Malware Analysis Report

2025-01-19 02:19

Sample ID 241222-efn3vasmdt
Target http://isomicrotich.com
Tags
phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://isomicrotich.com was found to be: Known bad.

Malicious Activity Summary

phishing

A potential corporate email address has been identified in the URL: [email protected]

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-22 03:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-22 03:53

Reported

2024-12-22 03:58

Platform

win10v2004-20241007-en

Max time kernel

276s

Max time network

277s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://isomicrotich.com"

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3764 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 2600 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://isomicrotich.com"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://isomicrotich.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {141d7b9b-a9a7-407f-859a-ee9a27ee2c5b} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55aadf77-93b4-402a-8a46-17e8adab98b7} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 2468 -prefMapHandle 3144 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {927476b5-eddb-419b-b470-d9af3d869a4d} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 2 -isForBrowser -prefsHandle 3152 -prefMapHandle 3032 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {815a74d1-6603-451a-aabb-39cec6a5a798} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4340 -prefMapHandle 3944 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ed4484d-1ced-47b8-b540-a4c5b6143bb3} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 3 -isForBrowser -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {182da248-3765-4962-9613-88693595b1c1} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 4 -isForBrowser -prefsHandle 5740 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e15f5a0-60d5-4a14-a0df-4660ba803b23} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 5 -isForBrowser -prefsHandle 6016 -prefMapHandle 6012 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d598b9d3-db6e-4904-b61a-f250d22e5ba4} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 6 -isForBrowser -prefsHandle 6156 -prefMapHandle 5948 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {037ca3e9-5de9-42b9-87c7-16bbadfd4d72} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6404 -childID 7 -isForBrowser -prefsHandle 4352 -prefMapHandle 4356 -prefsLen 29278 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13383354-71fa-43db-9f5a-da7633ae96d9} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 8 -isForBrowser -prefsHandle 5552 -prefMapHandle 5520 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3b0bc5-f589-4cdd-9e0e-29bdd754a5ef} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:64717 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 isomicrotich.com udp
US 172.67.195.161:80 isomicrotich.com tcp
US 172.67.195.161:80 isomicrotich.com tcp
US 8.8.8.8:53 isomicrotich.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 isomicrotich.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 161.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.cloudflare.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 www.cloudflare.com udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.cloudflare.com udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:64727 tcp
US 8.8.8.8:53 158.87.240.44.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 104.16.123.96:443 www.cloudflare.com tcp
US 8.8.8.8:53 96.123.16.104.in-addr.arpa udp
US 104.16.123.96:443 www.cloudflare.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cf-assets.www.cloudflare.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 performance.radar.cloudflare.com udp
US 104.16.123.96:443 cf-assets.www.cloudflare.com tcp
US 104.16.123.96:443 cf-assets.www.cloudflare.com tcp
US 8.8.8.8:53 cf-assets.www.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 ot.www.cloudflare.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cf-assets.www.cloudflare.com udp
US 104.18.30.78:443 performance.radar.cloudflare.com tcp
US 8.8.8.8:53 performance.radar.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.16.124.96:443 ot.www.cloudflare.com tcp
US 8.8.8.8:53 ot.www.cloudflare.com udp
US 8.8.8.8:53 ot.www.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 performance.radar.cloudflare.com udp
US 104.16.123.96:443 ot.www.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 104.16.124.96:443 ot.www.cloudflare.com udp
US 104.16.124.96:443 ot.www.cloudflare.com tcp
US 104.18.30.78:443 performance.radar.cloudflare.com udp
US 8.8.8.8:53 ptcfc.com udp
US 172.66.0.201:443 ptcfc.com tcp
US 8.8.8.8:53 ptcfc.com udp
US 8.8.8.8:53 cdn.logr-ingest.com udp
US 8.8.8.8:53 ptcfc.com udp
US 172.67.209.99:443 cdn.logr-ingest.com tcp
US 8.8.8.8:53 cdn.logr-ingest.com udp
US 8.8.8.8:53 cdn.logr-ingest.com udp
US 8.8.8.8:53 essl-cdxs.edgekey.net udp
US 172.67.209.99:443 cdn.logr-ingest.com udp
GB 95.101.143.177:443 essl-cdxs.edgekey.net tcp
US 8.8.8.8:53 e31668.dsca.akamaiedge.net udp
US 8.8.8.8:53 e31668.dsca.akamaiedge.net udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 78.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
US 8.8.8.8:53 96.124.16.104.in-addr.arpa udp
US 8.8.8.8:53 201.0.66.172.in-addr.arpa udp
US 8.8.8.8:53 99.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 177.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 api.www.cloudflare.com udp
US 8.8.8.8:53 api.www.cloudflare.com udp
US 104.16.124.96:443 api.www.cloudflare.com tcp
US 8.8.8.8:53 api.www.cloudflare.com udp
US 104.16.124.96:443 api.www.cloudflare.com udp
US 8.8.8.8:53 fastly.jsdelivr.net udp
US 151.101.1.229:443 fastly.jsdelivr.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 testingcf.jsdelivr.net udp
US 104.18.187.31:443 testingcf.jsdelivr.net tcp
US 8.8.8.8:53 testingcf.jsdelivr.net.cdn.cloudflare.net udp
US 8.8.8.8:53 testingcf.jsdelivr.net.cdn.cloudflare.net udp
US 104.18.187.31:443 testingcf.jsdelivr.net.cdn.cloudflare.net udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 31.187.18.104.in-addr.arpa udp
US 8.8.8.8:53 benchmarks.cdn.compute-pipe.com udp
US 104.18.31.19:443 benchmarks.cdn.compute-pipe.com tcp
US 8.8.8.8:53 benchmarks.cdn.compute-pipe.com udp
US 8.8.8.8:53 benchmarks.cdn.compute-pipe.com udp
US 8.8.8.8:53 p29.cedexis-test.com udp
FR 18.245.199.109:443 p29.cedexis-test.com tcp
US 8.8.8.8:53 d1inq1x5xtur5k.cloudfront.net udp
US 8.8.8.8:53 d1inq1x5xtur5k.cloudfront.net udp
FR 18.245.199.109:443 p29.cedexis-test.com udp
US 8.8.8.8:53 cedexis-test.akamaized.net udp
US 8.8.8.8:53 109.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 19.31.18.104.in-addr.arpa udp
GB 88.221.135.114:443 cedexis-test.akamaized.net tcp
US 8.8.8.8:53 a1851.dscw121.akamai.net udp
US 8.8.8.8:53 a1851.dscw121.akamai.net udp
US 8.8.8.8:53 fastly.cedexis-test.com udp
US 8.8.8.8:53 prod.cedexis-ssl.map.fastly.net udp
US 151.101.194.6:443 prod.cedexis-ssl.map.fastly.net tcp
US 8.8.8.8:53 prod.cedexis-ssl.map.fastly.net udp
US 8.8.8.8:53 benchmark.1e100cdn.net udp
US 35.190.26.57:443 benchmark.1e100cdn.net tcp
US 8.8.8.8:53 benchmark.1e100cdn.net udp
US 8.8.8.8:53 benchmark.1e100cdn.net udp
US 35.190.26.57:443 benchmark.1e100cdn.net udp
US 8.8.8.8:53 114.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 6.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 57.26.190.35.in-addr.arpa udp
US 8.8.8.8:53 p36.cedexis-test.com udp
GB 174.35.118.62:443 p36.cedexis-test.com tcp
US 8.8.8.8:53 p36.cedexis-test.com.wsoversea.com udp
US 8.8.8.8:53 p36.cedexis-test.com.wsoversea.com udp
US 8.8.8.8:53 jsdelivr.b-cdn.net udp
GB 143.244.38.136:443 jsdelivr.b-cdn.net tcp
US 8.8.8.8:53 jsdelivr.b-cdn.net udp
US 8.8.8.8:53 jsdelivr.b-cdn.net udp
GB 143.244.38.136:443 jsdelivr.b-cdn.net udp
US 8.8.8.8:53 p16999.cedexis-test.com udp
FR 152.195.34.116:443 p16999.cedexis-test.com tcp
US 8.8.8.8:53 cs481.wpc.edgecastcdn.net udp
US 8.8.8.8:53 62.118.35.174.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 116.34.195.152.in-addr.arpa udp
US 104.18.30.78:443 performance.radar.cloudflare.com udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 172.67.195.161:80 isomicrotich.com tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 172.67.195.161:80 isomicrotich.com tcp
US 172.67.195.161:80 isomicrotich.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 172.217.20.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
FR 172.217.20.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\a0e3b7f5-3f7c-4177-b227-c66613991796

MD5 c90505228fc88bf4dabf92220850b838
SHA1 039fc52e4f17b1f712045264273988a050c0a443
SHA256 c4efb8e1376f8494c9cebf0f4b9c10ae3d2a12913df0ca46db590ea309461fd6
SHA512 6dfadb9ce2a66a06654a0b07dd43e27f19a881381c6117571c111dc238e5ef7348a2b7dc45d88ccd587905ccf19f0fd0016ec66ef5415e1a855e3c06759a2d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\pending_pings\0a526937-e411-4b05-9cf3-8a545fa4b135

MD5 8adbc90fcdd5c448cdc6e59a746fff82
SHA1 4b84a964cb61deb5a9a5202fe354d9d4d3bb11c0
SHA256 f932681ab3e615faa778b9db9e222f4b6539ab88a9b4ebb13775cee26db395d5
SHA512 4cd6f6422c4a5619b6d65a866a41ae8728f897d88c4bf6e8879fe4f59912c3f1e5d3e1a9ef7f21e7798be03ccc031de907b59e7cb7d54df6098146ba976ac14d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

MD5 5f57593e112375cd15108a9a3c478cf3
SHA1 6e39c959269080dba1487863a07d20ccbe8945ab
SHA256 a20e02422ac1dee76f356cc4e6ddcf644d172499d6b072665cc9c0ac6cb7058c
SHA512 e62d4df299b87c1457fc610b8e32ac0074c0fd3f2ffc01103d05a5f74c95b4b1382db362e16407e88e067274157fa144732dc773ff7ef7ce736dd00ab4aa0cef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

MD5 230eaabf0375d3b2186ec60eb0210248
SHA1 d3f00730507b213320de2a07f181a91fbdbcb8d2
SHA256 dd5d2c0f79cef84a8131472b7cf25ee54928c55e559c03543cd642f1b2066dca
SHA512 079b20056cba2c789ee046b2d77348fd946eccc3cc5920b90b89173af965defd4fe32a3525a32272f7283e82dbae81fd69c1874ff01034692b3ae642c40d1fcb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

MD5 26d36ac05b6bb3850f6b39e4528f0255
SHA1 4a36e23b9bbced86a7b2162c4380e1d2ed8084fd
SHA256 b0276108010be2744ec6014662d93f72efb3d2d5198df70e8f61bc3a2bc2c2d1
SHA512 36781fb76579b4a66affb1ca952852afe09d8c77be42705415c24eda0a431a3967e5a14383b188fa0e61a3113a85ba490c730225939ce55b420f4b93d04fc2be

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\activity-stream.discovery_stream.json

MD5 96eb5e3a247e3abbc5b8bf95443aae62
SHA1 3a388f68d6f20bbabfbd8f2b2b0adba4a919a6c0
SHA256 63bd9550235ceca30e9fbebfa0ea89e9f8af68c93fa8e8702d98a987ac88f3ea
SHA512 71615c84d874dadc90941957e9f25121ad80eeb1655c10ec8d6eb162ebb039485a653f1f028e666c877ab021d946e2767024feeb2654441fb205e687aeab90e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 849f8aec10d779a4d4944d66914fb1a5
SHA1 aa8f617f28a02437649b611eace2494410c1a970
SHA256 f61a8f1ec0d08a3d35a9c0d22570c52c8a99c71f599c603d0adefeb2460b7083
SHA512 b74cf94bbdd04bc382ead94f2480bb3a8e3549fdbebcf6ef8e7978f69065708cdb904783f21a1603e264959810fef9c09d18b415c5017ca409f16f1ec7f9ac77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

MD5 92d3d8f5dcd783e4843a5b78eacfe240
SHA1 074843bca42dce8b26caa8c3cec3c36d1a16e441
SHA256 b98c4ee830419dbfdee246a5c10217054ee890155e73aaa2301259b43c02f65b
SHA512 acdfbafbf76ebdaa850f27b8096b3b838d790fb67136839568ce993ec5f47124efe52fdea58d97f7449cc12cb66ab01819938a7a903f2ab85a542e64cc61fa92

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 96c542dec016d9ec1ecc4dddfcbaac66
SHA1 6199f7648bb744efa58acf7b96fee85d938389e4
SHA256 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512 cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs.js

MD5 999d592c0d7451008a648edbf6498077
SHA1 54cd97cd603cc68a886c3b6214e06f00869dc468
SHA256 6600651246fd240862ef33ea0b7a20f50c47b180084f24585595edde4b114ed7
SHA512 874562bb4abdbce044cacc7f3519471bf8ecff05c4f01ae0e2af341fa3cb8a4b3629c136446c162ae3d74e6ab3d2e91bb8fd767dd2314641f51e7560eea5f041

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

MD5 028636be3f50b0fc7b5584709226d54a
SHA1 20c38b31767fb7cdf9d4b932ba5a625f47ffa6e9
SHA256 653aa5ccefc11bbf6da897b9b6a3fbe8df2fb8444e063020c380ae861eac5024
SHA512 ce506e0a404d1bcea4f581a2ab28494165391e0c3edee37672bb89a09052471acba035d5006d7bc4cf8e52cb01c75f2d87f08674f9d10138c1740f644487bb43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\352194D7767D6BAADBF50F90EBCAC367598F102F

MD5 e3fdfba8a33c1b6a072e708151552d0e
SHA1 94502911ae9e16c8bb57bc4c7115cd60c0b78b3e
SHA256 6fdbd8a74fe3d9ca6886b56912478af65f96490c4a73aafffecd3137d02836af
SHA512 aeb918f38f9538c02652aec99a85a9b85d283f1aa7288d430e471bd07a0aa57b91822c0c2c0331ad69bd26acbc8d65a9866071db73cc174b0d21c97be33cd487

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

MD5 e0e7f8775f0f600fdcae973b83701b6d
SHA1 dd218a70c400f198e01a122a5af07ce200d25f74
SHA256 35143a3f4a81a8853650f6d141fe2d87ee165e53ec957b2a50916cef9a2c71d0
SHA512 3b90fc28cf60eaefd05ad2be84e363152b1969eeaa9dd971f78c2a260171dc229bbfe3d31d8bf746b8a0bbb61226cf2bef44f2e302e1984ca57ba0df9f619b94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\datareporting\glean\db\data.safe.tmp

MD5 d5ca4b95da1e35f0971c4fec31edc821
SHA1 e014e16be3334875446b5650c3d7ed1242e5d434
SHA256 d8f23c1c4384f4b918be9b7536a0f9054b9b1bdf571cdf005c68f541f2dfd2a6
SHA512 3bcbd328d5f1b300951f9f365f90b8af0bde8e80b26b5662e1613bf4cfbaabde08be664c967f9030decbb4873031ce93a9a466e6deda1f7111c147f739dbf8e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4

MD5 dabb585f605e8ca6d7f2aa7d8aae65b5
SHA1 f1933474fae641ba503460031c8c9f862feb78a7
SHA256 e5c3e0b4f27245967294c3bfb65bc6e0f453d11e6a10866a0918cf982726612c
SHA512 03591afff81cc9440dfee6325b9123f2c17443eb4e3a79e9b9a723fcf0c0ebc23d9ac98622468f37e4f0c0cc79c7b2cebc6d9dacd9ec9f9bf38987cc18cffd61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

MD5 fadefd0ad11b59b0aa9e9fde15bf1332
SHA1 330071746ac46f092dac8b7de37b9edc7bd09447
SHA256 ac3373c38cca94b3f250d6d965efa93af9b6b5d168260150b28d474f62ab6d88
SHA512 8bbd051cc52f4860a9ab625d85722f99869582138a9ff28f6e78503e4d00e15994adc044244763b584eb677b7bdd098d50183cf8e6fc46b0a350dc7b5dbed941

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\AlternateServices.bin

MD5 e234820cd3312026e79c069f5f82f029
SHA1 9bcfca4541f5ea795250b6ed7dd5cd6d2f0d4393
SHA256 34b523213abdce28b600c01997f70b43e06124616f539b160f3239bf222c2e59
SHA512 eb4d0c76c7411c4580f84c1df5e21d715138662306d0d4530f7550049212d787c0b1cce6f7e72b1f4c4d2dcfbcadc18fa5bb939e2a393491b3959f07d30c93c2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\sessionstore-backups\recovery.baklz4

MD5 fd51e30d41963836f83143a7dd59c378
SHA1 f8a1475a730e7144db0376716ea60c59cf323d93
SHA256 bea69b47eac1ddb8fdc11524f2129e02b3fcc4741fcf12676c389a9e11587f00
SHA512 422798122b9453d8ee2c19e9be41aeb826483a904ca8e8166a72b87e32fe0a622741bc8edd35ec84b4802e6e35bf6f0ab3c2d29851a10f29cf8eba510fddef84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\prefs-1.js

MD5 9b62dd0b7bb67d218b57f989250facc5
SHA1 280a03e4fccbcf83c84dd8e9e0e149dead52bee1
SHA256 a59c717d9e7e84938101d544c125cdf3c39e63ac54c725d4fbffe7a71e17434a
SHA512 241352bb238b3bfc75698e6519b0e7f8e38725f9b58710b549db677d429d69efbc3a6907774c6866a836e19668c2ca4db4273e1185c80e394ea870ba566597ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

MD5 c1e0cac7d74dffd955d9c4a99702f101
SHA1 5b6afbb91bf4ef282eb280040d19ddc04c9a32d0
SHA256 5a9647fa8343a7d46fa6bc7004e2a2ff86a7b924c17793be5f42f29e9f108fc5
SHA512 504d7c831bbe04def0e50da48f4adeff38074c8eb7da47ce6a7c6813c0b028c6b1b945a50a561bd6fc107721a79e36de264a14d0672ef8337f4a04d5ad8a4b24

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 ebd0ec75e6da2dee447f3fda6e836974
SHA1 07060b5ce8e53c5018355f5aae8362bbddaa3282
SHA256 d62190cf14897ab96410faff86da067e534a78b1ba4c3dbce8eecfefa4bb45f1
SHA512 974d16ce062577ecf93c7afd3a8e5940d44bdc95cec383543cfa5b9cf67121b4b78cf09addeb8a7b93305caa58423a56052ce1c4fc3d09186245c24ee74f2253

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

MD5 7ea050e92593371d8d1b2a719bb3a0ad
SHA1 6c97de7ca828d52507227f30170d9f4eb75c9e11
SHA256 1ec852b113fe8eb897b5e851afd7ce59a19c0dfbe13588f87c281e52b3e703c9
SHA512 91e3a660658adb295777ccd4bdbe3fd3d0211cbac625439f8beab1fbbe626dd51fa7b2f12fbd7d84401f0880daee594683683c01dce590b173ec3c04fccd65e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\3251035FC42872B1269D18FB31FF846B6FB70C16

MD5 7f452ff7e966fa43a0f5dcfe100fd4a5
SHA1 cbefea241bd26e38d3f4ad26b999537811fa0a81
SHA256 d83684342e67cf3af528df8f2505a35525699cd616d75da489e089ce09fd00aa
SHA512 e8ddaaf8309505d0bf02f3e691134a4f651c7ad6cb018f7e62a4cbb34f4091b1d987f103e82a415bd60482a75754af76b75e96618b035fdfe1ce7e6cecda2844

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 cb5eafbc5ce787e28a935561f9e71ae8
SHA1 3a03b6305b630b69cfd9503e7f0adc615a97be09
SHA256 68b87498719f22a89f259e57dd9a63710936188c9a9e14b7bdf6080af8808f99
SHA512 3959a3c46372c6debfbbf8318327f77dc2cf85fa9f088648469ea33d2afecebfb0e7d05de905a4451350a0f1af49f0b2eee026290e9a7841ff3f99f06cb01571

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\7A1E467BC1DF37F174B7DF983919FDBA94712C9A

MD5 519af1e79ab40cbdf9f1817e2b4236cb
SHA1 8ad44d6d6b5434aa31d567c91b8c7b870c3e8585
SHA256 564dd6ced95e9076a9722f6e6a16aaacfb570d3f37a5fbb7b67f46e098bca9bc
SHA512 e8b7d1ad1c6eba3f8ee109b79adc6d16aef58f4fba1dbeba747675a8237ff3536868b8b76020c51ca293b11d4110238a32708e74250c3d4475f1078b8d7acc20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lhmx4teg.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

MD5 ede319656f653f332f83fe3bc753572a
SHA1 8bf5c4f9f73ecde18ec2eccb19e28fdeed1c0a8e
SHA256 2c176504fac8b6587c7deea6de058000b94219671a3ce48b630dbc309c080784
SHA512 d91404bbe6bd54dc9f27a86168ac12e99142d15649abf4fe5c5847581aad9b60962a0c6a9782baf7a8e1a52a108cb955ef4c0c8a027b804a344115de16886675

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X09P6TTE70GOGJ2SJ1GG.temp

MD5 83ca5c6b8f2e8158dedd31832fe41e2a
SHA1 751fe015beb23dd5621b55918f2b6507ed4245e6
SHA256 3ec1bcfd33e9d67a857d2044393db6413cc811525003f09ed75cd34fcf0aed43
SHA512 f1fb5351c92164ec86021327c834e111051fb3af8afb28cabf9307a5a1e2a4ab13f671064b70f1d80879e516236c26d947013a9943c736a9bd73d4c1eb7cd428

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lhmx4teg.default-release\bookmarkbackups\bookmarks-2024-12-22_11_2j+mjcCasmj1TGHp9RUObg==.jsonlz4

MD5 2f527ab269ef60e8aeb751e402e1b8ba
SHA1 c83b38b1101d12becd219bd78c9b213cc9d24b54
SHA256 ef875dc6f2c2d517e61862a97bb3d8d612ec6b411a6d015f5ff2071593ac0972
SHA512 b2aeb8466299db3d93df921ef9d8506c467495cb76e5d64fcb7f32d8c2c78ee67af8a4f00bbee35e09852f889bc378578fbfc2c9b030386b146e2edad93561ed