Malware Analysis Report

2024-09-09 18:07

Sample ID 240618-rr4zna1gpj
Target UIExecutor.rar
SHA256 fc7c0deb50eae9b6206bef44c26db79620c028e8e85919b7e17459373f0fe30b
Tags
discovery persistence privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

fc7c0deb50eae9b6206bef44c26db79620c028e8e85919b7e17459373f0fe30b

Threat Level: Likely malicious

The file UIExecutor.rar was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence privilege_escalation spyware stealer

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Suspicious use of SetThreadContext

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies registry class

Suspicious use of SendNotifyMessage

NTFS ADS

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-18 14:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 14:26

Reported

2024-06-18 14:31

Platform

win10-20240611-en

Max time kernel

290s

Max time network

299s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\UIExecutor.rar

Signatures

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2406-x64.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2406-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Software v1.24.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2406-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2406-x64.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2960 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 4184 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 4184 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2132 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4568 wrote to memory of 2732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\UIExecutor.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.0.508040573\998711109" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1692 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7216c316-9cfd-41a4-9548-b766c27a4d65} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 1836 2a318dee158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.1.1574541746\1130214679" -parentBuildID 20221007134813 -prefsHandle 2184 -prefMapHandle 2180 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a01d37f2-d510-4f56-a414-42eff96b5dca} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 2196 2a306b72858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.2.901133815\1745426390" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 20886 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40482e11-6689-412d-af16-f7f117f93500} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 3028 2a31d1bfe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.3.1877165339\1202803283" -childID 2 -isForBrowser -prefsHandle 3440 -prefMapHandle 3436 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae24e9af-f442-48b0-8336-2cc6cf10aa71} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 3452 2a306b61f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.4.2047054563\794798758" -childID 3 -isForBrowser -prefsHandle 4452 -prefMapHandle 4484 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f78f32b9-bc09-4cb2-aeb4-6e7cbe0b907f} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 4356 2a31ea9ff58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.5.1271848743\188048220" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 3436 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a0a7887-8223-4fe0-8351-b3b613888784} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 4936 2a31fbf4a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.6.2103077980\439929507" -childID 5 -isForBrowser -prefsHandle 5028 -prefMapHandle 5032 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff8671e8-3e31-4e79-ac13-f4bb579a9b0d} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 5020 2a31fbf3558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.7.1503373066\905358010" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dfc9dc6-fbae-49ba-a169-988d564a1538} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 5220 2a31fbf5058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.8.1960863553\319838460" -childID 7 -isForBrowser -prefsHandle 5696 -prefMapHandle 5672 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {918502a8-5d90-4ec2-af59-80a7523ddde6} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 5684 2a320e95b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.9.1339358860\1633214290" -childID 8 -isForBrowser -prefsHandle 5404 -prefMapHandle 1616 -prefsLen 26714 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26c89b52-5bd9-4653-96a6-26d16e6f6769} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 5416 2a31b668e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.10.582834941\2079730104" -childID 9 -isForBrowser -prefsHandle 4580 -prefMapHandle 5644 -prefsLen 26754 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {783c2e6d-839d-421a-8e93-f2ecee7d79b9} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 6040 2a306b2f358 tab

C:\Users\Admin\Downloads\7z2406-x64.exe

"C:\Users\Admin\Downloads\7z2406-x64.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.11.1098714157\610598593" -childID 10 -isForBrowser -prefsHandle 6216 -prefMapHandle 6376 -prefsLen 26810 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {756ec9bd-c2cc-473d-af1a-cb939ff6a4b6} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 6180 2a31fbc5a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.12.1636497824\17333866" -parentBuildID 20221007134813 -prefsHandle 6520 -prefMapHandle 6444 -prefsLen 26810 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a396bd0-6154-4d7e-84d3-65737e58133d} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 6164 2a320d4a758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.13.1504978917\500170945" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2664 -prefMapHandle 6376 -prefsLen 26810 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {332d207b-42dc-4d1b-a8fa-eda81ba1bbf3} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 6724 2a31f37c158 utility

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x41c

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.14.1913050318\1724376053" -childID 11 -isForBrowser -prefsHandle 9524 -prefMapHandle 9564 -prefsLen 26810 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4995153f-0bcf-487f-8e8c-bbbb21fa5c82} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 6464 2a323145858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.15.1185327098\144737092" -childID 12 -isForBrowser -prefsHandle 5304 -prefMapHandle 5208 -prefsLen 26810 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9859c24b-c00b-494a-b8a4-9776c0714d11} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 5388 2a3210b5c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.16.1014183873\1531320088" -childID 13 -isForBrowser -prefsHandle 5724 -prefMapHandle 5812 -prefsLen 26810 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b104e5ba-832e-4755-961c-0ebce5a34e52} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 4692 2a318deff58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.17.229959841\2056582330" -childID 14 -isForBrowser -prefsHandle 10308 -prefMapHandle 10304 -prefsLen 26810 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2eb9373-3935-4b59-af64-8c7089d744d4} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 10316 2a31eed0258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.18.1507684151\1225736602" -childID 15 -isForBrowser -prefsHandle 2664 -prefMapHandle 5796 -prefsLen 26810 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3ed25c-8c57-4c9d-965d-eda8668be732} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 5728 2a32226b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.19.184010979\1046748295" -childID 16 -isForBrowser -prefsHandle 9988 -prefMapHandle 6408 -prefsLen 26810 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe65aeba-7928-47ef-9e1e-904feeeb60df} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 10104 2a31a7e3358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4568.20.869458216\109169514" -childID 17 -isForBrowser -prefsHandle 4764 -prefMapHandle 4452 -prefsLen 26819 -prefMapSize 233414 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6721955-0f84-484a-8c92-795dfea70df3} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" 5948 2a31d143f58 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Software v1.24\Software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24\Software v1.24 loader.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 276

C:\Users\Admin\Downloads\Software v1.24\Software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24\Software v1.24 loader.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 256

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24\ReadMe.txt

C:\Users\Admin\Downloads\Software v1.24\Software v1.24 loader.exe

"C:\Users\Admin\Downloads\Software v1.24\Software v1.24 loader.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 256

Network

Country Destination Domain Proto
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 44.232.194.163:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 209.100.149.34.in-addr.arpa udp
US 8.8.8.8:53 163.194.232.44.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
N/A 127.0.0.1:49750 tcp
N/A 127.0.0.1:49756 tcp
US 199.232.210.172:80 tcp
US 199.232.214.172:80 tcp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 www.7-zip.org udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.187.227:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.187.227:443 id.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 adservice.google.co.uk udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hne6n6e.googlevideo.com udp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-5hne6n6e.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-5hne6n6e.googlevideo.com udp
NL 172.217.132.230:443 rr1.sn-5hne6n6e.googlevideo.com udp
US 8.8.8.8:53 230.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.180.1:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com tcp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 rr3---sn-5hne6nzk.googlevideo.com udp
NL 172.217.132.136:443 rr3---sn-5hne6nzk.googlevideo.com tcp
NL 172.217.132.136:443 rr3---sn-5hne6nzk.googlevideo.com tcp
NL 172.217.132.136:443 rr3---sn-5hne6nzk.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-5hne6nzk.googlevideo.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 136.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr3.sn-5hne6nzk.googlevideo.com udp
NL 172.217.132.230:443 rr1.sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1.sn-5hne6n6e.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 172.217.169.46:443 youtube-ui.l.google.com tcp
GB 172.217.169.46:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i9.ytimg.com udp
GB 142.250.180.1:443 photos-ugc.l.googleusercontent.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.16.238:443 i9.ytimg.com tcp
US 8.8.8.8:53 i9.ytimg.com udp
GB 172.217.16.238:443 i9.ytimg.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 i9.ytimg.com udp
GB 142.250.180.1:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:443 www.mediafire.com udp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
GB 142.250.187.196:443 www.google.com tcp
US 104.16.113.74:443 static.mediafire.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.113.74:443 static.mediafire.com tcp
US 104.16.113.74:443 static.mediafire.com tcp
US 104.16.113.74:443 static.mediafire.com tcp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.113.74:443 static.mediafire.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.42:443 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
ES 18.172.213.32:443 cdn.amplitude.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 32.213.172.18.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 translate.google.com udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 142.250.187.238:443 translate.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 www3.l.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 142.250.187.238:443 www3.l.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 api.amplitude.com udp
US 44.238.142.107:443 api.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 216.58.213.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 216.58.213.10:443 translate.googleapis.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 142.250.187.202:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 142.250.187.202:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
BE 64.233.166.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 172.67.170.144:443 www.ezojs.com tcp
US 8.8.8.8:53 www.ezojs.com.cdn.cloudflare.net udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 www.ezojs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.170.144:443 www.ezojs.com.cdn.cloudflare.net udp
US 104.21.42.32:443 the.gatekeeperconsent.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 www.mediafiredls.com udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 188.114.96.2:443 go.ezodn.com tcp
US 8.8.8.8:53 go.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 188.114.96.2:443 go.ezodn.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 104.16.53.110:443 otnolatrnup.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 104.16.53.110:443 otnolatrnup.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
FR 18.155.129.21:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
IE 52.211.142.73:443 ad.crwdcntrl.net tcp
IE 52.49.45.15:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 21.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 15.45.49.52.in-addr.arpa udp
US 8.8.8.8:53 73.142.211.52.in-addr.arpa udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 172.67.142.121:443 g.ezodn.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 g.ezodn.com udp
US 104.16.53.110:443 otnolatrnup.com tcp
US 8.8.8.8:53 g.ezodn.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 172.67.142.121:443 g.ezodn.com udp
US 8.8.8.8:53 download2273.mediafire.com udp
US 8.8.8.8:53 download2273.mediafire.com udp
US 199.91.155.14:443 download2273.mediafire.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 104.16.53.110:443 otnolatrnup.com udp
US 8.8.8.8:53 download2273.mediafire.com udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 188.114.96.2:443 bshr.ezodn.com tcp
US 188.114.96.2:443 bshr.ezodn.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 188.114.96.2:443 bshr.ezodn.com udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.53.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 woreppercomming.com udp
ES 18.172.213.2:443 woreppercomming.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 172.67.174.4:443 www.ovardu.com tcp
US 8.8.8.8:53 www.ovardu.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 172.67.174.4:443 www.ovardu.com udp
US 8.8.8.8:53 www.opera.com udp
DE 35.157.78.212:443 www.opera.com tcp
US 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
US 8.8.8.8:53 front-geo.production.opera-website.route53.opera.com udp
US 8.8.8.8:53 2.213.172.18.in-addr.arpa udp
US 8.8.8.8:53 4.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 212.78.157.35.in-addr.arpa udp
GB 172.217.169.46:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.73:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 73.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 g.ezoic.net udp
US 104.16.113.74:443 static.mediafire.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
GB 142.250.180.22:443 i.ytimg.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.169.46:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 11.144.22.2.in-addr.arpa udp
RU 147.45.47.64:11837 tcp
US 8.8.8.8:53 64.47.45.147.in-addr.arpa udp
RU 147.45.47.64:11837 tcp
RU 147.45.47.64:11837 tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\2e4fbe71-e5b2-4186-8107-3c98ad33ee29

MD5 b4b4ac4d7a45c6d179bdde5c4d4e6678
SHA1 55e348df7877ccdf95299f309229de0c526f0335
SHA256 b62bb4e913fa0f43d49ad4e30918dd8d33ed5d1a3187e1a263c1a190e27f85ea
SHA512 284ce2c2165e14a6bca782eaed635f86f9f6248078f7f632564694d8289e3bc556f7d8ab4a366021aba6473d867325c38ee6e1d22905cf3e701b7ae1fd7763a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

MD5 45f677a17b7cd8aeb2a2ec4ca7662eb9
SHA1 14823fbb11f9840488b2c76341facc41683dc65f
SHA256 f9ecf62cc671d104af9e8bb59072999c1d8e8b392954efe71d3eafc9aabe2d5a
SHA512 138f3fd558fa46c91ff336538294c0bdbdc2e732198169d320eaf8ad14bd2f54e214598a4d18a4713d33aee7ea9c69446e0e7f36f244da2bd5a36e4e063ab95d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\4820de5b-18c9-4294-b11c-a176b3d924c9

MD5 986b1950f250140f5060dd02d06bdcbe
SHA1 bcd208ff3b50ef368814093fb209997e0d637d28
SHA256 f38d9a8d4b2c6bf8af6fe459d55243c1c794f79b99ceba3de798a8298b2325ce
SHA512 3fa8da067d39e8a2189def08cf8083df8189140b5f037a0b3af1d6415650249e5a36d616b3d2f67f60330eabdeac91a28ebeb10ff0af70314ad2907832aa9148

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

MD5 4fddbe93b00a64ce163b754a33cf4c82
SHA1 e3eb17855db4f3c332abe68fe92f5da7b396bd7c
SHA256 9a4601bb45650272b2855408f277a5af5775010123243800dd1eac1a5902707a
SHA512 34df0f4594ce24d06a162cf291ae560cfec527f587b8092130a505297c11273b69907f731b63222e9a36a058e11f0c422514ce9345e93bcb927a75584217b49f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

MD5 960d7ea31ae1269de29866a876b914b1
SHA1 6091817b568623e0ff3ba09a638a11a19cd19127
SHA256 dafae8bc7623a0d4673f3134dd9292e900af9e5824be24da213d12ead8b0f9c2
SHA512 b6cb49410feead6517c9881eab7fede8f8b93c99839fb1314c667ba249c4b21ba322dce98d08485da25c781d12bff9b2cca9459c16ac37c53341c8baab4dd0b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 4c09cfe7afd64df15c03c53eab0f2127
SHA1 ee07aa4bf1abcdbebbdf86ec2c1a2f6edd758d45
SHA256 2f803a0938f9c97bd45aaa93d9c83648de21a7785848aad284b44113723f16f1
SHA512 99d47b13be4619a7c8f350be480c3549839e487b1888d93626a8d7e2f10c4d69ef42b709487caab175c92c60c4aa4641b8136587458603a4352658c065dc5912

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 9f4f5074b95c4681b4ba48e5bae12dbd
SHA1 a20bf28e915e863ffbb1fdb221ee3a6df93cbaae
SHA256 c609788ed739a451c6c7f73bbeab936b64f313984229210a178a15c4aff1220b
SHA512 b02aa1bc8edff11e75c534c6725e05e58a0fc8c83758b98eb2da83504035d9d611ae1bdff57218c99e1ae79f88c114c8266ec33e94c530e34c968a96545fe6c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 29480732f2a360990103728749b75528
SHA1 ff06d0ba86079a9ccbb0f5291de520ca2b62a79a
SHA256 9c81c06cca80c3ac725a0571366e7403bec0598e6c9ff88e1a5ea29e8002dec8
SHA512 8ae06da669379402987cdd0c30c41fb4c98c6c3ad506b4410ae177a6f00f519e6a281bb1a61306b722eb695e36d0a4be495391421c0e4c0acbfbe9dd506106f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 16d92e70f6b7723dde338964958d1526
SHA1 0dacca91e26fbaab9164ff29a463eb0f947ac3f1
SHA256 ec23dbe8777cf7d094f8055314ec3a97737d90e8b4ba06a470bba2e7aa767924
SHA512 f1224e79ae16e6800c7b15df05d80331c803bf2efa4b1f80bf54325ad3562c2fa093a1187331676f32108214fa280b87484ef237b8f0b925677b1556ac91d474

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 6e9cafeadccd25ca857cfba71f07f3a7
SHA1 bc9b042ce9463851b2d43625584ebf8517907552
SHA256 8557bfc8eacc77eea2724890481ca84a3f22abeabf44a3a1719c719e7ebd971d
SHA512 88de6a53cb0bc1f411d54fa8ed52a878e906f7d92f77f89854765d86dfa0af91d385a84c8e003fd69104caf97195a774c71915fd07fcfef95e08c88282435602

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e4793e0421944372c085aff63e587165
SHA1 336eac1e28cae7c8e12f8c6964de64537cfb26b7
SHA256 c4a5c809cac03ace41361d197c9419463874f17938fc8616f7f57fc2dfbe3f61
SHA512 7ebd33dba09aebf7296191a57a5985d95a4e56657b6514f1639ffc0033975bd847199e4a5b52dfc81437a6630cb0a2a79064b307d4222055e8f3c81ddc622a7b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\16224

MD5 545f6fcaf7a01404edfa1f0877c863d4
SHA1 0a2d4867ba14dcc318b4c4dc2e88e27f118daccc
SHA256 6c0ef6321a0ebbaf785105919643c44bc66b83f13ba6904e539bce02ce20b6fe
SHA512 4e0fcf12b2d0e25ec1fcb91ae6bd9548eb3ba98802bca45fdfcb5f5b973450f027a785ffa6b5f6f4d2c49dad18bb5a3fcf4615daca8bbf0731e9e2fdbebc09a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 25e3e1feb86068cc8e5008763d1e80e5
SHA1 58a4dec5c063ea725daa1492c8ef4e2d31d32b9c
SHA256 250d532aafa6e418a30117cf0aacca5b42551550669a3b20a99b0ca9dd5f41f3
SHA512 6d537db6f2d079a65d8c435efd1e543c7f0626b4e6533f83a3d707935b772b88ef51de7e23e694686e70790fae146b446a9e174e02288856fb5d7a89aa6c8e86

C:\Users\Admin\Downloads\7z2406-x64.a2sKufst.exe.part

MD5 d8af785ca5752bae36e8af5a2f912d81
SHA1 54da15671ad8a765f3213912cba8ebd8dac1f254
SHA256 6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807
SHA512 b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bfe070f3cd0f4dcb68e832b739e018bc
SHA1 926ea0926d51bb5b2a2f551b74fb576046c2ca8d
SHA256 ae2196caa2d983a6da0940a3b44e78e7ab3fc79393d26edfe71da6387ef736b6
SHA512 3a414da7e5a70cc60cf3ca496fdaa09c564f1d7fc847b00989a8657d8e6f8b60954bdbc192f93990818370e153562c38b1a5cf43b3da74525d2f38d25b33779e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 085b1c3e9c6d1fe62f9e0a578f2921fd
SHA1 6b42193fa707bf9e916fd8a5871078c9df8b1cdd
SHA256 b431452fd6fb97f222c5de97f0b06271b23091caaa95b51125a80d1be059d98a
SHA512 d32d212285e775a68eedf2da135ab789b44d2c9f5a749ab02e14b8c36030c9766a623d9cb117bad855b879a8b149b39fbe54d8e0ec01b383342258a6a2b34c05

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3c66c14487679ae4d00aa82ff4df78b1
SHA1 1af162ae19b29035783618f3403bf8be86d09f4e
SHA256 00b513e770ec899ab7504ea26b364903e911adcd19d5c639581af990819ff9f9
SHA512 3108c983c1db6d7ec547f2897d3807f49f45353387c4ef5faeb021aa514559cd06e7fae211078d4c3b6ea281aa7748ff2ae73b705de501e7cf534ca93d725c88

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite

MD5 185dd0ec3ccb9be4764d93ca98bc10f2
SHA1 d9579101cc75902bbec3ed3d10b581084466d366
SHA256 e81ca75dbf764b5efbb33fc69af5d95c490bf19b2e1159dd02c6b258ca4e5509
SHA512 8f31d0f08936f00cf7a659553c887a67b364d3ba54e778eca16fecaadc5bb4afdea8b25f45d3b6dbe0d06e800ab7a4f92a365fbddc168bf6f7885f539b606196

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 276e33d9dc313d8ee4637118b6e1e3a7
SHA1 f241957eb499af89b2de3ef9247460b58f5b9b4e
SHA256 8004e0a5df71cfe80ef5a06000ca1d0925081973602d1737b08b8c02bbaf32e9
SHA512 0fae744cfd36918df669546c5fb77403b3c0f2bea923e336cd430afe3488832f1462df287459cbfc86ae537117f97a27a42b413bed45b37febcb2c51f8d25701

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.youtube.com\cache\morgue\210\{ec0d95c9-5260-4154-957d-e811ea603fd2}.final

MD5 85f96b6b981669034525d8818ce695a7
SHA1 d184f2278831f44907efdd3d8aadb2b7d7be931a
SHA256 21170b650c3683838b05c421a06ed1c7f08d58b8032d9f9b91ec308969c9d8f7
SHA512 bbdb01fcf74cac4eaabc52a92f6ec86f719b5c425c731cca3036645ba808e80902da7f9112da2c976b60dc13f11430916255a76cef38f45fd6d3b3491900673c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 dadf99c2f96dbea3659170065ad85b81
SHA1 e51c774f6c3e52db189ed07ce1531036c2c92bd6
SHA256 01a2f79877aef77cb540065d00fe0758e3803708fa6302850d35ef00fb10339f
SHA512 f6b743843dc7a776ad936eb9f37bc9903bbf33c0f969fa59234293971a2d5d316ea4a95ab86a4ab6ffb52bdcd8d5ea6bd369de8e21018dae562c2c7af4bc4369

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.youtube.com\cache\morgue\150\{ff4de830-6d6f-482f-b4c9-d68c90332596}.final

MD5 aee23d6075f7ccf0bccce95c3b370569
SHA1 db578d7a14719e82cdfbb2bb203e2c63e1f76d2c
SHA256 8d8355994824442b0af64dba9f94dad96d8153617a46f0020a0b6a8176eb8c02
SHA512 3f19f5f222111c2406812595566cfc760e29b78e9d0fbd55bc0a5e85ddad96db00fcc319e96be158dcbc348e4f61c6a435e2540d68d433d39dafc3017f641b59

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\16480

MD5 89b3111864994445179db030daf5022f
SHA1 3853d9f3e07ccd5946cf37f9eb9546e6736740a0
SHA256 f0b459b8a8896d4db40610b69c0b3ee287159841cf5a6ce89aee216a58b4abbc
SHA512 51d529858d0fe6d365a42ed229dd918230c3cb976dc3fe273effefd53c84b913c30e5ff5cd328c9f94c6bd5bea9cc310caa4dfb41e76bdc525b3818712ccd4c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\9D0BF8C20EB530EE0E2B566D334347BA138D23DF

MD5 40169964e3f6684b71343d0fd55eb527
SHA1 797b6871f64faed1add56cb235c8d8336432c54e
SHA256 22fd5fa4210d8640b7a6602e62009de5e789110b03d4f16030ea5107c61bf1bc
SHA512 fbe2fb1449a0a2296720234012022292fce95cabcf855bbb69abe5c62e06851d5c49fc7d8ed3c8eaf291d889228ecff6893b8eeb5e351c360cffa2b9b77ecac3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 56ee812fe7acef2eceeed725f6a6aa8d
SHA1 8d5a7c4c1d0fff8e236ecb69c23f735c98500aa6
SHA256 6be42336add5721e7ba695ac2f6d39e2d0d3540487707b77daede1c7276f9fed
SHA512 bfc58424f25fed6b11cfcf270abb3a58bfd399479613eaabdcf7f8647dca87e1959f9052923d2c67b7f00377ecd28df0ce281304ce372af982c8d2962e1a576d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E4B98ABFC7419C076332A92037301004C9C83824

MD5 eb89298326db225b7118078b7db2c39a
SHA1 8484856f1a01440d2bfb9f04074e807a99780df8
SHA256 ba3ed9a054fabcc5bf532583bad1726e45e1ae0d66129a135cafd8557b722132
SHA512 d1d8e8124227f78dd287382ebda411c00b94071314b5f47ecfb998ff26328a3ae2e4b93c842551b0b53dfd5a7edb87000b622351f24f067bbbf4e22a410d5dc4

C:\Users\Admin\Downloads\Software v1.b1epc8kw.24.zip.part

MD5 9eee3be0422a37a05294160a9059eb41
SHA1 465f020d42279adeb18b5123c481c57feaa33b86
SHA256 eba39a1282034483e05077eab08e251d1db7fd1c44c818fd6c533cce1882ea4f
SHA512 eb86e1734945901d7e675865489c976d01779ef41ae87de610c5dd54d6d95d92d046ef7900203a0ffa6c7b419f0b7ba0e31249088a3191978bfeb5a88c45127e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

MD5 032ed5f7909988d7c933f9ad6872b8f9
SHA1 4aef75a54a3c3d61fe773f952de23d8e56d02098
SHA256 719b46d00d4433a1f187db5b809a9a22af7a98349dfd63076a74eb1dc57947be
SHA512 d3d9637df6eabb982e41f23f14c5be9eac6ef772973761117a49170f0a671b2f6b1575e64a3a6997f6515c4a20eb7b1c8cc38448691cf7a630da43eb1ad2ab3b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 fc5c0040675be688981fa2248fc8d7f0
SHA1 9885baf701388f5ac6f519dfbe13128f91f9d3b3
SHA256 37f502d6f3e9971f774936648c3daf304174cc501648774b04a5afad897bc475
SHA512 82d83133567ce17af0c01d94561f820cce28f87a9d0d0b329f9afb57b9b8eaacc2652de77ef789171ace0e613d8c37adb31f666451abad7925c6e446cb839696

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1df98b39440aa64df0867e39e3ddcbcd
SHA1 166a5534a2a9620bbee64309e42b191f99c4c898
SHA256 d5a8c11e7b29de8a02b226aa93d0494f993ddc113774a43be70a682b3b72178c
SHA512 bf8bc933d6d12b256bdeea2f5d701eac7848d9981a94bd95b598f03f841b37f227eea08405e38e105e7693cf8c2a1278f5663e3beeeabc36136a624867fb3c8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9ee9edcf1e8407d50ddb4b84475bbc5d
SHA1 92a85a6a5b09a6665f12a66a87a328965a4ecbda
SHA256 3c9aa84c8456df93df12d24da30478401f6dd3d1d48be63c526b15a70f36ab53
SHA512 d2cfbaf1ea2cc0caafe0b072925b5acb06cf5fc129b951a5258e49a765e5c112c14b42f5214702bca9572cc63d14d5e0a31c780af2c3225c69b8b65b5cf227b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

MD5 bb4dfa31d762832b00bd1e28cafeaa78
SHA1 d78b5bbaff6491d75f32d0ebcd01ed455c6524bf
SHA256 21c20fbdfc86eaa090b8d693863cd6677956aac5ecbc5d05ff1b2a5c08ef1bf3
SHA512 eb6b5d2e59b7208c37880a2480b01c381239c16f7941df75e2d5ed23c7daf77dc93832e289f70875ac2174b527df3e14cb47eb229ada7d1bb07eb678b98b4e10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\3ed63d63-d5f1-4c55-aa2a-ad5f056d8905

MD5 5f075385d4ddfb8574654de05b627021
SHA1 6863f2235374ef0daba55f2997fd80ea8787ea90
SHA256 7ce4ffed3cd8016c9f30215a4278ef7fdfd14cab0673b7910c53d85db95eef7c
SHA512 7b867810d6fd8d1d5f3d2a62d36fb6d66759617cd880e83d82f4e7968be21a5e30d4082c403fe018eb9a58e06db8da17c2336de1ae318a0322aece2014f8a308

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\1f2cfef0-2f47-43a0-86d9-5e8b4bca8d51

MD5 8f29f0925a2bc9c3f34ac7ab7cdae744
SHA1 a92106637ff4eccaae34a3ef059818a2720b2c6f
SHA256 daf19c46710d6189755488ca4d91ffd154849f9b3d22ab7f255a019cfcc049af
SHA512 ac5775bc5804da905cec91c98ea554154df808461559d665f188f5973baf27d472a0d6e0916e3599c57b35c2bd8061a843889864071f0a59e91bc98f2c2efd35

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 11862ae00aa160c475d2f7a2472b1688
SHA1 3527ea2784bd5a8c30ce3c995d4f9a5eff92a305
SHA256 cc972858013744a35c1fd3e5953b175ee0c7e59c63d059700a16d7cc34be2a9d
SHA512 df4f5ec2135661bb6796b7ad3d77e58c3a0f34eee3932f9d3439fd3a936bd0f33b0776597886c185bdc9cb060aedc066b7cb7717f3655acd0d4904ad572be8b2

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

MD5 c77dff6ca61b4b871a4b34c5d883b803
SHA1 0ab111e6c78e6389d96aa6b5b9c4bd9e809788a4
SHA256 61582535477a99509c415a089e1d4d1f9f2fbc0aa7f2f60aa8b6cd6d5beac690
SHA512 5459b59a2781cef6c1270643e6b495be4c98fd2f3f722ddb34de803c56ea11d10b76325dd97a602cd9ada10e7ede8bfa747345c363fbacd040c25dedef8a5762

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\12872

MD5 c6cd55ba2bf32ab9097ab719968aa2fa
SHA1 f92d3fbe459d2bdf05fe03123297eec23f613024
SHA256 ce600b05169ac758e308f19765cf2601c223de3f810278f047654da751d9fee8
SHA512 f950934fdd89c53c28c9d5cff4cae07e836bcce02c66f548e568c4284445ee95b9de285be4910d5dec78fba265b7373e98168818a89f96bd87444cae9da0db5b

\Program Files\7-Zip\7-zip.dll

MD5 7ec019d8445f4dcdb91a380c9d592957
SHA1 15fd8375e2e282a90d3df14041272e5ac29e7c93
SHA256 1cc179f097ee439bb35a582059cbc727d9cea0d5c43dfaa57f9f03050cfaea03
SHA512 d71a79091fcc6a96c24d95662a18cc24145b9531145ef0bcb4e882c12f5bb5ca6c7a9b9e50024c9c0bf4cb6bf40dca7627cecbfddd637142d04a194e1956ae9b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M62LHV91SJ5Q2MLOXRGJ.temp

MD5 a2c1ab80e7dd5e275872f4c9dd4cadd6
SHA1 a5f9cfe60c8d9b17ee5ced54dac75b3f4936e03a
SHA256 671a0611ae37f89f8ca8e3c66cca586ec3219c52ad49cf4e1c2b552c0bd74a47
SHA512 fa95b732b23455330436b55fe33f5b0c26d57fb8c2c531b69e9af76cb319fc59497c82265ab6d49580af0fd73c3b08eabef8c9a413a79871ba0b4c6386fc2d4e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 f1bb76fe74fc7bedee07e487d00312ab
SHA1 2cd802f10abe64e13e8d66ca780e2e03d8effffd
SHA256 f049396d978858460a26a2c11eaee23b36897ea37095e6b587a45a9e7e50b064
SHA512 90cc2ef01e788620b619db15125551294d168680902caba721a8ac473c5e5f4ca8495e798a4e76da26cbd63d700d0cde7fd6bd1beb3a5c985fe6715607f54fe1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

MD5 907cc895dad9695c3a44b3f9550e8599
SHA1 7bfb6629ffa732bf018bccb7c0cf027b205ab733
SHA256 5eb10fbb7c602a0faf402f57833cab29bc506150c8c6aef87e21f73189e71fcc
SHA512 3a07f329b87e56507da5e83f77d03d90039eb89744738edbc806e0d123cb19bfe29687ceecada7f873c3a9b85494bd630c38266f57d8d08d1536048b96ca7dc9

memory/5760-1908-0x0000000000400000-0x000000000045A000-memory.dmp

memory/5760-1909-0x0000000005890000-0x0000000005D8E000-memory.dmp

memory/5760-1910-0x0000000005430000-0x00000000054C2000-memory.dmp

memory/5760-1911-0x0000000005420000-0x000000000542A000-memory.dmp

memory/5760-1912-0x0000000008960000-0x0000000008F66000-memory.dmp

memory/5760-1913-0x00000000084C0000-0x00000000085CA000-memory.dmp

memory/5760-1914-0x00000000083F0000-0x0000000008402000-memory.dmp

memory/5760-1915-0x0000000008450000-0x000000000848E000-memory.dmp

memory/5760-1916-0x00000000085D0000-0x000000000861B000-memory.dmp

memory/5760-1918-0x0000000008790000-0x00000000087F6000-memory.dmp

memory/5760-1919-0x00000000090F0000-0x0000000009166000-memory.dmp

memory/5760-1920-0x0000000009090000-0x00000000090AE000-memory.dmp

memory/5760-1921-0x00000000098E0000-0x0000000009AA2000-memory.dmp

memory/5760-1922-0x000000000A6E0000-0x000000000AC0C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cookies.sqlite

MD5 ee14aff5465921268e4f421965f1fc99
SHA1 0d5867e3c3d277b3fd8b6b84f521b734dda1d7d5
SHA256 33765f7813c4bf6a8582f914a87901593a1ea0c4f8b4bffc131a7e1efefe1d3f
SHA512 ad30df73f9e25c3f35080e10aff712a2e18b7abfb3a28975aff020efe36d047030c7319dc94c59904171c355806b198a52d61f7c3a6db0bfc73023613b738fc4

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

MD5 7f38048a5b4bb647a43e93df970417c3
SHA1 f7022125ba74f50d0d4515ca0b47ccc88c2f47e1
SHA256 81d8c4d06be3654f64a49a2effb3606bb48a37556f4db38a524033d9949915bc
SHA512 06adc7711a98548c94954546a4a547b2547d63d1f26351a58e17d38b73c02e54823daf99d9aae8311225c02bf9e2f40bbb903ff6707c3ddaa64b1caafbbe342f

memory/4976-1927-0x0000000007F90000-0x0000000007FDB000-memory.dmp