Analysis Overview
Threat Level: Known bad
The file https://download2347.mediafire.com/cd5iqip9vdtgpTxcleY9hndNplIHEKWuvboHCAh2znif25mvvnbBcBw_TBWTgjJv3PDaheneeR8c7W5mL5uCbe_BYtN1OtQyjNNjSb6XIn9ZAeYJebdUGZtqOaKgh6ZQEHfpOeyk42R_B5911dcBA7cIdzCv2Hz4pKfJGlXt4k0Bdw/93937e8dzccjueg/Loader.zip was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
xmrig
XMRig Miner payload
Stops running service(s)
Creates new service(s)
Command and Scripting Interpreter: PowerShell
Reads user/profile data of web browsers
UPX packed file
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Power Settings
Drops file in System32 directory
Suspicious use of SetThreadContext
Launches sc.exe
Checks processor information in registry
Suspicious behavior: LoadsDriver
Modifies registry class
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-09 15:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 15:29
Reported
2024-07-09 15:45
Platform
win10-20240611-en
Max time kernel
911s
Max time network
935s
Command Line
Signatures
Lumma Stealer
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Creates new service(s)
Stops running service(s)
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Loader\Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Loader\If it doesn't work, run this.exe | N/A |
| N/A | N/A | C:\ProgramData\ffxhzanjhoyu\xhxxxnnmboqv.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\ffxhzanjhoyu\xhxxxnnmboqv.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\Downloads\Loader\If it doesn't work, run this.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5188 set thread context of 3592 | N/A | C:\Users\Admin\Downloads\Loader\Loader.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 68 set thread context of 4748 | N/A | C:\ProgramData\ffxhzanjhoyu\xhxxxnnmboqv.exe | C:\Windows\system32\conhost.exe |
| PID 68 set thread context of 5940 | N/A | C:\ProgramData\ffxhzanjhoyu\xhxxxnnmboqv.exe | C:\Windows\explorer.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Loader.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://download2347.mediafire.com/cd5iqip9vdtgpTxcleY9hndNplIHEKWuvboHCAh2znif25mvvnbBcBw_TBWTgjJv3PDaheneeR8c7W5mL5uCbe_BYtN1OtQyjNNjSb6XIn9ZAeYJebdUGZtqOaKgh6ZQEHfpOeyk42R_B5911dcBA7cIdzCv2Hz4pKfJGlXt4k0Bdw/93937e8dzccjueg/Loader.zip"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://download2347.mediafire.com/cd5iqip9vdtgpTxcleY9hndNplIHEKWuvboHCAh2znif25mvvnbBcBw_TBWTgjJv3PDaheneeR8c7W5mL5uCbe_BYtN1OtQyjNNjSb6XIn9ZAeYJebdUGZtqOaKgh6ZQEHfpOeyk42R_B5911dcBA7cIdzCv2Hz4pKfJGlXt4k0Bdw/93937e8dzccjueg/Loader.zip
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.0.1530788805\1380504365" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1660 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c2f1022-f77f-4ba6-b8b0-982210124581} 4256 "\\.\pipe\gecko-crash-server-pipe.4256" 1764 1b01f4d9958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.1.530650364\1804603363" -parentBuildID 20221007134813 -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 21706 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3da2cfb-a8bd-45ad-8e36-bac6894da41c} 4256 "\\.\pipe\gecko-crash-server-pipe.4256" 2140 1b01f1e5558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.2.1505335371\489325359" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2952 -prefsLen 21809 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af55fd5f-742e-4c0d-904e-e3761a349840} 4256 "\\.\pipe\gecko-crash-server-pipe.4256" 3004 1b0230df458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.3.402435863\1833611549" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f49485c-0cb4-49b2-9705-a4e700731a0f} 4256 "\\.\pipe\gecko-crash-server-pipe.4256" 3636 1b024615458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.4.675259695\804385832" -childID 3 -isForBrowser -prefsHandle 5044 -prefMapHandle 5040 -prefsLen 26569 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a4b863-7d04-49b8-abac-56fbef98e051} 4256 "\\.\pipe\gecko-crash-server-pipe.4256" 4960 1b026a1d558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.5.928768535\277344998" -childID 4 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26569 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fbab2e8-ef49-4cb2-af57-2fb8203c72e9} 4256 "\\.\pipe\gecko-crash-server-pipe.4256" 5264 1b026a1fc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4256.6.1275848833\579576807" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26569 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48e94375-9c7d-42de-92ec-44cda6a79e8f} 4256 "\\.\pipe\gecko-crash-server-pipe.4256" 5284 1b026a1e158 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Loader\" -spe -an -ai#7zMap12127:74:7zEvent26429
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.0.635852661\1620284" -parentBuildID 20221007134813 -prefsHandle 1600 -prefMapHandle 1588 -prefsLen 23808 -prefMapSize 233932 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1155a66-73c1-4d4f-9c91-5a1e186743de} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 1712 24ade4f8658 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.1.1186232693\691218776" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 23853 -prefMapSize 233932 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe014ee6-31dd-4491-afa5-7dd57ad27e8d} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 2004 24ad36db558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.2.1890138144\409469829" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2672 -prefsLen 24314 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae45d7c7-8c56-4493-91dc-9eaa6e09e022} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 2676 24ae1f5af58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.3.1062533499\832618682" -childID 2 -isForBrowser -prefsHandle 3216 -prefMapHandle 3212 -prefsLen 29499 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ca5744-3bc3-4849-b325-e53bf6789978} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 3224 24ae302b158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.4.1682610\1208956932" -childID 3 -isForBrowser -prefsHandle 3740 -prefMapHandle 3732 -prefsLen 29654 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cbf2629-879e-4f43-bd4d-089674d5e95b} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 3752 24ae3c18b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.5.893755435\1055796507" -childID 4 -isForBrowser -prefsHandle 2244 -prefMapHandle 2556 -prefsLen 29578 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63d7be8e-ab02-42ba-9ce0-b4c73f34382b} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4568 24ae50d9e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.6.709444829\766077504" -childID 5 -isForBrowser -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 29578 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4925aa-4d8a-467e-a61f-5d8d627d8d1b} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4796 24ae50db658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.7.1864976312\455065962" -childID 6 -isForBrowser -prefsHandle 4900 -prefMapHandle 4904 -prefsLen 29578 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {681bc82c-7f9f-44c2-8abd-7195f1e39df8} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4892 24ae50db958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.8.1664612398\604476823" -childID 7 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 29578 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a612820-2cfd-402b-95d9-509df68a2278} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 5304 24ae694bb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.9.1869452776\3286839" -childID 8 -isForBrowser -prefsHandle 4676 -prefMapHandle 4648 -prefsLen 29636 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {569e6578-9a0b-4cbc-996c-8f9cf2ef15d6} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4664 24ae59b2558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.10.1515356546\1436855656" -childID 9 -isForBrowser -prefsHandle 4760 -prefMapHandle 4972 -prefsLen 29636 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7993e91d-f4d0-475f-a52f-5eedf1ae61b7} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4772 24ae5a6ba58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.11.793898507\93265468" -childID 10 -isForBrowser -prefsHandle 2288 -prefMapHandle 5432 -prefsLen 29636 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1384672-e3f9-40d9-a0ff-6ea3b5cfa150} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4336 24ae7246e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.12.1147024006\1307365325" -childID 11 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 29636 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1848dda6-2b84-4b8a-8765-66545befcf20} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 4440 24ae7247158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5528.13.1235830708\449454761" -childID 12 -isForBrowser -prefsHandle 6112 -prefMapHandle 6116 -prefsLen 29636 -prefMapSize 233932 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e08a591-cfab-436f-8a99-3118a7eddacd} 5528 "\\.\pipe\gecko-crash-server-pipe.5528" 6104 24ae7248358 tab
C:\Users\Admin\Downloads\Loader\Loader.exe
"C:\Users\Admin\Downloads\Loader\Loader.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\Loader\If it doesn't work, run this.exe
"C:\Users\Admin\Downloads\Loader\If it doesn't work, run this.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "ELGZIZQU"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "ELGZIZQU" binpath= "C:\ProgramData\ffxhzanjhoyu\xhxxxnnmboqv.exe" start= "auto"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "ELGZIZQU"
C:\ProgramData\ffxhzanjhoyu\xhxxxnnmboqv.exe
C:\ProgramData\ffxhzanjhoyu\xhxxxnnmboqv.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49789 | tcp | |
| US | 8.8.8.8:53 | download2347.mediafire.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 199.91.155.88:443 | download2347.mediafire.com | tcp |
| US | 8.8.8.8:53 | download2347.mediafire.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | download2347.mediafire.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 44.242.121.21:443 | shavar.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 21.121.242.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.155.91.199.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49795 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.155:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | 199.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| N/A | 127.0.0.1:52637 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:52648 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ac.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | ac.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | 215.124.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | 233.54.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 222.125.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.calendardate.com | udp |
| US | 8.8.8.8:53 | www.calendardate.com | udp |
| US | 104.26.13.212:443 | www.calendardate.com | tcp |
| US | 8.8.8.8:53 | www.calendardate.com | udp |
| US | 8.8.8.8:53 | 212.13.26.104.in-addr.arpa | udp |
| US | 104.26.13.212:443 | www.calendardate.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 172.217.16.238:443 | cse.google.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | cse.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 172.217.169.78:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 104.26.13.212:443 | www.calendardate.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | bitchsafettyudjwu.shop | udp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 8.8.8.8:53 | 236.168.67.172.in-addr.arpa | udp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 172.67.168.236:443 | bitchsafettyudjwu.shop | tcp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 95.179.241.203:443 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 2c6e68cedabe4ec09b6b735bc80951d4 |
| SHA1 | 63189f916207ec4a2051466d92c1e4aa6dbf1dc2 |
| SHA256 | 06efd2122cb024fb1686412818745dc724624aa5c32dd96b8950b6186342c839 |
| SHA512 | 05830c03a00d57f702fc5be9392abe7656f6827599b551969a2752620185c85e9288af5e53e81f5257d3787c0e20ba4c232ad0dfcaba709ed256ca0ac2b32ffa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\246fe852-07f3-4294-861e-639d9a8813ed
| MD5 | fc908e504dfc68ccf923d03c25817bd2 |
| SHA1 | a9a99282912ed9228fa7f282a556c8b11e522b94 |
| SHA256 | ea15fa70ff69e503b1f68ee2c1138e79af2f2e0e9837d02e4be0e7857a071870 |
| SHA512 | 331f9b707f91aa0bbe2f948f2543b5dda1f28fd0824f90931da1c1499a3c6fed97cab99a5636d4a0a4bc8b986394321d0ca508e677ffbf486a686aa066a8dcce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\9b8a3fef-5ebc-47c6-951d-44294a159ee6
| MD5 | 6ae6eba91b8d71bdd51d295a164c746b |
| SHA1 | b4174805076f6c1f58645790c2a6e96ee02b21bd |
| SHA256 | ea6b66240d0b562c36731500697ddc55f0676041680dea2403318d85344c0422 |
| SHA512 | 7c179ef8a44eb106c2d1fb137a8a25f76601b074432d607dc21d4e19aba353652128a0896c0c83ff68f75501d87bc595986c2d35856f36a84b2fea75c818560b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | df202d56360a4e68f55aa13ee5231025 |
| SHA1 | 3d872dd39d4c7b9407948bcdab8f9e7b0bff847e |
| SHA256 | 3bb65c004caa860fb67cb8ed1a4d36c47e7cc291046a8eee50ebba1f9555dd35 |
| SHA512 | 4567542704f7969bfc2d2a0e8dd65921cc6dffab78b4204b605a03b28814d6633c936a8ec25c3306b65b6b2eb5d3e94eee9bf13b89da694534c00e982731c2a4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
| MD5 | 6b78492c16fa8e9530412eabecffdc58 |
| SHA1 | ea6ce094932a798f3be6b144cf586c39d926d7a4 |
| SHA256 | 287c3486906693098053cdd00764ca3907b48fb2d471ac3ff959d4d2cfd175a2 |
| SHA512 | f6d2b7d5416c453c88da16a2ac10bad66fd960c767520b1a636167e834a42e0bc63e9a660ab89325e44b1bce1f2a6e14a736546e328d3c0765ce550f827a4c6e |
C:\Users\Admin\Downloads\Loader.M1K2p5-M.zip.part
| MD5 | dc060308fc5d567a671fa14cce77418a |
| SHA1 | 37f5cc2a805be418d79aa7451f0704d15fc9c6a4 |
| SHA256 | da4b99aa6d108766d5a185b959b2d589bb2d41afda552e183518fdbd67eff0a1 |
| SHA512 | 07e8928208968bad272d4b55b344618460387c6e4f4b5fd9e55e66447a9a6b8aea5567d787d02e60264db8f57f27ab393a7fc461668ed97c54b2f02612087ec2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 051f46e608cf2fa541c3c87c6a330e6f |
| SHA1 | c84920435e03a481bdc8b6936c5b4700c7616302 |
| SHA256 | 76c68ba20419045e1b997c8bdb80c51ac8cc61bfd86a01c9d3d5c71013313789 |
| SHA512 | f672f90ec682b494bef0180624d1e494486280ab87d433304d99aa4cf178793a638c2d8da1f43cda883663912e90e4636dc9b67bf1e1290f73a7483858e39781 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 63b99554ae3f99e617607ee8c21a558d |
| SHA1 | e5a26243dcba36e231a809f8bb964cb67451bd86 |
| SHA256 | 3ccac59862218eb9a687d7f37f0f0602bcf3d60231561947d08c4ce83da54832 |
| SHA512 | f972657a027e9f17d006e8c53e2c1e72c5280a0269f5e08d484d0a3448f1ea504d0abf27facf79c052e361656752341b491251612d75b27b1f0d6204cf4b32a7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | c7acd44e5a1fb9f0ce2da7ca94134d27 |
| SHA1 | 3240b3bc067872d7972516e7f5c2c65cea9e1217 |
| SHA256 | cc1e9822527dbd0b2021e0fb6768b74606072c4227495e387a7059c137462106 |
| SHA512 | 5cc742403739ca9aa7d72391a48fde454cca7119f846c19ed2e89a97d3636e7dcefa874b65eb867c3386d2534651cd673090a92a4e56224688f3c857a3d311e8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 96b9e773f76c042e8dafbb2525387ae0 |
| SHA1 | 2794d31d616b633a66f1b36555c130e561bfeebd |
| SHA256 | cdc98388aff51a374ae629e64a8af658cfcf56b379165daaca83f2256b2d37c2 |
| SHA512 | 6995c76b9f53a45f70ce7ccd5f988ba33f0233b6ce7d86f5392de409339db924a943328bcd5d28a28a47af9eb2a5fa21b683940113cf65b5972705ab0ff0876c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 35ab8068f89fbeb4579dc0fa97e390d6 |
| SHA1 | 461451b5c3c9abb6720828149db1152009a83078 |
| SHA256 | ae65c162d311d3bf8b163ca463882ee76a13b1708beb17a3fa26ef5dd54649b2 |
| SHA512 | b4e37610b6c31dbd596b352059e7fddddd3ae713b41707dadc9b03baabf3dd2ceb21c2a8c977fe3f94468056479c890f7c8c383b58c8ebdc722144d304a50cbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 2ef14e38dc2c7923cba48234068b024d |
| SHA1 | 37e530872b227796bff7821f2290b06b1977912e |
| SHA256 | de94490e7fab7ce22a40b2b3508ae267df1c77d7b8d21e5baf8a9ad8ac47279f |
| SHA512 | 0e62d6e1cbd561373956069c4ab266ebabac427aadb318aec80645b83903e0ff8a38293d6c6faec4889e3166454849b24bb0cb08514501bccdd1e35c10a2c0dc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 978b91c9fda9be607b204e24b2afee3c |
| SHA1 | 65155effb809ca0dfedc5c6ff132e9b564d8794f |
| SHA256 | b3a84f13df88e98186ff84fa01d2e96c21bad88d113d8ce9535e9e7d0fb68651 |
| SHA512 | cc12d61d5bf6ce65fc797d0362c172ea42760b930f3e5f3111b39b9d6db782d844e2bdfd49ffd0b0a25fafc8c866aa31821ed633b40a77386b1bfc0ccd2a83ce |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\9772
| MD5 | 741f8f4b1247ada301b0e74048d8acaa |
| SHA1 | ff94d9423d332738926bd29b29d1288e9c57c895 |
| SHA256 | e17ebc4b8c34fd9c652ab4102b61e0366b872da067416e9d45ea3bdc6ec7a697 |
| SHA512 | 18f74e0b5a4933c4e5e9d2140f29e8edf17d9c2d287458bd09cb2add9f7e3f5a0b563b6ba8275b1eb3d123f3a5da6d9b26a26b0c68dc088816ff777eacefd266 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore.jsonlz4
| MD5 | 5169e9a8638f0a3719f683ff438c91bd |
| SHA1 | cf86800f13ed7274ad18a209185172bcce09a336 |
| SHA256 | 182d183f2b701a07113d4eac7d94b812d85860d453fb5d410fd26c908dcb595c |
| SHA512 | 182ed559d607f3696da04ead34ed1adc4151b19ea991b855ba2dc5362fe62a6f0a21f6c8e5607b83f8d7b5906bc77207c737293bbd9729485b82c455843d195d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 3cd7534989f1974166b326527ad65841 |
| SHA1 | 3e6fb409df1edb73de7339baec88a05d76921299 |
| SHA256 | 851ae8c0244a1699abce19dc322760f2906d91bf16fbc7c8cfddb443dd5fdf91 |
| SHA512 | 33d73beb21aa496a48b2f94f8c17950806290f54f29030c433e935022e34da9c7fdc3a41d2d90717857a5876e12fe33a5776cc297bda138196116f5468cee8a3 |
C:\Users\Admin\Downloads\Loader.zip
| MD5 | ea4563de56158638bac7122398141207 |
| SHA1 | bd6a6918c94cd050b6facc8f09d976ec85130375 |
| SHA256 | 6807feb9018ee6da320cac2a433d1cac2d6d41c8abcab166487b59f812b33111 |
| SHA512 | 780806592c74172972bd5982a55601a90b2e15091eabc1113639e9a19170b4b814a220d7c2039e19a6ed944e16a550878df59bfafdcdcd895b224e7227e72eb5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\startupCache\urlCache.bin
| MD5 | 9cdba78f00f76dfcb343b650ce31e1f4 |
| SHA1 | fcd7f0955aba2a4c0115f8a0d989c7c7960adb60 |
| SHA256 | 53920afb697e98338b48578b503012b956208e5c93cd53f4395af28e06bba351 |
| SHA512 | 09ea45449156568c5114fd0a662956cc3cf7108ef85e51c7846897c0e3bdd9332e0f1d4629eaf722f503b34f6d2c7e549a8839ba19b498c325d7a0770017a73d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\startupCache\scriptCache-child.bin
| MD5 | 04ff606f77db0c400ab528e396a0e95f |
| SHA1 | f21fa1bb0d473e79cc7807a83558842533c45c45 |
| SHA256 | a7f11bb2182913bf957f0743a8280f6905b9f21d3a5d36bd173895f0c79cea84 |
| SHA512 | 3e54cdc3d5a3423d92c13065a5bb0f97d084bae2d28dafd7f919104b2876d134398550d8cdb6998a5531437a7ac4b794ade7b2c4c71bf991a9715459f76cf646 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\xulstore.json
| MD5 | 58e240288763218d12bf235d34e5aee2 |
| SHA1 | 89135494b57f590011c09668dec3b90d2c5ee9ae |
| SHA256 | 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176 |
| SHA512 | caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\startupCache\scriptCache.bin
| MD5 | 9bb6d0e3ccc6d4d9f71ad1fd7c8ee0c2 |
| SHA1 | 5812be88edcd232f04172f478cbd1ed29de7a5cf |
| SHA256 | 9a1f0e320fb774bcc801a0c332a4f6d8eac1945994acf17fa2046764264cf668 |
| SHA512 | 9b58a9f1d75acbe69ca9b71c09f58aab873dd2f8c1af6451ba7c90074402500c325e44f3eb8616ee2493f7c64e2eca3c55715c297cdf53c1ed4d08fd2a710241 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\index.log
| MD5 | dd7bbe0e783222e404159b467c57dd23 |
| SHA1 | ac77b157b18082dc0aca0da57d3c3c098d5228b7 |
| SHA256 | 5058aba509a05ce5878bebbe616399525025fd9f2241f07fc1f777fc0fda2951 |
| SHA512 | df9fc56943cb86228c4706de09a99d9d86b70b660f5298327093bbe67ac762c331678d527d2a8a5a0e21038eb3a49d566c8e0f029420f08666dbdc1d12fd190c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\index
| MD5 | a56cd88428127254775fb2bfe2034b43 |
| SHA1 | 7423180ffa1c83282bfeea0afe9e73b15b9efad9 |
| SHA256 | c7725d72181095d4d0593c10bab62e5ff1e64a69f48f417894175608072d4c33 |
| SHA512 | 3de4135223031db72149ca1c8ba8de84e3a2d096c2151c93f78259a76b55d3f75ce662042244cadff9d6adba64de86355ed448026d4a075b45456c1b24028490 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json
| MD5 | 362985746d24dbb2b166089f30cd1bb7 |
| SHA1 | 6520fc33381879a120165ede6a0f8aadf9013d3b |
| SHA256 | b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e |
| SHA512 | 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\SiteSecurityServiceState.txt
| MD5 | 22f888dd33cd826b87e35f5645b6ec5f |
| SHA1 | 3c1c24edad3b01a39256fd62bbcd31e7a27685f1 |
| SHA256 | 6a3ee9678cededf6d311301572d227f4da58d2b9a3603b853e05629a86a07be8 |
| SHA512 | 3b7a63458743aabb5f7f2502e3c34c5af108bf4b55e7c4b2d6a44c3726497594dfc3dabf55a9c767d83495424eb41b3adbf12710a917fb3f7716dda11482e6c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cert9.db
| MD5 | 5ed2346b0c506a243fc24b8bd7aa51d8 |
| SHA1 | 5726a2f6412e60a76e2ec6c7dc9eecd8e39bf436 |
| SHA256 | 1d38d7f10154c592723319a65e5909dfb3fe5dbbd2c006066e3ba676ee18c056 |
| SHA512 | 983a1b8038005f069848145b38aa30c1f1662eb8acc66721ae19186e8dbc369f159d8a636f09251fc3f58f569c2664357f1ee7376bd559fde3af84d4433fe7c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | a7e41559ebef084d6fda46ee5fbd925e |
| SHA1 | f7ca00ac553ebf7481b74c3054bee1a2272b6351 |
| SHA256 | 8d3670ec6670d39b6a1f18f4a43cd6883ca2c1c8803c3ee4fa43c4566ff33645 |
| SHA512 | 73a081609b41e90462ef0b4eb58a3d778ca0d592413da3615528b0ef0f0d1ef205bcea179b6047604ede541244f6b9ac7d7ce4755cc1ae086a7feaf0d35ac363 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\extensions.json
| MD5 | 3a01b4a89e5a34364aa1e0423f19205b |
| SHA1 | 54e71e49ad74ec3a72f3ae011b3130b4b0a13e6a |
| SHA256 | c281a1ab0e4fd3e14684f80e13d2f77839b58d3ba641bb0e539c35d6ac683c81 |
| SHA512 | 08076c4f6cee0556dbc425167d4073756f0c5743da053900680f8e65638663b5ce466d5e628775ec2f2f25af18251440c3b6f53025c1b2151ebc72e1517382d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 504002ece2a2c967757d3a36fa742b2c |
| SHA1 | f53686bccae98aee0e10eb55bafa9a7d4f668ce6 |
| SHA256 | 4a628eae44788dea5fec6dc248715712ca3e3021ab6a32b9da51a701c6ccab91 |
| SHA512 | f08ad2c3fc69ad0a7315b748c63f9815be124f849b72597b5e2f2e0847d17323683073d75ff8dd1847cc12321e06975c9855ceffedfaa8b325b71126dd4429f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\AlternateServices.txt
| MD5 | 594275f5381c8c2ba287ba8d90af1230 |
| SHA1 | a799070b0f9508f0921c370877c454ccd57891a7 |
| SHA256 | 7131a7d8eb71cae5e48ce6fd7efe4d1be326656aaa34cfd4d174a4253b77125d |
| SHA512 | c45c26e79c43cc69a21034fd777ef8bfba9eec7b56a65f7f1f8138a9d3f4031d614d6063e52f902dd9043c21b6b53f618210bf36f3bd444910aecf6166578c58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\places.sqlite
| MD5 | 5ee3d4214b3068c7739b4b8038f5f7cd |
| SHA1 | 64b3af7bb280e67598455cba1d130814917717a9 |
| SHA256 | 74bda378773d86e62daf5b22d9bcb019b234239c15ef9d6e0ff725b64b715158 |
| SHA512 | ebc0efe6190b37ab5adeaac7de08c4a932f043a0a5e2a80e90fb8a37c6a159472a9c007fbebd7307f732dbd6a6c8d43e05e890a134073088aab7ccab37ce2897 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\protections.sqlite
| MD5 | 49397db0486dc59d607907a086f40c9b |
| SHA1 | 08742ce9db9569062def08e99eea8470702feb7d |
| SHA256 | 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4 |
| SHA512 | fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\1a679a11-0b5b-490c-97d5-f53f7b3548d7
| MD5 | 8f13ab16f178fdaad64cbedd5dcc81c7 |
| SHA1 | 27f0d3443f5ef7ff24e2d9e715cbc83043bd4c2c |
| SHA256 | 0fd386ad0d5a84980fb826aa13d36d774e33e71453c77dfbaae6f2d7f243489e |
| SHA512 | c37b09b8e9566ed235214fbeadadcf353e026dcd83c762fc0fbae0106557205564c59f526057336da601138178bc6d0ebe8c9db628c000aeac0771fd0855a98d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 76f374e2d10fee1f6cdc1750b8df2ce9 |
| SHA1 | 3acb8e8f366c2dd5e63099ad5995898bf0c61743 |
| SHA256 | d344879c0c6c583cdb30c27bf014772946c74749ca828a0b478ee79188d7a33f |
| SHA512 | 4689183d313353aaa297e1369622eb654f9053e8b0191517fbeb9f6dd84513f2e1298b635449d4e3088febb29e54f438218d9687eb42c74978d2e54c65497085 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\security_state\data.safe.bin
| MD5 | f163340be773d943fb91374569054133 |
| SHA1 | 60932822c1a22941ebfe40d063d46c7318e8e589 |
| SHA256 | 60ec85325bbc744eb5ab47fc458a9cb44a1c865f3da5efd140aa8d4f7c9beb44 |
| SHA512 | 9096a1ed590f1670397e93b83ee8ccea640d34eda7eaade28920c93d6c14543e85de0f46db1c759545ff6820e4ba5d8979ed7830812c08fd4dcba2442e62ab8c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6682bc8c0cc8802cf41cc1b7c4722ff1 |
| SHA1 | 9e16c181cd4256814800110e5b72cc35f1140973 |
| SHA256 | 753cf4a6a3daef184d9c2e3fd3c121e533cea4f58a96650d57f15b9590dd0ba2 |
| SHA512 | a36d70050eeab79f7d544a70a64643dc17e623265280ffa79bb673a5895623a96d5aa3a7f7c02edd9b30ccadd11b238d05d1f74cb2ae099b4d43ac974f23e619 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bfb693e3f1a84b506e7b9cb3d0f36b37 |
| SHA1 | 3d788610fab4a11e199df61793ba0f1423d8fcb0 |
| SHA256 | 408ab8226de07c6168c04f2b5d77b380fe034575a54f05b1ad22526511d83899 |
| SHA512 | f66f4bef3af80619eb5440c664f63b9086370707092f00588810d3edc65a94b323ebb91afef20b292c0913c562d0f78909eb6413c8291616f581cf4b3295df7f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
| MD5 | 9411941a7298b68c4d159874993129b3 |
| SHA1 | 89bc8112eebac44be7268c5c2f0319814f82039d |
| SHA256 | 4c1dd2accaf90cd122f387889b2ddb3691ec161182880c2fa87aef3f7f8cb7b5 |
| SHA512 | 54cd5844dcb9bc51903bc45ad1db57fdbf919293c1d138f228efa18597541a5daf274a6e323e57415c65bc1bd3155319d113a47cec867e6e5b97fdb33ba65e76 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 02414c1fbc00be3cae13c16501b73144 |
| SHA1 | 3d04646cb3cc9dbeed0412fdb8c9ae91eb639ecf |
| SHA256 | 382d0cff5155d626c8c1b1ac55a2209bc1165726b64708c3296ab6ad392035f9 |
| SHA512 | dd9bd149454fc6089f579959f6ef6b53d7d85fdff63ca1d5769da97c256428a474c8049229ab0fe57cedacaf3c910781f8c825406375a34a38899276c8fe7d30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 42c97209f25319307fe0f9080cea266e |
| SHA1 | 00f1c5a593c10f16be3faad3a416a0a5867e031c |
| SHA256 | 71443267b95aa38e104b497658b817565d7527f7a2b2d1f753cb109ee91a3250 |
| SHA512 | 82b2985a1f9d33b48b711a7cb0562789b72c986a2d1162a9799ed25178f44d05e0a5258155766176aa0cb4f5be305005988a0d3c3e5050a807d52d926401d02c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\crashes\store.json.mozlz4.tmp
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 06497fb905b397b37601399330b0a725 |
| SHA1 | b2ee7ed25ee6718a5184a7904a5094372cddb69f |
| SHA256 | 35485297e2602e422d7392cadcd3f11c55e5d0cb594bbb840305ba6fe0c18ebf |
| SHA512 | 217752b50a4c32d44089c8f1a6ecf14d6fb1405023bf3496fa1d98867829ec50363d70404ecf0fcb2ef9e43cbc5735d5ff72b809f3399177cd2c31a460658bd5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\890
| MD5 | 8b787fa9a468a364354d55b82ef86450 |
| SHA1 | 582afb0490b14ee3ca7e9baeee233ac05ec4e9a6 |
| SHA256 | 1e2db8b58c452ab039ef62b6487cf524ac992d5c92339d2493c010d70fef391f |
| SHA512 | 548ed718261feda005e73c48d02292c3f2a73bceb90832cd2479896d19a41af17ffb834cd861d41f1f26901fa230b228015ea8f85630a43eb8e647a23dbd3937 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\17330
| MD5 | 27edbefdad0034ea5daa096410801ba2 |
| SHA1 | b3ee8e38808414687b2d3509bb34f11d4fb27c8c |
| SHA256 | 2627c4647a8f5871fd7b51b536abcd4e961c1365cacf413c8177361aa92de847 |
| SHA512 | 480235fa058316662c8324bb27575e42979b3ddf59e85d91417f3fae2267c14f6948806b3ab0b654e311a5d670785092457428753edd8eb2c2d99cd9d86ded3d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\27239
| MD5 | 2369cc2c54e6c0528903fe3ebe6d7c83 |
| SHA1 | 64283a5e7d10a6e5795c53915d8bbd1514e4d35d |
| SHA256 | 080b99c025b46749cf135f5e0b2c41710c6667b958f6d2fb77316ca8f895eeb2 |
| SHA512 | 3af1d70618220fe422ec6f9cb9a811567f0260d16806c54f58557c0bf695410274e040da797ecff0b6ea5a25e629235807543536637a48600bc821708379dd5c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\DA66AF922D4C1FAA16464ECA7195B32589C209E5
| MD5 | a9d3a586dc361d99ef41bf4533377b0c |
| SHA1 | 35622dfdf59e9c0f8b6c0178027903f5c3d5856a |
| SHA256 | 82c9390acc79129740bc7f63074e0dc17f6f05e849fc7b64047f5d82b68aa73c |
| SHA512 | f092c08236aafb3d51c0779a00b724ece85f2cfeb20280b66bf5ae3c10cc29ce82ac2aa210379f133949f47f08c4038c536724dba9659cfca7cb842f4704e0cc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\5ED943E4AF2424A261AC18A1B4CB69538D5C0AEB
| MD5 | 9cf53adc357438d261760ad90912ffc5 |
| SHA1 | c189cc323aff8350f99759d84d1ff81aa733b8e7 |
| SHA256 | 189d287345a689b456ec302d2e4e6673b6ab148231906bb7295c56ce8c76b224 |
| SHA512 | 081a0f1fc3ce8aaee2f8a2e9ee69a82e0e13b3212288d88e230bc35daa6bcf9b2f6cef38df96891dd8f26f1e69d867bd534b842bae7ebd95bda70869c89e5161 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\358466A1ECCD3A1992ADBBF4D3608E5D50569294
| MD5 | 686fb4da299e10c2b5b9f45898834f13 |
| SHA1 | 9feb3f4d17996dc10d3efe140e7dead5e9e81478 |
| SHA256 | 6a38c5e93f04786b6c4a9022e1142595830d62e65d160c866539591d81dc4e40 |
| SHA512 | 90a5fdbfa01f844b49283ee80bd5c32dfa82e4ef5a89c666a166aafee63ec655602f32b1978f964ca99716dace7316136a95991f9ddeb1d3bbdaff0683407fb7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\08D594D0EB8889F244DFA0DB4BF1A1655DED9131
| MD5 | ab2488385d04fe4d34e94396c1514b2a |
| SHA1 | 8ea081e2949f7dc9a11f74a5214d6a3dcc18723d |
| SHA256 | ed8d2c64788b3e98d0ff01f417f534d7f625b5ec0bf6ef0c46d6c7c7b2145fb8 |
| SHA512 | c5fa9e4963949159ac01c3be71b810bbbb7adb29be1f9a200ba06b05131a5670381479f6e42ffc7d76e5e45cd312d18b8fa85a103c0d536b736c3e38c2d6d6f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4124638e1c06e1101092922a1e34bfa9 |
| SHA1 | 29a3b605f0968103544fdfac6ff8132bb913c646 |
| SHA256 | ef9796f5903b5a99996f023a9f68fb3078603a4dd9852edb8fcaf20c3c0043f6 |
| SHA512 | 6b318c5a45ee1d6ef11199f32a56ed1d2d3b1dbf6ebdc283d24684d96827958de55660ff6a78b69e67aad32b35d207c0f6819d70f4fdfd08934cec1848b063ef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore.jsonlz4
| MD5 | dfe2c7e2441e951bfd0818685a62cbab |
| SHA1 | 565b56e67923875e7d9df5ba769ec0bd9370a632 |
| SHA256 | a5ed7c25705d4bf79162055ad455cacd2adbc809ebb68604a185c68cfa8eface |
| SHA512 | 88718d866219ef41713cb22b06e2847e4f9980b46ac3ecefc0b9e3fe72d7f65ff59e8af1ed8cd25ce6da492dbe53b3e0aec2ad82fc5be4d0623c8039947c4824 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\places.sqlite
| MD5 | 9fe057949c9343ca4b1fbef2bf65c98b |
| SHA1 | 56cb05e0ac0d0ae94961bc421319e9b751599d0b |
| SHA256 | ff2ca644a882e7ab14db191b034a915c908db0cc2ccd75b35ee2124d4b1607b5 |
| SHA512 | fee567a904b8a169858f69a41e6ca0f53cf107b69760d81e9260869466cab7d5e9e901c18f28d4e384e29134ecbe605588bd6b24e884631e1a631d26491d3f4a |
C:\Users\Admin\Downloads\Loader\Loader.exe
| MD5 | 2f64d7672e5f567daebfb091fd9f5598 |
| SHA1 | 203366fdbff64fe29e17da0084b4003be7d00d38 |
| SHA256 | fa7c889816a23be0866e921876a0c343f5aec6376396bbcb566e3c94d24fcda9 |
| SHA512 | 6559a64cd1d7043f1782665fbafb3f0095c85eb1133d6a2438b9545ab247955944763203accbe9bec6edc457fb42f7e0040cf2512a05a9032a229f6b2783b87b |
memory/5188-4106-0x0000000000E30000-0x0000000000E31000-memory.dmp
memory/3592-4107-0x0000000000400000-0x0000000000452000-memory.dmp
memory/3592-4109-0x0000000000400000-0x0000000000452000-memory.dmp
memory/3592-4110-0x0000000000400000-0x0000000000452000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\formhistory.sqlite
| MD5 | 8c2726d4baf0e944ae9fe3a24c61d09b |
| SHA1 | 07e12c8b6f8c5aba02f601c5ff119083f5a2dc38 |
| SHA256 | 1bbb8a7bb5a9f4359da9de7ecc31eadf87d5b11c9a60d355dbdf6e1b39aa8257 |
| SHA512 | 888107313db2c2f000759376c4d6d2d0cab9b4ff2cf9deeadc027064577f15a435aeaa2d437ceeab16d948d40069218f0b15f8df1a0ed9ac85ba6c31d2a857b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cookies.sqlite
| MD5 | 7f7f48e1d77e67d958afd4536ddb86f1 |
| SHA1 | 64ee8a4958f1d7d6b4e4b04d490ba69209fce9ba |
| SHA256 | 39d7e9acf1d7d5f089440b94c7f29f03fa2803b150a242d18330da9dc168f70a |
| SHA512 | 932cbd4ff73099c593fce89fea3bd68e61d70995f6ea3705e41994b007d6c231edc6e25abac49b47ae7a68d680fdb5c8966b3289ecd49cc444446155a8fedf42 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
| MD5 | 23d5dc6d236b153d4924a40fbefba45a |
| SHA1 | aac388beb36b1dbad62afe07c2bc80965845f314 |
| SHA256 | bfdafaa4e25627018f1b295e561861691451a65c8e2faebcd6e9b117ba70ee43 |
| SHA512 | 0ae4cff9abd7b021608b3898566ff797293c3523248c2a351028b0956c8a70546ad15755bc7fc3441a854fdd3879c1ff14930863f287f7e03e5d15a8db07cd6e |
C:\Users\Admin\Downloads\Loader\If it doesn't work, run this.exe
| MD5 | e4fdd539b3eccb8972f24c656f37e96c |
| SHA1 | fcd8e1d07f9f15b7ef1b9635eb68137a1b8f290d |
| SHA256 | 7db49bd6d0e58e952c26dfc926a8d3c687b30241bfbfc2c83f15057660c3b755 |
| SHA512 | 0e3e64a7a070b64cbb162e89344995dc37334d8d47b40104bdaef881504bb7c1f8666ba0a65488bd65fee380fd89769b9ccaba5146ac5ccc4ec9665994cb746c |
memory/3592-4117-0x0000000000400000-0x0000000000452000-memory.dmp
memory/364-4122-0x0000023447D60000-0x0000023447D82000-memory.dmp
memory/364-4125-0x0000023447F20000-0x0000023447F96000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_attlxe0o.csi.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/4068-4190-0x000001F0C2240000-0x000001F0C225C000-memory.dmp
memory/4068-4196-0x000001F0C27E0000-0x000001F0C2899000-memory.dmp
memory/4068-4229-0x000001F0C2260000-0x000001F0C226A000-memory.dmp
memory/4748-4319-0x0000000140000000-0x000000014000E000-memory.dmp
memory/4748-4318-0x0000000140000000-0x000000014000E000-memory.dmp
memory/4748-4322-0x0000000140000000-0x000000014000E000-memory.dmp
memory/4748-4321-0x0000000140000000-0x000000014000E000-memory.dmp
memory/4748-4325-0x0000000140000000-0x000000014000E000-memory.dmp
memory/4748-4320-0x0000000140000000-0x000000014000E000-memory.dmp
memory/5940-4326-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4330-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4332-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4331-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4335-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4334-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4329-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4327-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4333-0x0000000001390000-0x00000000013B0000-memory.dmp
memory/5940-4328-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4337-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4338-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4336-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4341-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5940-4342-0x0000000140000000-0x0000000140848000-memory.dmp