Malware Analysis Report

2024-10-10 09:56

Sample ID 240709-h1jweavbqc
Target http://dox.io/haes
Tags
umbral discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://dox.io/haes was found to be: Known bad.

Malicious Activity Summary

umbral discovery stealer

Umbral

Detect Umbral payload

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

NTFS ADS

Suspicious behavior: MapViewOfSection

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Opens file in notepad (likely ransom note)

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-09 07:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-09 07:12

Reported

2024-07-09 07:28

Platform

win10-20240404-en

Max time kernel

965s

Max time network

968s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "http://dox.io/haes"

Signatures

Detect Umbral payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Umbral

stealer umbral

Downloads MZ/PE file

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\combase.pdb C:\Program Files\SystemInformer\SystemInformer.exe N/A
File opened for modification C:\Windows\SYSTEM32\ntdll.pdb C:\Program Files\SystemInformer\SystemInformer.exe N/A
File opened for modification C:\Windows\SYSTEM32\rasman.pdb C:\Program Files\SystemInformer\SystemInformer.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\SystemInformer\x86\plugins\ExtendedTools.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\PoolTag.txt C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\ExtendedNotifications.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\ExtendedServices.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\OnlineChecks.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\Updater.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\UserNotes.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\ksidyn.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\SystemInformer.exe C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\OnlineChecks.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\ToolStatus.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\README.txt C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\peview.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\DotNetTools.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\ExtendedNotifications.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\ExtendedServices.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\NetworkTools.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\x86\SystemInformer.exe C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File opened for modification C:\Program Files\SystemInformer\clr.pdb C:\Program Files\SystemInformer\SystemInformer.exe N/A
File created C:\Program Files\SystemInformer\ksidyn.bin C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\DotNetTools.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\ToolStatus.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File opened for modification C:\Program Files\SystemInformer\rasman.pdb C:\Program Files\SystemInformer\SystemInformer.exe N/A
File opened for modification C:\Program Files\SystemInformer\combase.pdb C:\Program Files\SystemInformer\SystemInformer.exe N/A
File created C:\Program Files\SystemInformer\x86\plugins\DotNetTools.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\x86\plugins\DotNetTools.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\EtwGuids.txt C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\peview.exe C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\SystemInformer.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\ExtendedTools.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\HardwareDevices.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\UserNotes.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\COPYRIGHT.txt C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\SystemInformer.sys C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\WindowExplorer.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\x86\plugins\ExtendedTools.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File opened for modification C:\Program Files\SystemInformer\ntdll.pdb C:\Program Files\SystemInformer\SystemInformer.exe N/A
File created C:\Program Files\SystemInformer\LICENSE.txt C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\CapsList.txt C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\icon.png C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\ksi.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\HardwareDevices.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\WindowExplorer.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\ExtendedTools.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\NetworkTools.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\plugins\Updater.dll C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
File created C:\Program Files\SystemInformer\x86\SystemInformer.sig C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.pdb C:\Program Files\SystemInformer\SystemInformer.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mega.nz C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 8c00310000000000e958973a110050524f4752417e310000740009000400efbe724a6fa8e958973a2e0000003f0000000000010000000000000000004a000000000003127300500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = 00000000ffffffff C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 73001a59cfd1da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2f369159cfd1da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mega.nz\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a0354559cfd1da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mega.nz\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\MRUListEx = ffffffff C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\SystemInformer\SystemInformer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\SystemInformer\SystemInformer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mega.nz\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\stereocord.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: 33 N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\stereocord\stereocord.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\msconfig.exe N/A
N/A N/A C:\Windows\system32\msconfig.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\SystemInformer\SystemInformer.exe N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4196 wrote to memory of 4720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 688 wrote to memory of 3008 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 3780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 3780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3008 wrote to memory of 4572 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "http://dox.io/haes"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.0.919569151\85728719" -parentBuildID 20221007134813 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c97133ca-bc66-4002-9330-e4c98e75584c} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 1764 1ea006e4c58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.1.150742694\208204220" -parentBuildID 20221007134813 -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {127f784d-d098-46be-940e-fb165ee59689} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2124 1ea0060b258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.2.658335423\1618733622" -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a69b303-6e29-4823-906a-9c0d123501d5} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3176 1ea046e3558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.3.642271995\857848698" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad4ff1d-cffb-4d8e-ac27-2c7f41dba56d} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3300 1ea04c7c158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.4.1465714293\695438641" -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3920 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a880022e-66bf-48b8-8890-0c8eafc48168} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4008 1ea05a89e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.5.2103480498\20829034" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4964 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df559805-a9ae-4256-8efa-809d09133618} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4956 1ea04643358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.6.2048857672\1324041764" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e812e3-4e2f-4f69-a540-d3126b30a07f} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5084 1ea04644258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.7.878645118\568604452" -childID 6 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08fd4806-c418-45f6-badc-f8b3586149e7} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5272 1ea04644b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.8.760155187\168073067" -childID 7 -isForBrowser -prefsHandle 5124 -prefMapHandle 4956 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48633472-7c3b-400e-a939-5e30977509d4} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5060 1ea00906258 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x374

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.9.1033564539\389742573" -childID 8 -isForBrowser -prefsHandle 3876 -prefMapHandle 4308 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7a5b3d3-ef2a-42da-b1a7-2fd6e7f79823} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3608 1ea02c40d58 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\stereocord\" -spe -an -ai#7zMap28666:82:7zEvent4802

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.10.1453215289\1303661950" -childID 9 -isForBrowser -prefsHandle 3460 -prefMapHandle 3404 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e153236-d98f-4441-a202-0c59075e2811} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5568 1ea04642d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.11.1598158154\280472838" -childID 10 -isForBrowser -prefsHandle 6504 -prefMapHandle 5336 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8a3f4eb-ca98-41d9-bf57-3f362e022bf5} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5276 1ea06b46058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.12.2043386317\2047818420" -childID 11 -isForBrowser -prefsHandle 10300 -prefMapHandle 6712 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1222014-314c-4b88-823d-103e06e6329f} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5432 1ea06b46658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.13.773721527\1951927274" -childID 12 -isForBrowser -prefsHandle 6744 -prefMapHandle 10152 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67b6d814-7193-4cc0-afb0-302d89664dc0} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 10164 1ea7526f558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.14.1648722226\189349008" -childID 13 -isForBrowser -prefsHandle 9768 -prefMapHandle 9772 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {024500a3-483f-4877-8691-d631ed9b5cde} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 9800 1ea0521cc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.15.1883642330\657732427" -childID 14 -isForBrowser -prefsHandle 9596 -prefMapHandle 9592 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a2f5338-7116-4b62-ba6d-5e532463eac2} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 9612 1ea0521ba58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.16.1127935128\1588165308" -childID 15 -isForBrowser -prefsHandle 3888 -prefMapHandle 6512 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52b1795a-3541-4ae2-9f6c-a847c2c755ff} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5636 1ea08f80558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.17.1546543602\734699126" -childID 16 -isForBrowser -prefsHandle 10052 -prefMapHandle 5604 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4e51f3-f492-44db-bbb5-58fdfde98734} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 10160 1ea04fc1d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.18.1425173022\180743625" -childID 17 -isForBrowser -prefsHandle 6432 -prefMapHandle 9944 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {284c2dfc-e4b2-4a72-b94b-c4baa3655cf0} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 9948 1ea05087b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.19.765611463\1620599105" -childID 18 -isForBrowser -prefsHandle 6908 -prefMapHandle 5364 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1372 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a198a3ac-41b1-4fef-a6b9-139da251eb1f} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 6892 1ea0a3a8558 tab

C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe

"C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe"

C:\Program Files\SystemInformer\SystemInformer.exe

"C:\Program Files\SystemInformer\SystemInformer.exe" -channel release

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\system32\msconfig.exe

"C:\Windows\system32\msconfig.exe"

C:\Program Files\SystemInformer\SystemInformer.exe

"C:\Program Files\SystemInformer\SystemInformer.exe"

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Users\Admin\Downloads\stereocord\stereocord.exe

"C:\Users\Admin\Downloads\stereocord\stereocord.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.0.156741962\1521060855" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1560 -prefsLen 21145 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a96fb2-bbb3-490b-ade4-1ce78730a46e} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 1656 236d030c358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.1.939970802\264030289" -parentBuildID 20221007134813 -prefsHandle 1956 -prefMapHandle 1952 -prefsLen 21190 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8005d0ad-5270-4374-8237-b9f4ecb3d94e} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 1980 236be2dd958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.2.2129070120\821133048" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3136 -prefsLen 21651 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fc172f-5545-4452-849f-1413aaa94fb8} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 2872 236d036bd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.3.1148238107\1685111181" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3600 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a890a07-da38-4199-a118-3bda6940fb0f} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 3616 236d4ef4658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.4.989837668\259058742" -childID 3 -isForBrowser -prefsHandle 4284 -prefMapHandle 4280 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d2b2608-59c9-4712-8cb8-749950ae8651} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 4352 236d5f53258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.5.1974314362\1731585316" -childID 4 -isForBrowser -prefsHandle 3312 -prefMapHandle 3280 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16c8289e-d51b-4dc7-8390-cd9780f11ae0} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 3308 236be25d658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5540.6.1402833672\302441279" -childID 5 -isForBrowser -prefsHandle 2372 -prefMapHandle 4760 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45f880e6-f4e2-4415-8eea-fd1226fd1b63} 5540 "\\.\pipe\gecko-crash-server-pipe.5540" 4188 236be25df58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.0.462176123\982714272" -parentBuildID 20221007134813 -prefsHandle 1604 -prefMapHandle 1596 -prefsLen 21145 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {101de397-0e62-4ce3-ab3b-d4b33b91cc3a} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 1684 210f5ce9c58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.1.1785946725\1060380725" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1944 -prefsLen 21190 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a069e35a-af91-48c5-9eaf-496c5e5df083} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 2024 210f5931758 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.2.1311675359\388487051" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 21651 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b35e2e31-2d46-46d0-a2eb-0836e86af9a4} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3356 210f981a358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.3.1720252342\1168575576" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {746bd7af-e10c-4917-b9c1-50c60fa7e127} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3688 210fa83c458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.4.198420458\415817055" -childID 3 -isForBrowser -prefsHandle 3872 -prefMapHandle 3764 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a630111a-29f5-47b6-85ac-ea9de80fd217} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3888 210fa83d358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.5.1835586414\1922239393" -childID 4 -isForBrowser -prefsHandle 4836 -prefMapHandle 4832 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06034b27-b9b9-4802-a04a-96ef243fc083} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 4820 210fc559c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.6.693836623\3088257" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e22b8e66-f717-4297-92a6-dfe1699bd4fb} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5084 210fb571458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.7.43956370\1280014770" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e88d545-0516-4843-8ae0-f5e7a2f6781c} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5164 210fc820258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.8.1875026282\1448014815" -childID 7 -isForBrowser -prefsHandle 5472 -prefMapHandle 3228 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31381a27-89be-4e5d-8fc0-f5081e6f10e5} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5016 210f9f27858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.9.545490983\1968226071" -parentBuildID 20221007134813 -prefsHandle 5700 -prefMapHandle 5024 -prefsLen 26888 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d80577b-dee3-43b4-88ee-97b3b48d89ad} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5724 210f9fdea58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.10.2052365691\402923183" -childID 8 -isForBrowser -prefsHandle 5860 -prefMapHandle 5856 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5fe6fe-1634-4588-835e-a42929e19d04} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5872 210fa0e3358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.11.964030494\2071734723" -childID 9 -isForBrowser -prefsHandle 5904 -prefMapHandle 5900 -prefsLen 26888 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6102b3fe-5d91-4d0a-a22c-7e9cf99f124e} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3616 210fa0e3058 tab

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Search results.txt

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\3f9159b1098344fcbbd924d95939be74 /t 5056 /p 5780

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\Admin\Downloads\Search results.txt"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\bb66e94794494e968932989f08ee8545 /t 676 /p 1484

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\lol\lol.txt

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap858:172:7zEvent10963 -tzip -sae -- "C:\Users\Admin\Downloads\lol\lol.zip"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.12.682322480\733195939" -childID 10 -isForBrowser -prefsHandle 4460 -prefMapHandle 3288 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {154b21ba-6aea-4068-a92e-42237d78b6d8} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 3040 210fa83d658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.13.1428538744\1824459151" -childID 11 -isForBrowser -prefsHandle 6228 -prefMapHandle 5296 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a24a889e-a33e-48b6-b122-f94d6528d65b} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5168 210fc557e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.14.900554148\472053646" -childID 12 -isForBrowser -prefsHandle 5376 -prefMapHandle 6244 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf2a3e7-483d-46bd-ad32-ddcf6019b8bb} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 6212 210f6029558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.15.1601392\796292647" -childID 13 -isForBrowser -prefsHandle 6424 -prefMapHandle 6420 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abb660f7-455c-436d-98e2-2c859f63aba9} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 6360 210fdddfd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.16.2103025725\1458284103" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5360 -prefMapHandle 5892 -prefsLen 26906 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1f2d56a-59ae-4040-90da-5080df54ff60} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5968 210f60b3a58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.17.1063331149\945041240" -childID 14 -isForBrowser -prefsHandle 6892 -prefMapHandle 6888 -prefsLen 26906 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3ab9b0-d6e7-4f01-9990-a3e09a260392} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 5060 21100edcf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.18.1038319483\1784013518" -childID 15 -isForBrowser -prefsHandle 10908 -prefMapHandle 10900 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3fdf273-bb71-4ece-9044-8615bde02264} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10912 2110307a758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.19.751154727\1890205143" -childID 16 -isForBrowser -prefsHandle 10728 -prefMapHandle 10908 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e64d0b-3af0-4050-88a1-542b6895b151} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10720 2110307b358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.20.1231537806\371483242" -childID 17 -isForBrowser -prefsHandle 10208 -prefMapHandle 10204 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35a181f6-5c59-4524-a6e2-23e2956728be} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10604 2110307b658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.21.2072797319\96767500" -childID 18 -isForBrowser -prefsHandle 10564 -prefMapHandle 10560 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8be477d0-8cd0-4983-a41c-44e5d57597ba} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10004 211034d9858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.22.236749551\2100909049" -childID 19 -isForBrowser -prefsHandle 9780 -prefMapHandle 9764 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16434be5-ee8e-474d-bf18-dbdd10bc8a43} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 9784 210fa83d358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.23.2070079827\1071213649" -childID 20 -isForBrowser -prefsHandle 10880 -prefMapHandle 10920 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eff1aba1-e7aa-405e-af00-d99f5dd6b0d7} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 10740 210e3b2e158 tab

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\lol\lol.txt

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4596.24.1519482642\377856657" -childID 21 -isForBrowser -prefsHandle 10896 -prefMapHandle 6408 -prefsLen 27658 -prefMapSize 233583 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {71cf941e-e484-440d-9d6c-e966ea3315aa} 4596 "\\.\pipe\gecko-crash-server-pipe.4596" 9780 210fad54158 tab

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\lol\lol.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 dox.io udp
US 104.16.157.237:80 dox.io tcp
US 104.16.157.237:80 dox.io tcp
US 104.16.157.237:443 dox.io tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 237.157.16.104.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
GB 95.100.245.168:80 x2.c.lencr.org tcp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 11.147.200.23.in-addr.arpa udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
GB 95.100.245.168:80 x2.c.lencr.org tcp
US 8.8.8.8:53 11.127.203.66.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 23.48.165.17:443 assets.msn.com tcp
GB 23.48.165.17:443 assets.msn.com tcp
GB 23.48.165.17:443 assets.msn.com tcp
GB 23.48.165.17:443 assets.msn.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 17.165.48.23.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 44.242.121.21:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 21.121.242.44.in-addr.arpa udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 104.16.157.237:80 dox.io tcp
US 104.16.157.237:80 dox.io tcp
US 8.8.8.8:53 dox.io udp
US 8.8.8.8:53 dox.io udp
US 104.16.157.237:443 dox.io tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 11.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 gfs270n082.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n082.userstorage.mega.co.nz udp
LU 89.44.168.229:443 gfs270n082.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs270n082.userstorage.mega.co.nz udp
US 8.8.8.8:53 229.168.44.89.in-addr.arpa udp
N/A 127.0.0.1:50013 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 systeminformer.com udp
US 204.68.111.101:80 systeminformer.com tcp
US 204.68.111.101:80 systeminformer.com tcp
US 8.8.8.8:53 systeminformer.com udp
US 8.8.8.8:53 systeminformer.com udp
US 204.68.111.101:443 systeminformer.com tcp
US 8.8.8.8:53 101.111.68.204.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 204.68.111.101:443 systeminformer.com tcp
US 8.8.8.8:53 d2zvcf2q9m0etg.cloudfront.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 204.68.111.101:443 systeminformer.com tcp
GB 18.172.155.150:443 d2zvcf2q9m0etg.cloudfront.net tcp
GB 18.172.155.150:443 d2zvcf2q9m0etg.cloudfront.net tcp
GB 18.172.155.150:443 d2zvcf2q9m0etg.cloudfront.net tcp
US 8.8.8.8:53 d2zvcf2q9m0etg.cloudfront.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 d2zvcf2q9m0etg.cloudfront.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
GB 18.172.155.150:443 d2zvcf2q9m0etg.cloudfront.net udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 150.155.172.18.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 sourceforge.net udp
US 104.18.37.111:443 sourceforge.net tcp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 sourceforge.net udp
US 104.18.37.111:443 sourceforge.net udp
US 8.8.8.8:53 111.37.18.104.in-addr.arpa udp
US 104.18.37.111:443 sourceforge.net tcp
US 104.18.37.111:443 sourceforge.net udp
US 8.8.8.8:53 a.fsdn.com udp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 c.sf-syn.com udp
GB 195.181.164.15:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 172.64.154.159:443 c.sf-syn.com tcp
US 8.8.8.8:53 c.sf-syn.com udp
US 8.8.8.8:53 c.sf-syn.com udp
US 8.8.8.8:53 209.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 76.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 159.154.64.172.in-addr.arpa udp
US 172.64.154.159:443 c.sf-syn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 j.6sc.co udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 2.16.167.139:443 j.6sc.co tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 e212585.b.akamaiedge.net udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 e212585.b.akamaiedge.net udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 139.167.16.2.in-addr.arpa udp
US 8.8.8.8:53 9.38.105.216.in-addr.arpa udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 b.6sc.co udp
US 8.8.8.8:53 c.6sc.co udp
US 8.8.8.8:53 ipv6.6sc.co udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
GB 2.16.167.82:443 ipv6.6sc.co tcp
GB 2.16.167.82:443 ipv6.6sc.co tcp
GB 2.16.167.139:443 ipv6.6sc.co tcp
GB 2.16.167.82:443 ipv6.6sc.co tcp
US 8.8.8.8:53 e212585.dscb.akamaiedge.net udp
US 8.8.8.8:53 e212585.dscb.akamaiedge.net udp
US 130.211.23.194:443 api.btloader.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 34.117.77.79:443 ml314.com tcp
US 34.117.77.79:443 ml314.com udp
US 130.211.23.194:443 api.btloader.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 82.167.16.2.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 79.77.117.34.in-addr.arpa udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 ps.eyeota.net udp
IE 54.155.49.201:443 dpm.demdex.net tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
IE 54.154.176.81:443 sync.crwdcntrl.net tcp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 3d4d9aeeb8ae6ac64e534f61cd204e01.safeframe.googlesyndication.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
GB 142.250.180.1:443 pagead-googlehosted.l.google.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
GB 142.250.180.1:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 201.49.155.54.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 81.176.154.54.in-addr.arpa udp
US 8.8.8.8:53 20.150.57.52.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.201.97:443 cdn.ampproject.org tcp
GB 216.58.201.97:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
GB 216.58.201.97:443 cdn-content.ampproject.org tcp
GB 216.58.201.97:443 cdn-content.ampproject.org tcp
GB 216.58.201.97:443 cdn-content.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 216.58.201.97:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 e212585.b.akamaiedge.net udp
US 8.8.8.8:53 e212585.b.akamaiedge.net udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 142.250.180.1:443 pagead-googlehosted.l.google.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.97:443 cdn-content.ampproject.org udp
US 104.18.37.111:443 sourceforge.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 172.64.154.159:443 c.sf-syn.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 j.6sc.co udp
US 8.8.8.8:53 e212585.b.akamaiedge.net udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 e212585.b.akamaiedge.net udp
US 8.8.8.8:53 b.6sc.co udp
US 8.8.8.8:53 c.6sc.co udp
US 8.8.8.8:53 ipv6.6sc.co udp
US 8.8.8.8:53 e212585.dscb.akamaiedge.net udp
US 8.8.8.8:53 e212585.dscb.akamaiedge.net udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 548b9aedc3180be7d8338486cc648107.safeframe.googlesyndication.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
GB 142.250.180.1:443 548b9aedc3180be7d8338486cc648107.safeframe.googlesyndication.com tcp
GB 142.250.180.1:443 548b9aedc3180be7d8338486cc648107.safeframe.googlesyndication.com udp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 8.8.8.8:53 105.111.68.204.in-addr.arpa udp
US 8.8.8.8:53 deac-riga.dl.sourceforge.net udp
US 8.8.8.8:53 deac-riga.dl.sourceforge.net udp
LV 89.111.52.100:443 deac-riga.dl.sourceforge.net tcp
US 8.8.8.8:53 deac-riga.dl.sourceforge.net udp
US 8.8.8.8:53 100.52.111.89.in-addr.arpa udp
US 8.8.8.8:53 b.6sc.co udp
US 8.8.8.8:53 e212585.b.akamaiedge.net udp
US 8.8.8.8:53 e212585.b.akamaiedge.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 systeminformer.sourceforge.io udp
US 104.18.37.173:443 systeminformer.sourceforge.io tcp
US 8.8.8.8:53 173.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 gstatic.com udp
GB 142.250.200.3:443 gstatic.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
NL 52.142.223.178:80 tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
GB 142.250.200.3:443 gstatic.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:51236 tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 codeshare.io udp
US 172.67.206.89:80 codeshare.io tcp
US 172.67.206.89:80 codeshare.io tcp
US 8.8.8.8:53 codeshare.io udp
US 8.8.8.8:53 codeshare.io udp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io udp
US 8.8.8.8:53 89.206.67.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 widget.intercom.io udp
GB 18.244.114.10:443 widget.intercom.io tcp
US 8.8.8.8:53 widget.intercom.io udp
US 8.8.8.8:53 widget.intercom.io udp
US 8.8.8.8:53 10.114.244.18.in-addr.arpa udp
GB 18.154.84.124:443 cdn.amplitude.com tcp
GB 18.244.114.10:443 widget.intercom.io udp
US 172.67.206.89:443 codeshare.io tcp
US 8.8.8.8:53 124.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 js.intercomcdn.com udp
GB 18.165.227.95:443 js.intercomcdn.com tcp
GB 18.165.227.95:443 js.intercomcdn.com tcp
US 8.8.8.8:53 js.intercomcdn.com udp
US 8.8.8.8:53 js.intercomcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
GB 18.165.227.95:443 js.intercomcdn.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 95.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 js.stripe.com udp
US 172.67.206.89:443 codeshare.io tcp
US 151.101.64.176:443 js.stripe.com tcp
US 8.8.8.8:53 stripecdn.map.fastly.net udp
US 8.8.8.8:53 stripecdn.map.fastly.net udp
US 8.8.8.8:53 176.64.101.151.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.network udp
US 151.101.0.176:443 m.stripe.network tcp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.com udp
US 52.27.171.251:443 m.stripe.com tcp
US 8.8.8.8:53 m.stripe.com udp
US 8.8.8.8:53 251.171.27.52.in-addr.arpa udp
N/A 127.0.0.1:51249 tcp
US 8.8.8.8:53 m.stripe.com udp
N/A 127.0.0.1:51398 tcp
N/A 127.0.0.1:51403 tcp
US 8.8.8.8:53 26.211.222.173.in-addr.arpa udp
US 172.67.206.89:443 codeshare.io tcp
US 8.8.8.8:53 11.211.222.173.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 gofile.io udp
FR 151.80.29.83:80 gofile.io tcp
FR 151.80.29.83:80 gofile.io tcp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 gofile.io udp
FR 151.80.29.83:443 gofile.io tcp
US 8.8.8.8:53 83.29.80.151.in-addr.arpa udp
US 172.67.206.89:443 codeshare.io tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 ufile.io udp
US 104.27.206.87:80 ufile.io tcp
US 104.27.206.87:80 ufile.io tcp
US 8.8.8.8:53 ufile.io udp
US 8.8.8.8:53 ufile.io udp
US 104.27.206.87:443 ufile.io tcp
US 8.8.8.8:53 87.206.27.104.in-addr.arpa udp
US 104.27.206.87:443 ufile.io udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 client.crisp.chat udp
US 104.18.28.104:443 client.crisp.chat tcp
US 8.8.8.8:53 client.crisp.chat udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 8.8.8.8:53 client.crisp.chat udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 104.16.80.73:443 cloudflareinsights.com tcp
US 104.16.80.73:443 cloudflareinsights.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 cloudflareinsights.com udp
US 104.18.28.104:443 client.crisp.chat udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 cloudflareinsights.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 104.28.18.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 store-eu-hz-3.ufile.io udp
US 8.8.8.8:53 store-eu-hz-3.ufile.io udp
DE 176.9.98.14:443 store-eu-hz-3.ufile.io tcp
US 8.8.8.8:53 store-eu-hz-3.ufile.io udp
US 8.8.8.8:53 14.98.9.176.in-addr.arpa udp
DE 176.9.98.14:443 store-eu-hz-3.ufile.io tcp
US 8.8.8.8:53 dox.io udp
US 8.8.8.8:53 dox.io udp
US 104.16.157.237:80 dox.io tcp
US 104.16.157.237:80 dox.io tcp
US 8.8.8.8:53 dox.io udp
US 104.16.157.237:443 dox.io tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 kit.fontawesome.com udp
US 104.16.80.73:443 cloudflareinsights.com tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 8.8.8.8:53 kit.fontawesome.com.cdn.cloudflare.net udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 ka-f.fontawesome.com.cdn.cloudflare.net udp
US 104.21.26.223:443 ka-f.fontawesome.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 ka-f.fontawesome.com.cdn.cloudflare.net udp
US 104.21.26.223:443 ka-f.fontawesome.com.cdn.cloudflare.net udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 223.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 workers.cloudflare.com udp
US 104.16.196.131:443 workers.cloudflare.com tcp
US 8.8.8.8:53 workers.cloudflare.com udp
US 8.8.8.8:53 workers.cloudflare.com udp
US 8.8.8.8:53 131.196.16.104.in-addr.arpa udp
US 104.21.26.223:443 ka-f.fontawesome.com.cdn.cloudflare.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 199.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 udrop.com udp
US 65.103.40.169:80 udrop.com tcp
US 8.8.8.8:53 udrop.com udp
US 65.103.40.169:80 udrop.com tcp
US 8.8.8.8:53 udrop.com udp
US 65.103.40.169:443 udrop.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 104.16.157.237:443 dox.io tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 169.40.103.65.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.40.68:443 kit.fontawesome.com.cdn.cloudflare.net tcp
US 104.16.80.73:443 cloudflareinsights.com tcp
US 8.8.8.8:53 www.udrop.com udp
US 65.103.40.169:443 www.udrop.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
US 104.21.26.223:443 ka-f.fontawesome.com.cdn.cloudflare.net tcp
US 104.21.26.223:443 ka-f.fontawesome.com.cdn.cloudflare.net tcp
US 104.21.26.223:443 ka-f.fontawesome.com.cdn.cloudflare.net tcp
US 104.21.26.223:443 ka-f.fontawesome.com.cdn.cloudflare.net udp
US 65.103.40.169:443 www.udrop.com udp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io udp
US 8.8.8.8:53 codeshare.io udp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io tcp
US 8.8.8.8:53 codeshare.io udp
US 8.8.8.8:53 codeshare.io udp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io tcp
US 172.67.206.89:443 codeshare.io udp
US 172.67.206.89:443 codeshare.io tcp
US 8.8.8.8:53 widget.intercom.io udp
GB 18.244.114.87:443 widget.intercom.io tcp
US 8.8.8.8:53 widget.intercom.io udp
US 8.8.8.8:53 widget.intercom.io udp
GB 18.244.114.87:443 widget.intercom.io udp
US 8.8.8.8:53 js.intercomcdn.com udp
GB 18.165.227.11:443 js.intercomcdn.com tcp
GB 18.165.227.11:443 js.intercomcdn.com tcp
US 8.8.8.8:53 js.intercomcdn.com udp
US 8.8.8.8:53 js.intercomcdn.com udp
GB 18.165.227.11:443 js.intercomcdn.com udp
US 8.8.8.8:53 87.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 11.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 api-iam.intercom.io udp
US 8.8.8.8:53 api-iam.intercom.io udp
US 3.217.26.44:443 api-iam.intercom.io tcp
US 8.8.8.8:53 api-iam.intercom.io udp
US 172.67.206.89:443 codeshare.io tcp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 35.174.127.31:443 nexus-websocket-a.intercom.io tcp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 8.8.8.8:53 44.26.217.3.in-addr.arpa udp
US 172.67.206.89:443 codeshare.io tcp
US 8.8.8.8:53 31.127.174.35.in-addr.arpa udp
US 8.8.8.8:53 anotepad.com udp
US 216.22.3.241:80 anotepad.com tcp
US 216.22.3.241:80 anotepad.com tcp
US 8.8.8.8:53 anotepad.com udp
US 8.8.8.8:53 anotepad.com udp
US 216.22.3.241:80 anotepad.com tcp
US 216.22.3.241:80 anotepad.com tcp
US 216.22.3.241:80 anotepad.com tcp
US 216.22.3.241:80 anotepad.com tcp
US 8.8.8.8:53 notepad.link udp
US 104.21.47.32:80 notepad.link tcp
US 8.8.8.8:53 notepad.link udp
US 104.21.47.32:80 notepad.link tcp
US 8.8.8.8:53 notepad.link udp
US 104.21.47.32:443 notepad.link tcp
US 8.8.8.8:53 32.47.21.104.in-addr.arpa udp
US 104.21.47.32:443 notepad.link udp
US 8.8.8.8:53 cdn.quilljs.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 s.nitropay.com udp
US 172.66.40.163:443 cdn.quilljs.com tcp
US 8.8.8.8:53 cdn.quilljs.com udp
US 172.66.40.163:443 cdn.quilljs.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.18.3.78:443 s.nitropay.com tcp
US 8.8.8.8:53 s.nitropay.com udp
US 8.8.8.8:53 cdn.quilljs.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 s.nitropay.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 104.18.3.78:443 s.nitropay.com udp
US 8.8.8.8:53 78.3.18.104.in-addr.arpa udp
US 8.8.8.8:53 163.40.66.172.in-addr.arpa udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 wrappers.geoedge.be udp
US 8.8.8.8:53 rumcdn.geoedge.be udp
US 8.8.8.8:53 btloader.com udp
GB 18.165.227.13:443 wrappers.geoedge.be tcp
US 8.8.8.8:53 d34psiby7ky5o6.cloudfront.net udp
GB 108.156.39.120:443 rumcdn.geoedge.be tcp
US 8.8.8.8:53 d1bqktvj79b0wh.cloudfront.net udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 d34psiby7ky5o6.cloudfront.net udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 d1bqktvj79b0wh.cloudfront.net udp
US 8.8.8.8:53 consent.nitrocnct.com udp
US 172.67.193.156:443 consent.nitrocnct.com tcp
US 8.8.8.8:53 consent.nitrocnct.com udp
US 8.8.8.8:53 consent.nitrocnct.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 172.67.193.156:443 consent.nitrocnct.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 13.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 120.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 156.193.67.172.in-addr.arpa udp
US 104.21.47.32:443 notepad.link udp
US 104.21.47.32:443 notepad.link udp

Files

memory/312-0-0x000002AA67920000-0x000002AA67930000-memory.dmp

memory/312-16-0x000002AA67A20000-0x000002AA67A30000-memory.dmp

memory/312-35-0x000002AA66BF0000-0x000002AA66BF2000-memory.dmp

memory/4900-43-0x0000015EBAA40000-0x0000015EBAB40000-memory.dmp

memory/4900-44-0x0000015EBAA40000-0x0000015EBAB40000-memory.dmp

memory/4720-64-0x0000021403700000-0x0000021403800000-memory.dmp

memory/4720-77-0x0000021413D60000-0x0000021413D62000-memory.dmp

memory/4720-80-0x0000021413D80000-0x0000021413D82000-memory.dmp

memory/4720-75-0x0000021413D40000-0x0000021413D42000-memory.dmp

memory/312-104-0x000002AA6E170000-0x000002AA6E171000-memory.dmp

memory/312-105-0x000002AA6E180000-0x000002AA6E181000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ATXXLKKH\favicon[1].ico

MD5 72f13fa5f987ea923a68a818d38fb540
SHA1 f014620d35787fcfdef193c20bb383f5655b9e1e
SHA256 37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1
SHA512 b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

memory/4720-129-0x0000021413B10000-0x0000021413B12000-memory.dmp

memory/4720-135-0x00000214143E0000-0x00000214143E2000-memory.dmp

memory/4720-133-0x0000021413FE0000-0x0000021413FE2000-memory.dmp

memory/4720-131-0x0000021413FC0000-0x0000021413FC2000-memory.dmp

memory/4720-127-0x0000021413AD0000-0x0000021413AD2000-memory.dmp

memory/4720-149-0x0000021415BF0000-0x0000021415CF0000-memory.dmp

memory/4720-153-0x0000021415900000-0x0000021415A00000-memory.dmp

memory/4720-148-0x0000021415BF0000-0x0000021415CF0000-memory.dmp

memory/4720-154-0x0000021414AF0000-0x0000021414AF2000-memory.dmp

memory/4720-156-0x0000021414EE0000-0x0000021414EE2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/4720-169-0x00000214157F0000-0x00000214157F2000-memory.dmp

memory/4720-171-0x0000021415F00000-0x0000021415F02000-memory.dmp

memory/4720-173-0x0000021414D10000-0x0000021414D12000-memory.dmp

memory/4720-177-0x0000021413F20000-0x0000021413F22000-memory.dmp

memory/4720-175-0x0000021413F10000-0x0000021413F12000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFB5F5FF3010802F95.TMP

MD5 41114fd73e43d8a88373faccd9820e09
SHA1 ee0e1b73e398eec3f2c1000f6c73eddc7313cad5
SHA256 31ca402e90bdd2263ea6bb8b22c8c01baaceb7d73ffae5dd74a58bce4f1b2805
SHA512 a28dfbe91ffee04559d8b3336cde667a1acf22b00e0109549151de87890a9de3cb110d4c682fc303b7f76352f11b22cbe3252cdc7236c9be258b57a66eb47413

memory/312-203-0x000002AA66BE0000-0x000002AA66BE1000-memory.dmp

memory/312-199-0x000002AA6BBD0000-0x000002AA6BBD1000-memory.dmp

memory/312-196-0x000002AA6BD10000-0x000002AA6BD12000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\6c7d37d0-a2ac-44fe-9eb0-3ec9cdc40616

MD5 7ef5f8e5f0a6499ebd9356db1fb34e27
SHA1 44f76699e5ad522a9a5033e4bea916ced22672bd
SHA256 9c2ed2f8ceb6a06e3ff6c862fe99a0ddf8dd5c7514051ab9743d714e72f327d4
SHA512 a52928a6e6ba8896ce602aa49c2758844e7b4d18ce33a744be634033bd9b721c101359ee29c35f77386bfd1d43245c8498842f667baf9067a5ba6381431ab1de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\c8689a0e-5200-482b-9ab4-abf3e38e2f37

MD5 f8d50c699deb300898af0ff85b115a71
SHA1 778774519468e786b107e8f9b91066cd2caad595
SHA256 37599b4f76962eaf7280fe8ee518149e402a386e39ed3ce0a262a7ea4a0862e8
SHA512 3979d86b51daf79eab574b9b2d514cc629a3b8ddb462d2f9961e4ccae98f0e42b293533800d1f575bf9968ce52fb9252e1d1245425c9359032ffb3a220abf818

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 cb08db3275f51a65b6371486666a1ca6
SHA1 5a9bbbc1cd177280f7586629726196c829e76cc9
SHA256 9df2c3dc9306606d0fcabdb8bce99a327c4d121a60205bc0891966c83987ce3b
SHA512 48614d0e31cfc830c948e0a023295e239e9792c58d1d8a3a5c809c9da847fad8c8a88ce1e7ed651d68bcfe137d57109a0bb275f085221d5365175a6a3ae7c226

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 e1a7b41e3fc08d4ab7ef58c08be75cd4
SHA1 68d28c5bbf320d334110045dedfd6f2c7e026a23
SHA256 fd4b5fa6e4c989e05966152e0aaae68716fb91cbb1154514b71940961d5a666c
SHA512 a179a5dea3272d96a9aa4b4cd098d3d5db6abb088b9a53863e84ed1d2ff63b986f466dadd2f209d5f4aaca35352b3d6596880ef34113ff773320da7c4528013f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 b86fdaee57be95552e2ee9bab125f932
SHA1 eb954bafe5195fd60806d831673765ec7f861f32
SHA256 795f63c54aa7a2c2ec1fca53a445d7939d12e3c9eca5a40e8316a702c389084f
SHA512 df2435c0c459296d2128192bb57d57f082128144067d782fdb73d44511e88279bb8b3e55aa479526d97b91f72183990a08c4e5a6206b37184181767660073737

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0d0013d9708d9fef539adc917f5b87f6
SHA1 5e071e6b4d8abf007c8bb78ee948caf5bb0439e1
SHA256 f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b
SHA512 851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 1b7ff0d2c5c16e5a45bf19eccd792f9c
SHA1 33ea2f48627425b03b41131c058adb8c326f27ce
SHA256 61e1d3fb0f9e23e62186fd5245b35987078f97331ad70d074bc264f3f7c65251
SHA512 8bf655447732f40fb88e1aeb78b3107f65f304a0d6cf844dcf40215e2948e57a60ed4b248069588817dc2585c5afdb24a3beea8b2afaf66a29ed50a76ff183a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1d1c39fd31e88c65787f27909309e1f3
SHA1 b01cbd81e010e6b495ac822ac8ea350e5b0454e3
SHA256 43e104453f12d5f0abea3d36dbf6455d51204e7950831eb970c48592a6c5a58b
SHA512 a21f665c08a934c7fa14c0fc4688a28aeb3664c1922badbb57cb37c52776343e09f2691c1d5672f60554e6db6ef156fbd8d34dd5c632eb9f5de1d0c2a8fce71a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++mega.nz\cache\morgue\57\{fb5383ac-89d9-45b3-b670-339ffbb7c639}.final

MD5 3efa9abd92666265dd81c4f4311a96f9
SHA1 41b6b716d67b93555e444cd453f3c6e3f8c9522c
SHA256 5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7
SHA512 5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

C:\Users\Admin\Downloads\3gH7gsER.rar.part

MD5 42e75638d3969c9d1e6b1fe5bae02ee0
SHA1 f3d2982ff4a3d9335de4586f9ae6a65e09e4ed98
SHA256 7ec52c05c086799ea24514fbe6e3ef6c35e65e66cf4a03a890447f32219c58c3
SHA512 493455b36eea7b354bb658a706fbb7c5d529a01a9d8847b79b7779b5598cd89ceca4d0c2b4e3b8fb71d2da92feefbbfabff04bb7858a9235780df27a8e9ffb5f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\16325

MD5 a879227a5aaa7f949393e8f2ce033a66
SHA1 731357c91f2f0c97b692d4c22cd8d870859c2720
SHA256 45166bd4bd79c7a736b4607557da577d9b0e0caac1a8960dd0687e998dcdb5bd
SHA512 130b2f64067ddfbaba6d3bd14ddeee2b4f62568c80c2a89adb67cc2e7271a12de7edfd5d52c2018fb8a8c4aafd7f7b0c44657acb4b83ae0e73f589b8ff10fc68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d4df69111e687ca6886771705601c4b2
SHA1 a6aca6e32865a3cedd22a0d5c040761587b66efe
SHA256 854371bc651a537d60c3a3c817aae7600715cb2e99720e27efe87385f8be9d4c
SHA512 0676d2e4cd1f67f8d9b8bc7eacac5a16c6be0db6375f8d40d045224a661e8f673354a683adee5c1543898758cad0a8fa02f713d624e8837fb9d9e4f7a9cf56b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite

MD5 7164a153fa618a0db5533d45c2b1dff4
SHA1 858765974f895844df8d7af8fccb8da13801f96c
SHA256 5389ceab38b506c6de00b5feb51242c13b5ea2c88a3cd44192c160b87e265485
SHA512 5b87b4e1a29bcc0bfcafd8437e32a3d36f6c700ba6f566d7bbbaf1dac21b58f40de1e7c9a9aa4c1d7b8426f70cc211ef33e125c3bf9e29f1a295eb8d05d98adf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 0ff3ebeb74a8ddbcc320b9e208681325
SHA1 5b0d065537892ee644c5fa35617b2dd14a78b808
SHA256 d4e1e9caafc81a6f1121dae0d3a396c52c3b52e0bd2e5fc7a9afec3c6285dd33
SHA512 66ae9358243ef97124ea60c3a0f432efededbdf13ed25eec3a793fb60d05d5c7c2874e6e36605fda3aa781accd8067036d9e9ebc2fae54906c9f565ebf272725

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 66b4d6881c27464ac38c686480edf5d9
SHA1 b9d90307990593473950d054f869f0835f0169fe
SHA256 cfe3c48cafb0500d909bf961d8ecc51c80377338a796e1c26b153a41e341976c
SHA512 4ba9ba9326c242c33ea23ed53b57fae86037195d7c199e285cea1c3d86583815989bdbb9e1f96c8c4ceae4f8da7c02f1ec6861177c43780b580a5ae68133a42e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7c5b9de05b0770c872bab5162b10d156
SHA1 b18681ab4c5fa637b674a218df8989cafd0717d9
SHA256 d76ada8afc2af3a0d0bf506f749487ea32263af4b09ab3f86679915f2fba232c
SHA512 89a562f98c76a229d51f84a2526275f2b473f98289a26ed1f3d01310526c97cf8903c75522d1821e1765223d7f1c8e9fb130d28b6172388503ee51392f1ab0ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\thumbnails\8d600d380d44463983af74a8dd81f611.png

MD5 fb0c9f6ff59988e8eeb690651769e58a
SHA1 c121e70f8904be81fd43ceef345b44edcad7970e
SHA256 600b6716bde73e9398a3a977b1ec223fe87a3fc1f58451318bf80def38318e0d
SHA512 068e7b1e9210705666bcd5c9d653dcccb013f76f1d5fe7102228208b803f7313e4863ef77c45d827ac182d4b37656bcab63eae868ff6b9f769bdbc5239285e53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 358bbc3429e1bd3b04b1d75b7ad3489c
SHA1 319400789b905db0a3a75bec9c160648614af601
SHA256 ffa6e187beb3e2c71b09f8c824cfe9ba1c222aef9dafc8d514ff1411c81015b8
SHA512 b24d983f7e00aa7e5bfd1d510e964c68a6a4b43eefca54bc0d56f65aef2fd8845f875533487b8dcd5f95d928ca89283dde96a133124e7032c234006c2fed8d06

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7bee63a5ec882983a2db1d969a293228
SHA1 3a4b60d691539db59d306c9829c03ebdbe59e80a
SHA256 e6f16a474ef94e6075c213cbd7b20bbe2cdf66283bfdeedad810ac702d8112f1
SHA512 93f907b054be89b66132612def4d0c2e60a736158af8ca1dbe1ece014534cecfd827f1ac3bf4c6c744f050920945da698e32532389002d976efd598980129dd0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 354c0d66e495de5eeffac3b75e1cf444
SHA1 a407258e57f7e64ad7478195b81ead95c2cdb5c7
SHA256 b6c4a597fe6bcd60bb4f0423b44261618375c72fb7ec2014c006a7b2af9519e4
SHA512 37007247d870c95ca751260ab3ec3e25c573dc75f03fd40a2eb2f509eeab1f038d5ea3acea659248eb0a56d5c2bc59befb41d2d2958b7196c12238ded94a8b71

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\39327C7658BB144319B9CB7E37D85AA1B94C90B7

MD5 d10637d8b3ffe3ae313b4ed0d81b368f
SHA1 6a4d5864e3c4192130411cb673c6f9767454f123
SHA256 faade035c5e50ee1d30e313821e8c7bd3ed8739c466756dc2a35cb3e43718ae8
SHA512 07340f59126dfd909427f129e97bd3f27e8f7681cab5caed3d424a78e8ada8835c8d3de66b11cdc15e0c69537471e5f04320bc57a8c8fb3500d4363661fbb9c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\11437

MD5 80f0c9d82c59ae4d694d2fa8f5d26d15
SHA1 f234c732dae926d88a27e124aad2d311b7366f8c
SHA256 1923e61d98a349e31ac40b933ac27086836d6efce31b6fd12f9a6f84fd4b2bb4
SHA512 9cc72e406aeaec66682e906c47331385ffb694127959213cfb0c2c959e23b2559897a1e6a99054293ddb74dc3914ad285d26aacc32eaf308d83b32d869400190

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\32725

MD5 b574b457f90698b0d5439ddb981dd3b4
SHA1 dc948f53087268f2b920ed305af7d0c143026f88
SHA256 994d9af8604a8f905e51bba01dce8e97e0b22cf867cb4725d8056ed69714f457
SHA512 dfbe302c84527173a1e2f9b2dd02f5d4f9b278596b17e78db6e75ebdb4123c6c7f9fad81f3da0b374e073a40679ba2f9351af5919ff05fe393cde90dfd0bf373

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\17267

MD5 fd3ec7828f44342f2df1c4f0804f324c
SHA1 876debffc04c062809a7f94db3a89ac09397dcc4
SHA256 f240bc5b3c6fcd1ec72a5164eb20e8a5e3134737916c2dd83f01851a197abec6
SHA512 20466aae12008e1408fc38d12819013eeb73b9d80dc452d61c3efb58470277c6268c3e0d6d4a1b3be645b55970224b3e0a734ba4e973e7a656a686d385c26477

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\10736

MD5 dbaf709281987e8a13d6d4d26beca107
SHA1 e0381996c228ab36d2b1eef76f3caaa0df952ad9
SHA256 1862d20049d0ce27b3a8c92492ba364f89c2778ce60fffd06ddc797f8d17ae3c
SHA512 970435dc0b4bfac6442f6ad46060e81d95f959c19f2e17b54db68bcc0828e1beb43a543f553ed265eeb910e3cade1b54cb0313af83effdc8e7a25abaa46ad1ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13553

MD5 56447f5539081848b800c3698a963db2
SHA1 0906b5a90de6506c93eba6125b124786753c0382
SHA256 534cbbc843bf9d4ddcf75894695ea91c232c49250d0290dd6412c4f2be91dfef
SHA512 a5224a033ef62b1642c4c99abf0cc262276aa1cc56f403bfcfe4263264778891daefc5fb58d8a187eae665d84d96f71b6d76d67b855cabbba8727934b0244d6f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\738

MD5 b29efc3bb93a3efdb7d3d6f86145989b
SHA1 49c278c9a3d057c955b0e9596023f8ae37fa14f0
SHA256 a3cea37185b1c33bbb547e0f1542441323d494e24301f12af8af7cd21bbb5140
SHA512 d4f6925c099c15231fd58730457847bf40a2f36585ba1f131faad9ffbbd8fccb4b071cd7df79e30bf843db1740cef645cc313ab660b1f8fdb84dd87cd1e2d7da

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\7157

MD5 37af385a40aa977922f2cbf3eb9896d3
SHA1 44c1c18e7f823ac993128199ec60d4fd0feceb51
SHA256 33f6ce1aa65af956f1a602a1296847e387c1cb55cb9c731d37bf18d2fd956c57
SHA512 0a080beb4d2163c3e659e1f949af8bc056ced6e7ffb4f45275844674e2d61e85be424a0dc7c07e5f5d737a1ce3f520f39dce0faffcc162305d1305d6d942383e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\9974

MD5 a6f51f56ab9725b20a6f23efbd51e12f
SHA1 3ca4dd113e8052908a42143820ff95c099b84905
SHA256 508e32053a9006334f4cfecd2f353114282e5b2bdfe729ef293b8f6897fa3d39
SHA512 c6cc98f6e344412a817b18919d725e8eade3713da45eb764ef947e6d0e9830baeb664662970ffb5b77595132a4db212672584ef01614ae9774d2fab9a85b6036

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\25404

MD5 a1e0e2811bb98a77211276ee407343db
SHA1 6b42749bc5d7f0ecb3d0c760b916e56d09b83501
SHA256 b44c6ce90d0acb6afc1f0057a7b85efe171c103e05af44269b16a89e0630b345
SHA512 42310933e8659ae8d7e4c2f2306becfc9b1e78d514535fdb1e0d2a056ac532344e79995ab0623ac3a4c74a187542b6532a441a901d127178900c5019ac20409c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13924

MD5 601c5527f8274da745e5d7bb61f10970
SHA1 0d77bf63c94d578c515fd384570d8bc49544e0eb
SHA256 be55946d13bc859efc4aa02d879619c500952d07bbca7e5ed4cfb975fe40b0bc
SHA512 783eeda8d2ccba1ccb05b718b1a12492fb8d44e9a233023e3a1d959c7abef0c55c3bbe5469e49caba6c791e19ce6d9dee73f47880e2cfbf2f7f1443bd5330740

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\17998

MD5 148b1fb2c0a5f2596c82ed43a9419527
SHA1 fbd1ef9624473a482255f05f6b145520299e2f13
SHA256 30f63c4aedafa7f9cacc05eaea4f1f1839d4c76552389cfe146896d31d0528a5
SHA512 d854efb1aa1ddfc3924519fc6c8e3fe80097e770ebea6372f1747d72ed52706698d7ff7cfcd32b337c2cceb4cc29ff76f3fa1fb5213f961ddfa1e2c526c29ab2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\17213

MD5 bbc5c59964cb440b44c63cda3e61f5a3
SHA1 09fcf955cc2085aa77f3f1274629ec67b21d2533
SHA256 a1656250b2c1aca85e0dd5fc20cba64d73afddc11d4e3d85cec1ff357cc9b798
SHA512 ada7dfd2ef7b05c472a31f412fdeabd5ae4cc60dbb123e4dc505f0f8c3dd61d0a4141a105598e35095f9cf1505ba0086c316df66c1a90b4bd151b0d74c033add

C:\Users\Admin\Downloads\systeminformer-3.Oq24HQGe.0.7660-release-setup.exe.part

MD5 e67cd84a09b80fb953c88e90b5710fb0
SHA1 81fecc6cbbd15d4ee251a27270ae2630c0e0ee90
SHA256 11142bd714571661b9d1428c8025fb6af24a0d80d0bb582c411a36b34c109bf1
SHA512 eac702d22ef79f3ea83786cb2aeecad475f2a299cd10c073ef9102d92999275f5325cf5a6fc977855cf6e53ddb33f5edf7ca14930fa817a9c9e854b4027eb154

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1f0629f3cb47ccda659a6a1d0ae46b53
SHA1 fc879d226799dc5b56eb46491d8aac86f6ee8a70
SHA256 30592b5f127f394071103f3f6690310c5232e2b2e6d996aa0c17e8a1e6a502bc
SHA512 877c4f9e01c0f9d8546c18a7ec6a346172d70a9aea751986f28f6f852bf7921740f3bb97800b17c8059edcb464628ffff40d409ff136687b4363ae777696ccbb

C:\Users\Admin\Downloads\systeminformer-3.0.7660-release-setup.exe

MD5 0d909a4a638465a17bc9f37c5024e574
SHA1 eab2bc1ca6ebfa17b95b8cacebcb04043238164e
SHA256 a82821a4c18ef940354b84cd625ce0fd8ed5cfba5418014063f054071bd5fccd
SHA512 5ca49bb16ef39f1cd7914a083f50f71099934b29baec7a813db16bd89ca1407912e135be7fae9260bc1513d722dbcddd5e841e50cab08f04eea0364f1ccbd324

C:\Program Files\SystemInformer\SystemInformer.exe

MD5 60d6d4096eed212458d15c1ae5a69b9b
SHA1 b1ab46826bc2608cd4a36b5b8fb8b90d80570d59
SHA256 c2e6ee62a548067c722b71f19ce59e81922fe16d00e0fbf36a1a6e28803f57d5
SHA512 5bf4380158369dbe30e480bd4679899cbf8d7758b8e49f0b19caf5ea5832dc968b21567aab0ac7f5e5c97c48475ae79b303fdf97d91b8440fcb4c758062df106

C:\Program Files\SystemInformer\plugins\ExtendedServices.dll

MD5 6815e3c7b86ba599c2f4b6bb954a95a9
SHA1 aebcc1ccbbe83e7e633e68b89a7bf0f81665baa4
SHA256 805054d9666437fc539765074820c85509011a118a2066f3edcd9422bd95070b
SHA512 febf8087542ccd097ba9d6073183101a80d86d800a8142e6ce5eb3ac995caad87a7f2e6644870fa9ceceed32a9e6b2dd16f731b3833aad3d03d5cedfa4af014b

C:\Program Files\SystemInformer\plugins\ExtendedTools.dll

MD5 dc96b9a724d3cd8cfcf8733a9a61de7c
SHA1 2536761631bdcd087f2e5f6c7e6a0c4122457570
SHA256 a6c4d7661a24341a722aef8daa7c325f5fc4ada962de8b98483374fd274e0239
SHA512 3274bc3c7cd03390c494e92416412c63bda6deff243ce86640f93c032f28ffebee59efbb3ef08c051d3551c1c0c095e475b8c1d6e4aa483fe687048810d5dc5b

\Program Files\SystemInformer\plugins\ExtendedNotifications.dll

MD5 a6298a0a586067279a5334b9337d1034
SHA1 ebba80db97b6457bd1adba783ced4493360b39b2
SHA256 d111eb9beb8e4635b87e051b47af97c190cc1f8d0cd7ad7f1557762f9a43b863
SHA512 dcb64076b7be0447dd65fa229714853776b45dfebe4a3c748389064abaab5d41de3334cd4ae05a9501f57aeb35e724fa29d21b7cccca1a31634408da77ce00a4

C:\Program Files\SystemInformer\plugins\HardwareDevices.dll

MD5 01fd6be2a2c22b120daade0d1f29cc09
SHA1 86a5c543dc0c45877f2682faf27d848351f68fdb
SHA256 ffc35befa48d579ca14a20091b3cd094caba0d51a5b468a700b0ed9ef36436e5
SHA512 ef492fe5c607e1c75c6ef68d0c3455222e162b4d09e5e383663f0e353a95daf2ce437151fe25927ea1868e99d844142f20363b4031539647c32251dabf2c5e6a

\Program Files\SystemInformer\plugins\WindowExplorer.dll

MD5 f33adb4807118a494631475860bd8a66
SHA1 6bbc6e5914edf92839cdf7421a9e231f9c3e1a9a
SHA256 4f6141e419cdbda14137336c78492cd21a1c00e61e7b3e7ba646db4995fe678e
SHA512 3d7403737d1dfafd49b59566b31bb9e5ceca73685d8586c685eeb583626201568efc9ccf3a952106bd2ef585ae979f9af9caeaeaf4c5c89fe740105397eb0f90

\Program Files\SystemInformer\plugins\UserNotes.dll

MD5 2199d7b465f79bc686c96df9f3211d43
SHA1 b8914fb38cf41c68b0c233898967fb8669a57a94
SHA256 49a8bcc83078e8290f7406cb27b77e9c24ecf1f91e50ca756bf776031dc72f48
SHA512 840eed353fe29a70d7d7b444f6bd649471a6ebea335453f1e6d35d19782c82307241e2c333dfc282e6ebbfc83bf3c6bbcbde93502d95c6068ff10dccadfac30d

\Program Files\SystemInformer\plugins\Updater.dll

MD5 0458698493e55a2fd790fbb5b9622cda
SHA1 7035caca22e5e6442a55099d6e58d96e3759d9ee
SHA256 3be34e2090edaf01f832ee9bd27ea52c576e9d11ffda2728af336869f0c887e9
SHA512 b0c5e3c08278243af6e5f9cdfe3cee5628ec4420fb5d01514ddfcf9e2a0219d00a90a6588ee4c96c247ebef9f5e7b4ef8cca7b673b54183005fed51386e7281c

\Program Files\SystemInformer\plugins\ToolStatus.dll

MD5 f40b030643d4b2c496851f8f4a88f0c0
SHA1 2f99c229466e8b9393d87e9e3bca8cb2b666334d
SHA256 1f5fdd373022a7326b606024de4c9887adb4a11c3316cf26e1ba8c735fc11bef
SHA512 2b55e43e7ad24cc37353921f681319a1369b162abc5ca72b754397025c6d94d4d9de6c51a8e174797c83a4b699a007bece9671b86d56895fcc0d5fcb102ddbfe

\Program Files\SystemInformer\plugins\OnlineChecks.dll

MD5 e20b9986cb01302bce63059bb83cf544
SHA1 55d453b20ab9cb29d4553212d897a3c558ba9c3f
SHA256 8bf52b4d8e32e502f11f1a4efcee33930a3c338dc506a9a0220cdd5bfd808557
SHA512 57531957bae5e8bf89237361ae2b6ea1bae56ed7f37786e4fefbc28a664903ade6c0672bd287a22005693a59c29fae9454bdf0aa6f46b3027cd266ec4bd2a888

\Program Files\SystemInformer\plugins\NetworkTools.dll

MD5 ceed1b510d002839b9a9e40c1253ca80
SHA1 6e5054bd2d4bcd9679fe5cf38c245d1b04975c18
SHA256 269e630ec4760651af16939ee462cdf384e9aa6293082b6fdf164abbe4a64790
SHA512 15dad48bdc567573636e3092bf17de2c8f31ead2bc785b8ed693387907c34843a2b84ff2282dd3a076cf48604516b499d4487d819b9647fbc3e11e058fea9576

memory/5980-1165-0x0000000000BE0000-0x0000000001AFC000-memory.dmp

\Program Files\SystemInformer\plugins\DotNetTools.dll

MD5 56421d2865f0d3c710d234a3c556d7bf
SHA1 b78b8d0799b32a9064471fe5ff058477e2460da0
SHA256 3546ede3a7a85f5cfd74c473c50bdbcf19c48310503fb38937e082bfdf998be1
SHA512 f91619361495f7b247f3ad07800af025ac63deb5e36c1f81f9e37d1a4c9d44da1921874c0a1528e4dfb88fd1992c1c4daea8e09c5c013c23c17b150c8d55ea92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

MD5 8406d2aff88ef60c5a9d3a8f672ab983
SHA1 0abe5dcbc50c19c10b3876bc0080b502fd4bfcdf
SHA256 f1fee6500bb2e887119f39663c63cd40de3ca8ef44793ed88f2f05011f7d7f1d
SHA512 b7f5774d9d25e900c114731e2acac3e1d48168079127a5d5bb5841a2ed304694ab021ee132a8f6de30bba9228e67aa9e5b0b4d98335ff0ab3e5a1d3dc30b9192

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 5f563224087baf8cbc4184f89bb93282
SHA1 bfb6977ca7fe62f1a555072d23203813083c1240
SHA256 79216ec8ec485b6999095c88cf3d2d731bbcf6c23a092fb17e14102fae0ea30a
SHA512 c9a93108686f5e98128336ed8ee2207fd55d1763a15375d76a25a541e6120d6180f34748d5f6f36f7749585817a81a0edecb5acc1b182f00fad043b5a9164235

C:\Users\Admin\Downloads\stereocord\stereocord.exe

MD5 93cb4256515db89ce22002d8e5892ee7
SHA1 8d944861ee6e10ad49a0b592969f84ef19c1bb88
SHA256 03f6a8c7682b9026d19c8f6dc162aeb77a8ca237d9fac278114ef7f33cded978
SHA512 ded4ac6d026aa35b31e9bf0e8bcd91c00191ee828b92d183be4e62634fe90f36db4e7aa3f730d201a986f5d34f8b277f6052dcec1c1bcaa839cff06be7bfbd46

memory/3724-1283-0x000001FD6AED0000-0x000001FD6AF10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\stereocord.exe.log

MD5 53ea0a2251276ba7ae39b07e6116d841
SHA1 5f591af152d71b2f04dfc3353a1c96fd4153117d
SHA256 3f7b0412c182cbdefb3eedafe30233d209d734b1087234ac15409636006b3302
SHA512 cf63abfe61389f241755eef4b8ed0f41701568b79d1263e885f8989ce3eca6bf9f8d5805b4cc7304aaaa5c7e14122b0d15bd9948e47108107bbb7219fd498306

C:\Users\Admin\AppData\Roaming\SystemInformer\settings.xml

MD5 6342da3289a788ef5017d2bfc5f96160
SHA1 a3a5630bd908c053a2cec29013c5a78ac12c7871
SHA256 c6edcf1539fc8f909f1c813e276e3395fef4e496961c53c62833ed7cd6f2da4d
SHA512 8d1aa341915a2e247b4abb011f62cbaf4195328875b02f4a248a95ecc28f2807ac0568ac88fb906e3dfc744652cd6a3fc5b3367709cfecf02c5464f9ebdcc7ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\scriptCache.bin

MD5 1ba3784502cc36b7a4957fb72a3d862a
SHA1 98b0b2b0472171b8a6cad6a3ef625a6ceaffff0d
SHA256 2cea76b2fdf5eec199ed1e4ff8fa5057f6325802e53663360128a5bd7ed452d0
SHA512 475e225659b3d7feb61ce6be6fb1da8a98370d41900bfc43e47d358b4267c4d71beaf8c9b6cacd6185fb8700d53de2f8ba33275d6e2366ec64d297f4e1f335c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json

MD5 362246bf7b7acb02b8b6ab62c4b18fc7
SHA1 d171fff3779c6228917423caab154d84b19d6ec9
SHA256 a9bddc5efdd4e2b436fb7557646afe419e231b98b1725673ba8d7950473d0f8b
SHA512 edcb0dbede5f85975beb74450a2d41d4c16d930aa7e6f14c3b48455181211cb18cbd50498f9d292f3a7adf1d8895d4860707cfe1c2d4adaeed274980ab87a03e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\startupCache\urlCache.bin

MD5 1545a3e921a3098b76cf6cadccc4ae35
SHA1 1d67d3f30d70cc8f630fa7efc31bc55e54e56665
SHA256 19984a956bb9091780a609c5bfea2a29c9dcee058ca32ae715392eef6debc027
SHA512 fa364733cf0fa48126ae3b37cafc72b19bc7b8506cedf94f77fff3883de620b5f3402933a1cbbb26abc0ca18651000db882bc4b2c21417bda9c14c4929811ce8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\permissions.sqlite

MD5 ea8f76923cc7d15d1eef2ba4a4a57d04
SHA1 344f666e2b303e57f30323468ddf60d17fb82800
SHA256 c2a3a273577c72fb64c6510c470435465ca3fffa088d1e3628fd8da44445d91b
SHA512 fe8f96c9a03499f03548148e2b2ffac3ce0954e8d9f7cd7965729eb2d06186e11516d384c0447efe337fa5715bc46cc057880a3f9f73750a6a364194d444b1e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\index.log

MD5 50b71071efa963c77f664a0f017eaaf2
SHA1 dba3cd92fb7eaf7d264eba2d3c094cb55cce9ceb
SHA256 1d4347fcc99107bc8674ca8e30d7838b7e1305b5c2a7171a595a4ef90a1318c5
SHA512 2e44c2fa686cb8da6b2d9f07b6b1fe43954d0b3d2db9142df48cdf43876b826ce885491e4cfbec8cd139c194c70fb68fa787ddcbdfaa187342556f28d4ec0f36

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\68852c70-ad2b-4ec9-a09c-957635ea7fae

MD5 6ec3ceaf78d4e17d52c807bd607f8c4d
SHA1 ad7f62a070b49597965e3ae1c7926886ac32c83a
SHA256 80bdbfce0077331c4b45ee2e5139456120753b24f44ddc2b824a5fcadad0b226
SHA512 95e09ff8176a0bb1befb3f9883b7947e7290c0f810604dd521110776a1f4fc9ddc57e90c3f84b744341c3fc39def458536d2f9920214d0dd05a90e0b556e84cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\c3ead2ba-46dd-4699-a10b-f3bedd2882a9

MD5 fc865a415f2546fe5174e10247558af5
SHA1 30ac4bfe0439f66ef03c7dc3f9a209c2df079e61
SHA256 ffc281e6d226fffc132f528b3e751f88aa397c3f2565aab7e66b12a80a0c937e
SHA512 12a443fbf0561a3ccb475ecd17baf2259955a7dbb15c1ea5ea1160ea14c5d85ddcfe680f3f56b9376da6d693e7b4a02ae9197116601fa72c0f0104e9177fa26e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 029c794d1533bfb88e7cbf6c663a2e60
SHA1 baece683d85bf9678f521042e75c432301788d6e
SHA256 bb04180a47e6fd6fc2e785cc7f1f7226c274742e3f196c8eef444bfbea9ae7eb
SHA512 95ea1a10465605fb379940dc4d7b8f84a06e6ae8319b6eb65af7a098e32b9fbd0c274544bfcd23c091703ae4a19784975b9cc25ae61cacac870dcdb211d8293c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 0b9b4d9051257e94917d712779035f8e
SHA1 74f990ec53adab4ca12f2901d5e60a83a025a9af
SHA256 2dca4f8a292e75fb65aeb5d6a45fc82194504c6ddf8f97d494a92af13e797b6b
SHA512 62b4e97008f07d7127953a1dc7c7812f39369cf4c8290acef92749158e9c8506397370e3b96e92f7f556af9e398a567684e111360dc526439e64b1387bbfa2a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 2ad4fe43dc84c6adbdfd90aaba12703f
SHA1 28a6c7eff625a2da72b932aa00a63c31234f0e7f
SHA256 ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933
SHA512 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

MD5 f25062cf2512d7e3f37b902190e94fac
SHA1 3d7fa2ad0fbe00934c985a5f52abd45744ae287f
SHA256 457c20f4b285c8bc939623b44ad7bef67c24bcc9e4111950143aa8b87d8587f3
SHA512 2297b79c472c4ab4e208dc436ce057594315ab727b2b45c8a43f4ee00ff4d0f83fe438a2f7f62c01036d05b1dd0bb40c31f37766e0b5491c1b2c9c02e73c5add

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\xulstore.json.tmp

MD5 746641527af388096073f90326f2ca08
SHA1 e5d8a30a4704722a5753043ff2322e72d2fd1499
SHA256 1b5dc479f3d46dda19d2be43427be3e6380ce9c0555d748cf25d4eb5c24798c0
SHA512 8f5dd090147dbb97d6924e579d9dace4812ae132a7854c230fb5ea3cd894fd6db552a9877a76cc0fa961d330ed54291f80f618572e794afaa8aad5abc851f0e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\2c1f141c-cc23-47cc-a0a6-967d00583371

MD5 c45e3ae39b57085a8f4e587d90612783
SHA1 4ef89c19e7983d4ebfa72d9f54f299212a3bfe75
SHA256 1e10468ed41514a93662e16bf806a13f4f84ab16026876ba2e52a73da4b02445
SHA512 0888009837f6f24455b87ac45455de4725a5601181672e321b5734152efc6d680ddb938f76dc13d1e6afc44bb7fed98db0865926c9316ec0b96fef00dd6ea3f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 03a44d0822c6c62ab82c816c5e0fc3bd
SHA1 b93cc11a6fbdab483f84382d7f0e263311adf5ee
SHA256 f1f84745acc77a1666ba4ebce141e79ece2d65e1709e4ef4d2d30d44183da582
SHA512 958075821bf62919f263c66c46609daa89a4915af1b57a9f5b05a9231c55dfa3a8ae7a0197e712dc2827e0be1d1bf965042fe60695811d086c1968a1b40a5ae5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 b669661d3b0ced91467951d06c9f09ea
SHA1 c5b162ebaf6ab0d99e38efaa2c2fd9116135ad02
SHA256 5ea508d07f90a35f2ebd3d6ba614bb69220173e8ad072fcecc57725001d9a75b
SHA512 038094f1a1ef81ebebd0e46c9abb1f29fe7e3713e997974f2817436eea82239b8769db03a041f75827d21b7cc50495a51f4d7892c9cccecfa6132b4975e785c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6af94f179a9b282b8d8d852d6f6ee95b
SHA1 dfd9ba1316f430ed417432cd92cc29172b23b8b4
SHA256 605d676e77dec03bf2ed34b585d5873d481839e1ab5104a93e81b816ee37237a
SHA512 ca180e677edeab054206d634cd315867d316c6e09012dc4fddb70458a7f73b63738c3166621de7cf4600499a6a0d320e503f3362489aa68eb0aff5c8701dba39

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d385bb81c154a82eda13a8e4ce617443
SHA1 528cc4e852aa12805cfabeeafa205b91f6880021
SHA256 fe11e46dd05dc00a7582fa894af3e39ed1435849673def9b60dba04204c7b459
SHA512 a57dd8e5edd38bec132b6cfba78654b6b2a14935a23fb23c51763e1c3e10ea00a107b3a09491350cf4188e2d75c1c675fb27f5afc9fef01d7f823491ccdd687a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 03fce21b0c48410db68802b24d9c69e0
SHA1 ae1e93b4dd263610d721ec9ee71a07b2ab690f75
SHA256 c21889c51cbace0e1c0ce92ee90a39dece1c71a489ee9721a654eddac6f8afc2
SHA512 6835acce30cc7a9cd81c8d54552bd51ea68b208aea94e9bce66be7c9c9b872017733e745abb7cab977697c1d80e4e092ebedb1f529cba19d76d5a50a11588f9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 25f783977fe52b3e8b79d98a3ec0b625
SHA1 2208a83d1127dd026b46338cee59a56643454f06
SHA256 26f196f142d8736cbc1c4f3fc247533a56746a0b3c52f9993c7d156f107c8811
SHA512 0d15de2889c2446cede6244ec9ec9368f058053a746af5e1cea5eddcc0f57052ccf1061472a2a0fbcf26802a88eb2f6451a675379343af7861465fe63a88440c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

MD5 9180b36a3bf281344c958cf8bcd1f415
SHA1 436323b5b69378293dce34c9ed002b795979a001
SHA256 2e0014fecf346fbb76e8c92086700f0c265715a6076667d209249cbf508b31c6
SHA512 13ba75b0b0a16041cbbe096a0dfe6861562c6d2f9d260e8c7ed3078bf50686922675022ec949c9f70b3ed7c02768937bd219043331e0d56c4ef85d85540b7d94

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 8753c6608cd12bc8b6e9a34a47cfbd04
SHA1 04ba340c9eb5988233bac35aba1457bd589bc18d
SHA256 27f100594f12551eb57a9c1cc9cab3e5e69c2c2b743294859f52b304a4450c6b
SHA512 022a201e42ec79b3cbd31bc1a60c8b630a1a7408b8b9d5b11572e0efc9d33ab61a007751e6882a45557ecffce2ac75419663f7e54dba61702c50f58130c1c2e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 46833b1aef5eff70d68aa1335e78eb5e
SHA1 c3a55a984dd051507531c61a47040c2440f119d7
SHA256 9bd06fbed5ccc981a007a99eb43967f430f356d0a1d47fe882192bf0f1046a6e
SHA512 768c67188369670014efe4edbbdc071b6ec7fd5888410d694b32b6aad0215df04027d4fabf1dc50bda4eca997a845b68c15876bf1faccb4d5612e086614b93e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 eb1f9c24e94cec0b3ed8e90210168814
SHA1 9ced34d6b98061de860a20a05638341281855fc3
SHA256 20ddb39a23f51172745d10a89a15af9a7e06e5095746ef0270807891bb3abb35
SHA512 92c087c395e05d1ada30da772425373b292a7ea2997e002e4766157816aa977861e7f061f33a408ae43cc1216376d7dc2f838f6db98d67589579629bbe5be49e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\25070

MD5 5505e36b5887ea6c8c5ea65245121ce5
SHA1 47a47b5618c4cd839f36603591262c4fd30bf632
SHA256 4e235be224c46ad146ce301ae1af6a04e2aa8b01b1254e2d02361a999da61056
SHA512 381b56a051417a15e061a19eea633102d9f4576b36896a861e6d90f8ffb99f8929626b8cdcacc628be31406bd7294c5253e93fbfd6f505baf1d78c933d68334d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\23960

MD5 94616bbccdb60ed2116a72fc217fb479
SHA1 351d2a46b2e536cbff0613fa6b3dfb2aa111694e
SHA256 cf16e0273e494404a16e30e9c872599819fc4f4831cd0e89ce0f0899cc1674d0
SHA512 bac3bccebe851b5d6b68cff8474c56f4f2476eda63ce0acdd8323e2ff2d63ce04705000450ee1bdbcf59817eab6b80d58e351db60dd69944de7bc42ea7c2e5b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\20573

MD5 20aa7ace7786c08770b3960eb72c2851
SHA1 ec6e6310504ad9cf0fc7a64d4d2a1ef3920e8687
SHA256 18f92c85ea6a0e2772068c112eccb81f2e9ce8cdbb71526b180a437333ee9f5c
SHA512 74ac61f23288d1c9b7ec74d383a7e5d866e5d6e15641fade057bb8f36aec09f4447e7839b11e304520ef70c4e8dd1a17e5686317f84fb1b935de49885c2ff9b1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\20694

MD5 d57005e1332929bc40c238368176a71c
SHA1 c8006c6a87e8c2874f50eb9b10690108032f759c
SHA256 657a4d676e57b9e1f09e9dc0337c58b31773fd669c426b223e76077d44a8d841
SHA512 676eb987715458e95beb5ac30b998bbf85c5cfce64690bc7ff82f7b6b769e4327e9e397bdcffc9f737de65dc7a01ac9e5ec33a0becbbc7c7ef8234286276f2a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\27337

MD5 81d5520ccaca0ba477c5d7922add7c3c
SHA1 2993b3d44e1f23d69723e85227c44f4305341dbb
SHA256 755f71490ad1dc077b6cefcfd9af73bf827f78729a0dfea14c88e84874ce49df
SHA512 163cce0b3447c4c9a4232670b8d50f052e432795aab567ce5b56cb43e6c2eb74ff93d374b2921317cddf051d504181899b0a8ac8bd0addb3bb82f847debc0400

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\9674

MD5 241340835b9b70cacaaf27ff3d815b4d
SHA1 81220d784ee375b7cfcfd96d04e8339639d71541
SHA256 e8ef091b33f6c803dda29a56620468a87f1d75573d7e47914effa394855aa48b
SHA512 c039d963843bc351f6894ad464f682ae336f7b6626b0ad842c6c06d2ed52f4d19259d4168f2b55b7f0792093933fb7c417ee7fc4a1e26918d8c72f660cf7564d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\17273

MD5 1ec6cf90dcfd361a85b57561b79201ac
SHA1 d5ff4ba6bca349a3c6fa125e22647df4aa01de83
SHA256 012412951b6672782497693e2e591573bd73a9facb8808ea65d5b35dbad77d48
SHA512 ee02a4031c167730dbff1173b108d1271c3ed8de0b2a59b483f334f87e39faf877e1d8aaf5ee7865098c103b5c7cfddb16911249f58ed9a621c77cf05a6e12e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 578c3f549e4339a50ca61038987ac3e4
SHA1 c1f7e1970e51a4fd076c3cb0eb22f7db62f4c632
SHA256 a3cd473984070f59641db31b2f899e17d5cadb85d86561fbd7f7e49219a46ea4
SHA512 5e2482f636a6380564bc6ca647f9d5d0b914eee8dfa6efb8c8a9eed08e30d52777b20b17f3243aefbf1e5288be45bb4f077322cabb58fc537dfed668f6236a90

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

MD5 1ea39d2728032843e809cfe43b499ade
SHA1 a084f3531bb97c406810ae39f2d82788c414817b
SHA256 531b321a4bc98d7d2d2fb1f42d94ec85de26c0aee1d52628ffe97f165b0caa78
SHA512 1d1751e03a82353d1714782275f3cd5aa62774c3d2796b2f35a1a2bcf721648db1135bcbf3c1ee7cad2dbbd5bbf713f94ba9e61190e2cca9fff474ab567c934f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b22651697d85a4d0651045c44e3826fe
SHA1 d0e34e0d3f24096a8f94c00c173ea92e227924ca
SHA256 44acad625fb212f7518644bf58a0c5bdcdb239fb6935f5337ade865b3081d5c6
SHA512 a2b6800998f43a05f23b1f17e51115284d6fc483606f7172045f4c89e9c7bf9c880b116016b9f5dd379229d0af0d3b1b63cdb5082d077114de5e05c7f3dba46f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 36da1dd1d086133f1e72fc4857166950
SHA1 db30a7f25e690abb00727de267cd8344299f8685
SHA256 415f390de6b1dcf495d494f2d42f02d249781d3c8eb9362913e7d21c028c9e6d
SHA512 d209d92e94d1679d88a14664d51709d489657047edca1ebf44ea027036a5b0273aa5a23c1f25bd0e59c6d0b59e3d23ca62a15b4776e45856243fcaf265aeb7c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dd34a6e4f258827385777d605d708291
SHA1 077f7f83282f28dec9c02039005dc6dc5683c31c
SHA256 dee67cd8a1f6099f1b551edf0d8e89b389cad89d6cb5d2734f007ed62e06d5e3
SHA512 f210ca504dc95005c4f8ea8355ce86eff8fb4bd44e2cf0e88d649fc041b6d2c029a0b7d596361cd49264d51f7bc1b0bb8384424f9b28e188f8ff54b7725a09da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9956c4a3b8f6cb31ba5e1de427988e2d
SHA1 c345d6b6039dbdbf680cb2e2de80b757bc59cd5f
SHA256 c0d40b053c56615cda579c47841e35338067126f4f77555b2bdb859a378f4ead
SHA512 f5ff444c66b933e9d2a31db21047a647fff9dbdfc37a68955bf0e101a59f676bc677b42ccfc511d5c4d27f74a27619481ea1beb7f6abdb52d85d4782969df669

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 c74201230b7886539048d24fc5ca921a
SHA1 a35f39a77af400c5cb9b1e20e4bf443533d5a09c
SHA256 4bf691e1b4f5001a4b4d39366b9cf652cef6e46948259d66ae67de33cb42815c
SHA512 6a7dc98f0d0d14a2ca1774f0f4fa658096cde9c22c3689799390bf2fb02df3312fa162fc36ae784ea3beffd07afeb3dfa25d0c5170a7716e3be5b04a267804fb

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 fc0d0d78a020d08d9f342a80dd3ae8cf
SHA1 e995300a1629b768e9eaba8e093415030cdb8b85
SHA256 f3a93d5dd894be458dacf9f5ddb754ddb73914470d566886f4239ce48701b18e
SHA512 8cfb6dc5949ffdbe9caf063e38b8f076d78103c5ad6ab1a5ac15566bf9cc92c25d43e4261134d1865b3c73a9577d25ce50c8120a2943ac21d411852332393707

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 abef5eb7b2bc0b174228909cff338759
SHA1 77898724d3920dd6d8240cd84f681c26721fbd13
SHA256 e5ce4ecdaab32b27fe53da1c015248b542cd7250ff938fae04effdb30cf78588
SHA512 6b61ef1281ce6b94790dc80c647c9a6e8a9447c020f0e7364205db37a9d991e5256d3272a713e1827985ca48d357eeea694ab829f861d1931ffab8614482294e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\32160

MD5 ed9090aebc052c8f104c090710b5c71b
SHA1 5d2068747e1048fff74fb748c1ae6a38b0932d3b
SHA256 137d8bdc1f5bf3533b3fb4e9e18a93b7eaaf796e86b561ccb9e5530a89e507fa
SHA512 7901a61baff42ce3581f5efff188594f6260c7185c7bca5999e0c61a52ae8510d6be17fbe7423d312f63fe183420e59bd9ef5352c712ec0cabc3d2dad8fb8921

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6A97A7F0DD87D63CAFDFB2F74683A311A499D6E9

MD5 62eadeafe87dcbb1ff68c3ee51799175
SHA1 b1fda1c663787b3db641ec6fd4e7c40e7449f9df
SHA256 b45ad4b8e81a1dd4a6c12d6333dfed8e7552a4fed8a7c4239f07573887c8d32d
SHA512 434edd4e05ccce884b7cdadd62fbc0e4bbae76d4b7b01d2b7760a5a7a9dfc76e73360a9678a557273f0929008f29aeaa43ba39a0c19ff6cd02dbcc9762114b0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1a442380efa2975dac655f3c1bdce730
SHA1 8e1112508e5d012a29a3ab62c2508d9175d4b2a0
SHA256 5dc19b37f69fd60137295bf45b0cb831901e5a3e10bc35f71de7979efadc300e
SHA512 0a2eb7921556731a1ddcbb0b1bd2ce777b6e5336727229dfa634a0636486d66e6963bdcb2a1677bee53c634198e32a1390755c88c070ffa2ab56499a0a74c6b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\thumbnails\dd6973e3f3e1d61ffc31af8f426b13c1.png

MD5 0511ae9d312518fb68032d6535b5869a
SHA1 c481a76e6ba4a2dbc4d8656d79e7b83431616439
SHA256 c41e2f559ed1740092188ae2ab647490489f9c495fa9b5219325322b113c687d
SHA512 54cf8f4999e0d50f298744b4255976205f580c5072fcf8c98912e8230e1f1fce5350b282ee92e5468dcff8cf295dc9fb963f316880e6db4e852aed066277b0d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5675afbf49b900f7dca3b4630f2e89f1
SHA1 b902b4770d5d34d2f994fa146af8082d118b04a2
SHA256 e52dd08a8b8885a62f40a5548f2eeaece3f40d4584f034cd37759846ee924af6
SHA512 3b9cd368e049d393b4b1459e4a4a86ff491a20b18033edac3c6a1c71f74b3749daf46f8093b8e1411767baffb5f2fb81cd3ae384b7d9341011d345be01cde2e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a00e1fe8d52c7c9647f3ae9d28192a32
SHA1 bdcb8d7048ec6712d56175867478e079f049c08c
SHA256 807d4ff4e810c72dfddbd297cd21f7f11516ab8f68581b42f02fa33aa83138bc
SHA512 af0b4cd168e5c10910eddc9606fc70c492ea53908957143f1ca0dfcd1883c0420be0587a29d3c32173665338f3a7934ce047b99e3c10b6be2a2db21176807670

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 261ef3948a3445210b0aedb586a75ced
SHA1 c93061eb49409586baf2a2fd56e4d7f14c8b327c
SHA256 3e055b57ef0099bd2963ca7b79d41b02c7a8c839bb7071a7a19c59a541c00018
SHA512 edc5a88d1af75b87bbf54e699cf0723ebf75dc894ec212664ce6d72f1080185206f3ea9ece335add13bf248a7d3fce38a1df8bf926510f6c3fecf983ef94c5a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f9826fd7516ae0752217182aa54b54d5
SHA1 2e6d7db74f1f269412c098198c22a91c6a72c60c
SHA256 05be807c54bf04536bc47c9fbdd81ff9062e46920231c1c192452551a7a6fe71
SHA512 b0f6cdc11782f7754b437e1430af2dd38b54b1649b84b6297da0cd3951b568ad27829f8f279142c72b2860f0f63d34d53fddd82fb1e1594b1d413b565a5c6f85

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a6d186f661efb298e600d3cfc899e303
SHA1 0d489c1d99f36434819795fbf2c8d55d979fa95c
SHA256 376a417c3e0f58272e31cdfeaca9fb67d78fdb369eafaf8292fea4ffacadb2e6
SHA512 21b57e7ffaca1db8ee70f0db0fe5d09735837fbdf0404459ebafa990634f0d57cc76014b1e4560ab99b4057858a7427400f4c3692631ab98b7ee74c3498b3d7e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 54e1be8bb8bbc4e2b97e412c2749588f
SHA1 56d0744e150925b68b4fa2527e8707e5e12b50c4
SHA256 a40df4187cfb2a30d8b7a0e632045a81ba280b096f45978e09ad832b8a9938be
SHA512 917edc23ca6a48089fa920bc47aeda2b373fde5b35ce3a4a1f874e09e1131a4ffafbdd15df0f910474bffd0761b3192cc984af5ea8783eba07bf5d29510bc815

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

MD5 95361bb0554f63b966f6189425b656fc
SHA1 5414ad45786e5c9c9e6ff763adc24fa9eee49d67
SHA256 5ee63849ba5c4045d8523d4dff83395c3b39dbcc55677ace47b320dbd6fdc189
SHA512 89753509407e39b7fa1b50f77d20e34eb8e26568477e3603d08eb774875d126029bbf5b47553e72962607c6c505cc80127bb8ea31e0e2a50511d2f1576f43a31

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

MD5 ebf1d473032986ffde600a2276796471
SHA1 b925ba7993df6553f411916ac7da73adf0e6eaf6
SHA256 35ad32e3ffdb56cce638607228dae9f66e88a58eab43be15f7541ff78144df4b
SHA512 b8d6e9d049b772bb8c3f6982b4ee2089b6f7504d8ea80e4df5bded812f3b303c84357c06a92b8399cc7a223c6abd1a44beb48d90f46043676b7c8f6b7b5f33b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 398d60e70723e2a57844769267188e29
SHA1 a14e9079f6ef817a3e7f83c00f26a74a85616e80
SHA256 b09ebb7841932647a6a5c10438e4cfc1f2f44854cc9430a14d722532caf30cae
SHA512 65315a14f49b341d3ee23c4c1fa6f948865bd141b0d46de343a94643dcc39907a43044628e1ce06e9325f38b404110aab8462fc0bebac3ebb5c15c738a9c131f