Analysis Overview
Threat Level: Known bad
The file https://www.google.com/search?q=memz+virus+download&rlz=1C1ONGR_deDE1032DE1032&oq=memz+virus+download&aqs=chrome..69i57.1915j0j1&sourceid=chrome&ie=UTF-8 was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Disables RegEdit via registry modification
Executes dropped EXE
Checks whether UAC is enabled
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Modifies WinLogon
Sets desktop wallpaper using registry
Drops file in Windows directory
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Modifies registry class
Checks SCSI registry key(s)
System policy modification
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Modifies Control Panel
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-03-31 15:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-31 15:42
Reported
2023-03-31 16:04
Platform
win10v2004-20230220-en
Max time kernel
1172s
Max time network
1151s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| File opened for modification | C:\Windows\winnt32.exe | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Mouse | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Mouse\SwapMouseButtons = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Desktop | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Desktop\AutoColorization = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "173" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile = "1" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/search?q=memz+virus+download&rlz=1C1ONGR_deDE1032DE1032&oq=memz+virus+download&aqs=chrome..69i57.1915j0j1&sourceid=chrome&ie=UTF-8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/search?q=memz+virus+download&rlz=1C1ONGR_deDE1032DE1032&oq=memz+virus+download&aqs=chrome..69i57.1915j0j1&sourceid=chrome&ie=UTF-8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.0.383076033\539123983" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {303a48a6-d5b7-4f1c-a40f-49a90323d2b9} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 1848 1b559816b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.1.333547237\1729373658" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02ac47c8-e560-4e07-a55a-1e9a89ff1c05} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 2356 1b54c179558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="916.0.692360815\746713962" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7eee087-7f99-4734-93c9-c33650928a0d} 916 "\\.\pipe\gecko-crash-server-pipe.916" 1796 15931ef7158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="916.1.129633777\476489037" -parentBuildID 20221007134813 -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 17556 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4e56045-2e71-4283-84ae-56a73f8f17d4} 916 "\\.\pipe\gecko-crash-server-pipe.916" 2004 15932342558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.2.1869155822\630264598" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3004 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5487b723-9a10-42bf-a3d4-0756f50155f7} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 3464 1b558791d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.3.1207649733\826050789" -childID 2 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 26784 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a62652f-135d-49ac-b63f-c6fbd13b473b} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 3804 1b54c172e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.4.480785606\2114575623" -childID 3 -isForBrowser -prefsHandle 4632 -prefMapHandle 4640 -prefsLen 26843 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f03403d3-11c0-46bf-830f-99756b90915d} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 4636 1b55c562b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.6.483521203\138102048" -childID 5 -isForBrowser -prefsHandle 4544 -prefMapHandle 4208 -prefsLen 26843 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c622ca59-5c67-4a7e-b12b-38c9f7cdf40a} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 4752 1b55de9ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.5.1299589891\1537750201" -childID 4 -isForBrowser -prefsHandle 4628 -prefMapHandle 2736 -prefsLen 26843 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cff5264-626a-45b7-8574-30103735faa9} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 4608 1b55ca34958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.0.635253455\981292562" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1660 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c49c32e8-00e2-4cd9-b2e4-7cc304bd0e31} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 1760 1cb98d59f58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.1.1452789089\994542088" -parentBuildID 20221007134813 -prefsHandle 2212 -prefMapHandle 2200 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c597e467-5807-43a2-b40e-ec22cb858dc5} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 2224 1cb980ef558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.2.136365293\1273520537" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 1232 -prefsLen 21029 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {993133d1-9b70-49e4-82d3-6d7a0e234186} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 2592 1cb9c423958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.3.123927032\839895208" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2972 -prefsLen 26466 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74b5d993-040b-4a21-af3a-15f41def85ac} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 2256 1cb9e45e558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.4.1040239619\1361586707" -childID 3 -isForBrowser -prefsHandle 3680 -prefMapHandle 3684 -prefsLen 26466 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f37a0ba0-2d84-416d-a157-7b901bd1ffd9} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 3716 1cb9bb05558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.6.1631618387\1047030302" -childID 5 -isForBrowser -prefsHandle 4576 -prefMapHandle 3124 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afe2ffbf-aa1a-4f62-b872-aca14befc8e2} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4644 1cb9e43b258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.5.922197992\193831446" -childID 4 -isForBrowser -prefsHandle 4528 -prefMapHandle 4572 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f28ebc0-c8cf-42a2-9c51-64340b70a94a} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4588 1cb8c72f058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.7.59673968\1032969103" -childID 6 -isForBrowser -prefsHandle 2552 -prefMapHandle 2464 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76001bd3-f3a8-4b34-bd37-b6b512c42143} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4756 1cb9d171658 tab
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\84fa46ae390b47f4b7620bbf90feed7e /t 4876 /p 2664
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.8.1767693006\2106554608" -childID 7 -isForBrowser -prefsHandle 5796 -prefMapHandle 5792 -prefsLen 27777 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b94e8e-5562-4e5c-919a-57d219f6ba5a} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5808 1cb9e5b2258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.9.1177157379\1868812945" -childID 8 -isForBrowser -prefsHandle 6148 -prefMapHandle 6140 -prefsLen 27786 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1120c0fe-a2f2-4498-af3a-f5ddf4c5f509} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6160 1cb9fca6158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.10.1762943267\960447680" -childID 9 -isForBrowser -prefsHandle 3400 -prefMapHandle 4068 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a9577c0-f7df-4620-95e8-8c6b0a02ee34} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4836 1cba0504158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.11.433030149\476726055" -parentBuildID 20221007134813 -prefsHandle 6436 -prefMapHandle 6440 -prefsLen 27961 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53450d88-8d97-44ef-9208-94fb3eef84d4} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6396 1cba031b958 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.12.1687753543\763199163" -childID 10 -isForBrowser -prefsHandle 4752 -prefMapHandle 2572 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb83f940-6e8d-46c3-ae38-fbca2ff16baf} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5780 1cb8c72fc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.13.441876517\503134974" -childID 11 -isForBrowser -prefsHandle 6628 -prefMapHandle 5744 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eccb705-6813-44b9-a8b7-4c4e4f890017} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6640 1cb9fd78b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.14.264948044\1593455322" -childID 12 -isForBrowser -prefsHandle 10708 -prefMapHandle 10712 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c89e81d6-1985-441e-8f1c-27ecf7b973c7} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 10700 1cba1612b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.15.744178665\2098367988" -childID 13 -isForBrowser -prefsHandle 9848 -prefMapHandle 9864 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d783e145-4286-46eb-ae8e-db8971e001e7} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 9836 1cba18ad858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.17.1044140151\473036434" -childID 15 -isForBrowser -prefsHandle 6132 -prefMapHandle 5028 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98126efd-bb51-4a64-a689-af033394c5e4} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6204 1cba1615b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.16.2008860395\1826381478" -childID 14 -isForBrowser -prefsHandle 4864 -prefMapHandle 5084 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {889ccf5b-8881-46f2-b28c-659f57387859} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4860 1cba1614f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.18.755887891\669129577" -childID 16 -isForBrowser -prefsHandle 4936 -prefMapHandle 4892 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1faaedf-f25c-4451-a1cc-bb8be2e9aa8a} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4896 1cba16b2558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.19.1066273429\1065327706" -childID 17 -isForBrowser -prefsHandle 1136 -prefMapHandle 6600 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c10f68b5-07ac-4738-8b3f-ec7f6e138271} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4800 1cb8c75f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.20.22333904\669469429" -childID 18 -isForBrowser -prefsHandle 5448 -prefMapHandle 4568 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da11e5b9-5ce7-45ee-a6d9-a402bddabb10} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6128 1cb97fb7a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.21.1835063325\576889338" -childID 19 -isForBrowser -prefsHandle 10612 -prefMapHandle 6320 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdfccd33-a2df-4964-bb54-9c84b7e0987b} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4644 1cb8c75c458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.22.1323779503\798849925" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4808 -prefMapHandle 4724 -prefsLen 27970 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19d147be-1695-49c8-b91e-8e3fc0b34029} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5220 1cb9fd77958 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.23.2022917673\1823809278" -childID 20 -isForBrowser -prefsHandle 5936 -prefMapHandle 5888 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61109e00-268d-4177-ab8f-804d4ea38676} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5892 1cba013c858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.24.1551558298\1213878788" -childID 21 -isForBrowser -prefsHandle 9832 -prefMapHandle 9736 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8df86a0c-69ee-4f9d-a9cc-6c7b29e562ba} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 9980 1cb9e5b2258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.25.1495675625\12712878" -childID 22 -isForBrowser -prefsHandle 9912 -prefMapHandle 3240 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8429c7c-7f1a-436d-aa5d-cf1c2865c5a3} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5988 1cba031b658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.26.1658355580\1060566404" -childID 23 -isForBrowser -prefsHandle 9892 -prefMapHandle 3836 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f710d872-c954-461e-8581-b0ebcae509a0} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4864 1cba0c5da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.27.397515893\1878558781" -childID 24 -isForBrowser -prefsHandle 1216 -prefMapHandle 6544 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b166b303-0a7a-4b1c-9101-055f3e83684b} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 9736 1cba1632a58 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x2f4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.28.1961255558\1276126866" -childID 25 -isForBrowser -prefsHandle 10700 -prefMapHandle 9412 -prefsLen 28349 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae88df73-5e74-496a-a42a-fa681283a2f4} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 10676 1cb9ffa1458 tab
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\71752796461e4e96be95455fa77ccc40 /t 1232 /p 1756 5060
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5a4973ee564f4b01b3cb08e9651830b8 /t 1444 /p 3940
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NoEscape\" -spe -an -ai#7zMap18258:78:7zEvent6078
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\77c9546676e64dcaa5e8175e1f6383bf /t 1444 /p 3940
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d8bfc6751d734fd3908353ab335e9fc6 /t 2572 /p 4664
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa397e055 /state1:0x41c64e6d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault98c01956hce9bh46fahbf89ha783f89d4b56
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\c4f66dded9ab483cb3771d0181facb27 /t 4864 /p 1328
Network
| Country | Destination | Domain | Proto |
| US | 152.199.19.161:443 | tcp | |
| US | 192.229.211.108:80 | tcp | |
| US | 192.229.211.108:80 | tcp | |
| US | 152.195.38.76:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 204.79.197.200:443 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | tcp | |
| US | 8.8.8.8:53 | 73.254.224.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.101.122.92.in-addr.arpa | udp |
| N/A | 127.0.0.1:49734 | tcp | |
| US | 8.8.8.8:53 | 151.122.125.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:49741 | tcp | |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| N/A | 127.0.0.1:49760 | tcp | |
| N/A | 127.0.0.1:49762 | tcp | |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 54.214.73.137:443 | shavar.prod.mozaws.net | tcp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 150.9.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.73.214.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:49828 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49870 | tcp | |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 35.83.144.93:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 54.149.21.141:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 93.144.83.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.149.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| NL | 104.73.130.131:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.130.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.155:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-4g5ednz7.gvt1.com | udp |
| DE | 74.125.173.233:443 | r4---sn-4g5ednz7.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-4g5ednz7.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-4g5ednz7.gvt1.com | udp |
| DE | 74.125.173.233:443 | r4.sn-4g5ednz7.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.173.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | tcp |
| NL | 172.217.168.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 246.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| NL | 142.250.179.206:443 | play.google.com | tcp |
| NL | 142.250.179.206:443 | play.google.com | tcp |
| NL | 172.217.168.206:443 | plus.l.google.com | udp |
| NL | 142.250.179.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.36.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| NL | 142.251.36.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | memz-trojan.en.download.it | udp |
| US | 172.67.75.124:443 | memz-trojan.en.download.it | tcp |
| US | 8.8.8.8:53 | memz-trojan.en.download.it | udp |
| US | 8.8.8.8:53 | memz-trojan.en.download.it | udp |
| US | 8.8.8.8:53 | 124.75.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:50393 | tcp | |
| NL | 142.250.179.206:443 | youtube-ui.l.google.com | udp |
| NL | 142.250.179.206:443 | youtube-ui.l.google.com | udp |
| US | 172.67.75.124:443 | memz-trojan.en.download.it | tcp |
| US | 172.67.75.124:443 | memz-trojan.en.download.it | udp |
| US | 8.8.8.8:53 | cdn.download.it | udp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | spn-v1.revampcdn.com | udp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 8.8.8.8:53 | cdn.download.it | udp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 172.67.75.124:443 | cdn.download.it | tcp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| US | 8.8.8.8:53 | cdn.download.it | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 172.67.75.124:443 | cdn.download.it | udp |
| US | 151.101.1.91:443 | spn-v1.revampcdn.com | tcp |
| US | 151.101.1.91:443 | spn-v1.revampcdn.com | tcp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 151.101.1.91:443 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 151.101.1.91:443 | n.sni.global.fastly.net | udp |
| BE | 13.225.233.15:443 | www.datadoghq-browser-agent.com | tcp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| BE | 13.225.239.54:443 | cmp.quantcast.com | tcp |
| NL | 172.217.168.194:443 | securepubads46.g.doubleclick.net | tcp |
| US | 104.20.218.77:443 | www.statcounter.com | tcp |
| NL | 172.217.168.194:443 | securepubads46.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.219.77:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | 15.233.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.218.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| SG | 103.229.10.192:443 | global.px.quantserve.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| SG | 103.229.10.192:443 | global.px.quantserve.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 141.95.33.111:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | d057b4c821db1c42f70281b159b76319.safeframe.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | d057b4c821db1c42f70281b159b76319.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 142.250.179.161:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 77.219.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.10.229.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| NL | 172.217.168.225:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 172.217.168.225:443 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| NL | 142.250.179.193:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.193:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.179.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 18.65.39.30:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | d2fashanjl7d9f.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2fashanjl7d9f.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 142.250.179.194:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| DE | 91.228.74.206:443 | pixel.quantserve.com | tcp |
| NL | 142.250.179.194:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | 225.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.145.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| NL | 142.251.36.3:443 | id.google.com | udp |
| NL | 172.217.168.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | downloadmoreram.com | udp |
| US | 188.114.96.0:443 | downloadmoreram.com | tcp |
| US | 8.8.8.8:53 | downloadmoreram.com | udp |
| US | 8.8.8.8:53 | downloadmoreram.com | udp |
| US | 188.114.96.0:443 | downloadmoreram.com | udp |
| US | 8.8.8.8:53 | rlv.zcache.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 0.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | prod.zazzle.map.fastly.net | udp |
| US | 151.101.0.241:443 | prod.zazzle.map.fastly.net | tcp |
| US | 151.101.0.241:443 | prod.zazzle.map.fastly.net | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | cs41.wac.edgecastcdn.net | udp |
| US | 8.8.8.8:53 | prod.zazzle.map.fastly.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cs41.wac.edgecastcdn.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | asset.zcache.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 151.101.0.241:443 | asset.zcache.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | 241.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| NL | 142.251.39.104:443 | ssl.google-analytics.com | tcp |
| DE | 157.240.20.19:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 19.20.240.157.in-addr.arpa | udp |
| NL | 142.251.39.104:443 | ssl.google-analytics.com | udp |
| DE | 157.240.20.19:443 | connect.facebook.net | udp |
| DE | 157.240.20.19:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| DE | 157.240.20.15:443 | web.facebook.com | tcp |
| US | 8.8.8.8:53 | star.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | star.c10r.facebook.com | udp |
| DE | 157.240.20.15:443 | web.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| FR | 157.240.195.15:443 | static.xx.fbcdn.net | tcp |
| FR | 157.240.195.15:443 | static.xx.fbcdn.net | tcp |
| FR | 157.240.195.15:443 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.195.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.20.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | tcp |
| NL | 216.58.214.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.71:443 | rr2---sn-5hneknee.googlevideo.com | tcp |
| NL | 74.125.8.71:443 | rr2---sn-5hneknee.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-5hneknee.googlevideo.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| NL | 74.125.8.71:443 | rr2.sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | 22.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.8.125.74.in-addr.arpa | udp |
| NL | 209.85.226.71:443 | rr2---sn-5hnekn7k.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-5hnekn7k.googlevideo.com | udp |
| NL | 209.85.226.71:443 | rr2.sn-5hnekn7k.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-5hnekn7k.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 209.85.226.71:443 | rr2.sn-5hnekn7k.googlevideo.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 71.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.250.179.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| NL | 142.250.179.193:443 | photos-ugc.l.googleusercontent.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| NL | 172.217.168.206:443 | youtube-ui.l.google.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hnekn76.googlevideo.com | udp |
| NL | 209.85.226.7:443 | rr2---sn-5hnekn76.googlevideo.com | tcp |
| NL | 209.85.226.7:443 | rr2---sn-5hnekn76.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-5hnekn76.googlevideo.com | udp |
| NL | 209.85.226.7:443 | rr2.sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | 7.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hneknes.googlevideo.com | udp |
| NL | 74.125.8.202:443 | rr5---sn-5hneknes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-5hneknes.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hneknes.googlevideo.com | udp |
| NL | 74.125.8.202:443 | rr5---sn-5hneknes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-5hneknes.googlevideo.com | udp |
| NL | 142.250.179.193:443 | photos-ugc.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | rr2---sn-5hneknes.googlevideo.com | udp |
| NL | 142.250.179.193:443 | photos-ugc.l.googleusercontent.com | udp |
| NL | 74.125.8.202:443 | rr5---sn-5hneknes.googlevideo.com | udp |
| NL | 74.125.8.199:443 | rr2---sn-5hneknes.googlevideo.com | tcp |
| NL | 74.125.8.199:443 | rr2---sn-5hneknes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-5hneknes.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-5hneknes.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hneknes.googlevideo.com | udp |
| NL | 74.125.8.199:443 | rr2---sn-5hneknes.googlevideo.com | tcp |
| NL | 74.125.8.199:443 | rr2---sn-5hneknes.googlevideo.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| NL | 142.250.179.198:443 | static.doubleclick.net | udp |
| NL | 142.250.179.193:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| GB | 216.58.208.110:443 | i1.ytimg.com | tcp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| GB | 216.58.208.110:443 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1---sn-5hnekn7l.googlevideo.com | udp |
| NL | 74.125.100.6:443 | rr1---sn-5hnekn7l.googlevideo.com | tcp |
| NL | 74.125.100.6:443 | rr1---sn-5hnekn7l.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-5hnekn7l.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-5hnekn7l.googlevideo.com | udp |
| US | 8.8.8.8:53 | 6.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-4g5ednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-4g5ednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-4g5ednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 74.125.8.202:443 | rr5---sn-5hneknes.googlevideo.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| IN | 20.207.73.82:443 | github.com | tcp |
| NL | 142.250.179.206:443 | play.google.com | tcp |
| NL | 142.250.179.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| NL | 142.250.179.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 82.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 82.73.207.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| NL | 216.58.214.22:443 | i.ytimg.com | tcp |
| NL | 74.125.8.202:443 | rr5---sn-5hneknes.googlevideo.com | udp |
| NL | 74.125.8.202:443 | rr5---sn-5hneknes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
| MD5 | 108b97b1ff7efbdb1aecce96d55ff2e5 |
| SHA1 | bb72b2e0c3d859fe5e821632307a32df331b55e1 |
| SHA256 | c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e |
| SHA512 | e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3534f690bcb99d88ed20bbe0fefe6d40 |
| SHA1 | ff95590965042b93de16a9f927225656f3bf5a14 |
| SHA256 | 77b165a182475984b0379089a4ab51032d8c7a1b7fbcb0675090e4b2d25620a3 |
| SHA512 | 1d05a8cfe16baaf2f5bb16ca5349d2f0a56d565e7f3026d073c47e9b0c0a6a6ebc71e3fd9b591d4cfbe123428fb9181944e9f687d39cae2a2093cbfaf2a06ad5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
| MD5 | 9c0f325e038d1cb59659892ba5d141b5 |
| SHA1 | 28c4a008cc7e5f19c9451aa636340a33cde981d8 |
| SHA256 | 70e4dab45226bfba754dddcf1e666b52850dd15d4dc21f6dabf595d8e5967320 |
| SHA512 | 5b92eb6e1665ad2113cc72226183d5f29d6787ed8154ae2511678b2becc10295718c64d4f54134241df1900e8e12248a3d4fc26ac3a37781fcf584162af5f721 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\scriptCache-new.bin
| MD5 | 7ec28238910c217c3cc5cb01bd9cfde3 |
| SHA1 | c850f704f3a78fe63866fa54767d069a3284bf94 |
| SHA256 | 1714477b594330be9ed43a296f5cdf3278ba98a99557471fd4a741a3db8260a7 |
| SHA512 | bd97129384f6d739d689352e15f68cc217384bdf1265b5d8656a5f1e9c34244ab082111bb745fae9293cdd9b3324d4ec9b89e5b1372f178f3d31f98d2daf00c2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\urlCache.bin
| MD5 | 2f3e18f45444790efaa87ad8eea97fa3 |
| SHA1 | 2518eb8d0d4bd352417cd7da2e8e3eceb4562d58 |
| SHA256 | 420126560e8de7644721e4075a2cca820a9769a45897179d99907f38c8858fc9 |
| SHA512 | aaf604014a2f432a6ef40844b8ae5ff85e2743330614d1ba0bd4e51a7249576ee3e19490cc9dcf44ae1f011e43e3e2474391c04b11bdc93097aaa7ef7e181ea0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
| MD5 | 108b97b1ff7efbdb1aecce96d55ff2e5 |
| SHA1 | bb72b2e0c3d859fe5e821632307a32df331b55e1 |
| SHA256 | c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e |
| SHA512 | e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\12037
| MD5 | 00bf85fcf3d0db7c7d5a658a93e77f99 |
| SHA1 | ebb2905ef9ecc86675b52375771c52144e9e2687 |
| SHA256 | 0423ee30b43de2f30c10d259fc6cd18123781ef4e7862ab5f6af54e55407396c |
| SHA512 | 38d52b03982da7e50bde6ef8802c6fb6d842fbe51138766319e25d311c6082a85dfffaa90479d1a1c6db662bfafbfee09d0b0434dc9fbaf2dd318596421ac55f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3534f690bcb99d88ed20bbe0fefe6d40 |
| SHA1 | ff95590965042b93de16a9f927225656f3bf5a14 |
| SHA256 | 77b165a182475984b0379089a4ab51032d8c7a1b7fbcb0675090e4b2d25620a3 |
| SHA512 | 1d05a8cfe16baaf2f5bb16ca5349d2f0a56d565e7f3026d073c47e9b0c0a6a6ebc71e3fd9b591d4cfbe123428fb9181944e9f687d39cae2a2093cbfaf2a06ad5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage.sqlite
| MD5 | e754fbe11ba0e708fa319a0396ff4274 |
| SHA1 | 46687e5fe95275f8d9512e64659a7ad985343553 |
| SHA256 | 33f31db8b6798aad9d7752c69ddbf9c4b97621fb924c9171f7f8c4d4e6c59704 |
| SHA512 | e02fc85d8b3bcc22c33e93dda90993122df5be0dcdff02302577978f47fb202ecb20cfaa899c2c67f4d09c6381b076eae6b2e0af682de10b8df7e187e735bdab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 508d05d32f0ce9532c34b625d11f0099 |
| SHA1 | dc757cdaa7e18a8fb88b1d18c681f8c559d1bef0 |
| SHA256 | b4ee15f34cb38ef8b1b7890121c48d1378a7971967b720c405b935c167ab45bc |
| SHA512 | b77df5b6d852b91f4618b070ee8d2096f90470aee55cc36225a82fd172401d5a6e4111e32de7365073d2c08f12c1204f9f8d7c6f9d5da451757128e0e3336f79 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cert9.db
| MD5 | eae59c1c8cd5bc91c0ad5d27f3420cb7 |
| SHA1 | 08c28abf5f8d23a28c30d34da6c9d7ea4c5f2f9a |
| SHA256 | 0dbbf52ec8547dfe9671b2630bb764c07b8411a81879f7d3df8925db3a300546 |
| SHA512 | 8979babc7593516a4d461d49cd534ac02f919a4934ad025fb09f2f6c06984d09ee6311d62bd1e1d98212e772381896f6f0957cec236df0f531b78bd032e36514 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\search.json.mozlz4
| MD5 | 033eb0645837c8b618a593f7b9a72642 |
| SHA1 | cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172 |
| SHA256 | 3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582 |
| SHA512 | 27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 51a03fca4c7390f4fd528d17daa00ba7 |
| SHA1 | 554b9370aec9ad6f44e85adfc55f645cabe9ec3c |
| SHA256 | 32db765ee3070bd7c16249904ac30a869adb4762735be8da1d85a744580a0f85 |
| SHA512 | 51ccdb66b712fdd76664b30fa1e8fbfde699b3212b4eca59f71262cbaca3246da6eb70b0b58ef303cd97012123eb663c6b74c14ef086aa4f29e9d5fe4d2b9f13 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json
| MD5 | 02cbd6a677e407c2235d8e312286f4c5 |
| SHA1 | 80e142b4da28c394e6a318a5e78ced205e034d15 |
| SHA256 | 498a3f7d87f2b48ec1fadb21be455e61d964ae338745faee261a5dd2d7b6deac |
| SHA512 | 641a01370e9a6e4b5b3df1e1d801dbbbe7e13b349f5ce23c8b35a9e2bae798cdeea137bf9d1734d5c4fd349630489fab92fcf95a915305f9d0c84fba58425821 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 9e910def9cb609985a127734ea74cb4c |
| SHA1 | 180ddac0cb93848a71634f4e5ac206f7bb433e12 |
| SHA256 | b1bdab119eb3de9914342197c7fd5bade8b5787b6fee4fcd05188b0414ad982d |
| SHA512 | fd8770c64529d5ae0e8f6379130e8b7160020ea85aea535339a68ce5a4018aaee833c7bf4f516bea9a062babad99443069319d10b9678b76e8a1fe9ec7a8d51c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143
| MD5 | f45058dcf673ee57eb665e1037362ae4 |
| SHA1 | 49242b2f733b6eeb2cd9701bc76154839fec9ce3 |
| SHA256 | 1a4cdda749dd04189becd9d111e6cb13c09cf227bfa326bbbedbfa604dd97ceb |
| SHA512 | f5a0f5770f784c140c9648ee9536c4d0533958eee1ed70d6c37d6da857d8512d4b8e7cd43700fa790c16cf538d3b37f70512fc83babc197df0b6b82832bd26ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 63b1bb87284efe954e1c3ae390e7ee44 |
| SHA1 | 75b297779e1e2a8009276dd8df4507eb57e4e179 |
| SHA256 | b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a |
| SHA512 | f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\protections.sqlite
| MD5 | c85d1bbdcb2505d7f5c6bd0dd2b06492 |
| SHA1 | b045492af83bf1549827343014eae43cc0a817d7 |
| SHA256 | a5cbb5daa9ea1b98935ab288b6293bd08abab25a4576a400334c68e6b781c64f |
| SHA512 | 7343830acaff4a89de4a47e71e10f9a99539d075fcfef3ca0d9e9701f6a8fbfbfb8ad342764314a01a171a1acb3b3d5eb404817d40ca5b0a2444c06e8f925f37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 76397e10cd80f104a5163e14db3ef58a |
| SHA1 | 2e5a4d53230fbcf940724a6dbb496e91061783ce |
| SHA256 | 1e82fcb537c383fd99b206f1d6a21ab43d9c45df67b28ce48406573ba65996b8 |
| SHA512 | 86b6c6d6df35aadc2323c1fec6e5d73a446b82618ae636d7f9350283276d0d3990c5740da03e06229ce7eceb7d55664932bffe69d875db8f3a9675232f234dc4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\state.json
| MD5 | 3e32e2cc1ed028dd8ff9b06f50a4707b |
| SHA1 | b3910351bd8e13ad1479db699cf6fac6544a5bef |
| SHA256 | 4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c |
| SHA512 | 4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js
| MD5 | 4df83bfa6c58af1bf31924d9944653db |
| SHA1 | da671fe861b309760f47a5d9242f629e71b70323 |
| SHA256 | 766e377de93eff3ebf4cffd947cbf127b35807bb911362f8d8d813c1895590dc |
| SHA512 | 4d791757d6b4d52b915f8f83f0e30d880de6077ed90ee277f59d8126150cb9ac1859565026d91d4fd01dd2a45cbd6a87e9efd3666bd36ea0818b221c228a2bc1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965
| MD5 | be10dcde1aa6c717754d2f3f54e10d24 |
| SHA1 | 146229ea42b5908dc8cc8d6fabc3b3459fdf333a |
| SHA256 | b85dcae103e00885bca2d0364c193264b5e72820edbd2c66761b9e42253eb9cc |
| SHA512 | 6f4dba1caad1064c22726fe7b4dad654dcc3dd7aa0d65ebe3a5d7d16c50ea52ec3b0c42ce1d01832bd897094b1178bd8f666d605cf7c0036895b2024e6f8b8e1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C
| MD5 | 222a90025b7307217e3a5f7f4ba8e556 |
| SHA1 | b66780d38fb4594db23e7ba7e6358e9e166830ec |
| SHA256 | d3854bc82e48f1886bd1b5afa045d3b3652edf7be349b09906426c39a4d10659 |
| SHA512 | fb013b71bee81493f9ed044a57d77d12271c26433d302b9931897dabf9d5407671c5d4cc228c74c15a68be13ccdcd9d548ab815c910499727e675dcf0cb4b098 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\crashes\store.json.mozlz4
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\crashes\store.json.mozlz4.tmp
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 438c3af1332297479ee9ed271bb7bf39 |
| SHA1 | b3571e5e31d02b02e7d68806a254a4d290339af3 |
| SHA256 | b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194 |
| SHA512 | 984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json
| MD5 | 6981f969f95b2a983547050ab1cb2a20 |
| SHA1 | e81c6606465b5aefcbef6637e205e9af51312ef5 |
| SHA256 | 13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665 |
| SHA512 | 9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js
| MD5 | 703f7fad2e37e92f0429e861c0559bde |
| SHA1 | 56e1a00300bf69a18829608464165762b33f97dc |
| SHA256 | dccdd16a8e757116467a4ea528886f8d8f4dde2299a1ddaec55c777c896ce374 |
| SHA512 | b1dd10427f2f0a869f1de80c55b9b963a0d4469f26905f0673b77dde10c650a773c11400d6317f9ef169f8ceb3c16d465b2d61494656c91f66ce4311903f0a2d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll
| MD5 | 54dc5ae0659fabc263d83487ae1c03e4 |
| SHA1 | c572526830da6a5a6478f54bc6edb178a4d641f4 |
| SHA256 | 43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e |
| SHA512 | 8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig
| MD5 | dea1586a0ebca332d265dc5eda3c1c19 |
| SHA1 | 29e8a8962a3e934fd6a804f9f386173f1b2f9be4 |
| SHA256 | 98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60 |
| SHA512 | 0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | cfae870f10f77141be5869e6191a3b9b |
| SHA1 | 469fb620acbbd764a973d33cc7d3b89683e932bf |
| SHA256 | ed009676b9b1a1ebdd856dd4d079b1dc0290502f3849b7655b1425be08b69807 |
| SHA512 | cbcb39ffc04ca82c203e64d651aa48ef976820bad0c720f7c761828f665996a484dd97676e7041e28cef00aa6f0e17b6857923ce14ca0d5c6d9687f8afd02a94 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\27757
| MD5 | 786437767b7fc0628fb4d65eeb883bee |
| SHA1 | ae0437d75fe34fb278270166a98cc20cd09f7766 |
| SHA256 | 12bb2dda4e721a8c3294702ab2578ad2a0f167a07f6cce1e358729fecffb3a23 |
| SHA512 | f39bd119c37151ab835e9ea3fe1349cc4e585f3fe1f619b6176a68cd6db23d91a90df121a010cd1e79c343faea912ed0b652216f8a8ca9f4400f5da38218f17f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js
| MD5 | e3c1f4544c6a0476fbd0bdf6d8402e93 |
| SHA1 | 34c097ecb24e0f4ea5088a3fd9cbe4db832d7e55 |
| SHA256 | 79f3d72ebc1901a135581d6e4c9eacbb02a526199e11252e9673d6b89eab6969 |
| SHA512 | 50ae7975da1e0e271faa7db52a26ccf0aeb345a15ec219a65d45d4018621ae20233110cb9a5d906eebff099a97da4a6a64a6cd25c91b79ada40308aec48159ab |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\11317
| MD5 | 65e7079bb1edf4025443681dc7dca987 |
| SHA1 | c9e2c749c32639c3ff64a7300e94b0c28033a3de |
| SHA256 | 80cc6f2e817b337a98be20be60a1871df7bb6c86ad1eabd405319a3c4bbca516 |
| SHA512 | 90cc3dc1ba2d033134344eaef3bae85519b25b292d75c8162977a986c58005570ae7c86dd7e3b1cb005c03603c3821cdec1ced5042b39754b28071c12b5d38d0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\25832
| MD5 | 2b6296210f693bf1d40d351e68f36615 |
| SHA1 | 3e7fee2011a6b71c6e7179acded84fc68f497e10 |
| SHA256 | e7e2c19a15da632d1bd1f81e57eb81855541cd4af3cd4587836acee6fcd68922 |
| SHA512 | 37f2f8a7f0f487ddc577a7865189c80eaee90a71abd2e4eee529e0d78abee56ea03ccbbbf9a134c40cb5785744e42afced3fb08938da9906719a284b478cea6e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | b64f69992c029ca025c35f4717f8c01d |
| SHA1 | 7ef441de06cf235b4fd6bc494f5bfb90d3842840 |
| SHA256 | c5387a0577b01a50ba26e4867715876990397c96c70f1ec1864f5db00721af04 |
| SHA512 | 8f934c479023d89c4eb7004d7b1b5aac06a79efff2ce20b95ab632bf64e32e3046a8df0f81ce3ee67785c13de12737cca3d36fae070bb3352e36b02e76a9b57e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | dd0fe36adb3d62aea9044bf5c5cddb3e |
| SHA1 | 47b0ba693a9e376f6b15b0ccf72bee8d34a17509 |
| SHA256 | 1de9c45dca114e422ebdc684e0e32ec75172d583b59df4540920f3ea9f69749a |
| SHA512 | 239411d68b5b68335c095eb5bd1824c5a7dcc8f622452c0c16c93d74a98b33dbbd9d9f6277c59655636b513043ad4e3df2838a3c9bf11d2c9268d12207bf54c4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\EB981269246B016AC259421FF59F9E5B3AC32032
| MD5 | c6936f2ebbf6f66f65d37a9d22399e00 |
| SHA1 | def3d609f2543fdfe6ba705aa778d2afc5edc26e |
| SHA256 | 491339265bb45e929ac564d705f8671d6e021f669e03a9ef5d3439a17a02e6a7 |
| SHA512 | 6a4d7877ac07d3e82e8f0543f13a07ed5e21df94473bd87cba842ee207a808a784129c98276230ef08064b9fd33042d75c05af9f177898f79fbff4fea41f9883 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js
| MD5 | d24d1dc5ea3fbe714f846c30e461d343 |
| SHA1 | a777346e1f49a127bfb63a2eef8d054c60f5b898 |
| SHA256 | 5ade378818d7cacc87638ee9823e355635205bfcf811df6491bdc2c63fed1d22 |
| SHA512 | 8b5648cf22d08c2e22fdbaccec466e07a41c41ee9534f7c6f60548d64583451fb5dc4fd8d5d01ef4a03c9ef1b8cc475071418eafd9ddba92a58fc0688399a454 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\5978
| MD5 | f8f9b56163b0698cd43f8271be85ce26 |
| SHA1 | e027f30fcd7ebd7075905208705013eb6d6dc99c |
| SHA256 | 8b87d7146dfd40940926c72d42a59c24d7a4121ddee2a28023158b56b799bd23 |
| SHA512 | b015b7fa21f8680ae02af200220beb10df5ab2ff8d52d379b34207fc3fb2df596dd0282eada4b7a285242cc72922e50e06ef517c63a0f7b996b9061a9796ff0d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\15314
| MD5 | fab5616ee66cbf05c0ec468cddcc134e |
| SHA1 | 12d9521d095f97ccd80e6d58f4f85e13383e1217 |
| SHA256 | a639f9ae25624f94f5280bb6ede54c82a0ede42a8419a63b8435a9ceb3ddc9b3 |
| SHA512 | fdb4b5e0559503fcc228ecb81894203e2b91392a23a74dc2edc6e108fda2052200f1e316d847bfc1e4b8df27fe2849757f81c328b184545384d8c6c64bf61a38 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\23013
| MD5 | 822e47ba89d2420f482355d82a000592 |
| SHA1 | de35e6a073530eb5e1ba997d4dc01f925e4ef5c3 |
| SHA256 | c689df0ef3bae3eb219e7d1ee574a6a7ae29373672cdf8b1dca19db728778c8d |
| SHA512 | 3ce2af6cbc99849c0c88e7ad436b77aae82d2e8faff69d28396810c1c8ec07586a0e8b1b3f559ffd4f2f48ae7c93f2388a924b5c3f23a8df611f0d9922f60bfa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\10691
| MD5 | 53b04fe27893363736f68d5caadb4d37 |
| SHA1 | b6ba3d215722ecd20907e12ce80923cd1f527d8e |
| SHA256 | 496881e7c2f29afc3e17bb73befa17d35ceed6219305d705b134764ba20fe304 |
| SHA512 | 950715a652c7d27c0983bc2048247b65048d8bbe499fc1d86ba36c6d6d6e59c014c00b9f48f426f74fa6283613441de1734817126b7e54db4d45f53d2f0a9942 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\31594
| MD5 | 0691243e073e980bc5a0900339985c2d |
| SHA1 | 97554ecc97abff9120236223e92096749b6f1f67 |
| SHA256 | be51338ef28de8e2f005cb618193575356ef64cb461adcdcbc85015450b09c01 |
| SHA512 | a9e3ec818af516c44748b412e9a019fbaceb38528c68e4f4a6897cf87d6573b439d2d52c243be39fa1fd153a8ac0145b9a267631796a1b2e675364a3ea890e5e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\4757
| MD5 | 08f1c8420471d73ca170bca5562cd353 |
| SHA1 | 0c0d86314dca4081a1c7e18ce1dbc108cf7e5f01 |
| SHA256 | 0e7a3a9b71ef65433a6722303271480547c9b1debafda895a4ce598f46176603 |
| SHA512 | 9d6a7469df58a8fba297eb8a2467dd17d91775c7e006b5802d5e883275cbd2bce0d85f01538cc4fa6b5448ce8b27c06c0b82911e1c585ae8c9680752360dfd25 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\27455
| MD5 | 9bada6783bbf3894038f2eef360090b9 |
| SHA1 | 9399fec6fa360f19c5662d2f33bae5f95857ee71 |
| SHA256 | eb81f941578d2e589b3299a9d811b070e2e88fcdd7df82ae4c787942bc241182 |
| SHA512 | 32a538e5c53f06c3190146a9ae1f55899a9d0016439ac9a2708990c088b7c8525747420961a145d4dc48fc4254c687152cbbc98859fef1b2710cd39127f03e4e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite
| MD5 | cd660f895b9d5da29506164a2b2964c6 |
| SHA1 | 0dba3e7cf805302c5c3db60264d174621a75032c |
| SHA256 | e5440cce0ec2eddbdb0b252f26af074c7695bf03dc8549fe9df2281cb99855c7 |
| SHA512 | 37cb5508e84f590d16c4256344ddda5cc60f5d7a4b135b7eedddd2582da0e10c95c0707fbc76948ab78b8a192c5f39598fb9743d7dd1ad1dee2d22a1f8cfc2a8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\8920BCFBA63F48FDB210BE007081B27F4B607C9E
| MD5 | 0ceff056099bf1f70256db26472bb87c |
| SHA1 | 92d02e285afc9cd032ba7f306a2c4c71be339eca |
| SHA256 | d2b02972e260161c855c090ab68550d490dfdbc5b42cf7f9b079b136e66144b2 |
| SHA512 | 22d44b1f8d5e8dcf880bedc9ac8505bda615a5dbd5d3df23299e91e34a8c1505f9a0bb6c165f318ffc2a3cdfd24cc191009a1a8c45ab7a674c4bf49fe9af287d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | d92a0c0df6e6630e65c4bbde56a90603 |
| SHA1 | 323758c91b2840f0a49e1033af1f697ff22420d8 |
| SHA256 | 5ab2a33d98b7e080c54c2ba7b0e4bd36a23793a50967d1c53a88ea1a41867ebd |
| SHA512 | dd33f2917da59adb945ffc33564c75b578adc6bda9fcc3b8b6108a0adaccf6ee06e0c11e3d394e9ff011a324fc8481a0ad783ee039e32c4954df7098f52157f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\jumpListCache\iz+75n6qYriNqjp0XHBluQ==.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\F323E20FCB4690E8889A662A7C8FFAC9C66E3EF9
| MD5 | e4be44d07e48485318de1e3f4c824989 |
| SHA1 | 5f153893ce926853bb997a13aef7569b290985aa |
| SHA256 | f10f6ec9685e3ef36fd545ce8368bc718825ae12e69097636dffd98471bc5019 |
| SHA512 | d4d0bcf631c3ac52e142aeb77f694f5f479a00e05a065a53983d20a2b3342d98cb671fde0f8e4cf3cb31296e087eaaa556f00bf122323faa9e9265940947c3cb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\298
| MD5 | 8cc748cd218ae0309d1ee52dc6a0d60f |
| SHA1 | 75d4400b725600a4c0337b4f1bd0ba91cb0fa43a |
| SHA256 | a7d14ef55f8d14dac635c6bffee6af1d49a8b15f2e12fdc71b2283fdb505d940 |
| SHA512 | 72c8fef3c10b6dbb11d5865f52060732faf2394cbd7ea81cc872961e8e655abc1853d44383fff2fb5170b4943c2c0be1992297999dcd3c9fd35425c902799496 |
C:\Users\Admin\Downloads\TMC7vfbf.zip.part
| MD5 | ef4fdf65fc90bfda8d1d2ae6d20aff60 |
| SHA1 | 9431227836440c78f12bfb2cb3247d59f4d4640b |
| SHA256 | 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 |
| SHA512 | 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js
| MD5 | d0d2b3892c6a6481935ecc945ccc35bb |
| SHA1 | e4ddfc8f7c98928b4f8041baf7af9abf4eba3fac |
| SHA256 | dc882a3c0c95edcc1455a13473f0e7f31cb6b96e4ebd0b420d42f2f74a470388 |
| SHA512 | 7e57a1904f1cabf6364aab3c97c0581d5a8f3df09054aecaf3d19d56e635b9ad5a6454400eac592c4c3cdf461bfe8a2a783b4a7b26c3960522f3c6a61eb15735 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\0262BDE1A7C28E5711495287DE474F548B164B19
| MD5 | b221059a9ee8517cce0ed7707e49af99 |
| SHA1 | 554f56ab3a8639c1dd15fbc0c316dd5d991f04a1 |
| SHA256 | 3a111f58ec70591a0eb9482d0821c3a3de6b55d8f1855eab8a5fb708bb65fe79 |
| SHA512 | 473e11c18175ae8a013889a22b593d0dde7969c938e2f8a6ce1bbfa4da59050e7de5cf046bddb650dd46d54b6597b78a293d8e45a26f588e523b0ffe8284ea5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\default\https+++www.youtube.com\cache\morgue\18\{e7d1eee4-088a-4e0e-aeba-75bfdf11f312}.final
| MD5 | 196f904cbad495794ee63bc53403786c |
| SHA1 | a735a1131c5b154a5a70ca250869a42c53fafe81 |
| SHA256 | 4d60e93c0b6bafbfec80535a148bbd0d32ec7754288abed9fcae44b5fd39fbef |
| SHA512 | 42d2744de1c708f1b590a924ba05970b107d8bf37c9f48e2560e1b5e197fd914e2e3be1cb0aa27b6dbe5fe00959b75f9815ac2c886ba9e4347fa7646a6df0ffa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js
| MD5 | b9ce5bc4cbc14c4496a215e56eae9ed9 |
| SHA1 | 208efeab8c91c0958a646963259432517e3cbbfe |
| SHA256 | a1bb3a6733e6e582cf48d8064e1e8ceacc1833bb25b3d064165521626c2ca4f7 |
| SHA512 | b72d63acd71933ac75c255d0e7a28e1ac5f8880e003353ba8fb21ba6c390b25e30fb43576f36e53521a5dfb4f1cde373f4887cd8e6ba348a624fba2f4eb59743 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0f5195fdb7685160031c75716884dc73 |
| SHA1 | a04957dc179cf6cf8e5716b161810d773de09645 |
| SHA256 | edcfd457bec9ce71f98cf2f566138edeabd50d07bf3e2a23ce8dce48ab954ed9 |
| SHA512 | 2ddd74ea9e1c0e08659712f87c24315acf61deb22103b534139432c6ea597611bdc22c2155dd81488f49efe0e5fb9dc5003265a8d99aeffe00d77c3cd29d770f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js
| MD5 | cf6f1ea038778963794edb677c68116f |
| SHA1 | 1e116333d9899640b4c665875439c9f4d6165c71 |
| SHA256 | 973721f7fbabf713de8dab320df7ddfa150a1e036273e3796e7756fa4a4a877c |
| SHA512 | 37ca0994b4e1cbaf076a0de99cbe53fcbbb67f9872dec4d834389315f661086a0ee0b6ccbe28674375866d578cb7fee2b2361c71824ee9ae7ec41cab3b82c4c4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c58234a092f9d899f0a623e28a4ab9db |
| SHA1 | 7398261b70453661c8b84df12e2bde7cbc07474b |
| SHA256 | eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c |
| SHA512 | ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7d3d11283370585b060d50a12715851a |
| SHA1 | 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3 |
| SHA256 | 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9 |
| SHA512 | a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e |
C:\Users\Admin\Downloads\NoEscape.zip
| MD5 | ef4fdf65fc90bfda8d1d2ae6d20aff60 |
| SHA1 | 9431227836440c78f12bfb2cb3247d59f4d4640b |
| SHA256 | 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 |
| SHA512 | 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js
| MD5 | 454f9ef48bba6777886100acd40d795a |
| SHA1 | a19cd91ea3a7cab4550720e1043f96d5c18c3215 |
| SHA256 | ef88ea9dcbd7cbdbe0c7ee772b9ee5618fdb542f474073e0004a5ef3eee4ac28 |
| SHA512 | 5dcc71c770cbb2a57ca9266ee85a414340d99c21c331074233cf78347ffa5cd65dbfb5454120c594eb52d711322da2b6e104d6fb9e2cdec59393b3da52519a8e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | cd26e2b839b91bce4ef30c97d0897a52 |
| SHA1 | cfe282830072e1a782083333ad9b28e7361a3e91 |
| SHA256 | 0635b998e1e127c663511a4e0489cc6c4c6bbd301c6e44f8283ad1989021ea3d |
| SHA512 | ddd59c941bc6628a5b89405f81e4b604bcedda3f215aff5890c01533e12125b6238ea483adb20d2dceb03a35d83a524602b24b39506a0c8c7d6aa517f696ca7b |
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
| MD5 | 989ae3d195203b323aa2b3adf04e9833 |
| SHA1 | 31a45521bc672abcf64e50284ca5d4e6b3687dc8 |
| SHA256 | d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f |
| SHA512 | e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305 |
memory/4664-2104-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
| MD5 | 989ae3d195203b323aa2b3adf04e9833 |
| SHA1 | 31a45521bc672abcf64e50284ca5d4e6b3687dc8 |
| SHA256 | d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f |
| SHA512 | e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305 |
memory/4664-2106-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/4664-2110-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
| MD5 | 989ae3d195203b323aa2b3adf04e9833 |
| SHA1 | 31a45521bc672abcf64e50284ca5d4e6b3687dc8 |
| SHA256 | d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f |
| SHA512 | e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305 |
memory/4504-2112-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/4504-2113-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
| MD5 | 989ae3d195203b323aa2b3adf04e9833 |
| SHA1 | 31a45521bc672abcf64e50284ca5d4e6b3687dc8 |
| SHA256 | d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f |
| SHA512 | e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305 |
memory/336-2115-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/336-2116-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
| MD5 | 989ae3d195203b323aa2b3adf04e9833 |
| SHA1 | 31a45521bc672abcf64e50284ca5d4e6b3687dc8 |
| SHA256 | d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f |
| SHA512 | e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305 |
memory/3224-2118-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/4504-2119-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/4504-2120-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/4504-2122-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/1348-2123-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2125-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2124-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2131-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2130-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2132-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2133-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2135-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2134-0x0000013A69530000-0x0000013A69531000-memory.dmp
memory/1348-2136-0x0000013A69530000-0x0000013A69531000-memory.dmp
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
| MD5 | 989ae3d195203b323aa2b3adf04e9833 |
| SHA1 | 31a45521bc672abcf64e50284ca5d4e6b3687dc8 |
| SHA256 | d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f |
| SHA512 | e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305 |
memory/1664-2138-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/1664-2139-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
| MD5 | 989ae3d195203b323aa2b3adf04e9833 |
| SHA1 | 31a45521bc672abcf64e50284ca5d4e6b3687dc8 |
| SHA256 | d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f |
| SHA512 | e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305 |
memory/1020-2142-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/4504-2143-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/4504-2160-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Public\Desktop\⇺ᄄ⍩シ⏦⚏᭶ᄖの␈Ֆ≻ಂᚴら⊣
| MD5 | e49f0a8effa6380b4518a8064f6d240b |
| SHA1 | ba62ffe370e186b7f980922067ac68613521bd51 |
| SHA256 | 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13 |
| SHA512 | de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4 |
memory/4504-2340-0x0000000000400000-0x00000000005CC000-memory.dmp