Malware Analysis Report

2024-12-07 10:00

Sample ID 241114-zn37ystakn
Target CuteVirusCollection
SHA256 895c9cd797e4865711752484f0c0eea949e2e7bdddc01767433869fefff894c3
Tags
defense_evasion discovery evasion persistence ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

895c9cd797e4865711752484f0c0eea949e2e7bdddc01767433869fefff894c3

Threat Level: Known bad

The file CuteVirusCollection was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery evasion persistence ransomware trojan

Modifies WinLogon for persistence

UAC bypass

Downloads MZ/PE file

Disables RegEdit via registry modification

Executes dropped EXE

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Checks processor information in registry

NTFS ADS

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 20:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 20:52

Reported

2024-11-14 21:11

Platform

win11-20241007-en

Max time kernel

1008s

Max time network

1011s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\CuteVirusCollection

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\WinNuke.98.exe N/A
N/A N/A C:\Users\Admin\Downloads\Nople.exe N/A
N/A N/A C:\Users\Admin\Downloads\Nople.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winnt32.exe C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A
File opened for modification C:\Windows\winnt32.exe C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A
File created C:\Windows\winnt32.exe\:Zone.Identifier:$DATA C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Nople.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Nople.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Nople.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "200" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\NoEscape.exe.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Windows\winnt32.exe\:Zone.Identifier:$DATA C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe N/A
File created C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Nople.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Hydra.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Krotten.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\NoEscape(1).zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3184 wrote to memory of 1452 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 4808 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1452 wrote to memory of 652 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\CuteVirusCollection

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {734d5da2-ebd9-46f3-99cc-355d79ac8dc1} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20240401114208 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d916a88a-b56f-420b-a645-7fa3d073a595} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2996 -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2876 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a15e76af-7bba-4eec-88df-d870c58f13af} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2892 -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3240 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc553ddc-69ce-44cf-8620-295d319fcf60} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4220 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4140 -prefMapHandle 4136 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8564f43-bed8-4a5d-b29f-60a535917fa6} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5444 -prefMapHandle 5452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4b60be2-a090-4e51-886d-443431ba8dda} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78eb40c7-20c2-463c-b114-87e6bf2d3557} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5812 -prefMapHandle 5816 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73c137b9-cb67-467e-9cae-507f500568e0} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6188 -childID 6 -isForBrowser -prefsHandle 6204 -prefMapHandle 6200 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d14d985-3680-4b4c-a1d7-48495d74fa3e} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3860 -childID 7 -isForBrowser -prefsHandle 3728 -prefMapHandle 3724 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d909587-3a94-499a-b049-9ba0499ae8f5} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -childID 8 -isForBrowser -prefsHandle 6624 -prefMapHandle 6576 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d9184ae-ba4c-4eff-b51e-20891d4a0521} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Users\Admin\Downloads\Nople.exe

"C:\Users\Admin\Downloads\Nople.exe"

C:\Users\Admin\Downloads\Nople.exe

"C:\Users\Admin\Downloads\Nople.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 9 -isForBrowser -prefsHandle 5752 -prefMapHandle 6864 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6013b477-c0d9-4efb-b6fc-4258669ec41d} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 10 -isForBrowser -prefsHandle 4744 -prefMapHandle 4904 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {597d9802-7e76-4ad7-9993-3389946f696c} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5012 -childID 11 -isForBrowser -prefsHandle 6356 -prefMapHandle 5340 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18c84e6b-c172-4e2c-8cfc-190417b23905} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7088 -childID 12 -isForBrowser -prefsHandle 5884 -prefMapHandle 5244 -prefsLen 28399 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23a49b01-674d-4af1-9a9d-ffac38d731fd} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7660 -childID 13 -isForBrowser -prefsHandle 7596 -prefMapHandle 7680 -prefsLen 28399 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f7576b3-e4d9-4765-9247-861b388034fc} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" tab

C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3a25055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
N/A 127.0.0.1:49782 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
N/A 127.0.0.1:49791 tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
GB 172.217.169.46:443 redirector.gvt1.com tcp
GB 172.217.169.46:443 redirector.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com tcp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 140.82.114.22:443 glb-db52c2cf8be544.github.com tcp
US 140.82.114.22:443 glb-db52c2cf8be544.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.108.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 ac.duckduckgo.com udp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 185.199.111.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\9ffa129f-3c54-42fc-83e8-89b1f23b817e

MD5 84a4cb87d5bae1a1c23071b429ec0beb
SHA1 f493c1a821fc1e2fc12f0474f138196bf7961691
SHA256 edf50ec95801e313afb9013b65b979940fb45d224a2490629a40b24367545c87
SHA512 769bbe6564eba4c3e48af1556a0ab72a050fccef209f1278e1006bee49d770900af9541bddb6f446de6f4d991b6234313affd914e7f68e941281dba43edd00ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

MD5 3829efe453c996e60813eb79b9e8cef3
SHA1 3e8a6ae8175787424fcb5e3260c335a3a573a1f2
SHA256 577ccbcd50858e73310df8771127252d97d626d9400cf2074461390665f3f6b0
SHA512 e07fab4f2eba6018d335fead62a889fd6c9446029272cd85f68f4438133f10f882028597a3f478e1313cba712da867c32ba71110802afc331fda5be8a89b7a52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\4f633dfc-0dc4-44ff-9cf5-c281c7197a45

MD5 8f885dd844efd627db2918393686bb7c
SHA1 05bfa1e3937eb098f48f53c4ee9c852be35a48c1
SHA256 41127520a99164d7b6192c0d0f865d7ae92e002a78dd377d62e8092283d8de25
SHA512 97d0719905c3400e92900cc457737c4e1736bdfd7c4945cba175ec918e448ee110edc1c2578b6aa5cc7c83fb737756deedd786304d070204e6669097e5ca96a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\453f1924-8d5f-416d-8369-9ce2a01bc99f

MD5 583379cf0a703c3c651cb12a0bd49882
SHA1 25c0375f59227e4ffff7d9261da1420353456e90
SHA256 e8488beefda0a0c62507ca4c4545a666ec2d9ad768e779a733b772c2054a1acb
SHA512 f6e0002e223261316993340a06b1c743fd4b52c8b372737c56fa6525967f1fd46c5db9f03e1ed8bb8952b48430aa0f2f5891ebc5d5a80adc880409c21c7d52b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

MD5 696300a83056431806564958f6881341
SHA1 a1cd1b43f64700be00230e3604b47fc338b689de
SHA256 9eb3874357ed7c87cc65506eae660a891ab9a04c05ac92a5c86e2a0dd9754de5
SHA512 f64920c4d6b7fe02eae045132c739d557bed455d0dd9834241e861c48e4e7c487393891d769db1756d2359ca62e912a21343ca17eaafb08076ee25fe8fe0694c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

MD5 a314ea60f93d35b675ed1c6bc6755305
SHA1 e4a07d61378de29c8137eae387a7c0b16f81d95c
SHA256 827cac2ed71c8fdfe2064ddb963912a5ade8fcede6813d40edcfefc09a3f3468
SHA512 5cb7e0eb7da1055257750fbed611513fb14bd43f625dfb2d448c712eebbb976b71c5fa484e657502fb41dba0c3cb83abc294957e98eed7babef82a1f5ef36581

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\activity-stream.discovery_stream.json

MD5 440b0c524daa154a18b9c0e8ceae1e16
SHA1 b648974c08bbf82d1635b07d6a8fb04a63b1249f
SHA256 49ce8095d4e57010d166d18d91544c60e7cce89ee2953745286d76fcab4f352e
SHA512 226bc764618927ff048be0f651b18415556f778f3bcd37a7ff0d70c449b5c3bde53acc0f8cfbb15f2d6fb0f723d30257fbf7f968c6061e15dc2d6652bc76a47c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs.js

MD5 71a534bd0fa7c6d0b089b230965a6e33
SHA1 ffec216b93178d14fa7e8e2a1806cfc5c9bd4b10
SHA256 4157d18cb5c0484641a2b71dcc24d76133b06de9c6927c832f620c1100295cfd
SHA512 bcf2894f7842dcfd83299a00c556636b0e044984efa0d0d68c353a28cd3721456f11f01fd9de61896206c88a0ef12b75714d8f4d00c47ee89a913ab118ef5ccc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin

MD5 5879a04d8b4effa6e1bd2bda03119343
SHA1 6805685507e5b3d0944554e8d312619e1d3ba395
SHA256 c6f7b3029ffb2c4e6837a447baaf909c0fee7f5b20766f179f1377b3793ae890
SHA512 20607166df4b1509aa50b4e03389e803705bdb6f02968ce14a5a19c37bd22e2b4704c4b52a486c0b16515ac4e319cc41a4f0356bb851fa3b89a7cf11a266e70b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs.js

MD5 77867b3bcd784128d2ca4b9487e90409
SHA1 2577d33d22e708b43c9343cac86bb470d141a005
SHA256 6332fd9cfc289231fae3b0ea68cb85bd291d854ebc618a4c115a12de62d62d2e
SHA512 6a1ce1594f0e1d81cd0d7315c75cbcd7bae9f791803d058a0de65f59397747f0cb55bddb6df43ca7b6ae91c0d3061a6810ba6120ae6e08c4e57da4e3be0f6df4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs-1.js

MD5 27c766096ed81564fd1a356d79ce0387
SHA1 09502dcf915a613dcf30dfecc9e7ab82c5762d05
SHA256 8e2dc468955c7557b3afbce1a2fdc0d6c900ef32472dcefe6bbd9385fc2e375f
SHA512 11b6e87306ee24e06d76ad5ab22d3079091eb532461e1327d1223e38d69d59daa5bdddbfd1baa788dbc9fd7a00cb7e42f38445bfac5246a65774f851057e39ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

MD5 dc8b537764cbf6af7e910db4d68f9dbd
SHA1 28bf25b5006e5c4de91d47f16e6c866fc1ef7ee0
SHA256 af36d0cdcbae12b378dd55f6a25c8867f64336ae6f9521a9c550d8fb36277b17
SHA512 b227e22f593de8f7f90ce5ebe1c57b61dd6f54a695ece51da2ecef584a3fa6e654cdd24ada5307daa020b42dfa4223a23cc910a7ea77cde37d67aae2235b435e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 cd374654606724f78774b139fcdd872b
SHA1 a64d2826a797165a7dc2e409632cd60f039a99d9
SHA256 226f58bdd54513e1f9c397a47efde7eb5b072d7213b4abd291a5ccd5a422af3b
SHA512 2368d30634bbbdf88c7e2aba6295f7307cd0a9a1d0e4e814223539783aebb376e7685a2804a20f2b56311b8c2698aeb405c3d3a0b060eff940fb91ad7e86fc49

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs-1.js

MD5 0429b1ea11eb362fce138cfb50e3a9fa
SHA1 9ad187f432f3999a7c15417c32fac458d9243e89
SHA256 72b51b974029e657d6b00ad1ec18cb451741b205ed21649d42182f3e52fa0935
SHA512 f2c0e0552626bbe70eccc360388c49dc0be2a4879ca8ccf581b0a669076d4e3f464d87bd0408ffcebcd8a0f8bc74fb2f12e0a4e7e1910f4597723e0c9fc66e41

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin

MD5 961394f064383b5d53561df043e9794a
SHA1 600f97937eb00da590d5cb063b6142467ce137c7
SHA256 83fe4d6f06978ecd8a0f49fdce391a1e0d2577f6fa403141da3e49eddcd16307
SHA512 897a827ee4bac7153c581bf6fbec4fc80ba900b60b99eabdab2b9ba0e234b2441c8c812746e9e831489e811db59a37118ec6781985a937f5061966cb8c4be950

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 4568cd5fdff803b50be33c8d178a85f4
SHA1 2261fdb4bd7c0a70f4398230f46ca89a3fc6af46
SHA256 0bc424e46ece89a66b1f6e40ae1ad43d769528e879f325467eccd53326f4b6f7
SHA512 b18c0e7e12dc3f00ccd44a87a8f931847e7e6d5a3c146d844954491b1a695914bc3ba2e2ba48e022202a418615f3f14b8df98095817ccd38842ad5e3ca55264b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 5b0fe327e81429347ed1426c4cfd67d4
SHA1 61243f99892465a7735bfe8135305bde2313671e
SHA256 1a53d1704ba7b355d2ee285566b29fb082738aaff529fd3345ae6722730ba38e
SHA512 f9333ea25ed9e68cef70e4e7929af427451882f28d54e6fd764be84e34d311577c3884cd09f1b7e781e38757b1da1a7ee840f561b32564ef49206cb920b1d30c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DNEGEAFLX5ROLJ6H241B.temp

MD5 a1e54f65b733d36229d17fb8eaa11103
SHA1 93859a92d103c424c9195c5b7b0929991ede4416
SHA256 69a6bc4edfe9f7ec5ccc5356d4224f65002449e1ca03bfdb413afd8fc5f0e4dc
SHA512 dfdd7509659e4d1b2c9c4de7d16310e140b9a4df1c0e34142d052f03b2838d4a5e9c048e5742271c8461992fe4e58eaeb31e84bfa57baa89639c80f34589be59

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 c6a1d0502c5baef6fd61e688d001945f
SHA1 6980af3e47581c0e3f6e7dd514f853b866373680
SHA256 ab802272dcd6d333f2854c13c66f39d7c93ab870380d1195796484fe8ed559d8
SHA512 c720525b1a0a39a0cab941f70294649cacb89aa02aa2baee8ef5cb1ceedc497e9edec28bb6e761dcb6b2761796fd7e896a8b492d84c5866bc8dbdd93c3b47880

C:\Users\Admin\Downloads\WinNuke.98.exe

MD5 eb9324121994e5e41f1738b5af8944b1
SHA1 aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA256 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA512 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier

MD5 dce5191790621b5e424478ca69c47f55
SHA1 ae356a67d337afa5933e3e679e84854deeace048
SHA256 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8
SHA512 a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 6bc02769987bb87895fbb5149fdada05
SHA1 8a3645d22f90e3e492cf3637f4aeb892c3724984
SHA256 cc59495fde525b31080775d960cfea87dabc07af012b61c3fd9ee4305743515f
SHA512 a4b01ac0f6594f647143eac9de7dbdd9d16773f9420a78c36d996c321618bf304921d7e45b700d1dd3506a7ba0e5d47dd661e82b14cb894b87b76a8869f97869

C:\Users\Admin\Downloads\Nople.exe

MD5 7d595027f9fdd0451b069c0c65f2a6e4
SHA1 a4556275c6c45e19d5b784612c68b3ad90892537
SHA256 d2518df72d5cce230d98a435977d9283b606a5a4cafe8cd596641f96d8555254
SHA512 b8f37ecc78affa30a0c7c00409f2db1e2fd031f16c530a8c1d4b4bffaa5d55ac235b11540c8a611ae1a90b748b04498e3954cfb1529236937ef693c6b20e893b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 a54eb45691bfdb88094549fdc17e98ab
SHA1 6fab42d36d42ac3c6850b1a9497685d48186e355
SHA256 356a9325f19e0b79d8508a095c1f8428fa235952b5f704ec050b599b3c640c6a
SHA512 77e4dfd3cab6de41dca1a1c7b08f832b97b7ecb69f864ee0126d2c7b2bf0868336e455584e2339d6d0556351e2d7b704227b19d35d428264368e9a99e1b2b40e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 9ee44e21ef4aad32c761455cacfdc07a
SHA1 33c60f5794d43f239bc3ae4a4557f52a2c79d191
SHA256 267078f75f7d70835abf7090f5a2ba145125de6f30069fea73ae99ccd77146af
SHA512 2d25a59103d7aebf8b66b959e6cacbb123587e7bd97d6cf1b8addb0bc63ea5aeadc2ec0e0b7708bd359ccf0d858bb233d99f25b06bd58d1b684ac0431e517cad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\jumpListCache\s9P7_S7jw2eBX4Ego6dar46JYOBKRQy4kR0ABbOAixo=.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 ce8e84dfdedca0406495f4eb70f64cc8
SHA1 a316d8b481e8512034305d9a0af046ce7b4bc9f7
SHA256 040cef3011719abe3bc70d5485b7bee932a467eb354f2e2fa5548bf6de16796e
SHA512 d846c4d1307110f0a117c37af323f067dce14716c8908747f71ece0b24278785a20f174faee0537c04a8b94a0b4e80f155603235288c4425d17cf8737660ce75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\C6638795AE7FF87B048F9523A65BDC6A05640331

MD5 01dc5136f793ab9eac42f64a41668205
SHA1 8338219334906a928c48428f55852318d69fd8dc
SHA256 9031ef60126a1f67ad8163654cb1212361dac71cc4c49041bb96dcf7be146786
SHA512 81abe8e0a53f54ee8023f19e2fffccbe19deda35910e9da7d8e7db662ccd6f62953453616a03ca741fb8b0f74104d2182b7091a8ff62ec96aaab9299216404e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

MD5 57ded64d5e42cbe4d60a97674c9ef54f
SHA1 db46fe1df5f403c02c6811d86657802fda53fea5
SHA256 7982788d5df6478d90b71293092c1297181bd1dcd571cdc6705ab4f2c2c5fe0a
SHA512 eba3b1862e55457a575c4225fd5d02cb49614cb0ad7ec4b0ea5e90dc0eec3a2885cea0b2cf91c2aac058ae0016a27da758071cffd699e97fd97670a9225ee396

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\8ADF0B8FE76015F32F4AD7D4AC02D58AE5922581

MD5 6f701d9da23f00cd971b79841f3cb147
SHA1 e6346500a1cd412594fe9c064b2ecd7211cc3df3
SHA256 17d68319d98e743118bbf7210c75ebdc68952ae8ed162bc0fdf261ec53fc63ec
SHA512 7127d8af541b57ee8015f1eeb69c362bf96153b7d09cd74cfccd8ded63f084286d1d66ba479fca45691764854cd9bb1226df3c27c39c6cd679bede6112f6f5a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

MD5 9130d87dc233021ba392e42865f17b7d
SHA1 fb080a6966307b735df69748284c0c5891566fa5
SHA256 62d42b3d33f9af08866ceb41be34285eeb32c08a21b4ccce51a1d590d931cabd
SHA512 2bbd237c5ecf7aaa85b306de56d52e82cee275fb36a4fda0e5c5b0082099f8296919dba38faedc3291f3fd8d8ca4fa80a57754ca369bd5281ec0382147ac8515

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\F7B6C486855E65BCC82EA80487D23FA0EF6FD246

MD5 66883a5fb75fdd5d5832ed9ecea6d5bf
SHA1 7646a2f15d9ad02a4ac09b9257d9c76c3e562c1d
SHA256 9a1229805f6a70609a7acafe8a52aee3cb9396e7d6d05bc999f134accbba2673
SHA512 45af4ac96c616f25d8b141a596b59683f0430f2584cd9e2c750519e2dd9fbfc89d446d61e06fdeae7a8e6876eeca191192ad639e946951f75816c2f822175823

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\E8BD986722565A28F40356B72AB577075CED36B9

MD5 3d57c735c732af4f52a77731ab384ff4
SHA1 577d536156bbc0a6b8ab70a351c71c41085f9a41
SHA256 1d073cebbe59a6ab49f237f3a28bb62a734b712c53e6152d028ec18c6805e8ed
SHA512 f4d2e68bb9bd498818c78881363a7b0c87ebf304a68ae442124464827fb334d93b7b9afeb6be89596581fda73e47e7a12a8b709ee2b56c8d8702de11b6eb1197

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 e3bfebefc2df254232f1bbae7d6730be
SHA1 b7cf67fde372790ed4e4a7f3c70860ef904a3daa
SHA256 15cf053f3a33122daffecec219663fe377e37a4e2bad1a0ff78095e6386452fa
SHA512 bdf27a4168872d19881dc4cba07345c525325e5da38549ef965fab1b6d67c15da6a76dab4f92fc9958735ef2a3f51b34e17249b6b56539511af6efef9efe8244

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\25E61D0F193C12CBBBE09A429B66070577263AAA

MD5 87fd559e2af353495cafc83b70381cb7
SHA1 6e1b5a3ed9e18f844925c61a264015a259fab2fe
SHA256 b1ba94e1f3ef93857e352305cfe6e570e98ee555d9355b62ed688eeaa54b2aef
SHA512 8e2853f2bd9bf72ecb40d017072172c2b9294ae1bf910c788c6afa268d0fa6b07ec3bbe3389d8c262035c0fe1406436c5a26626229bcbb50e73a129d7239c7c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

MD5 b2200144cb58acc74738af4f08695d28
SHA1 6be67ad76bf42414d626cb62b70a2e66e2d16b39
SHA256 4c3c1bc9ca1ec76cb2240f818c098c1f635ce69802cd68fc004959c07fd156da
SHA512 9cc8630ba64c968bd00ad108eadb98292f5949ff116aa92c0ec28dedcea83653bd6297d3225ff003932870a8d634e5c3991c8c73e3b192088eda891cbee8b986

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\A0C82CC780DA8CF70AA2FCA6F4E65E8431A2D368

MD5 0afef31e3adeadd0a074b90c1f985f6d
SHA1 1dff39ff5be35f69faa3ffd64339bbf8d5bf3a1c
SHA256 f70ea552ae323bfcf7279205b9d84e616670fc733963207c230847141e032d7d
SHA512 1cd56feb3478138be95453d0c97d13a5009e8c908489b1384af7596e75d35005ce081320f84d268d1a352e58509e59cf64da0006a7a2de41c48bb08da3206f48

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\219D30F33B6133D46B4EAA5E5E25EF65F09279BC

MD5 8213c8dd218861b4820d4759ba5176e6
SHA1 3d7677021f4fe828c9c7cf446d0482cef0d30fce
SHA256 e995553048b67d7ce163538c3c9d25c8bb89961279e40b1200d0b55467beb6a3
SHA512 41338999a0c1af45d1ef4fceae60ab4e0eaeb21be0c409bb9dc0ea97c77d3306bf8cd56bee158c56543b20c9645a5dc15118cad01122143d7701d09625988261

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\852260C0D42C84F6CA337BACDCA61CA899E1B417

MD5 79b11084f53f5014d884b28d496a1ee9
SHA1 23887d6a928956f1b86266bca79dca018880db4c
SHA256 2f7b472078fd72785bef9661491a9bfa71cb6754be73957c13f49c427530f66c
SHA512 19c0d2c5b1439ba200cbbc1432097a15a59a80f4d18066dbffdbe746f255920ac7876b3201a00d0711caf4a2204513fe31454af90b30dc0d8e3b461df0939dc3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\4F3CCFEBDAF94E36D1384376EF18BA5473AD00AD

MD5 0d5869fabcf36e6b0fd1addb3acb23e4
SHA1 bdc5d463d8c8958cb27e42c3febc88082faa83fb
SHA256 86d7f8e142ca5fd08d395e983012dae98f0dc840fe09ef0c355ff6d0f1db0f08
SHA512 c286148dc5906f81fc4ac121a98fd49940ffe391ad016dab9c934649727d6180e916fc7cb1cd5c22d0a9ddaaff33260c49d385ca20201373431648d491eae9fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\C63D2277AFB9D33AF6C3CFCCB684D58B42F37D12

MD5 2c4c2b1844a1033b2f701ce8e3eda536
SHA1 0c4d2eff15b682db0ba02f920d6be07f0fa4daa0
SHA256 0383231e1b3ed5cab336aa09d54206a18bd4ba8f299d49039d8fe207610369f6
SHA512 e28323227679658d627a8abe761db7edfbbb8aec8c2e0278ff7c0e19abba404e4f5aee0c5e772d34e29cef0d6c13658da4da9827ecd1f09c3158d38d6791f56e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\BEA4DD767DBD7BEF2D1146F1A7C7B6DBEC858F1D

MD5 a0dedddcff9626b4cc3c86cbe28dd122
SHA1 0c19b98d22c7d24232d6d2ae6bfb21e3d6d0ef83
SHA256 b48164462e1f0a4d41caa38b3bcaa6176727f235758acb77f9ed0c1bf9c37307
SHA512 379c318157f51c637babe92eebbd1b2de360119b0ddcd9f7c6df34090c3f0d783e8573cdaba8e3f85b833615712c02e70af9621cb7e104b07311fb1d8f21f99b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\7FB78C9D4678D3E57F04D54F36A2847939730A90

MD5 52547c7c20dac0dabe8e15f6e6fb64cb
SHA1 363a462990fde4c67c79de7c36fc298714caf337
SHA256 3b01a97aeece8b389ea39cc50f6d3f6b47c9aee76aaf9248acca2ef72add8238
SHA512 7eb04804fc74e46d142da73dfbf98acadd703dba0f74185d8e3e4d2f7dd6bb3533d2318e9cf6143e9b7f53bef3ae5ba91718a35d9f2690351f80a6b633d3544d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\5A4328DD39865162DC61D5C65DE504821E18F607

MD5 e989361967ce473618238a8e409a56f7
SHA1 52979c1ba4b16feeed17d4e27f56800e32d41a2c
SHA256 abb82d20cc2ee776b4dc26e212a25812fd91f78c5adf681676c8bd83c8692c05
SHA512 fbd12e6ce705860648cc226b50935861264fd7ffe0764cb2a17d38b6c366944b62534a539378d83dbf2931236b31baf4cae04bd55d8e8b44d663712de84853b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 d8455556c9ea43d0d740bc87e4927021
SHA1 2ed6b856b8ad646241c0bff4959675fb7c78f8df
SHA256 eff7ee6ab0920e945251b868886460b7e9fc9cfd2201949fb014bed7505d9800
SHA512 2e523864fe5f9ec0c16efa56d68761baf381a553df8fcc066b1a5cd01399f9489e07f53f90d45dd8170fc40b8e866e6bd6da7e740f38fc460bb4e8a306fa38bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\C137593A6AC2C888ECA6F4CFDBB4AB562172A494

MD5 f819d6b98da7a9b70d4d17d892604058
SHA1 0a7e183d265cd4073888397fc0363d947ef5a7bf
SHA256 6852d267aa9a82a5cfaa8102c65ac1c7d86a31faee1e2a6f42a12a2c6aae724a
SHA512 dc0554f9264799d20e67e8afcb04c5d150eea8e69f77a811c79db802fb3d1d222f7f8af0b8c2a1f369b4f48b6d229bcf9c8f6a94d0a7e126b9d9cc0697477f68

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 4ec9164c18a14c4da5a56a5a9e94a1f8
SHA1 60528d9ec17446433c098e27d502523ff8e583b8
SHA256 96e906f043c6d1c6bd3407497f6945a39c25a368d0b2347e2d26307d56e962d3
SHA512 6ea6981e2031ddb55fa95e32336727f901cb6d7f23c247b97be3b8b5261455ed1ecbad18f29e46161032ca177bafbecb36c14c245360389634411d8bbb28f088

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 db6d60280f9cbcb59d70d5b1adaf805e
SHA1 e8c70828aa4c43a97c6abcb07d323e16af74a8a0
SHA256 5d9896a597188c94eceaabe3e7d06b28d6caf572fb95f3d1cd0cbc8ebbef9375
SHA512 337a7a4ad4ce92419020c596b096191bf4b3fe5438d9ef87355c177319a358a068d3b9f856c9b1d0c3f1f2c68382bf5e4fd211b56fa33e7d353a4cbb3d8addbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 78c67c40f8b6c678f67994f13bf5b8c7
SHA1 deed1c467a653ff3be2464c7ac1e86e5de59bcb9
SHA256 fd3d5ed8f63eaadb9213ebc9d7d2a754c4c68adc6ba637bf628cda17bee22fea
SHA512 f54f9c9eb799d9c773b2bcdc2bd23bebb41e128e1fd04780ab27fa04b33bb3ffa8ed40fdc852b1847d390db8e318bfa10539bd7f39b347efbc62a748adcfcf47

C:\Users\Admin\Downloads\HGomThvn.zip.part

MD5 357593a30fbf34ce95d7db2a5e71d90a
SHA1 153d3e93b95fecf22b9660660d376b0bde042140
SHA256 75f0265017e4c7d6df8a9087af92ca3e8f742a4b19ce5539e25f95316f925275
SHA512 8e96b7803d11b5a567361be18d24cff46c2e908202c067ac6f25b809589884abc327cecde7a46a0867a2b26888e9b2edce1466e20a5136272883bb60ac245cc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 2874ab7721ddc1efa167648e31b3ad8d
SHA1 ec698d73cd3920836091bb79bf2a147481d40a36
SHA256 ded98be9039977896b0915dbb2bef7c67208b6422ad28a3a6f14190522da1d88
SHA512 8295bc7ec10c24434a25dac9615602d3ee2ed75b9516ffd7d54b9bd287ab16235b70928b5198e395ce3963748770b058b7a161aaec50ca7bf33d1f4187c02361

C:\Users\Admin\Downloads\Y--2SBjh.zip.part

MD5 1aea5ad85df3b14e216cc0200c708673
SHA1 e3ee16e93ba7c3d7286dc9ebbaf940f0bcb6cad3
SHA256 8dfa496c93680adc10e77c0946c7927d3e58d79900013c95dfca3411d766bd16
SHA512 06faa190350e4558c6d4f1f201dc0698587495897593aaeac16f3ea3d8c1c7f81d65beea6bc7e730ca1df9bdfdf3cd2bcc84bf50f64787e0b1dbd21492796f36

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 08242a235eb2de8a483f9deab2bac0b6
SHA1 e3f4b963ec3d22da001a4ce2608b3b5ef9431d49
SHA256 f15bb8ac999672551a380b85a50be13a2e85cce95338b3b8bdb0760208cfd768
SHA512 abece8f96eb5e98bb1372207b04b10337b67b935aca18e87b123caa33ca9efdb842d34e33136a36dbd60ccf85cba8b0c09d100cc99c47eb57a19f9f22e97f254

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 3c52552170b47ae882069ab775249103
SHA1 f4d87175eccd209b771b48e152f802c47c6a0be3
SHA256 8a101779cc9ad44a28374fd8f33f67ba2d53c640f18c6a881d768f361f6c2ec1
SHA512 a7652295f0f4cca4b1c7d1442ec25bf612492f7c8b8264f8b05d831d0d4b2bf5d8814c32129c9fec51a394a86126b75f21a6abc8e48f195853b35d82746eb306

C:\Users\Admin\Downloads\Ef4Y7Ffk.zip.part

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 693ba4e2ec9cefabd81411c5ac61a4aa
SHA1 bf9c1208a35da2d5aaab0bdb57d8b974a8cb7d65
SHA256 ae15242402971d87783b91f40cd55fc000f4f5d914ca210aece70d4dbf2bbf94
SHA512 5398653793f9b91624e32b4429246c10ec0bafeff9cb295119b143361baae391c2d054728de6a39ec93b36b6e73d3ffccaac80846151c2c2db9fee451d96de26

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\2B16ACC15AA680352D12943E950AB926A085A466

MD5 91a7c29371a43668a4a9237afe2cbf39
SHA1 a3c80e8026f6343486743c7f584d89222d86985e
SHA256 c50de830259842fbef3e216a408940249a5a1fbdace595e442271970282f00b1
SHA512 aa8d55cd3b8a402f5c819fff7a9387edba576fc00cc7f5ac77ef888b230759dcc584c6711ee93056fafd56b9ef9b344a3812069aee982f2b17e2ab4a95f78e6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 da1b74cf1adfb7931651fa345ecb4b77
SHA1 441214c722043a8a10c183796de54e72f10ec5f2
SHA256 93ddba45f6a6ef973f94c9be492040983c528ad63a71ab558970fdcb7e8107b6
SHA512 f40a74d5f65f6c973fbd64e4ba20da14aad776f7cc1b5aea4350d7c4d2b212dd0ad01efc491c4e114a5d30636b9db8bc54f70dc457668a5b33d1eacc07c93730

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs-1.js

MD5 fb0ab06224cffc179341fbc798ed9ca4
SHA1 4b0cfb5552328a3d63f5ff12b31e62c03d787b08
SHA256 80513abf0754093e3b69152226bd891688bff255e14d0202fcc311199870466c
SHA512 2f3e1b57612ec5dcd197c292651bbb2c74942b116881945cbee8f016bbdea064a14212d3e72573be147121bfbefa2d3bc0c0de66c1855f60f61fefe93de1f1c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 7e1a4371714f80c65638191e716f4da4
SHA1 44757ae235d4ca59402f59e89a10381f8f4d9547
SHA256 7aa93fc012c56e746250b15cd49f0230e13a5d6eea2e8e3f14578b3e0e4a66ca
SHA512 5094fe7b1535d3f2e1776063aa266f098d285fe207c644df8895a01e4ed3832dfc15cb0959d2ec1dc082a6eceb207facacc075dff521080813dfc8266bf02fa7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\BB75FF2209E259CA2641FA48ED7700A32DE26C3F

MD5 fe30a9cba5471130cac0329f9051c0dc
SHA1 a364f8517c03844a41c910d5f4368471af9a3be6
SHA256 b4b4782bd8d2641e8b06ef96105a184f0c1547bd020ba6db414464bc65fabb35
SHA512 45a6840ecce41f6150309b2cffdbf9b1a2e84f1375ff4844ae1092ec4b3ba74a8efb8968d4ac613b8a017fc914002c9768880a9c402be90ea75ba718666cfb6d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\events\events

MD5 94f6a0a84f0b7c7302ee988f88110e2e
SHA1 635849ab4de4afb3f42c1b9f3f7c5787330a1fd2
SHA256 aad76ea3882b72bf86c293ef4d78f862e421601f31d8fbd56f7f9a643771a9c6
SHA512 bb695514551724d0e005988625249f70a893556598b281e1dd95e4ac98f65b8c07f7ae330594dfcd7bcd9eae12bbdc0127ceb8723a52b4b391de352dc9b6f49e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\4625A6E9BA0298A8439ADD3C8414C9D10517A3B8

MD5 688c2ab010af3630bb7c516fb31fd19d
SHA1 5c41233e4ac66d1291343d6ead4b3692ba035451
SHA256 9852b76edc4c95038dd382cdab3c7f004fd0c59ccc5673be985b668d588fb7d1
SHA512 f86b260f4610e5d6a4e8d4d8bec2cdea0aecc0ff0a49b8b6204a56059b1301f74014cb37d179b792e3f98d07f65c3d89896b4fcb45574bc28c844d88a49ce9cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\A9579596936FE38BC2C60FA84FC809EBEC1ADA1D

MD5 36abb88df96387f1920614ed08f0ef2f
SHA1 3c3297ef734ddb4e4bcc71e7890ebe11170843d3
SHA256 4fd2392938cdcdcd1479233ccbaf45005853a34e430d70cf48b13868649db7b8
SHA512 2f4b6e721346425fa1a8c57e14dc4118a4e1f5deecd0db3af9c83eb2ae5666f852ffcb73b8cc4e4be373f21d06cb4cc6c5185a69aa0922e2c3ad7cf279ed70e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\483D728C14DE32828FCE90CFE4EB75A6CBB6E58B

MD5 ef634dcc465946e52b049611d15d0b11
SHA1 fc4b11147d6671c1c4a681730f12e58fc3280f50
SHA256 a171a8861078c9d3a30ec189442fc827c816e047ffe772d2dafbebc4bf162a93
SHA512 fe9e53bf3551a205fc45d3c129157f73ace4b1192494bf05ced21b60ff71e4e3119d2a017b7950e9f61935c6f76a9448ddf761fe59a5b6f337cebd0ccbf4360d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\DD0834FDCD07245D1898828EEC8A2DC94FAD13C9

MD5 3ea7b95cf03bd140b8efec55d13e4c4c
SHA1 6880575397a88039b262a604b11328ed94de3443
SHA256 086571c7914769124fad120a301375019e6d117eed42a40c532211d3a3ccdbae
SHA512 8f85ed9bf1c5d421ae772a9c33a4b971cd5af8a5f29a8780d7a991765a09402aff2830969d999e0a3d8fe862e4310d04adbd3c02240b17060dd4b49554574322

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\C7F27F1B728D8DB7CFCCA0B5822E7997A8F337CE

MD5 ced3d0abcc9ee5fa90570c78a7a2879f
SHA1 3754c0d3345bdfae21880ff695209604ef514aca
SHA256 ddb961be0c2f9abed21f4f7421f795e720527a2d9847ca88172f17ed4098da67
SHA512 98c6fb9aad4b85fa99475875ffa4a891ecd9e6f09b3bde9b8f0faddee907950e7e6292eea163b2bff15ac897f2f91614cc4e81d5e34045947124331e6deb86b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\175E484CF80F7821EB029F9573EB27C015B958AE

MD5 039ebfacd58f831542b160ad8b38cb6a
SHA1 4bb88bfc4df3c26f70855c418bbcdbd80fc44fb3
SHA256 5fd51de0321cfceae44a9fbbb819da98169bc4de29b3e83e3cfdaaddf5a07b63
SHA512 a0e7fb690fdfb1dc86fb264ebde78ec06e134b2df6ac9aec340875f661b9fd5962024bd12562863f93fd65938e3bea251c5dd71a77760a2734cc9e5dfdc6353b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\4EF464361884FF27DA877BFB59D10EA2A4BEB579

MD5 1787a5b6863c8609a44e4b124c21f12f
SHA1 ede2bb60680d3bb83d1ff0033749b08b7d65a9a5
SHA256 4a718fac30f40445b0b1627330ecc74e1bd7ed5cce6d7790abdc6d729ce5b625
SHA512 cf40dd45cacb2930e0919404e51d4177c0150d181ef9e97d119350ff70cc184ed2da8492a60411fc22c42f13ac6686b545c9736dee7aa37ca5583d070b5b2965

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\A126461FC47E3927C9F2AFAEF8809CFF4E24232E

MD5 0097aaa96230d62281ee4b8613e8b2c9
SHA1 4cd9ed5e687ecfc0eccf5c8dcbef90a013ffe67b
SHA256 4bd7299cb75903fceac798fb4e48c5559659a569265d5ae81e3d8c0a329a762f
SHA512 e8360635d8ec6249b34b92f8caefa7bd1f2d764b32d31fd3f96f780a178a2ddaa06ea0122b550cb58b76c95a9b8212949687b19399e1d043182d5879517b1cdf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\63A872C9D207E854073086A96025C77AB75BE28E

MD5 7b04b3dc2c43c52a114037481fa47a9e
SHA1 b364679d8ed61fe44313664487c81398235c048d
SHA256 fa07e182f4d103f46659dbd68aa202b3d1a3901a28d0d3bfca497cdc57b55a77
SHA512 9a180adfb52fec96d48fda782a99980f703a944913ec94cebeb4f768b3af57c0122d133694eeb91a6376d2baa5c4cadf65ccde723a2fbdbf8e0a0727906c1f85

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\8AB9BE080CC22AEA3A835740E70218AB0EB1F438

MD5 f6b7ef190d28d3b90f04f3a1bc6d4c4f
SHA1 628fd646e8e6e7ff0cd2c5e4d3c4a0271e2d53be
SHA256 d7a43960cc3cc4962c6036370505ee1bf2b78a34428db98445987f9784c3f871
SHA512 67379aba25ba9a145e65204f6095535217034ffdfc587470410144e3bb195c10220641378572a60ea7d3c6475dec25039efe9cdc646e5adc537b8fa91361a497

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\BA30A8866A8313A16394DA2599448520494928BB

MD5 765182193f539ba9950e5ede8964e810
SHA1 2b81a44e1cb990430f7bd41921fd80ce35ac6f29
SHA256 52fafdb8484f4b9770b2febb104b7ddd007910a6108b139b29d7974102a13ba4
SHA512 f393ee3d26bf7a20f04415c6d8fd836e0eda0e2010f7d8094f26ab1ef70981c6062a1224d781160419d6cfea8253fe63f839539776673d9d6f93996178b54bd8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\73EAA0767ECF1BFF6C0396D2598362046273B2CE

MD5 9358e5bc233490e43a2eee9037e82252
SHA1 851ef551f307774dd228ab725d75bb946ee8830a
SHA256 a904b264b4dd81601d990297f0098bc5a1bedc194aaab73a6db1cd566ccefb09
SHA512 2d1885ec5646b79680e8e530a6faa8c15d96d19281d34d8cc0ff4e30e5853d4a8f01e0f92ea0592b1b1f86755cd3cf6492d993e61a51613574b3d00f167d19b1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\3281DD4C79ACB61B312FD94931181EE61FD498DC

MD5 bdf0994ca132962a799042738f1c0cd5
SHA1 5f8cbb1c86d901e8b1be53dc931105d3ce843bee
SHA256 c6046dd4dceef3938510a6b1e4cb655b2151f9885c965c2de3b91657f17910c6
SHA512 5ca59f719cd1e0588c91f8002298b9dcd209114d503c038265bc8e3dc3bd84bbdefb767ce950a5799fc76f5cb9cb70e1e3c395b54a6a0f5272f3f3cba5599ca5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 406b713c5c30c99de0be57e71fda424c
SHA1 fa43dd1c634783c39e71333998167170a84be6b3
SHA256 0b0ec9b1f69796edc65f914b5351e19db0af09173cfa571c3685067e8cee642a
SHA512 0fbb6e48ad4db16bbf58fa915214140c1445302fe854a2437ea3de6b5f5cdf5fd2b478d26ce39ca3dcf38613824b92915db27cb05902e20b284fa3f28620a5fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

MD5 1000e6fa0b14bcf27f089c5b811d1e73
SHA1 782d7cdcf84449591e893c603876c835e01c07ea
SHA256 5615222a98632643e22adf36e4ee005adee97e54e1b20f39f84b082413409f4c
SHA512 b404797395a579f3671d76b0fd6f6a5c2a4a7b7def9dd203e8d216f94626905e7b99d62aa896adc9373163a612b3e6cc38bc3cec2c2d93a57c1ddf1538d7dd79

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\cache2\entries\6586F7B38489859730F9ADC10B28BFE43E7639AA

MD5 eb2189db2da9bf0c94a47e28ffae0228
SHA1 318269861e742befcf97043b63b1701780ecd693
SHA256 52059f1f63f9b2933b3cdab555f49efabcc91e2a3ba269ec67dddb836f432be3
SHA512 48647cb9ec570287e0b61070692342d08205caceba4cf9f0df6003ed77b54bb2c3480a27426115ea7828648fc85547069c12076882cf85730413f2954b3743ff

C:\Users\Admin\Downloads\NoEscape.E62JD_NR.exe.zip.part

MD5 660708319a500f1865fa9d2fadfa712d
SHA1 b2ae3aef17095ab26410e0f1792a379a4a2966f8
SHA256 542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c
SHA512 18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

MD5 95ea832a581621e672f288bb6b4f52bb
SHA1 e6f2224e228ee79ba5c40276618c277b3688f643
SHA256 6600660bf10d4fd71172fcf6962db6d1aab8be9bbbdcaf961f6e6f3603482ec6
SHA512 67ef9212f956a7d3e53a766e3ca514cc68c0f4fadc52d61e5167cc53686ee3cd97ae38498cb61ab77ef3e5dcf1cf72f7854e573f01eec27bb01d2886b5313f8b

memory/3408-1991-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/3408-1992-0x00000000005C6000-0x00000000005C7000-memory.dmp

C:\Users\Public\Desktop\⅛ᓪ∀ၩ⸪␾ᥖᙷץ⿷༇⑕‌␐៾ἴⰎᣢḃᕳևᘪ╣ॶ੺⩖ᥚ⯊ᬒ⽀⋁Ị

MD5 e49f0a8effa6380b4518a8064f6d240b
SHA1 ba62ffe370e186b7f980922067ac68613521bd51
SHA256 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13
SHA512 de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

memory/3408-2170-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionCheckpoints.json.tmp

MD5 700fe59d2eb10b8cd28525fcc46bc0cc
SHA1 339badf0e1eba5332bff317d7cf8a41d5860390d
SHA256 4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea
SHA512 3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

MD5 c506d26f173b194b67e8b2b02b61b47e
SHA1 1e4cdd4f181842abaac25037768bc3d03620b64e
SHA256 42f1d09961c8ca4e95a2724cb70c6306688bf0db46649a8b7a29fa4515a20c14
SHA512 d323fd6ee4917b46fe438556cfde179aacbe21f4657d54cbeaf7c169f604c5f555925ee3d9e9e4516b414c59756cbbb2c24f8e50afc4754f9e38e177cc66749d