Malware Analysis Report

2024-11-15 07:47

Sample ID 240619-nfdfsatelm
Target mig.rar
SHA256 9d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae
Tags
pyinstaller
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

9d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae

Threat Level: Shows suspicious behavior

The file mig.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-19 11:20

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 11:20

Reported

2024-06-19 11:23

Platform

win10-20240404-en

Max time kernel

150s

Max time network

152s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\mig.rar

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A mediafire.com N/A N/A
N/A mediafire.com N/A N/A
N/A mediafire.com N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 96 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 96 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 96 wrote to memory of 4920 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 2836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 2836 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 5056 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\mig.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\mig.rar"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\mig.rar

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.0.1734048347\1363539524" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1632 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eab50d3d-9b5d-44eb-9f4e-2b66ceeab2fe} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 1736 2584d505f58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.1.33854124\1733839865" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aecddb17-8955-4e66-ab05-1794c12019ea} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2128 2584c30cc58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.2.190135427\720124301" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0ea3816-d383-490f-a7b3-14a7c16bf301} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2972 258504dae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.3.1515027975\1573237792" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 3136 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52092e34-2e40-4cbe-b9cb-502695097025} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 3580 2584ed31258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.4.1292218975\1584590949" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a796db9-0566-4767-8d0f-f288bf6d908d} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4952 258527c3258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.5.2082575786\1465545882" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f6b950b-4b18-4aba-916e-98be0f9e5d18} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4980 25852d60a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.6.1262219947\181371767" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c749f3-91e9-462c-89ff-4c547f37b3ef} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 5260 25852d61658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.0.548709657\432600519" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 20871 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97399c98-6da3-4f60-acb5-f22b6a3aed7a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 1700 175d0cfb958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.1.1933307694\606107590" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 20916 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8739bb71-c330-43c3-aac6-94aeaf38510c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2000 175d093a658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.2.1586821445\1323031595" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 21377 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead71206-55c6-4525-8b3a-bb7a645ad093} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2652 175d46cab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.3.1930198894\347114784" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26555 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb71f876-c24b-494e-a026-ce8819599a7c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 3488 175d47be958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.4.2135217086\211353119" -childID 3 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83da8077-5927-4ba4-8e6d-c5eb8d10b3b6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4360 175d6faaa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.5.300875890\1092511026" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f4ed84c-9743-4e1b-a69d-643821cb52c6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4948 175bea5f858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.6.864033129\357177316" -childID 5 -isForBrowser -prefsHandle 3476 -prefMapHandle 4872 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87f10de7-fb79-4f61-bbc3-f5aedfc54697} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4400 175d7bab858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.7.2079774976\581414487" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55dc869b-da4f-44fb-b679-c49f3ee6f08b} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5180 175d7babb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.8.938767015\1311018856" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb33fcd-294d-4c41-ac13-a39c8fbd989a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5540 175bea5b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.9.110112706\1650064580" -parentBuildID 20221007134813 -prefsHandle 5532 -prefMapHandle 3244 -prefsLen 26879 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c373c6c-e47f-4c7b-83df-8f3800c9b779} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9872 175d592e258 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.10.604370340\1147046307" -childID 8 -isForBrowser -prefsHandle 9508 -prefMapHandle 9512 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e034efa-edfc-4ec5-8e32-834d94417ac6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9500 175d89c2858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.11.408371872\1923070658" -childID 9 -isForBrowser -prefsHandle 9500 -prefMapHandle 9484 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa1d075-8ef2-40ca-9520-2124fc720cf2} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9336 175dae96e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.12.1997064004\1240957416" -childID 10 -isForBrowser -prefsHandle 9156 -prefMapHandle 9152 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f09542c3-a83c-48e8-968e-c84ae5e49f7e} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9164 175dae97758 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
N/A 127.0.0.1:49759 tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 52.33.96.36:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 36.96.33.52.in-addr.arpa udp
N/A 127.0.0.1:49765 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
N/A 127.0.0.1:49934 tcp
N/A 127.0.0.1:49947 tcp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 mediafire.com udp
US 104.16.114.74:80 mediafire.com tcp
US 104.16.114.74:80 mediafire.com tcp
US 8.8.8.8:53 mediafire.com udp
US 8.8.8.8:53 mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 104.16.114.74:443 www.mediafire.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.170.144:443 www.ezojs.com tcp
US 8.8.8.8:53 www.ezojs.com.cdn.cloudflare.net udp
GB 142.250.187.238:443 translate.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 172.67.41.60:443 btloader.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www.ezojs.com.cdn.cloudflare.net udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.170.144:443 www.ezojs.com.cdn.cloudflare.net udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 104.21.42.32:443 the.gatekeeperconsent.com udp
GB 142.250.187.238:443 www3.l.google.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 translate.googleapis.com udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.114.74:443 static.mediafire.com udp
GB 216.58.213.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.16.53.110:443 cdn.otnolatrnup.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
GB 216.58.213.10:443 translate.googleapis.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 188.114.97.2:443 go.ezodn.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 104.16.52.110:443 otnolatrnup.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
GB 172.217.169.42:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 188.114.97.2:443 go.ezodn.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.169.42:443 translate-pa.googleapis.com udp
US 104.21.87.79:443 g.ezodn.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 104.16.52.110:443 otnolatrnup.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 104.21.87.79:443 g.ezodn.com tcp
US 104.21.87.79:443 g.ezodn.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 78.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.249.9.41:443 cdn.amplitude.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
IE 52.213.38.247:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 g.ezoic.net udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 www.mediafiredls.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 api.amplitude.com udp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 g.ezodn.com udp
US 54.203.47.28:443 api.amplitude.com tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 41.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 247.38.213.52.in-addr.arpa udp
US 8.8.8.8:53 157.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
BE 64.233.166.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 www.google.com udp
IE 52.213.38.247:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 api.amplitude.com udp
FR 18.155.129.34:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
IE 52.213.38.247:443 ad.crwdcntrl.net tcp
FR 18.155.129.34:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 28.47.203.54.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.129.155.18.in-addr.arpa udp
US 172.67.142.121:443 g.ezodn.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.67.142.121:443 g.ezodn.com tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.67.142.121:443 g.ezodn.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 ghb.adtelligent.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 104.26.8.169:443 script.4dex.io tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 23.227.151.194:443 ghb.adtelligent.com tcp
US 8.8.8.8:53 prebid.smilewanted.com udp
FR 18.244.28.8:443 hb.yellowblue.io tcp
US 8.8.8.8:53 d.vidoomy.com udp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 script.4dex.io udp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ghb-adtelligent-com.geodns.me udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 script.4dex.io udp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 ghb-adtelligent-com.geodns.me udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 am6-prebid.a-mx.net udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 am6-prebid.a-mx.net udp
US 172.64.151.101:443 htlb.casalemedia.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 lb.vidoomy.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 lb.vidoomy.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 cadmus.script.ac udp
DE 51.75.86.98:443 onetag-sys.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 8.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 194.151.227.23.in-addr.arpa udp
US 8.8.8.8:53 209.30.22.104.in-addr.arpa udp
US 8.8.8.8:53 246.83.36.212.in-addr.arpa udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
FR 99.86.95.185:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ghb1.adtelligent.com udp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 d2avimlm6gq3h9.cloudfront.net udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
DE 142.132.249.188:443 ghb1.adtelligent.com tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 d2avimlm6gq3h9.cloudfront.net udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 185.95.86.99.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 188.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 download850.mediafire.com udp
US 104.16.52.110:443 otnolatrnup.com tcp
US 8.8.8.8:53 51a2bec1cba4c772ea7df79b688a108f.safeframe.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.169.65:443 51a2bec1cba4c772ea7df79b688a108f.safeframe.googlesyndication.com tcp
US 205.196.121.45:443 download850.mediafire.com tcp
GB 172.217.169.65:443 51a2bec1cba4c772ea7df79b688a108f.safeframe.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 45.121.196.205.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 104.16.52.110:443 otnolatrnup.com udp
US 8.8.8.8:53 download850.mediafire.com udp
US 8.8.8.8:53 download850.mediafire.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 104.16.52.110:80 otnolatrnup.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 woreppercomming.com udp
FR 18.155.129.103:443 woreppercomming.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 woreppercomming.com udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\58a5a68f-a2d1-42a3-a9c7-559818c05e4e

MD5 f88f4a42d763e52d93e8e2d04e809134
SHA1 0f1e3b262f08f9101d981a9900bd7e977db7bf86
SHA256 726cd0bcae54c4e5823fe4b25116ee07b3f08e55d26a1c3f69f55cef1707478c
SHA512 bf339c5829b9147ba1c807d3dca0a4c3a8869151988f88deca1c08ab3a5eb126d294281c6ca5c631e7af7a8c69b908554143e84ac8ae3a2ade2c4c102d9ae615

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\8590be2d-85e5-4b05-a2a7-12344350c942

MD5 a6859621859e17dd64da3693e597f864
SHA1 d5ff0388c89ee08690c7a478b5dad98ee0bbf672
SHA256 294d622bb5b9cf29ab9c4439cdc10fc0b6288069b10526d7c6d86db34c3035ee
SHA512 8ff4d5a3b97a939f7c066d5433f47f445234f8179f36b40cb4cbbd2ea33e6e8070e2c624ababb2dd565255c09491cd64a8672a43ae7f4f02d848e4aacf72c899

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

MD5 2648406df869daf6f7b0b63c228aacd0
SHA1 99a181bbbb8b3d6907cfd04c3d626584c345ab95
SHA256 238ce1a280c329872b7ee1fc3c8791dc82dc5614cfbe2fa4896cc966e356e486
SHA512 caea151d3dc7e11fbb6b2b3c656bf4c2ac43869cf595f716f6310293dc47991234f21314e76f0d1e216516e1f61c144cd738ce055e06dcb81d96512371355424

C:\Users\Admin\Downloads\KmrSCnao.rar.part

MD5 f5a74fbbe227e97606196d2ec04b6b1c
SHA1 fb859eb77b7b336469c0e5e9535de3e765aabaaf
SHA256 9d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae
SHA512 8a1b1544e23b945d3770d375dcbb740b8b158f0b270d4ce89243a142f1e4b26607565040480d748fad5a5c8753a6bf009f3e3042b1ceb04e8cf6230a04852c27

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 883e26bb5ae3aa94c1f7bd4314dc75dd
SHA1 da17c67806fd00e07845ee95d9950aff49267b90
SHA256 8adcfb82f660d2ae736c21141d4052c81eb192a7fcf3fc3fc9e2a13f7e52b98a
SHA512 a671b1eba634cd6e659d8c01d22d115629b79bed6c819e63fb2c0492cbd15b031cd11a778430b2e795852f48fc170ad0db2af6a76dcbc51afb419210fe61f64e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4

MD5 1daab3344552b1029d2dc64e281eec27
SHA1 4314979740f3b938ba0f903654762649bb1eb57f
SHA256 038385794b27bbca12a2c46f60d2a8bc65abe9e302428ffa72ab4dff3285c35e
SHA512 e5dc5a45759979c22e6df2e887559aa3a49fce194d0c99585c141dc30a91b50e5f885feab23a6a3a3481042386a78d188c57a93784763b432c8d80385d5019bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

MD5 9f2e29af97c337b0a1f75a5f0db7daa4
SHA1 233d14f0e1493da4ec54e6d558be6771e570d8ff
SHA256 dfa1bdefeba851772b9140bd9e8e9aa1b575913ba67d44f7eb54ecf96bdff488
SHA512 3c22b987e300ee3cae283a0930e89ce153cc782ca4a66bd895587b2f143caa459fdd91f65ea3e5942c968cd3b8e9e68f3614c172c0612d52d359e27d667d7f41

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache.bin

MD5 96a3edf9bc4f7adfe3a36c81bfa326c2
SHA1 e7dcba185cd5b1db12e407d1bc6123c1519df15f
SHA256 deb057a910e0c0f33f841d236ec56e197224eb6bcf10f8f702f8cd488fa05f1e
SHA512 ffeea7557ad6ad612532fad25a4c29e5f3136e8316a66c50bcb8a11db24f59f3e250aed01caa304877fb21b054653c5885ec8ecf8bbc85e2216ef99d083f395a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\xulstore.json

MD5 58e240288763218d12bf235d34e5aee2
SHA1 89135494b57f590011c09668dec3b90d2c5ee9ae
SHA256 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176
SHA512 caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\urlCache.bin

MD5 78e9bde83fbbd72e2404532880b2b473
SHA1 0ce1a50e320f9e019ad2e9bec8c8e32a710a2bb3
SHA256 9ed3efe6ae9073daabdae60d35cb57276377b4106d6e33ff75c5754a62e7e33f
SHA512 83aa93970a39209a876d37889f4e8e673578055a6798b586565e030850ac7cbe08ed4fe09a702ca7171653c9ea317b058157b12c037d0e08402d2a50186a9167

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache-child.bin

MD5 ba124be5761a8fbe221625fec2d7ee84
SHA1 f8617b00ee3c0d312c28852369da1878d564ad73
SHA256 2f4592abf022de009ea331c95b31ef760e78efa67b20c7d66b054e8914d027dd
SHA512 53ce61703079932f08d881d51daa75f46a808b1ce64c1c0c85d56b6af2e6922294ffb7245ffa6375b8106ffd6e9750612f1ce53b97d955e792a707a2c277cbeb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3018d1aad8385b734068dbad441e344e
SHA1 2a3925bc92ec843db64b6db2cd6fe18ccf084a86
SHA256 f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88
SHA512 7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json

MD5 362985746d24dbb2b166089f30cd1bb7
SHA1 6520fc33381879a120165ede6a0f8aadf9013d3b
SHA256 b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA512 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 14ae155c2e864ce7c50f42c2724cd2da
SHA1 e487403f5dcdbc3228ba7c7a817e33eed9a5a521
SHA256 4db348b54f151afda5d1d155de5e576396a84f6086c7a6ba6ebfd72215296d7d
SHA512 143541d02fc58e1d79efa39392dab83e8d595778858c7eb27b6ea1479324c9034d883b16635ebe379c75afaa3e843c7e6df91f134985a6c2e6462e46db462c5d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt

MD5 6ab17f83f6a990949a2670330ecd5335
SHA1 4ecef939aab21b9f1be25b44d89a2fc284d89d9b
SHA256 a937bb55b3c88e94907be287244fa132b10e15740a078e29ac9bd2382d792603
SHA512 3d3bb66cd0584c5e1c814b6a69cf1aaeb9194fddd20192029f5137cb94dba9a26fb5b6e4b25030c510f037d9bba8011283052181223f01c22aff9bfcedeb2508

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cert9.db

MD5 ae9be5ecea458a0a5d7a48c997db7f67
SHA1 2bf3217a38c6a2471fd727aada9b352b42ebe79f
SHA256 a7ca2edb552a6754ce7be3dbb4e1856b5b0bd00bcfb88b16ca78bb04e8d4359e
SHA512 43e9a2ea7ecadc0b2a1e720f4a9e698ddec9486849725ac428867c695624300b74a580bb4bbd63d87a9862460cb37aa173133679e7d8d999de97e9446f82d362

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\places.sqlite

MD5 ebdc8a10755644311b89fd4ead0bbdec
SHA1 8762835c61375df637416676d56e5bd5797c10c8
SHA256 2d0f5cd517d899f2373806e16fdfd9757f094dcad61a2008e21380da4ca48692
SHA512 cf74f53c660a582d8bb40afd3d31bc1a6ce0ae57b98dfb95569fcc1167634f4af429ebb54cb81f08472071d7643f1f888cc8694c8e0849bec73b097792e00004

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\79b410de-f328-43f9-a464-e5e033913f8f

MD5 ff1234ca66cfa93e9695d738992fdaa9
SHA1 e0629bbaa1b28c1a9bd6109908b9fceb55e2ff35
SHA256 0f57d2ea75c4b4d30845fe3510c76f46c234ab2f21ce428aa828860b58e59370
SHA512 6571c6345d28277d88636e3fdaf1b3efcb133ea19db48479b6ad1014ad1ee8108d82c187eb03da639cb7d0f10584a8b4c5c7a3b3c3349f4ea539ccc635ba0fbd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\protections.sqlite

MD5 49397db0486dc59d607907a086f40c9b
SHA1 08742ce9db9569062def08e99eea8470702feb7d
SHA256 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512 fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

MD5 f3aa0d48ba52eb53fc74832aab250ff2
SHA1 676e739b686e71258805dfa7610d63befb353837
SHA256 2467a71f47f7d793c56dcfea267a0cfe0c3f342f082b48abe77aa2d7e0b192d7
SHA512 04616ba138bd5c459c11c92d5364237977accc9159b1f4bce2cd5b976b6e70eb65ce1ed4d1e7e3e5c8671beb9627369676207254a0fa05caafe645529f48abe2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 2a5d991dbc7939a7f05d6292ba1b95f6
SHA1 3c0a66a7556cb4d4c7ae0e850070704d50ca0187
SHA256 2f367158dd88b014d21cbbc1a8b6f1303dab478ab5b0c1323081e7c3dbea1dd8
SHA512 e8214a6f7f13db4e378236e54c3670003b8b1e6d346ad95814dcd9cee0b0cbe64dca3117b37f4650197aee437946a2bdbbe15de682f1890492287782c98b50c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 cd6beff75cf34f10429b1699b254c2e3
SHA1 da40ee47bcc201b301bfff7f9141e31edeba9185
SHA256 dbafbf64c69592e0b06a7f3d40a309d80fbdd4ef88cdfe61e2562ce6abcfc1c9
SHA512 f4c85bc31a8024256b18dfcf1a295ffc3ab2180d1a7061091d174bf4f0ece6acabaf7b2b34de740ea1be45c355597876501c247266138f32ff6571d5f7b165bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\AlternateServices.txt

MD5 d03fe0ce1a5907cbb8a6904c15cc53b3
SHA1 363cdc58a832031aa533f2ce6f4f50a8aa8910fd
SHA256 a5b8fd4d4720329e6875bffe183a39bcf9612cf1b784c888a8665411e1cd8ac3
SHA512 b4ac52688dcb4402161c26b572741a69d819abb92f509194542f327d0edfb3af8037d98f92a2e245d2dcaccf7c920d1aabfeb28772bfca7d6f034be843b13e65

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 1eadee17eb5170b7fd19d16f83948ee3
SHA1 1df425538a67802680339e4cd3e1926c7c39ce9c
SHA256 f060c3546dd41785ed96b74fd8572193e51c8fdabcbcbd7b99b797e638a85737
SHA512 9e080d3c8068338266d6797e77dd9e120d45b42ebe749bad06b6f2ce65213de529ad4510337670ef82713373abd9f6f6f8639b62b7e403f586c8fc5b8d55cf19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f0cbd46100f12c56d8fae2f9d68976ef
SHA1 cc8681b77cb8d185631f8bbffd84ee447ad9fc3b
SHA256 e65e95fd4378d074c2f09c86f28fb2020a3a3858715f1752dde4fd95691811a1
SHA512 e9268459109f91baf4d62bff8eb1de2acb8afc2f355f19101037b9352b86c53278c3e0a9264d8477084c22f57cd49c4e93f147e990c94b56e704b49da0c3b870

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

MD5 63376b50631f9a4968eb6d2b9c6a4938
SHA1 378d22ff8bac83db73c2143c8f617c0e706f59a0
SHA256 6aaffe0d1a052a10ca93372065cdde06f9aa13e691ac0219b5cef0ed34309255
SHA512 f44b646653d117392ce1058c42ae66945ad367dc1838d1fb1b3d2d4eb96fa3909fffbb9aecf08fd1e138791eb973d07de5b8bea370a4a5c366a3cf1a499e7a0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7b66e749a31e901f28bc02ffef78598a
SHA1 7bed739f790ceec0d223c1d65c0b2c947dbec15d
SHA256 a6468655a8c0f59a376c0937ab41dda0bad13fbd5416e57f8cc108a23330d469
SHA512 e7ea963473b66b4403854656649e883d810878017f3e70740a8501e43fa88851c8df084df7216c348fc2a844525149ed8f0ba0e0adc875e4e1cb224865e20d8a