Analysis Overview
SHA256
61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
Threat Level: Shows suspicious behavior
The file Atlantis Exploit_53481591.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Subvert Trust Controls: Mark-of-the-Web Bypass
Loads dropped DLL
Executes dropped EXE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 21:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 21:57
Reported
2024-11-13 22:01
Platform
win10ltsc2021-20241023-en
Max time kernel
213s
Max time network
211s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Atlantis Exploit_53481591.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Atlantis Exploit_53481591.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Atlantis Exploit_53481591.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Atlantis Exploit_53481591.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Atlantis Exploit_53481591.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Release.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Atlantis Exploit_53481591.exe
"C:\Users\Admin\AppData\Local\Temp\Atlantis Exploit_53481591.exe"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29e951f5-b3bb-43d2-b8a3-76377711d496} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e1b1b8-dbdf-4784-b8b0-fe51fc4bc97c} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2936 -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 1528 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa21abc7-a3c6-49f0-9fb1-b8ef21582b48} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -childID 2 -isForBrowser -prefsHandle 4216 -prefMapHandle 4208 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a61ef1-a8c1-4a38-a9c3-f5b55f8109f2} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4796 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4804 -prefMapHandle 4800 -prefsLen 29145 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d58cdb7-d80c-4cb1-822c-65354339b480} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4972 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d32e562a-4ada-435a-b562-a1f2e9d3b712} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 4 -isForBrowser -prefsHandle 5292 -prefMapHandle 5284 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42e1542e-7c19-4db7-8529-54c08958203c} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 5 -isForBrowser -prefsHandle 5556 -prefMapHandle 5552 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f6f0128-1594-4ff2-96ac-82a10cad7b48} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6600 -childID 6 -isForBrowser -prefsHandle 6684 -prefMapHandle 6680 -prefsLen 27251 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c008a23-7b70-4259-9e1f-f6ff00cfa822} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7044 -childID 7 -isForBrowser -prefsHandle 7036 -prefMapHandle 1520 -prefsLen 27606 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dc4a20d-400c-4f41-b01c-bd72e37f1971} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4812 -childID 8 -isForBrowser -prefsHandle 5116 -prefMapHandle 5136 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88edc2c3-c701-4bf7-86a3-d60e2bc8bfee} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 9 -isForBrowser -prefsHandle 6640 -prefMapHandle 6648 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ad5cc97-0ba7-4a09-9323-0c2141ea9501} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" tab
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2662781b435148d398b91b4110cc4428 /t 5816 /p 5496
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dpd.securestudies.com | udp |
| FR | 52.222.201.47:443 | dpd.securestudies.com | tcp |
| US | 8.8.8.8:53 | 47.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.200.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | post.securestudies.com | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 234.78.193.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
| N/A | 127.0.0.1:49844 | tcp | |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.234.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| N/A | 127.0.0.1:49854 | tcp | |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.36.55:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| US | 8.8.8.8:53 | 62.218.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 151.101.1.91:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | winrar.org | udp |
| US | 52.223.29.44:80 | winrar.org | tcp |
| US | 52.223.29.44:80 | winrar.org | tcp |
| US | 8.8.8.8:53 | winrar.org | udp |
| US | 8.8.8.8:53 | winrar.org | udp |
| US | 8.8.8.8:53 | pvyk.bestredirservsafe.com | udp |
| US | 154.16.205.102:80 | pvyk.bestredirservsafe.com | tcp |
| US | 8.8.8.8:53 | pvyk.bestredirservsafe.com | udp |
| US | 8.8.8.8:53 | pvyk.bestredirservsafe.com | udp |
| US | 154.16.205.102:443 | pvyk.bestredirservsafe.com | tcp |
| US | 8.8.8.8:53 | 44.29.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.205.16.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | expressvpn.com | udp |
| FR | 13.32.145.60:443 | expressvpn.com | tcp |
| US | 8.8.8.8:53 | expressvpn.com | udp |
| US | 8.8.8.8:53 | expressvpn.com | udp |
| US | 8.8.8.8:53 | www.expressvpn.com | udp |
| FR | 99.86.91.35:443 | www.expressvpn.com | tcp |
| US | 8.8.8.8:53 | www.expressvpn.com | udp |
| US | 8.8.8.8:53 | www.expressvpn.com | udp |
| US | 8.8.8.8:53 | prod-assets-cms.mtech.xvservice.net | udp |
| US | 8.8.8.8:53 | xv.imgix.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| US | 8.8.8.8:53 | 60.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.91.86.99.in-addr.arpa | udp |
| US | 151.101.130.208:443 | xv.imgix.net | tcp |
| US | 151.101.130.208:443 | xv.imgix.net | tcp |
| US | 151.101.130.208:443 | xv.imgix.net | tcp |
| US | 8.8.8.8:53 | dualstack.com.imgix.map.fastly.net | udp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| US | 8.8.8.8:53 | xvp.imgix.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | dualstack.com.imgix.map.fastly.net | udp |
| US | 8.8.8.8:53 | prod-assets-cms.mtech.xvservice.net | udp |
| US | 151.101.2.208:443 | xvp.imgix.net | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | xvdrop.imgix.net | udp |
| US | 151.101.130.208:443 | xvdrop.imgix.net | tcp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.rudderstack.com | udp |
| FR | 13.249.9.111:443 | api.rudderstack.com | tcp |
| FR | 13.249.9.111:443 | api.rudderstack.com | tcp |
| US | 8.8.8.8:53 | api.rudderstack.com | udp |
| US | 8.8.8.8:53 | api.rudderstack.com | udp |
| FR | 13.249.9.111:443 | api.rudderstack.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 151.101.130.208:443 | xvdrop.imgix.net | tcp |
| FR | 13.32.145.59:443 | prod-assets-cms.mtech.xvservice.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.2.208:443 | xvdrop.imgix.net | tcp |
| US | 8.8.8.8:53 | 111.9.249.13.in-addr.arpa | udp |
| US | 151.101.130.208:443 | xvdrop.imgix.net | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kape.dataplane.rudderstack.com | udp |
| US | 44.219.182.139:443 | kape.dataplane.rudderstack.com | tcp |
| US | 8.8.8.8:53 | kape.dataplane.rudderstack.com | udp |
| US | 8.8.8.8:53 | kape.dataplane.rudderstack.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.182.219.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 172.217.169.17:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.169.17:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.169.217.172.in-addr.arpa | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.200.46:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.200.46:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\link.txt
| MD5 | bdadc14d95ed100391878ef988d0f396 |
| SHA1 | 43754e16ce6683fd7989f146801917a08faa5206 |
| SHA256 | 59ccaad1372561059a6d25c60bae024144c52c021f76082ce50f3757b7225b73 |
| SHA512 | 030561c6167c02d0da81cbb4067d5397896157ae280352521aa175d62f17b5db41f5b609aec6365d8b417bf66d23a31d725d6ef32f65de92ec34924e3a23f505 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a33112a8b950f88b0c332e35ea7018eb |
| SHA1 | 44c316e52bf098d3b2d7ec264945cda8a509fb08 |
| SHA256 | b3faacc9524c0b4f68fc795af516e54af1c682b4d256ccfcdaf6efdd57589836 |
| SHA512 | bb9e63befcd5cf58b9c4ca7efc34d4cae1aa58ae2caca9f28a3f2e6b947bf127be3e152a52b1f2a4854add3e05183e1ed42aef564c647065dc21760058354bad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\d1fb921f-d794-489d-a2f4-052d8a22791e
| MD5 | 0088dd45ccd10de334b602f2c9b592c8 |
| SHA1 | 10d9eb965a97a39d26970c7ae41dbba5991502af |
| SHA256 | 6b0d73659a2fdf6373a237e136141fb31108ddeeca3b89200f6a667ac91e7030 |
| SHA512 | a89cd9aa4e6cc690c3ab9b506fa779367d442b4b367c17e28cb47fdcab0d8a4e936c9f4e88a9054475e54360a4c93410c7f8d62b7cd77b0d3b15075f38fa45e5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\7260765b-76c0-4a37-b588-abc4310e5bd1
| MD5 | d17231d4076c4a6ec9311f3febc4e471 |
| SHA1 | 32b180517d50ac55a25792773334e3b9b32ced45 |
| SHA256 | d94ca0b5e62b4a37a074034f0041bd4a6be17d35cbe4a85b6266ce3643f39d88 |
| SHA512 | 06ca28a1b6467106ad288bc5bd29d15233644b25763e1943dfd5840af23e3aca00dbc790c8c81604297d7e47e51f77628c3991b92f4f25a2879c76d99f99c709 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\06bbc60c-3b85-4192-a3b6-a193dab0b906
| MD5 | da1c23719931dd702be440b4545f2955 |
| SHA1 | 05a2a9c2730afb6d6570881989efd796c09e0769 |
| SHA256 | 54e1b0c4a6bce8b7a37ddc3aae3dd4278c9a3297a70202ffab798fb5c7880fb4 |
| SHA512 | 64bd3a3600525c18ac7d1aa6d16e6591e92942ca5bbdbd5ec7f104b7284eff596dc6d74b57f2266ee3e151af44599f0a276057c6d290121278621e29130a399a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js
| MD5 | f013af4f312b31eb9a0f7b727781a990 |
| SHA1 | 9b48bbdd8002cd18e737f0ab5323a74d0fbbf1e0 |
| SHA256 | f389d16c58a62a3bfc21853f47b5aaec2af42707c164e4ab7ffbacf578fad63a |
| SHA512 | c01c8b261d5463b284a946a55e5a5b7e18bd47d6584b61398a892f3145203b92da42b7ed2985e83c4094aa3fa99e4d29222eb8a0b13b74088ee8da3d3d88d0af |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js
| MD5 | e2bdf74058f658e669e18ab2db835460 |
| SHA1 | 9d0a33b444e664029642e5bb539a953ea3f68997 |
| SHA256 | bcb49c5a9cf7a5ec42e5c09a31be1ffc3e251a7de5cd35c274c3df71071153a6 |
| SHA512 | 41b88d162633d7723e70e256f0492b835985aa80725e242699cb1566edd1b936ca841663dfc180e580e968e6d381250b226ddd699738824b1b3f12b987f5454b |
C:\Users\Admin\Downloads\Release.08wnPcQC.rar.part
| MD5 | 99fb762746f8719f4421e1a897cf7846 |
| SHA1 | c4dbc0fb0c4c21dbdc61e2202162363d69092c8d |
| SHA256 | 2a2d19d053252c1d42e4b7e6119a443b08dabee38f18aa6bbff4e0b730275a5d |
| SHA512 | 931c16b5b4b1731e869a9ac4c016cfd02bf8c23c5f64b76621473bae449925e64bde1a6204ff9e51c439ac99cd47e7b6766babeb916bbffd9ec88cae944c7a56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin
| MD5 | 8bb5d0a80e309ab9217f064717a3a167 |
| SHA1 | bf060f1560f5338adb6937762b77745956980952 |
| SHA256 | 5e9a5ddd09217bee23f5f69257c0a78fb7984976c5a4c6ad73f37799e5cdc5b2 |
| SHA512 | 0866055ccd1ed73b8984715cbb67ecafba474a0d4b151e592ccc37b93735fee9c8ebddcb252c3f299df13dbcfab2b00cc85dbc2948189a50611458a4a5a03123 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\5AEAE7E489AC7D972784811F870A53E73BB466E3
| MD5 | 42a9dacf8238794a7d2b97ec9499b6ce |
| SHA1 | 5001f912ab0f92e58df27a9920b88f82ccff9cd5 |
| SHA256 | 2a7c14a2acbf96e2c5205c4d7f15aac911d92f5d251f72d62cf44ea0d41f4ba7 |
| SHA512 | d4db81b5f46f3cb9728855da853fe6c7b56b94a5d9e1937d50820f78d5e188ba3d74bcb3f0668989dc7cc2b60f10714a0dfa90a38c47c0c725c33521788ec287 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\storage\default\https+++www.expressvpn.com\cache\morgue\167\{0b48fb0c-02bd-4be3-821e-fa71241d01a7}.final
| MD5 | 1600538060031328fd662b73e931d51a |
| SHA1 | 2c4750efdafcaecf0b30738f3f607e498e3db6bc |
| SHA256 | 6b1ef377cae872aa83844a4aae70bf3c18be0241338b8b68e926bb6b39c7586f |
| SHA512 | ed236e953acb7161845dd2eb6030f2aa1ca06b85d2ab50baaca1d6467826de5f243ac0cfcee2069e0f27e839a7ad0651b50d83bc2cdc246d772d0a1e6ab50a02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 63e27292e41c323ea746f3388e640ddb |
| SHA1 | 9d01ecdda7134fd615b2dc18eb0299e7e743aa5f |
| SHA256 | 1f7afa565b407602c406714b65bcde0276d0a60180ba5d96e50e981dd093e4c2 |
| SHA512 | 793c0102b0a0edb116d157b1c0cb9199a7aa4644f49bcf80527a1b29007b55677bc95dc59e0bf7b365c648340744d8df82097b6395bf99cd9d3576ed15f0fcdc |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js
| MD5 | 04a24a4fb6acbb88eb0e8df2864220cc |
| SHA1 | c74a0b39c3f9f437aee4c10ea8a3fbd8cc15c544 |
| SHA256 | a4bbabdd5f8575586cdf4fbe1d19a364709f21b5bdfaefe6070224b82cb9228c |
| SHA512 | 2dd97d8411d552725b874b04263103be0e9d4d7b93923fd869b4a1b7158e2226b8024cdff5b6e17ddfef3435ab3b2f2127d800414f42b1d2bf121405a469bd23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin
| MD5 | 61f80f5cc31251790542a6a9b3dadf44 |
| SHA1 | ca427f05f4ee2724bdec2939e1b235fef0d88831 |
| SHA256 | 0ee5b6d94d3d18a29d9f897647be624a894c28d80e1ddc63a5f243f38a73b67d |
| SHA512 | d4f9bc7d55d9d226ccfd1f9d167f72f2d124875cc3cf4ddf9a9918cbb218c3bf146c95877c89232deead89276b34f60e1f2600cdf3886154ee50830a3ee531d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4c72c4c4dc4bf756ce64bc0d81cf9b80 |
| SHA1 | b9efaf70b2bef9bde73a2be425b97c7a1dd289e1 |
| SHA256 | 7ef2d7c76b470e662cdb61ca14b6ba558cf8d44ef5e8c28585ff5dfc0d6b649a |
| SHA512 | cb403a34a56afdcd2096e773aa3aaff0e2e6f313ddc86b604421054fb5991ebf7366e672a2dafc89159b8eb29e5be6c996a210924b4bd5946adab1e223034aa8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8a86ec9e6b1e83e7e725e021e8ddcca1 |
| SHA1 | 4a39baa722ccfd0e9406d6091b2fc6ae1e95d4ff |
| SHA256 | ec45518db3030311cc1f22f18afd1b87b89c24a50e10c8f9195fcae82b6c8162 |
| SHA512 | 2bd89602c73b15648f243532a6ca7aad51215d842f302d4e6777b3313741fecd3084c959027fb98f53d73a613369a815f9cdc77e2601d3562a7842094bcad992 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b8719a6d90705745840d08a64a18245f |
| SHA1 | 6798863c1b26fe94c811d42ef8e0d22b982dfcc9 |
| SHA256 | 0c75ecf2d567df97ec869063c37cc9c6452c87383ad774014a9874bb267fe72c |
| SHA512 | 5ad9360957227159d0d4304346ce7c81c3e96de8e694de5040bbd192999b1c2f1e892af8322669d56448d389ced7941188f31a4b66bb59f2fc4744ec170b6fe1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\1FBBF79CD3C19714BC216DB831CF401F7BAACEBD
| MD5 | 46bf74b42aa560893f75eb286ebeeb53 |
| SHA1 | f5e3ac11eb8b36b18ec301f985bba65ca8e7543e |
| SHA256 | e3014218668c7a62767a2e5e8adab53fc3a655bac1f2610a9f924b0f0895c7b8 |
| SHA512 | e1d19d5ddf77dd1a881dbe293e030e0ceb5e3cdbfd6773fce96477ed91d53822396ae021828ab7700c6ae382ccd8e36eda2dcfc314c0ae3a9db92ebebba36fa8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b7587f4718d8208618cd49e339fb3673 |
| SHA1 | bd8d1d4245a05ae14e9886618a2b3a2911b0637d |
| SHA256 | 60063e69170949a87542df4e4d843f012d1e7e9ddd46a411c2a6dfa44b8f3177 |
| SHA512 | 8328fdf30291a60587d94ff63d303c1175a28a84fda249043d05bd22b5008be16fce1fd4b26b57b8a36de57d78baf7bd3678ae5908308faa7699407e8d99fd10 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5669ceec996ac0e9a23158409161512e |
| SHA1 | 420e8f2756344f5e61d84c8d395b2908695d66c2 |
| SHA256 | ce0f9bf24ca61c649989f699a741b24b0860eb294b2e34e9b4c89e3de3e3350f |
| SHA512 | 0a2834efb90322245ce0d4270002cbc6c4fdf9e55e580b9b701a646fac57a4fc711959b7dc12f8ef0e3e09e139d8751c6e1f27756d1afa59e46559e1be619870 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2c66dcadf0cda80106fb030b0705db5a |
| SHA1 | 9e9999b408ef14f0e8e47595d3b63ae112982e89 |
| SHA256 | 021eab57697bcfefc4a2c12c0ccf3ad0b0de1a7e87cc6e3759002b37d83b104b |
| SHA512 | 0cbbd203a92c3d0b70db3f2a86529676116a6298d0d6ecb2afb8a42c0b4e9ee8a9ef53c7bafb9f36f6d9b801a65015a82ca3dbcc2e4068c98e84765b4696df55 |
C:\Users\Admin\Downloads\winrar-x64-701.0KXmp9yy.exe.part
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ec7f3f00e22f53806d31d7f31f1358ac |
| SHA1 | 8d5c0d558dbed794c8b2ebc306e0235d2bcce1d0 |
| SHA256 | 7f6783cb7f5693c3debb9a2fb5ce26ae91b1dd73ca2e5a1054817ff400a9dc09 |
| SHA512 | 15031615b04af1d75fc0c3c9581f94fe1c30a34e00a62af9c4f7ec29904f8f47011250d043bcaad1c16fba1297a9819d9d1313de6939198114bd7370c9dc44c8 |
memory/4668-975-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-976-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-974-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-986-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-985-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-984-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-983-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-982-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-981-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
memory/4668-980-0x000001CFA38A0000-0x000001CFA38A1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2cfbf57fc360edb6f88b523fcd79c01f |
| SHA1 | 72517adf1f1339d9ba5b019b20f7b3737f3d1f67 |
| SHA256 | ced5b47bcd377d61644e57033bbb984de9d30bbdce5532e53f0e5afc396e000b |
| SHA512 | 32421792239198239a93e9ec000ccc9dbf5d580ef6950b0d67bb8381efc4203b8787ce629339c53dc637d531e6431b70864521e1f4e6e99da570f7256899b88d |