Malware Analysis Report

2025-01-19 00:41

Sample ID 241126-qwqgdstkcx
Target https://bickel-sohn.de/img/?b3BwZUBlamVyY2l0by5taWwudXk=
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://bickel-sohn.de/img/?b3BwZUBlamVyY2l0by5taWwudXk= was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-26 13:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-26 13:36

Reported

2024-11-26 13:57

Platform

win10v2004-20241007-en

Max time kernel

732s

Max time network

1146s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://bickel-sohn.de/img/?b3BwZUBlamVyY2l0by5taWwudXk="

Signatures

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4072 wrote to memory of 552 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 4664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 4664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 4664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 4664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 4664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 4664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 4664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 4664 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://bickel-sohn.de/img/?b3BwZUBlamVyY2l0by5taWwudXk="

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://bickel-sohn.de/img/?b3BwZUBlamVyY2l0by5taWwudXk=

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe68ec24-0e57-4e49-a193-b2f77a9ba475} 552 "\\.\pipe\gecko-crash-server-pipe.552" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2480 -prefMapHandle 2476 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2637372a-9c36-4a6c-880e-c4fd0b702f75} 552 "\\.\pipe\gecko-crash-server-pipe.552" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1116 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3076 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b50d19ef-9eca-4362-b61e-460b5b1eb91e} 552 "\\.\pipe\gecko-crash-server-pipe.552" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3876 -childID 2 -isForBrowser -prefsHandle 3868 -prefMapHandle 3856 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eecc193-37fe-45cc-b863-86aadcb9ff9b} 552 "\\.\pipe\gecko-crash-server-pipe.552" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4568 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4644 -prefMapHandle 4636 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b9f5293-8a6e-4295-ae68-5d7a9415fced} 552 "\\.\pipe\gecko-crash-server-pipe.552" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 3 -isForBrowser -prefsHandle 5268 -prefMapHandle 5304 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {637b58c3-a2fe-4f55-bf79-e27a4afe00f3} 552 "\\.\pipe\gecko-crash-server-pipe.552" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5520 -prefMapHandle 5332 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c34a48b-767f-4d1c-b747-72cd1f100f18} 552 "\\.\pipe\gecko-crash-server-pipe.552" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5680 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a923fa52-d601-4b53-a27b-76e8a3193d1a} 552 "\\.\pipe\gecko-crash-server-pipe.552" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2648 -childID 6 -isForBrowser -prefsHandle 3152 -prefMapHandle 3020 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45419307-16b0-4f02-936c-d30689228204} 552 "\\.\pipe\gecko-crash-server-pipe.552" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6408 -childID 7 -isForBrowser -prefsHandle 6400 -prefMapHandle 6292 -prefsLen 29281 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f2ce8d0-7dd8-4fd0-bda9-71b54537cd91} 552 "\\.\pipe\gecko-crash-server-pipe.552" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 127.0.0.1:56462 tcp
US 8.8.8.8:53 bickel-sohn.de udp
RO 89.35.77.237:443 bickel-sohn.de tcp
US 8.8.8.8:53 bickel-sohn.de udp
RO 89.35.77.237:443 bickel-sohn.de tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
RO 89.35.77.237:443 bickel-sohn.de tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 pub-4b792460ff6642398da993dbc31d42bc.r2.dev udp
US 162.159.140.237:443 pub-4b792460ff6642398da993dbc31d42bc.r2.dev tcp
US 8.8.8.8:53 pub-4b792460ff6642398da993dbc31d42bc.r2.dev udp
US 8.8.8.8:53 pub-4b792460ff6642398da993dbc31d42bc.r2.dev udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 1.97.149.34.in-addr.arpa udp
US 8.8.8.8:53 237.77.35.89.in-addr.arpa udp
US 8.8.8.8:53 164.237.32.52.in-addr.arpa udp
US 8.8.8.8:53 237.140.159.162.in-addr.arpa udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 bickel-sohn.de udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 mail.zimbra.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 129.153.230.99:443 mail.zimbra.com tcp
US 8.8.8.8:53 mail.zimbra.com udp
GB 142.250.200.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 mail.zimbra.com udp
GB 142.250.200.10:443 ajax.googleapis.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 99.230.153.129.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 127.0.0.1:56470 tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-5hne6n6e.gvt1.com udp
NL 172.217.132.233:443 r4---sn-5hne6n6e.gvt1.com tcp
US 8.8.8.8:53 r4.sn-5hne6n6e.gvt1.com udp
US 8.8.8.8:53 r4.sn-5hne6n6e.gvt1.com udp
NL 172.217.132.233:443 r4.sn-5hne6n6e.gvt1.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 233.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 dt2023.com udp
LV 185.176.220.102:443 dt2023.com tcp
US 8.8.8.8:53 dt2023.com udp
US 8.8.8.8:53 dt2023.com udp
US 8.8.8.8:53 102.220.176.185.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
LV 185.176.220.102:443 dt2023.com tcp
US 8.8.8.8:53 dt2023.com udp
US 8.8.8.8:53 www.prueba123 udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 162.159.140.237:443 pub-4b792460ff6642398da993dbc31d42bc.r2.dev tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
GB 142.250.200.10:443 ajax.googleapis.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com udp
US 129.153.230.99:443 mail.zimbra.com tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\c0d657f2-3ebb-41cc-8420-b1bc6e33457a

MD5 7f515d148f1be794264e34146247c52a
SHA1 78159dccb1d7fef5d40b851b8083796d5ec1c859
SHA256 7acd1e3705ed6fb18279b892efbadc95cec1672f8aff921bd0979942ba20aba3
SHA512 3cee85110f33cb62f3c9c30ef1d5fee309ef83777109f795bbd0e8c389aa365567c6b46012f122f5830bbdee08efebd4aae401a50d97fae2a06d426cca6479e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\15fe0a48-8992-4858-aa1c-e3110feeefd1

MD5 63dcf2bf486132afb084524e916b930a
SHA1 3b1e364b8f2a821266d9b8ef14ab26c25888e4ec
SHA256 ac01d9e8cee8bdb489e0aad9beb61b5b303f0c0fda93bc3c72d49f9b6a065093
SHA512 30b613564e3245329efea11fafc308b0e095e3543ab7cc56235597477143789f3d0a9b83e9d3ce43278953138021d410e0879ede001950a8703fa180418344de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\ef048f24-a5c2-484a-b092-7dd1f7bc4ff8

MD5 3652669fc89c4ea1edf77ad219fccac2
SHA1 9f414f9161120470580ae5d8a67f0e2b227439a9
SHA256 bb8980e0b858eeb5f360889e63b2cb7adc1e833d99f5d78338be6184d7c9bde1
SHA512 01a277bc2021e55da4acf6fa32ec19ed0a1c2a875309d89e0370a38ded5ee66ac1b4047dbc90a669f47a0ff39a85ee3e5287de745ca1c502235497ad9374bcc7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 ccc68746cd2ca49caadc81032a6d2c5a
SHA1 e2cee6346e4e788aac99df94c83e564994ea2dd7
SHA256 2bcc1c43f466281666f7d12e9341b323f8c635e5dc4a39df017a65cddd597823
SHA512 41adb0888b97b3911121aed8097a2c4c989cbc6cf896bbab8ac0c58fb3c199cd9d40d446a4f6256ef9a9fb9902e33b33fcfdb51d332702af00bc62d3b4788210

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

MD5 1f82772de77add1b23b0d91249f1ebbb
SHA1 6991d57bddd4476ce38809388fd7762b55b8899d
SHA256 31c935a8fff2526878442ebfeb6c300a472bf951ef03822dfe4dacc8c56984f2
SHA512 d90534f17ab6c182d6bcb2330c3d3eec652a184dc357ab8dd975171d9c2cbdf848e23d70626509fe998babc15098ac7a592fad66a17dbd113fce0c8bda69e2aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 8ad294b1a5232603c247b535b28ae692
SHA1 078dc34162b4b4843049c5583a518401e11ac1c6
SHA256 6d0abf963bca39b1dfc4ded9581a8c115c646c3c92c65442ebfd2fe6b82683b1
SHA512 08e5a830e510ebd7588449628df59ff004fa8427b1ca185fe0998b69ae596160e7fd3d73ab4b0f279a94443f5d85f15eafd24d084fc7759f89431f45d7f0e873

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

MD5 7316597151925d46238514daed6d44ae
SHA1 6aed2a81119433d195ca88d58c7c3b6e00ff0b1a
SHA256 ab0200ce35418cb40f9914cd73832b297fec778930ba869ff3a4b9eefa80b582
SHA512 3c2d4e60c4692c0d487a4459b419f8bbdc2af5b2f41b3b8e2498e4b6c2d32aebf4c8961804bc9517bc6c334a474cbde1dcd1afc5c2096db706135b836427acd7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json

MD5 c253203a711fb0eff7349e798d5c8970
SHA1 5e41cef9d19bf4c5d64768ca7e4297b747d74fad
SHA256 76467437e88e4b4d7da67bb933b6394c19b01b4976e27b1ba9eb1b495a7790b9
SHA512 ca146eb1c9a897ddf680c5db72ffcedbd905d9f591ad2f98711153c59ea758834fb371450b9aa7a5137541f60f77c7c95190730516c8cee25843d7fa4cc7bb1b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

MD5 a73a98d4c143312c8907c3d9b73c2c5e
SHA1 d42bc6f68571b4a54cfbf6789584d16c560c7149
SHA256 ca0e94928dc44d84324db24ed4a5c7423d231c0b2c77082035ff67b0f10cc1d6
SHA512 e901e04fcb1ec828a972c6b05b50a1b2ddd3a13f6addfeb93e01b97cee2a720187e4cc84d4f23a019ed1c699ed5629eab8aba6e7bca52c361876cc95f3f25054

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

MD5 e9323ee2d0234127219858485d96e041
SHA1 9cdad7cfa6eea2972520bfd8a3edaa17770d6b03
SHA256 d35aaadd1186755a00181ccb92e941163febd75a95ad616daf2c4f2ccd167394
SHA512 b3b2bee6875abf8c7f9518e9e5f1ac95d8232f8168a28c5a19081f198c30b23d76c26333f011053f484f12ccdd62b925b9a6ba67c146210dc64dc6d86bf63bc5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\9BF7FB867A983CA5906E20EC68EC57CF3EC3B09A

MD5 e27b0fd6c04a83eb4089855f767a71ed
SHA1 637b5afd3337beb0ef6548303393ae0429907deb
SHA256 c6430ae1bc3485a7d3e058167c53834bb3d04e52e3463642583577432d657752
SHA512 8a47940ac9f6d32d8672cde8af5de189c7b01b907ae71689039d90530f3adb0da2c2194939c3e687bb504d0d8e5a434f5af6a02602dd09e83b34ce900be94acc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 f43e84061c7418233878a6110f3148a4
SHA1 252e00e777a08d4ba7c6c8c2952a924a82052d30
SHA256 466ea500ec7ed34128635da9e871aa7e66665678728ed7949011ac224278139a
SHA512 ec3a324a27a1de2cd8f3fd54a7795da7de7d6f97980b3770153126c47c423822df58b6bd6032574d384b31a9fb095961b0c72bec4b2e65053716c862d1389dc7

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

MD5 03d963875e8b6bd1498232e1cb685478
SHA1 0e501d0420457d01f73650b873377df867fbf810
SHA256 a906194ac63e249430912d0659c648baaa27815e79aabeefbb67f7170dcbedcf
SHA512 a7f0c84f5ae17799aab64f61f897081b8e225668a959756d2805aa245f44b79b999b5fc6fb9a0482d5743d6d809e44842efedc8cbdc05048c14f0879496db168

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

MD5 008117e2ca5d048fd8ddec99c45556c0
SHA1 7d2283af9c91a70313ed8bef537e798c1a12052a
SHA256 073f817f24e8e3fa303094b6f2170cffe3d069597666f8862032872dae8d8916
SHA512 57ca0979fdfac50a051f0a881f05946841d7b97d268b2a5e85d41ad5a7797b3f13bf009a95a8d0cd245767604986cd16f2eaff5ec05c05ab7627f74d0674015d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

MD5 c6b81514de6e054ebb37a344aea07ae8
SHA1 3c42697b42103261af331a179c1a9d3bd0571bd2
SHA256 fb231dd2e12347d85dae0e35e1aa46a65e9d63a5374ba7f33a0c0db9150e000d
SHA512 eee8164b072d7f0dba0f18ed8d82f3cc6fc7e6b52384d503014232ef7f98d4bdd64ce415ce28a78fb7a8a9e0651013b88f2aca32d48c22c4d802ee1c15e28493

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

MD5 141f0e550263b29be6d8b9738b08c7fa
SHA1 6a900d80cfb3bb0de4edbcfe57dbcb297a4fc261
SHA256 c11a0e992407b9eaaecc1792b552543f70b9da901588b9f84278016afe5a4c99
SHA512 b29a5cd9d06c7d20ad4199d4bd27c898e729fbfabd5233e842f5fe8fb81c0cfdae20a0e4f88c90d94d9c9452d9cd569b04a096afdfc0ddc64e13734b93b3c901

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

MD5 a9ca47546352e3950c39b0782b917a38
SHA1 f38248952a6af266ee23a93112b5a6a98bcb9c6d
SHA256 05bff76b9223ab5be3d34a76471373b415c01362d589b51d8f57bc85d3df217a
SHA512 69a527fd5e9c27716733a13fc17cb1acfd3abefbe3aeb78fb3be2c628964104be266c561c2b558a7324fe068908254dca971c26a9460be649d1df6c41dc014ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

MD5 145f05e29ef2b076896df0336507330f
SHA1 b33c1f94902b01e9cb64af826ea1cfc6cbeec460
SHA256 ad82b09677297f9ae8b4a6bbfa1ba67ddc47e01c2d77e49a17be9ed040fceec1
SHA512 b1ad1482d6f724d2e02275d0ba164ad812468d1ff3db9b1453f9a66bd00424575c86efae29af90d787bfcabedc8586d0e54e8b25ed9ff93fb9cb8114f82400c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

MD5 bbf21ba4a0dc03565842d0b113f915c0
SHA1 2309917e9e886ca1e35aa6a11b069da01cc9399b
SHA256 c57cc779b71d0b77d218e7c84ba9c8007a699d90c89ad63389c39453f8ce74d4
SHA512 b8c921476610122a6024aee51a2b9bc40f0d4426af777c9425e9e6464c007c865d4aa9596078f6ee3af0c58279e1eb91f1c78e45018d5f89464e74f8a94b9f10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

MD5 ad403fc0a88d560aa2bfdf3bce0d83cd
SHA1 70d58175cfb40d1135ba98668d9be90eeeb52977
SHA256 7d0639ddd25e4e38a83d4951356c51b9d765dab4e487a30b7102ab06f68a7ede
SHA512 dfe191fcbb2fe09c7b64204ed117312a44abf0aed4165ffd1cea31df6335cc6ca0cc826a39d24d1b52f87e2bd8e32a931411b925c337acc7e599817cfa020362

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

MD5 ff3a0e9646ef91ae64e195a62c35cb4c
SHA1 086210024d4176dabc34afe9809b7ea9e57ef4b4
SHA256 8f32dfc892577500d4f9c3707d6a031bfb6c6beda05acf8c5d66e88ce94403a5
SHA512 1c05113e7d38c957465af70362afd03c5d8b087847981a25965d7e2e116c1cd2aa71d9082cf8de7f5f49828b61b7ce8feaf39ac122b1c43e137fbfbf7ed32b39

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\a2cf7c46-9431-4358-a76f-c048f6a1781f

MD5 c4265e3b03239503a69ee61db8843046
SHA1 ae527975c2b9dea7bef93020652e5ddf4d3bf3ad
SHA256 8df1cdb273117717eb10940a58c4f89d9f50689e1ec35b91785a48c92838bd80
SHA512 d737d210286d98fb0aecc177686ac8ba72e9c38dfbf24f5e89d276bb0f4cf7120aba68245da70d8c420c536a0c74671bd6c3405b676dd405d6dc30b9889bb8c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\0316effc-0faa-4f43-84a5-2d3f8f5a7d70

MD5 c3e66a8e04898b5102ea708482145661
SHA1 6d707650dcab2f16419835d1c5b512c2ee63a9e0
SHA256 d2fad61cbdb2acd560e2a2b7251ad7fd480bfe29d91f72499706b51e00e784d4
SHA512 70ad469f485a0a29ec35182339a61337c205920bbc94eda65f9ec210b848412392dba31c1ddc4402d22f081918c09b41d1d45c4ae7561d93cc10a2e5fcbd842b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

MD5 6c332e5d2e012423dd951684dc19b5ea
SHA1 9b79c4fd49fb5a4c1251d06323aadc1acf50cf1b
SHA256 e641468af8ee92df32b30972f329a45bb1b617ed053165a37433d38f6af6d23f
SHA512 5ab393b7ff4c1500522ac458a41ff4521a5d0411443a560817c4b10904d836e2d3d10b16719eb82debdc879a399bf9c1aa981f6282e5c4d9cbbdfbbc21521da5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 184f04117632a298eda7e618d3a68674
SHA1 72f8fc3952b4e002b508aa1cb88cb4d708783578
SHA256 ed2e76f33e1b0f49240bfef6d96895c0c2d677be3976bdc037e084fde30cbfd3
SHA512 7c7322dcdb1e885001dcabf44d0ce82e4075c170a23f528ddae7873a629ad2fe4485964609fc352227273b42293846c82120ffbc6187081f846c3802fc1c54c5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 bfa15bfbd98826f4fb3e17386c61341c
SHA1 2f0dda61eea394114afc52c8e72b74b6cb3b5327
SHA256 92019941d56f72033da87e9c9673c17c0b389a9cc26a1fa7f01dfebda4fa23be
SHA512 3a6f649ec77073896349f90b28715bc359c95c526dd5afa65dc70904d7865a86b856bbb8552eea873cce2f77c446db3979010b6d702db84d1373018ab361d55e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 763ea7971ec4d3d3b8a4de8e9f63a9e4
SHA1 7e952cc08dedadf78af217f41d50b2b510bc2ac0
SHA256 c066b103b47385bd481e09eb71c17cbe19656ea3b7f77cb0b4f8d35b4c5b2481
SHA512 695da21baa1387584e62aacd2d09fd6479c9eea790f81dda116dd9298b75851b6fc54bd9518ea58914e81c922d8a5cc07b1ea74bb36c7df8f8e63383df14ec7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

MD5 b37d2947c7dea891eb1141c07933f0dd
SHA1 2f551cf1b5932aeabb33ec76e5984c054670f70c
SHA256 7d1fccfae63b2e77f60bd02e907d11abce66d8a2c469832ba015dac5037ca5da
SHA512 3cca7512f941a74dbce9659f34a118ab07ad54e7e5397343bd21e3bf737c666c29ad58eb26c5e47186a93aa3051c73528a045362e29344de9c9ee44c31a2ed50

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 27d58e8b3bfcd70a814841171dacda43
SHA1 456108aace31c3314ad61b8c768022983a1a3413
SHA256 31d15923ded8db0f9214485a13713d902857e72d410f860f6b5f50d7a28e266e
SHA512 101a05bcc881d46570f8341bc634fd716e613606050d24dafb82583574d94f0c7bbae234b6fef3473b859c67186c997296405d38834208ff380a34cd95cb45a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\bookmarkbackups\bookmarks-2024-11-26_11_VZjxgx-BmKa8qR9VtkQ0kg==.jsonlz4

MD5 41038a0f53a771ef52d47c9156289565
SHA1 646ead049fc65fff79be66f1fe311571c3d0a13c
SHA256 6500dc883292703165fe29d33df5e134e1bfe548b3d7be9358ca782f3c23bb10
SHA512 f831cd1937d934ee55c0dafa587c0f56223f07d0da9465d2f1350e30704a6bf884ddca3e3d97d9c2dca4750e6827ddda84b71ba2739d510ec136da53c12b2d39