desktop\NewInstall.asf
| MD5 | 6aeb6338ae381491c13348d5be57e53a |
| SHA1 | 89f11fb38db5009bd236aaef15f605ed4d2f49d9 |
| SHA256 | b8d7f643a841ff163571f749afaf163d5d1b393771923a3fbc8685c608014788 |
| SHA512 | d02c684db7d01b24cb6872906469406b7746c3c38bd0959a2b5f594222df9ba7400e3da0b66658155b186cf2c10092983ab331f6ba10615d241b68dc3068cb05 |
C:\Users\Admin\Desktop\UnprotectMeasure.avi
| MD5 | 80eda092b60bf30f3080e0fcafa84f8c |
| SHA1 | 2f24a10e3963f4a7229a034db7d80c7c19735475 |
| SHA256 | 53769fa13c3161e84f01fbfea2480c46506e23e0cbca3505f48e2dd9057d1ce5 |
| SHA512 | ca61fe0dc8650c354bf4ed3ac8eecbe94245a20fd934054d1054f45a823e1084ef03ad64f685645131d230c4ac6db02dc6429f8d407f2caebc27ea945d140e0d |
C:\Users\Admin\Desktop\TestSelect.ram
| MD5 | 1a400cade36460a5cc62f56eec131ada |
| SHA1 | f93228bfeb01141284aebc125acfe41ef8a050f5 |
| SHA256 | d3f9d9784912eb389b652372fc8a5b35ee3268164466b7ba6560a094e073208d |
| SHA512 | 8d66d0baaf6a13d3e2990ff92dc0304ca5265a6e28ec02edff9217b8946ac29c6d8c226b37bdc1f36bf37331f3fd71eea7af8d96475a8b3cdf56e89b42e7dfb3 |
C:\Users\Admin\Desktop\StepConvert.wpl
| MD5 | 9021b03cc7327fb57fd55a4e672c9c44 |
| SHA1 | e7f42aac023051592be0cd7c9af4cace1d0ec354 |
| SHA256 | 2f6d625f52bbb8e062e5e2c0afb611dbd4f1d443b39ff3216130ecec65533f10 |
| SHA512 | acaddcbe9299f6be917e65b24d4013f9abf7d3299b40c7c5dc6ea96edefd042ec876de55562c3f41e69f4d21814c82ee2d70020bd58cde393116dc6ab57e9b00 |
C:\Users\Admin\Desktop\ShowRead.css
| MD5 | c7811acc035bfe9850c3552a3f4ce23e |
| SHA1 | d464d0960eb6c35efd9a4d79b3d98ba25c52d6bc |
| SHA256 | c2745a2a3552ca7e1bc390a895e87304b9386ebbd96956d18d68fae45542ceab |
| SHA512 | 92546c9830bfa51a5d9088d50f0e4519df16f237f18469035bc642e60a4ae72d1157e38efd4b9df3f1c4853c2a96941e0ecbd754e1e4786024978e0e6ce7c8c0 |
C:\Users\Admin\Desktop\SelectUndo.kix
| MD5 | 4341403840546f70b64c3574debca10e |
| SHA1 | 45dcd506e097fc1bc3ed2d939d0b1920db1364d5 |
| SHA256 | 22026de915aed71f9d2dd69fbecb68c778a0b3c5d58d093d06c2e45239909994 |
| SHA512 | 6b9b6fdaf3d480a36175148e0d5f816bf92fccf47e3ff6fd8f83955aad216a634be275926ee86c5ee6d78a26c99c4b3c187dd783550e31c75e72536e4e640943 |
C:\Users\Admin\Desktop\ResizeEnter.bmp
| MD5 | f32bd09c92d971eb952a60e8a02eb9d3 |
| SHA1 | 6a09fc5c002298b2b0b287294ed37f53c4415d16 |
| SHA256 | 6d9269aeb5d551008bdf2c74546d92b9749378efd9cdc44206a97825eb6fd497 |
| SHA512 | 466a89851b6404cbce72d2a490efc0e7888ee5585e99ccb970759030d5219681fd6e05ae06a78e4815156690675433a5b459ca4a3f8077c9c13a381ca1af10ed |
C:\portagentbrowserweb\6X9rFgrS3wv5iM7PLkmLFP1j.bat
| MD5 | c8f8a078dace2ff4cb106803c9199643 |
| SHA1 | a5029ff4c4f0f24b0fbe2951c9a8002501ebd3b5 |
| SHA256 | 1b99d39fa273f33b072c67e0df7d33b1699fa17b7c7139467a658302a5ed0e0d |
| SHA512 | efaea3b4653768bbd135a0ec55319df2464f1d440ad982f31a5eff05c5ba5032f4718683ff6419c668bf1f34a117b5a101f56d1efc1d74ad93e692c52686f999 |
C:\portagentbrowserweb\Containerruntime.exe
| MD5 | 5887a563351ca99247b7e2c448bd9f2e |
| SHA1 | b24695e88143863297535989900bb7521ea86d67 |
| SHA256 | e74cbd74c838db604926e27322342c02f803b95f98680d4089b5c01ed93fb390 |
| SHA512 | b7d82bd09ba64891b75bbb9356de74a1ed0835709a391698c1301825777418f57e4f2ae3c260d3f7b6ada05d0e7ddeb4a6b75901fdf53bdd82ffa2febb685107 |
memory/204-31-0x0000000000420000-0x0000000000552000-memory.dmp
memory/204-32-0x0000000002730000-0x000000000274C000-memory.dmp
memory/204-34-0x000000001B670000-0x000000001B686000-memory.dmp
memory/204-33-0x000000001B6C0000-0x000000001B710000-memory.dmp
memory/204-35-0x0000000002710000-0x000000000271C000-memory.dmp
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 38e83dddf1c2efa3f4e42d486ebd1c03 |
| SHA1 | 9cc77e42c2a72556e5d1f6d44bb9f56773d8f030 |
| SHA256 | fbda9fc0d5d4ca691735b590da38f0e6f1d441698bc5e0e539a45c0df4153b4f |
| SHA512 | aa84300db92ca3ea7608b6b5b1deaf9ba34af9720998656773c8314470c9dae22622375f1e8c76d12fe10754d98c0310b257aeb88ea8b666ce28176ae727fe89 |
C:\Users\Admin\Desktop\DebugRepair.WTV
| MD5 | 846818ae4243350f63a8339f5ff77a72 |
| SHA1 | 6e92117ffb6c2bb6330bcf336c35133c35f46fbb |
| SHA256 | 64d85d31db23ce47cdea5e9f4ff573daee11382a231c55cea43f35a5b2340d54 |
| SHA512 | 974b4ab3944510b8cc09b464120d004b6ae2e9c5991f59d097f61090e9f19cfade91fe01da0f037d1570d8f1c04c3ed6dcfc29445b6ebeedc6ca4802ee5798cb |
C:\Users\Admin\Desktop\FindConfirm.vst
| MD5 | 4f96c120426ba4efb2fd73f6574e0ded |
| SHA1 | ffedb793ebef8430d8534c6234ca5dd413d8f86a |
| SHA256 | 857180bf69a23a510620d2802b454d1aad692e241fd54b0f7a7c02ba8fa1ae5d |
| SHA512 | c19e427ed7e25f381b780300f8839a51f2ab5f9127dae2b9260d818a61b63c82d59b2f72f3a4d42aefdee7ae8ce0c631fd310f2fcc7785e53f0210351d30d13b |
C:\Users\Admin\Desktop\ResumeLimit.exe
| MD5 | f2f76be946a631710ea2a201593f79c3 |
| SHA1 | d2e8685b9a474a976f4422cb77c0f59977e8caac |
| SHA256 | 404682f8ac9eeecf7a82a7b2b25791e86c9b2387c346976d8320e67b6d1940e0 |
| SHA512 | d697c9ecc3767b1d7004aa5383055e8580196f0e7d5bb92c790b52dd244e80de66ce251abccb09d625d797b83e8989381c9dac0cae9cdd7c8d7f24881454302d |
C:\Users\Admin\Desktop\UninstallOptimize.search-ms
| MD5 | ec684e028a01eb0e803489da0a866457 |
| SHA1 | c202f908a6e16ead026fd1cb1314447d69b27fe7 |
| SHA256 | 92e06ec88df5e8842e19993ee5dc0620c40e6502e5ac1a32f860b01756061211 |
| SHA512 | 140a69b0a82ad6a7cb8d5cfbedfc3a4c3421b3aa4fd0240822115140b2db607e2197cf86ed7e54278714b1a35e553951bb7cff5183735f1c7469a73ddd99d3dd |
C:\Users\Admin\Desktop\CopyOptimize.css
| MD5 | f7586966d0a73f60c6de70cab89aebaa |
| SHA1 | e3801be9df83d3dd8eca8b6bbb63d96cd2168046 |
| SHA256 | 5ed9d0f307ba2e3efc709f1abc74240b4437696c702ee96d5f996d32afb8b7e2 |
| SHA512 | 7dc96f446fd9b774a9f907787920371f7b232636dd506469005c1bc2d92f48500fa13d2e8919c033ea018d14e73ee014e6bce8103079ca8442d58179b6eae074 |
C:\Users\Admin\Desktop\ExitDebug.mpeg2
| MD5 | 3647160f89e01681aed2fd9906535c51 |
| SHA1 | 46b0775677ec195941f2371ced327cd2721654be |
| SHA256 | a5feb1a9c8b722e56e5b41353ec7dc7652d8ee15074df49bc531b59bbfa27555 |
| SHA512 | 32f2ce9ff59833ca67ba11ea72d221a062e47903b7f4d973187cfa58d9b3541ee7526dd15abd70220425ea9542bb36cffff3fe20e8a5ca9e67ee7c6017c4941b |
C:\Users\Admin\Desktop\UndoTest.xls
| MD5 | 6c06ec0839f54841d3d0fcb21138a62a |
| SHA1 | 0976d1c84b8b1944e2ecae56c80b503b1a1f7c58 |
| SHA256 | a549ab1f3620572e2796b7260c0367efb2e0a29c0630cefd1992dc18714284b8 |
| SHA512 | f7fbd84b35e6f59cd02e0477f2e1297e735ba399ac71a233186270703281e68319b845f13ddfc499d7448a90ebfc576734622d9a2c74f1e0d6159c0b84fc51d5 |
C:\Users\Admin\Desktop\ResizeUndo.temp
| MD5 | 8c4a9bb4b17f6d8eca8b4f4c3aefa03d |
| SHA1 | 5e9f1fa2bea4e17a745fcdbbf346319142b1497f |
| SHA256 | 14ffad2a6d867fa5f978a44d3f871992066b34b2fe3f437ae8987d3e24068119 |
| SHA512 | 05698b91a1784c1df4eddafa44a467221be9266b38ed25823448cd75c99b676d40c2b41a1038a9cbe816fc34bc4f966337d6a2fd2e71f4bc6b08ec9d701f120c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\efe87705-e89e-42e7-b3e1-d25db96bda79
| MD5 | d06f3e3b25a759191aef2bca5d5f02b4 |
| SHA1 | 9cb2099d33498470085c961760c1f8eeaf6bae03 |
| SHA256 | ca00876d67d446642f3ed73023d04ff2a8e4b4001db896127c696d199610361c |
| SHA512 | 5525521a002a35186bd13bd185d25b6380c90a4d86714fe0f42ac4f4d790205566ebcdba9e6178c4632b261e8b5aac4a096f09d74de82e62726e6165049aea3a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 132011ac6cccb63bd6dbdf33068f0d6b |
| SHA1 | 14d922bc9a1b3fca8cfd15a60c7dfde045f63626 |
| SHA256 | 1771fbda91e79384589e2596f89348f1b8bac26b767de96a386d593a5d61b452 |
| SHA512 | 6d3e3ee55f80bc07ac9d10f266bee365dc3b5aa7264056701f0ac4c6fd5d5791321ef0f05b14adba5af6618771d8c7bb3cdbc9e79ad267bb57530ba58124226b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\615f9224-3268-4337-9374-c1dc7f852c8a
| MD5 | aef1d007a467f5cf27098023e49518bf |
| SHA1 | 2ea52fd20a2e480f7607e8af237134b99bb6c1ab |
| SHA256 | c478a05ceb02021724bc2d790ee2d8385a487aba594731c50b525e943a4a8f60 |
| SHA512 | 53a98cae60ae27e456f3c5f33efed68048339932859e0e8441ecba0b1efe96d645c5e9bd6ec9356278842f61b4434a94448db6c172027e0b775cf746d23b3006 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 3018d1aad8385b734068dbad441e344e |
| SHA1 | 2a3925bc92ec843db64b6db2cd6fe18ccf084a86 |
| SHA256 | f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88 |
| SHA512 | 7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
| MD5 | 729bb85a798dd9496cced39fb7fe086f |
| SHA1 | cf8d42d75ded9dee6b276e4fd038ff253a753b41 |
| SHA256 | dec5c5455e6d74c2743311f32f29d7c274bc4ce2bb78b0d30217544ad062425a |
| SHA512 | f31ce7ceda8072c56a3f234e4626b46b94a0f7e7f5cfd17eb7d6130fc7d3295dd86d8a755b49cbc9f48c6f4d0f233ed0c529ea3aa12155e56de7d945bad01a62 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 47725092e8694c84a9f4ad473f166626 |
| SHA1 | fd81a7a0668236185f16d65db6c408c0e8f6f4d9 |
| SHA256 | c93100b088228040179da7bb2f50136ea09b4364be23b55f8e51e6436c89582f |
| SHA512 | 38d765b70cd679ff035741345cc0f0f4a13b73dff12576cca4853d86fe78ad5f8a23f58668a9977a5f11f3c1370b7d8458bfacb05c2b41d3932aa8cd516a9119 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\cache\morgue\124\{67370385-2399-4edc-801f-9143f393c47c}.final
| MD5 | c27db3d65048003ad8ef29962ff2d691 |
| SHA1 | 5bb939f6c5131a93d52da46aa855cd28e3903c81 |
| SHA256 | b7e3fb38531eb7a38f67e7ef1562b58bac2cb971940450c11b9f3846927c00a6 |
| SHA512 | 5e1d75bec2e03a96a92f0d8fec19a0f49b8a88992ea74567eb09b5a823ce57a6cec642c24a6586314672c6cdaddfb1e7d28c8278abbc8412b32974560a493219 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\1578069077yCt7-%iCt7-%r1e2s6p2o.sqlite
| MD5 | ea22d50638c9ad5d88c5213179a2c8e7 |
| SHA1 | edcb3de510418e3d3afa7c7b6b87da5f9c885a9d |
| SHA256 | ae60c9add684f96cff31352bbf45583a8792d54f9940fa1088fae753d0d86ebe |
| SHA512 | 66fb0b752664da366d8096387eb46ab3fae752eb4be0b7979c103b51fa9af044467b6a0c8b36a62375ef5e8b0d60f81359b45f7dacff33935ebe6a60166f2bce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
| MD5 | bc3a8aca7fa6351c2c1484db1b82f165 |
| SHA1 | ccc5ed7b2abb091a0d32e8691899842fd6313875 |
| SHA256 | 785e07edefd4b6722adc4fa8b58c5a9b4d06708e93a080f13dd54633cd0177a1 |
| SHA512 | 9a244823ca81250efddaf5860192b75da90fd6cd5ef740c73f1a202f6c7a2ad0562aaddffe01d0d435f7bc74f644c2b88c3c3c0f3395676425a398c7ead4b8cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\cache\morgue\127\{f796a8c8-7e7c-4c70-875e-f8dab310657f}.final
| MD5 | 33eb9f44045c5d260694dc8176423e6a |
| SHA1 | 8605385621c6170d391ca3c431c2f77d5389ce81 |
| SHA256 | d7e5351d8c0acbfda74aec3664eb73337428df65518a38bd45b6554431c159df |
| SHA512 | 01c280bf24755e8e9e6167be2cd2d842ea530ef64eaf5bcb59fe7f5cf1f1cec84804e302b702938c3aea273bd204682308c5c1df7e1945c88c90bb1e6cfeb513 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\1788
| MD5 | c90faca4ac7410e5e1c1e32670964aaa |
| SHA1 | 448ec45fb0a7075e469bed9688bfd35e5921445b |
| SHA256 | 4d644b98773a5c7622eb09a4028fe6c31cdd7962d3f701a6380c14e11bb54954 |
| SHA512 | d7e911e11a450a0406a0ae8f92ca1b20bcfb04f36622581ddbae4dadf1cfa431e0098f6b0680bdba754c72b31f830fd5f5f5827292df5fc3e52137818e6ad204 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c665de8863129119063d846304404cdd |
| SHA1 | fdc61098846cb021767f44c173b3f7e3685fe6df |
| SHA256 | dc02f8229657368727dd3680ddff64b90e113676232ed7683b521718e032ddc6 |
| SHA512 | 5f92afb4fde6d251415ac6534689ac385c6aced695de0729337cb769f9b7ba68e2f4cf38d024243327e68666b6b61c4c6cb527d36b16a2a73bd83673f596ff07 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2d8dd2f5738d42b16f7877876ab1f5c2 |
| SHA1 | 2640a254e78db2b95211f2928660f5640f691774 |
| SHA256 | e40bd6c15522145c37ddcd4288eba1e9cd8f4af0d615c233722aab4a570a44a5 |
| SHA512 | f9a249567dc0881322e2e5d77a6b1ade93fcfa3efce4183fdb7c8c08162fa4a8f8a82cb0f98138451a23354ca0b41aea278a3b09c6b27565fd1c8d474c8b09d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61
| MD5 | 963552580a1ff3625d7dac3cdc766809 |
| SHA1 | 02edc160d61b35234ddc79b2cd83ee3a69c6efc4 |
| SHA256 | ce55597104485c4d5f941ec6593e874d51915460b2bb0989dffc2ca3142f362b |
| SHA512 | 938597699f6bea4e2d6874895e4d558ebd0fc6deb150c3bbd679a862cfb2a342b86e069cfd4a24a77ebfe89fca94c6ef64e2b0e43e94f94b4c0b5959d22c9dc0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\1578069077yCt7-%iCt7-%r1e2s6p2o.sqlite
| MD5 | 6e11afa736b3efe3df832f145258901a |
| SHA1 | f51a383183b05a11078c50273ec48b9ec854beb8 |
| SHA256 | 9006517d4fc231d10a6dbd903bc80570542de2f5e3d3b958545ae572030fee2a |
| SHA512 | 9b6de88fb62daff3d1f3e99421afb420217bbf2ceeee57e7ef6f0aef018ba8f0403147389a1e5db5e1dedc958d17ef0c2fcfd49ce58e10c405e23df944e92dc5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\3226
| MD5 | 6d3fe88da0cb85d1876c89703afa799b |
| SHA1 | 9c857095997142d3b6e7561a72a21927d8e20504 |
| SHA256 | 3a8094b637f78af6853e7088493da0b5fc1ec544d31e356a1199bbdb5e30e407 |
| SHA512 | 6e189ccb3e6bc1e090a11b876b88aa26f218d0099657c995d2f95e3eb38d4ac7809b8113474031160594798fac818693181cd59232196f831c2d3837a820e82d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\26742
| MD5 | a3e2a9afea17a90fd04933a3075a8e0e |
| SHA1 | 790846a3080836264f17752f00da6a90768d33ce |
| SHA256 | 3616921e5c60fa4ca957fd2acbd5ec7ab7c2983d2cc301b3956a9ef202312746 |
| SHA512 | cfaa0b787acad290f05770f109fa63572231b0342db15987a57d9eb145e04b5adf3fff773201511fffbada1e15c1e83de4c3c03c19db6d9898538825c1441974 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ca178bddc62dbcbc4a7f4eda6db1d846 |
| SHA1 | f03cca73fd1f95c8b97e28d46509e85d2d355202 |
| SHA256 | 4d90f225e793df4fe9f982d6992bf25229b705d5e1de565a91d5ae083beddd06 |
| SHA512 | 0aff9a7552a148e2d5bd7ac6ec3280eca0002f07966a23adeece216ee76ad3413d78036aff1ff5001ad7c84de9d305796740067b803eb7ebcc5751a5bb0d5f8b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\1619
| MD5 | 8c76e38ecb0d2c86b27447f23c76cc7d |
| SHA1 | d294d68a7d8e3a2038bb66e779ab162ef1b94a31 |
| SHA256 | 0faf4eeb909126d8275cc21eeee4e70f704f3882d9e1b27faa9666add0c690dc |
| SHA512 | d6ffec013aa84fd683155a16984db60747505c9b4637cadd0cb78d1ce9841bfa72deac2f4626c0a8135d02438e251b1296a75f5f833e55f578048e679df58a87 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\1321911027LCo7g%sCD7a%t1a2b6a2s.sqlite
| MD5 | cee44dd65c713efe020fef8ace21a072 |
| SHA1 | 2c61d148b4ae437d6e4d3eaa9b7a8224cebd66cb |
| SHA256 | 7b446fd5104ce9207434c527a697fdb2b08852edd2f4b85f6de56af9ae15c846 |
| SHA512 | 59b11eb9deef79ee37bebb38da3148bae3d23a99fca363ac3744e1105a1f1fa999fb60985afcd832b7ee38b272ee1beeefa87a0042e9ec6cf722ef876cc77713 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 075d94e75d4d19e04d22ddc3b7bdff92 |
| SHA1 | c6b72b8aec012ea30ce8b9baa396c124cdafe35d |
| SHA256 | 573b4acfdc0b941cee66dfce101c550eca8af751a3237f34d0c02381f3cb9b8b |
| SHA512 | 11d091ac738c881ac9f9e9fd62aa2b726354f3d513a3cf8a8ab84a218f11b26d87d211bd48d5a919691c3a563512edf5b444470d76d3788c563fd488a16eeb8e |