Analysis Overview
SHA256
35dcb543ce32c17153d4401abc5da15d8c8db7b16d72c6e6dfe993eabcc87f86
Threat Level: Known bad
The file boobee.txt was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys family
Suspicious use of NtCreateUserProcessOtherParentProcess
Rhadamanthys
Executes dropped EXE
Suspicious use of SetThreadContext
Program crash
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Opens file in notepad (likely ransom note)
NTFS ADS
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 15:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 15:12
Reported
2024-11-03 15:22
Platform
win10ltsc2021-20241023-en
Max time kernel
569s
Max time network
561s
Command Line
Signatures
Rhadamanthys
Rhadamanthys family
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2976 created 2532 | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | C:\Windows\system32\sihost.exe |
| PID 1924 created 2532 | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | C:\Windows\system32\sihost.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5676 set thread context of 1924 | N/A | C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 5204 set thread context of 2976 | N/A | C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Misha Video.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\boobee.txt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41bdbf57-5206-4d51-8006-081ad5e6b281} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2308 -prefMapHandle 2328 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c808fd4f-682a-48b4-922b-121e01909b86} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3212 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe00c8c4-0b3e-46ea-a366-326976066aaa} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4324 -childID 2 -isForBrowser -prefsHandle 4320 -prefMapHandle 4316 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bbbe975-35d1-47ab-98c7-349cf83f9c25} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4908 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba80d92b-f087-42a5-a1e9-a8ed6b4e14cf} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 4116 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03364e26-f531-4e2f-adaf-71ad0dbc7d7c} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5560 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb3943c-7f4c-4230-b1f9-f0bb4f8533b2} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b58e39c3-7c0c-4f97-be64-622fc76dd97b} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6324 -childID 6 -isForBrowser -prefsHandle 6316 -prefMapHandle 6312 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73cabb47-d009-489a-9712-c124e0809612} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6580 -childID 7 -isForBrowser -prefsHandle 4728 -prefMapHandle 6460 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90da3df4-495f-483c-bddc-4b85da8af136} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c0 0x3d0
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap32585:80:7zEvent8389
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2976 -ip 2976
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1924 -ip 1924
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 512
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1924 -ip 1924
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2976 -ip 2976
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 504
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 552
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6860 -childID 8 -isForBrowser -prefsHandle 5276 -prefMapHandle 4832 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60204290-f29c-482b-a68c-ee04784f38b4} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5860 -childID 9 -isForBrowser -prefsHandle 6140 -prefMapHandle 5980 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a61ebf3-edaa-44e1-a751-4e0388802542} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 10 -isForBrowser -prefsHandle 6692 -prefMapHandle 4284 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ced0851-b851-4c88-b542-925f6c836589} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7140 -childID 11 -isForBrowser -prefsHandle 7136 -prefMapHandle 7124 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a525bea1-d144-486d-bcc7-6d0fbc2fb7f7} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7316 -childID 12 -isForBrowser -prefsHandle 7332 -prefMapHandle 7320 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45668208-cdf8-49fb-9bf1-491647636c27} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 13 -isForBrowser -prefsHandle 6936 -prefMapHandle 5564 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9f83389-2dc4-4de3-a7b3-a667403ca8a2} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7504 -childID 14 -isForBrowser -prefsHandle 3812 -prefMapHandle 7692 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {092a5658-f2b0-4c2e-9433-034720057238} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7736 -childID 15 -isForBrowser -prefsHandle 5940 -prefMapHandle 7132 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4be769d1-31b5-4a4e-bcb5-700de906f689} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6320 -childID 16 -isForBrowser -prefsHandle 6472 -prefMapHandle 6340 -prefsLen 27989 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6451f501-a11b-48a2-ba09-da1f0778fdfd} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:49745 | tcp | |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 113.212.160.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:49752 | tcp | |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | 11.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 15.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs302n113.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n146.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n121.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs262n333.userstorage.mega.co.nz | udp |
| CA | 162.208.16.23:443 | gfs302n113.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.23:443 | gfs302n113.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.23:443 | gfs302n113.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.23:443 | gfs302n113.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs302n113.userstorage.mega.co.nz | udp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs204n146.userstorage.mega.co.nz | udp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs270n121.userstorage.mega.co.nz | udp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs214n139.userstorage.mega.co.nz | udp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.49:443 | gfs208n139.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.49:443 | gfs208n139.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.49:443 | gfs208n139.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.49:443 | gfs208n139.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs208n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n146.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs302n113.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n121.userstorage.mega.co.nz | udp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 74.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.26.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.27.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.16.208.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gfs262n333.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3---sn-4g5ednd7.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 74.125.162.104:443 | r3---sn-4g5ednd7.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3.sn-4g5ednd7.gvt1.com | udp |
| DE | 74.125.162.104:443 | r3.sn-4g5ednd7.gvt1.com | tcp |
| FI | 62.115.252.113:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| FI | 62.115.252.113:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | r3.sn-4g5ednd7.gvt1.com | udp |
| DE | 74.125.162.104:443 | r3.sn-4g5ednd7.gvt1.com | udp |
| DE | 94.24.36.43:443 | gfs262n333.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs262n333.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | gfs262n333.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | 113.252.115.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.36.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 74.125.34.46:443 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | tcp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.187.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.187.195:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.3:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | recaptcha.net | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 11.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b5556fc36618be5fe192e6ddbc5c2eb3 |
| SHA1 | 33503a80e97557727aa9467c8d2aef23a881c505 |
| SHA256 | 034fc94135af8f6d59d4117ba21611fdbbaafe531e66e263978bdc6ade243a08 |
| SHA512 | 58d996d71f81c02462bdabe98f599a340d0f44f99182489283d04f57e2309c54aa1036949f776cf12029b83c1d827a21edb6c371dd875d665e5cc986ab0d7259 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\7046b59f-cfb6-4447-bbc2-8c63f399dfc9
| MD5 | c1ab5b21fe758bfbd4f7b5ff47ef7c40 |
| SHA1 | ba016b14667dd11926fb2dcd15d3979cb9175f9c |
| SHA256 | 768f14e4c84ab668bd2a1633fbf4d7344f8ea5dec9f58c9fa5d359e62a19e5cf |
| SHA512 | 819f63e6092f21e0c6cddb64363da3fbd23b7b4f8fc6353b919d0047264a6d37ca78e524343a01e8352fe8766840f2ad2df76538fb6b8328de1092e5b403e96c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\8efda35d-8d8d-45e7-82a8-b1fe761f172a
| MD5 | eec4e5249f6707d9aaf3f6dc05e59966 |
| SHA1 | 74f6254b8f038a257b8c1ecb1f1f9cbc6278979f |
| SHA256 | 19686b95964c5a60509a70a248375d876a7263b5e8c0e2df18397fa886c1f1b7 |
| SHA512 | 69578515665ab5c48fbedffd78240ed9085415105747a7f686126616c9b296f92f0b1f0ba8dc82a25e32114861da7e19140ee951508c8014afe88e4a534462ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\fdd3c582-53c6-457d-b433-19552e77c963
| MD5 | a4d68094c4798c0d5a9944a6ed642795 |
| SHA1 | f235886f4e160b8d06ce89527589d237f9e762cd |
| SHA256 | ca4d1e21a2a7a89ddc08adcfb4e2b757faa3b8b08c3b0811054bc523034721b9 |
| SHA512 | 660f4e43ab9c1d420ca10d12a0040e78f2df879f3e6628161b7ccaa797af7f5d989312a0986d292bee1b8e0d159233708a02b7d65a95b08c69382d42a560df36 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 43852e76c56ca77e651fb9e7a974993b |
| SHA1 | 456ae5f65616b604e16b29797e9002fb597ea6d1 |
| SHA256 | e6586ca986ab57880d3eb630f1c10f6ce179946b732ad4938d7b8f8fb1c112b5 |
| SHA512 | 95973e565072812aecacadda4807e4c016aabae5c6fb53b3cb378bb4a97048dbc5a3a57d46499fba58e756c50d96b8ec6884e278d40c41791f9d7826ce3a0013 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\activity-stream.discovery_stream.json
| MD5 | f2c929a0174d2593a0246c69e8c27a77 |
| SHA1 | c710362c60fefce4e11c2591f4dd3bf2f38e1f92 |
| SHA256 | f9d96d79b894f0c94103c043a080f58893eeceeca3593b137ae0994c93cf516a |
| SHA512 | d7b7f0d237620577ede5bb64479f92de9d2b8b0a9586b5e723cf0b93fe02689c2910c0100d5005d71704ed3c754f1f1d669391976366b666c72ec30c30031cc9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs.js
| MD5 | 886040d8c8584712e6ca7558c7504644 |
| SHA1 | 98120521299643944aac32df730682a372747019 |
| SHA256 | bd9907410071ba7198dcf009a50a5aeb118811868d6ad0355b54db4802745cf1 |
| SHA512 | a8d0063c25f376af7cbbaa138aada8b31aa269f4a66bd68fc515fba01cb869b6e198fc527a009b24453a0df08ac3b541a6259485c2517d7b8e0e8d2817cd01da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs.js
| MD5 | d7652907c26c210685f34b751f635a1b |
| SHA1 | 656e1906d00d3b5a6394de27d2c9d7c5609a8be0 |
| SHA256 | ab2572a3db0a8d78ed002a7eb13615908780cad5a10f73e02fabe1b4d6e737ec |
| SHA512 | 4383ee247c38dffee298ed8d3c68888291ebdcd69bc8443da6c470deb0d9307388b49dc5942e934151998fa57b1acaced6c0cc23c3cbda76aa6ec7c8a5223c90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\storage\default\https+++mega.nz\cache\morgue\144\{7d8b45d6-069a-4ff7-9791-3c8ef8e98190}.final
| MD5 | 3efa9abd92666265dd81c4f4311a96f9 |
| SHA1 | 41b6b716d67b93555e444cd453f3c6e3f8c9522c |
| SHA256 | 5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7 |
| SHA512 | 5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite
| MD5 | 55009d731996ddd810e840f4d29e6503 |
| SHA1 | 6de27e49b19c4776bfa3e3aef9d1d810e6d80a5f |
| SHA256 | 86eacc9f78b230f5e1f16221b03ea66015d07d5562831d5fb0e1c4e26fc9fb8f |
| SHA512 | fd5b90d6b01ba8023f2c978ce8a6e89e8c303798dc011418d1b3b80a760bc957b01c3a38fdadbbbe0ce5318c8102029c12459b16f0d32d9baf2141cf19eb05d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e273dd137610882a4089404c1f800cc2 |
| SHA1 | 21f82d79f01e0a21d94fd4ec62006721ebacdc2c |
| SHA256 | c582f6f9fd6b998b7e2f700292deefcb13ba3301c9335a19d2fc9a69d80bd081 |
| SHA512 | 46dd9fe18899f6fab1acdfb15b1a2a84bf7d8b31dce59a920f9c052c16949ed90dc7609224f2053e524bdb4d6e2464136ac86e3523f67abc7089fc92450bf6a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 300893761f7ada89f10be78f5a970f90 |
| SHA1 | 023cbf98e426797276d619628fa751cda5c1b71e |
| SHA256 | ea4583c2388221fbf00f8c15cd573f4e51592e0196169f8f25236f1c0664d248 |
| SHA512 | ae1990989ffb252a036bdb7f229f12b4cd7771b7b90d72f83b458ee3357530803f30fcbc9a65ba3d89c1c11d665fe281ba9fa4c18f59b725690885c5ee0324d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs.js
| MD5 | e4f8ec0974b1ac86c60d2edaf87bc587 |
| SHA1 | e73eef9dfebc65ccbb1b1d5aa549c9fd718e0668 |
| SHA256 | 509feca3d9a8bcba0da3fe01f9efbf8837727194d559d915a4405ec8bf8d0f8b |
| SHA512 | 9bae3aed562cd0b8943eea5fe61923fe2ccea6c3ec890a50dc08b6792e914e9281918e72623ecdb2617722c1d6d6632872c546055482cf7f55e87ef79e96203d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs-1.js
| MD5 | 01801377636de46c201adfb98e4081e5 |
| SHA1 | 50b2948b19d042fbc31b9b60d76989297b248fcf |
| SHA256 | f4e698a9fee91a4cff92f7a66c8589987edaf8af143744856461935e9c59d058 |
| SHA512 | 5254dcb1b172cce95ee6c9cd0e941c8fdf245d07fb1cf5f2a8e705e778e04ca66e46fcf3ee750206cc48840746c5a8add271edbbd44ed3e36867691e86b798d1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
memory/5952-620-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-622-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-621-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-632-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-631-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-630-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-629-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-628-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-627-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
memory/5952-626-0x000001B7F2490000-0x000001B7F2491000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 1d36e6b4472455befd09925fd95cf417 |
| SHA1 | cd60fc8cafc0933c80a45eeedde7217e0482a8a8 |
| SHA256 | 558e62c4bb6f231fcc1430c05a3010fae11173d244f48f3fbef456fd4ba27b48 |
| SHA512 | 8a9fecd817cfc5f95d65734379b86481346037427ec524469b95ada475ae0bb57564b2270811f1104c57c79bc90a0644c5694e984c710fd69c097fd1b4352c79 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 585d3c68e5c3c067a94a9658752e6e2b |
| SHA1 | 64e5c3f125d23e32a57a7c2f3b2607025e842ac9 |
| SHA256 | 880b594be5552d4a53a5dbbadde4c5d6ba74fbbb74b9fda9590efca2fee475e4 |
| SHA512 | c88e1991e2ee84a5ee32fff8e3cf42af52806fb8ab252be7b47e4752d8386ee2062ebe22c22bd16e3ca515338311360b181d363aaa15051560ff24362f1df54b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\AlternateServices.bin
| MD5 | 8ad7af2633672524257c7fe1832f9706 |
| SHA1 | 7cdb0488e05d65cf648e7b6080df1261b7d6e72d |
| SHA256 | fc44b8c7030bf3f6894d12105aa8a7019dc289c626ea57bb803c3d9113a29b60 |
| SHA512 | 1fdf5d66296adbe9226ecae6dea535544777de6f21d5862731782024a0d8447011bc73eae63a9915bfb71fbb550400fcd05bbe85f99f90b1059809ac76c4e6f9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4a9015f631119673adb57af4b64dbd1a |
| SHA1 | 523e74998ba689646bb64daa60a851c94227e946 |
| SHA256 | 8388872b5546f8f91eaf38fc306b2bff4601eec351a394ab9e7e791c04083d86 |
| SHA512 | 6e4b064c094a79f5e0cf4f2b672b5c7649f463a2b8bb94555dad4851f09cc4780b55a4df03996cabb67fdaa49ffcbfd90e47e211c69cae372d4bcf7826840d52 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4933c85f2290104670c0160c7d66fa79 |
| SHA1 | c48ce523b2a6012118d2e1de8a5a06a127907714 |
| SHA256 | 718c9f3555d0b1fc6647bdfda358a64ff24b81e40fa437afd5accc4e05c0359f |
| SHA512 | 28232cda1ac36972cb74d5952a14a8c57956cb7dcd53bad708db1406ebc6039cde6d4f4779a0fa3a53e3d7c9af6eb7a7601a8eaeea2d71e387909c73a8085c83 |
memory/5676-794-0x00007FF6E0580000-0x00007FF6E1580000-memory.dmp
memory/5204-795-0x00007FF601BB0000-0x00007FF602BB0000-memory.dmp
memory/1924-815-0x0000000000EB0000-0x0000000000F1D000-memory.dmp
memory/1924-816-0x0000000000EB0000-0x0000000000F1D000-memory.dmp
memory/2976-818-0x0000000000970000-0x00000000009DD000-memory.dmp
memory/2976-819-0x0000000000970000-0x00000000009DD000-memory.dmp
memory/1924-821-0x0000000003F00000-0x0000000004300000-memory.dmp
memory/1924-826-0x00007FF9478D0000-0x00007FF947AC8000-memory.dmp
memory/1196-831-0x0000000000E50000-0x0000000000E59000-memory.dmp
memory/1924-830-0x0000000075430000-0x000000007566A000-memory.dmp
memory/1196-835-0x00000000029E0000-0x0000000002DE0000-memory.dmp
memory/4220-836-0x00000000027C0000-0x0000000002BC0000-memory.dmp
memory/1196-839-0x0000000075430000-0x000000007566A000-memory.dmp
memory/1196-837-0x00007FF9478D0000-0x00007FF947AC8000-memory.dmp
memory/2976-829-0x0000000075430000-0x000000007566A000-memory.dmp
memory/2976-824-0x00000000039B0000-0x0000000003DB0000-memory.dmp
memory/2976-825-0x00007FF9478D0000-0x00007FF947AC8000-memory.dmp
memory/1924-823-0x0000000003F00000-0x0000000004300000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QDKV1GG0M1IP8BR9QJWV.temp
| MD5 | ec0747d59a240799a5d12d820854548c |
| SHA1 | 185851eed9519b99654b9bcac2ec6fd264e66320 |
| SHA256 | 7a2993baa325aeb153b91b0df843404d13e4cf116612abf3e6a6c8157f4a4396 |
| SHA512 | f7c16c3f5b62519c46142d3a741e7d604ba4cee4d6cd5c778b888abc46e49563d74868956e6096edfc886dcedb45e1d37633a56b6bbc6f2fcde89ba6c95a5d29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs-1.js
| MD5 | a4eb5b40799c2f32dfc41e1b33b2429b |
| SHA1 | 498a7a1e185cb0ac52e22c59620d94a1205ce24d |
| SHA256 | 1b702d52e851cb546e259c46a961493a966670063a4358782c973e9d92b6ee60 |
| SHA512 | 7cea3abd73e08785cf2883ffa88ab24bb5ecbeb3b5ab46fe6b823b1be9f031ae5687ec02d5f9957a1ff55769b08ba2bc854e678e8a0ca4ecb5e62b087b4a9ede |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c6fdacfe9d47ddc3cb8a19f48249efd5 |
| SHA1 | 545c914ebbd9d14d74dc45d48389efab16eada27 |
| SHA256 | a6041e716c8021e7295c905c8ba26e48ad36d050fc0d34c276346cb97e765a96 |
| SHA512 | e3756d51c94e067b2271aed72c5a69aba3a78c27f35f097309af93b47c9bf993c3dd1ec2c34569efa09cbaba2886adbf6add92a2f3f6021d553a493d6da4b8b5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | defe0a6e72b322578bdd502bf58d3480 |
| SHA1 | 7af09415a9e8c9641deeb141317148c1a9ebea54 |
| SHA256 | 02410672b0332d136d5b6ad4dac9e84921cbd2876bd26859f4a2e4b5cf1b0bad |
| SHA512 | e023945ffa4e179a36a2434eac55169a0e26ff89ea6d8b227375feca093291c1678a8c8926670d33f25ee75c93a2c5896f5e1f4a343a47450173d82134c6ff7e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\entries\C383E21D3709FFA4623A7707BCAD2A15BFEC59F9
| MD5 | 493f0ba410c3d5cc088986837c1ef0c1 |
| SHA1 | 6db3c8c1eb14dc53336be353f3ccc4edfe0d141c |
| SHA256 | f9859565eb9d37caa0d26c9b70cf4a263a3aefb5abcd91f5a32313baf0aac29e |
| SHA512 | a6ba51e2f7b3f1da676965e1325d1bff309f683ad67a458a0a11d766a74a8a8fe65607a2c88ccaa5df7c750962e851d7c42b4df51f526907ecbae96b2a3a7b50 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\storage\default\https+++www.virustotal.com\cache\morgue\36\{fcd1368e-9612-4d5b-ae73-2eac867c4b24}.final
| MD5 | 3bd181fab15a3ff79f4ec6203e8c11d8 |
| SHA1 | ce265e4838dec0ab068ef5f3db78dbc0dc00a1e0 |
| SHA256 | dda66a6bf5e20e27e7738723bb7db889b624066c7b4063b4398c401ec674902b |
| SHA512 | da8824488efa0247f01c7532b52d42f29f2cc27f57b76c505b829c7eab0877ec1b9875f7d3d60e2b135199f2ec19ed829baf7f380337b485658201148700c728 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\entries\2DEB3B81EB96245D9BC1CF71DE19C61850835DAB
| MD5 | 302df5e857438b4901471f6196c7d4e4 |
| SHA1 | cb91f101ff50571c036e7589d21d87caaea775f9 |
| SHA256 | f878d6eb01cfcf4314f67d3b44e394008bb1e088d243830b345f161bad97e6bc |
| SHA512 | a68ab51ee120d281c9eecbaf5112ff088140bd36b9b9406d0a0ee77a0e734495f4d194bd03bd54d6f3f9450b8f0b760f612796497f11a6b26afb93e66519a367 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | faf131a99c7b42070750e64dd994abda |
| SHA1 | 33f460d834f5ff0dc3da757b334d0a2335e53f43 |
| SHA256 | ecfd65341c1eb8d748bbb9723878dbb48e14c0b7c41cbc1256ba1154d93f009f |
| SHA512 | 3c62d50a6d829c17fb8a10563632f2d9b7ae7d0116580e716bb37bce606b13d5cc9b639c401073a62b8f6496946a631a21d6deb9ddb7f81507faf91be20d86e4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e6d430f49e6570b381c29433aee4e043 |
| SHA1 | 8d608c79c1b4d89c792ce97b5dc9bcdb24838fde |
| SHA256 | ae4b978b761b2aa5ba9b30b55382611c4dbe3169d4a285b3c10b73f8a66e9ffc |
| SHA512 | 67fffee1c247cdd74829ed8221c465066cc8627444f54a229dc6675e119f13c7966294a1cee652f37574f92365acec47e6cc3de42d34f35a559809e644eec6fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\doomed\12198
| MD5 | 530acfb05fd2f6033ba4126027aca741 |
| SHA1 | 3ae14168b152df6618bb5caba4ff9671d31b9eea |
| SHA256 | 81faf4795397a0c2833b65f9143f3dce9d48c1634df33ea39ceed6784ed2d18d |
| SHA512 | b95e84b4beb3ec9cb2fcf6e97f6873373e5149b3743fb175661a0e312168df6dd7bd94a64bc9f215b234703badab419f61b6029f8077bc8d2f61f45bf79f6795 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ccf7f98a36276b778332786e7a64897e |
| SHA1 | 64bd70c77e5370310c46eba4992fb6866aa55e24 |
| SHA256 | 25dca2d927d37f36a524eb1afe398991d537b12fb9df89af73cd7c55654f3f60 |
| SHA512 | af9be8d05e4b15944ff2efbee5d293043047255ec223bf053d3525904124fa8bb3f8b567bcbfd28498e941312630aef3218f1f1b4126e8dc9e733c55539e0d7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\doomed\19150
| MD5 | 565012fbdf84b73e4c83c7ff88c153c6 |
| SHA1 | acd93f12c2bed40a7a7f4325df3d29e2b6aadbe1 |
| SHA256 | c844697ba8e4ee95c2b43a4e3389f8b75fec676db380f1ab85f723f18f10a9d9 |
| SHA512 | 47620982d903037d0a77a2ec8419d82415b5e29da28e0ba0c5a9cc74637c62d176a396affb66e610b333baee9f35c3ddd2fe02d8644822cf617c2ac48119f0c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bc784495c3141dd8b43151a70004c750 |
| SHA1 | b987df0c1344d8d0eef39ca74184dc28e8f5143a |
| SHA256 | 0db6d1832df518241021143330cbf1d0b628b5480c99dc5f1d21c0927cbce07e |
| SHA512 | 2a0610c860e1606481c3ef041057053d7dcdbd0afa59b0d58b1240a6c6183ae3c210b2e3ad89c801637bde445ddf5dcd599b94b197a590420f8121fe9f4b664e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | af389bb2dff0e547b286f0ae19ae9582 |
| SHA1 | 8151353a449aee16a9b2863d270dc844012a6b15 |
| SHA256 | 34c9d79c97e67c28313f8c129a04e12071233388f4c415988a70640ebb38d313 |
| SHA512 | e3873c2b8e4607d3aaaf19c61b6428771c5af02ed21b72bb467ef337e8ad4374b65435455a33ab3614140d3abbc02e009f59d85434c867b54343595efb649c6e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 947bddafa8764d6da9f34e596cda8d49 |
| SHA1 | 2b18baba8b09400c75057744c4a2e31a489868e4 |
| SHA256 | 7ce2bea18439e75780f786325dffe8feb63964e48fab093cb484d0a804568216 |
| SHA512 | 6528f0d4ed2628877caf9d9342c1d3da761ca252d8b7630e0e283a0694317d9a33afb28179d0a9ee9f9e1246162130e04947be2eee069b7f5d967b71f47648bc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | e27a7ed3c4b3e381658107af22f2ab32 |
| SHA1 | 4488bd7204a5d9aaa28fbb9559bedbc449a6f0dd |
| SHA256 | c0d3ffcdafdfc65504f423743ea5c719d9318366c596ed6bfad968b644c0de46 |
| SHA512 | 8224437b6a6432b23b83239dc88a099b9bfd3202ca7695f79086f1ddc228fe939be6c531cd3fd0dadf2494e8a7bde044926c30b3a1c6e9d5fe9398d86548b0a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bddd8f311bbe0903b7466a3b6154b0e2 |
| SHA1 | 70833f78a0bcab278f90f27a0c4383f776965d1d |
| SHA256 | a1da43f26555a9f2d604603b4715d05b097b3796aeab75a7537fea92b73f1629 |
| SHA512 | af94e63d2953bf73fec93e968d1e797a7569995d071005f190d055d57b6a495a41505b5e0bcbcc3535c4f01575502a15138e4639fc8d77e6f4c771d1b9ecae06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a0ded671a27180c8568e8234f5766d2c |
| SHA1 | 1d1b891e9f1327a0cfbe6ff36a895b20807098c6 |
| SHA256 | b1b5eee9d4801a76024129c63fb3ff0d96af0d04a4ce2e99a820dea03abe3da1 |
| SHA512 | 75d7f46d50561f906dfd3d3239618b416054626f7b968a1c83b275e84ef718f2c7a6d51d013be051d563928381830b7b880d7e7e9a64317e36d997e0cc46f76c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 13d189c7b6ddecccad7f1c07ac90d57b |
| SHA1 | d3e2386377172d28b38f3d63ce0f1e9c6fab04b4 |
| SHA256 | 977725f55f62c845e06e1d231bb45e22621bb27f502b4339f6c97397bab92051 |
| SHA512 | a7e2dbc59a177418d397039f42c283379df8eec646875af5ab47d3d20848aedd85eb3a7535b6ab66d0721cd6251f1dcd1eac39a9d72758c3c16d6517700c8c28 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c5885bd08367214768905ab04348b66e |
| SHA1 | 29e723af2511f89a0e1ddddf36bbd436dc76592f |
| SHA256 | fce9c4e3c81e883c1073bd14f5efbad72afcf66e7944d743c00a9340439442b9 |
| SHA512 | ebd1b50061ae0c3c5304e9a0e43d88822db3004fbe654cb85ff2ea26fce78e9aee965a4b0280d5a4e7801b92fa956f74c6530686d796c47ad41eb1862769039c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\doomed\6756
| MD5 | d8ca86fd77a64d2bd587d6792659471f |
| SHA1 | 558c8fb06c04c8b6eeb6f22b62d3a88aad25a6f1 |
| SHA256 | 69a6693be8b6c918653fc841509cfce3ac4db7d2e5307b49e4b1bf3e7cd8b15c |
| SHA512 | fac96046f0b6d46b08bd3d14ddc2f179eb84df57833d968101c59f4114eb1bf4b0d11e0497488765b46d119618c6bd163d3c50ee9583e7f1441ee4c8564a50db |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\doomed\1270
| MD5 | 3d166295d6a27907dc00d55ee8f9ffa7 |
| SHA1 | 9190c932f019714dc3b024c3885578ad51b13516 |
| SHA256 | e777eab56e78c869775c02364b1cbf37f596971e7c72190de2c99d3f1ee7076b |
| SHA512 | d9976e773d4f2edc811d72325ea7b9e1b3a97e22f251f264765e6b0a0c01507696d39046b260b43aa60dd756c17e97ea6a7e0979694ec053ad59e0767082eceb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\doomed\484
| MD5 | 602382de95b380b99aca0e19c099d6d1 |
| SHA1 | b95f453495732e94488f268999dd0e79bdc1312f |
| SHA256 | 8a84bb51a54383d96f17be89ec15bd52cf27c22c688d72aaf4f4db18bfa98188 |
| SHA512 | 0c3fe7c2222c1543bb70a0ea3fe7eada3d214a7010a04368ed12c61d50040bc9f8733683a46bfdcb3a192a5133225064083249417254940756e34a4a5b1f0c22 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\doomed\2516
| MD5 | bedfe0038b00008fc3722a96a0d10cca |
| SHA1 | 0d378d2a029a143a5adf267942ba8b954284033a |
| SHA256 | fbe436f1aa3a4558dcb02cc49e95e2274973a2c36955ae974142eee6a239f8f3 |
| SHA512 | 019260e7049c3648f9b085dd0d7e76d27d73fe11c886d15a29815cd25c3178ba67ab6dfad39abb0ee851e7173b0e6b97c936a63facafcb73ffd401f31f993439 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | e19fa1a62314a6760463548bf9cd296e |
| SHA1 | 0030d8fafb3531fe05667127a4fa50dff71c841d |
| SHA256 | 4d9f310472532bdebbd92749850ee668865936c660c5ebc745a2477a8390a54c |
| SHA512 | dc9c76f35f6e552016fd1f8503306eb42708d4429d918e9034317789adb0e4234f7a615c14bec02f5663efdf8e3bb150d226f802040db0143e8c8764eff5992b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\jumpListCache\4ZVoxXFZmCdc+sxtBYoyJ0238ySRYGgW6b3Z4JvA+W0=.ico
| MD5 | a3c1306e53848dce3a3c2fec6e1cdff2 |
| SHA1 | 87f8463535c624202f9b6efe26e993b0b1f3157c |
| SHA256 | d2d32f8573ccc7ad555d258c8362cfb0b699eb4b004f93dbeb171f3510df055f |
| SHA512 | 871e877c73990e372a7a41d9851e9dcf301efdc543696aa4dbc35b8a121e24b7fcdf76d426b5f90fa3a14253440697de01ffa0d82d417e5490560ce7d9740aa1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e6512a41108a70581b70abf1d7c8abc0 |
| SHA1 | 4b6baede24fac51e78e0c8aca5739389050a4485 |
| SHA256 | a12a4f63aefa157f145c7c98d71610d0a3592541d52d47fb9072def5a852fb02 |
| SHA512 | 8792f4731ce1d7ad4115bdf9667c7313c26b36b3f826b4b0255980777fdf74aa6ef3198b92a91a2f525190f5b67dc43a8820b5a2aa2f516ff3abc00aad31390d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 05d2dd37b115ce8c7041c7e26c6d2a85 |
| SHA1 | 34f6eedd8116c1a3b2ff4239744b82ca4dc5f205 |
| SHA256 | d479e74ced4d90d1e295c17c54fb8cecbe241ed7281f8b5f3d7cc8dde1113f1f |
| SHA512 | 96594424169b8ba8e491149eb451dd8fb997931ece2e2987e080440adf000e81402d5dbfb8eaf5943aa52a8f5a2b9ee94b30f16e6f662df706bf6bde6d3dc543 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c3daa71f2e6c13a97490ea6be84b6fb0 |
| SHA1 | e0e1af0c0e9c821e8827d7ac6d1bc014d4134ce2 |
| SHA256 | a3794e30d4b51cfd979a7f8924f8bcddf36165d41826666d045a51d3361af2a3 |
| SHA512 | 28c2cc20835a9b6ed9fe56ba691f7282dc9b4f74fda90f16bb45977bd120168f40641818ae2cc1895b2cef4e19eea96bad0607fe9a05ca7f14604cd3e1c48deb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\09b763aa-73c8-4824-9d86-2f641462f559
| MD5 | 2fa5c4d60f38c3794bc43c6c0a991648 |
| SHA1 | 35fc3c3b3a301ea99c9c333906d4c65ab0a7ad98 |
| SHA256 | 44555f8cfa00131362b495247da4302f2ed85056d13770c1ebccf1b495196af1 |
| SHA512 | ea63c7b837f350ce4ea34e73cf712c16ed1c4f7f20e713e174e9486cffd4d05e9533cb7fd15e8c2f73a9c75ee7f1a0cfb3720a6a42f93f4fa9692e54deb45a6f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\35da9a94-0740-4198-bd3e-2ae584fdcf3b
| MD5 | df4b9f2a0771c9f1840c2b8bed6ec629 |
| SHA1 | a66d8de84be57dc0479af491393c206cba9452d1 |
| SHA256 | 14378ef012a0ccf9053e011704bd7926bf96851790b56838ba43f9283e7b669d |
| SHA512 | dd900956fd607385a5b40a28d325914c8958e9b878ae87680ae8a41be209c127a3aeaec42b7bcabf47787dca417f1a2de78dc19550f5864032d7778e9b921f93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9b8f5f63459a30349c4b5e29491558aa |
| SHA1 | 456e245eaf42dbf5e9e81546dcd0f13dd8c3dd10 |
| SHA256 | 73e3c72e7f960965189753fbb3e64945361fcc64051bc8e41e9a7f23ac81cfb2 |
| SHA512 | b77ec96938668f833147fb45ac2bfedd697518fd7a99ffc0ee09826e5e9fb3a5470e81de5858c03159db57755588a7f50dcc72c5cc5f6f47502c4c85e9f32678 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3ac84d7db12221b2f3790e845bc52f48 |
| SHA1 | 97ebd233d293f0dd4fe75af6811fe67e7545a4d9 |
| SHA256 | ec056b5fb9fbb417a1f4f70eee549362974c341874ec85b7c515d893018f7b5c |
| SHA512 | 35ab95238350219e2dce55df1f37c5d9fee2a260bf099baa7e98ef2b8c0653c300e10c2d89cc3f811f57ff839b238e22a36463b0a6485a2ec20c7e8dccc3425e |