Malware Analysis Report

2025-08-05 17:09

Sample ID 230331-s5sn8ace9y
Target https://www.google.com/search?q=memz+virus+download&rlz=1C1ONGR_deDE1032DE1032&oq=memz+virus+download&aqs=chrome..69i57.1915j0j1&sourceid=chrome&ie=UTF-8
Tags
evasion persistence ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.google.com/search?q=memz+virus+download&rlz=1C1ONGR_deDE1032DE1032&oq=memz+virus+download&aqs=chrome..69i57.1915j0j1&sourceid=chrome&ie=UTF-8 was found to be: Known bad.

Malicious Activity Summary

evasion persistence ransomware trojan

UAC bypass

Modifies WinLogon for persistence

Disables RegEdit via registry modification

Executes dropped EXE

Checks whether UAC is enabled

Drops desktop.ini file(s)

Legitimate hosting services abused for malware hosting/C2

Modifies WinLogon

Sets desktop wallpaper using registry

Drops file in Windows directory

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Modifies registry class

Checks SCSI registry key(s)

System policy modification

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Modifies Control Panel

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-03-31 15:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-31 15:42

Reported

2023-03-31 16:04

Platform

win10v2004-20230220-en

Max time kernel

1172s

Max time network

1151s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/search?q=memz+virus+download&rlz=1C1ONGR_deDE1032DE1032&oq=memz+virus+download&aqs=chrome..69i57.1915j0j1&sourceid=chrome&ie=UTF-8

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Legitimate hosting services abused for malware hosting/C2

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winnt32.exe C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
File opened for modification C:\Windows\winnt32.exe C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Mouse C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Mouse\SwapMouseButtons = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Desktop C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\Desktop\AutoColorization = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "173" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4752 wrote to memory of 2824 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4304 wrote to memory of 916 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 2232 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 916 wrote to memory of 1240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 916 wrote to memory of 1240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 1196 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile = "1" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\NoEscape\NoEscape.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/search?q=memz+virus+download&rlz=1C1ONGR_deDE1032DE1032&oq=memz+virus+download&aqs=chrome..69i57.1915j0j1&sourceid=chrome&ie=UTF-8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/search?q=memz+virus+download&rlz=1C1ONGR_deDE1032DE1032&oq=memz+virus+download&aqs=chrome..69i57.1915j0j1&sourceid=chrome&ie=UTF-8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.0.383076033\539123983" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {303a48a6-d5b7-4f1c-a40f-49a90323d2b9} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 1848 1b559816b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.1.333547237\1729373658" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02ac47c8-e560-4e07-a55a-1e9a89ff1c05} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 2356 1b54c179558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="916.0.692360815\746713962" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7eee087-7f99-4734-93c9-c33650928a0d} 916 "\\.\pipe\gecko-crash-server-pipe.916" 1796 15931ef7158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="916.1.129633777\476489037" -parentBuildID 20221007134813 -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 17556 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4e56045-2e71-4283-84ae-56a73f8f17d4} 916 "\\.\pipe\gecko-crash-server-pipe.916" 2004 15932342558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.2.1869155822\630264598" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3004 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5487b723-9a10-42bf-a3d4-0756f50155f7} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 3464 1b558791d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.3.1207649733\826050789" -childID 2 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 26784 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a62652f-135d-49ac-b63f-c6fbd13b473b} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 3804 1b54c172e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.4.480785606\2114575623" -childID 3 -isForBrowser -prefsHandle 4632 -prefMapHandle 4640 -prefsLen 26843 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f03403d3-11c0-46bf-830f-99756b90915d} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 4636 1b55c562b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.6.483521203\138102048" -childID 5 -isForBrowser -prefsHandle 4544 -prefMapHandle 4208 -prefsLen 26843 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c622ca59-5c67-4a7e-b12b-38c9f7cdf40a} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 4752 1b55de9ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2824.5.1299589891\1537750201" -childID 4 -isForBrowser -prefsHandle 4628 -prefMapHandle 2736 -prefsLen 26843 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cff5264-626a-45b7-8574-30103735faa9} 2824 "\\.\pipe\gecko-crash-server-pipe.2824" 4608 1b55ca34958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.0.635253455\981292562" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1660 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c49c32e8-00e2-4cd9-b2e4-7cc304bd0e31} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 1760 1cb98d59f58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.1.1452789089\994542088" -parentBuildID 20221007134813 -prefsHandle 2212 -prefMapHandle 2200 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c597e467-5807-43a2-b40e-ec22cb858dc5} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 2224 1cb980ef558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.2.136365293\1273520537" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 1232 -prefsLen 21029 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {993133d1-9b70-49e4-82d3-6d7a0e234186} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 2592 1cb9c423958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.3.123927032\839895208" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2972 -prefsLen 26466 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74b5d993-040b-4a21-af3a-15f41def85ac} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 2256 1cb9e45e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.4.1040239619\1361586707" -childID 3 -isForBrowser -prefsHandle 3680 -prefMapHandle 3684 -prefsLen 26466 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f37a0ba0-2d84-416d-a157-7b901bd1ffd9} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 3716 1cb9bb05558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.6.1631618387\1047030302" -childID 5 -isForBrowser -prefsHandle 4576 -prefMapHandle 3124 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afe2ffbf-aa1a-4f62-b872-aca14befc8e2} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4644 1cb9e43b258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.5.922197992\193831446" -childID 4 -isForBrowser -prefsHandle 4528 -prefMapHandle 4572 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f28ebc0-c8cf-42a2-9c51-64340b70a94a} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4588 1cb8c72f058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.7.59673968\1032969103" -childID 6 -isForBrowser -prefsHandle 2552 -prefMapHandle 2464 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76001bd3-f3a8-4b34-bd37-b6b512c42143} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4756 1cb9d171658 tab

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Windows\system32\werfault.exe

werfault.exe /hc /shared Global\84fa46ae390b47f4b7620bbf90feed7e /t 4876 /p 2664

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.8.1767693006\2106554608" -childID 7 -isForBrowser -prefsHandle 5796 -prefMapHandle 5792 -prefsLen 27777 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b94e8e-5562-4e5c-919a-57d219f6ba5a} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5808 1cb9e5b2258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.9.1177157379\1868812945" -childID 8 -isForBrowser -prefsHandle 6148 -prefMapHandle 6140 -prefsLen 27786 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1120c0fe-a2f2-4498-af3a-f5ddf4c5f509} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6160 1cb9fca6158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.10.1762943267\960447680" -childID 9 -isForBrowser -prefsHandle 3400 -prefMapHandle 4068 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a9577c0-f7df-4620-95e8-8c6b0a02ee34} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4836 1cba0504158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.11.433030149\476726055" -parentBuildID 20221007134813 -prefsHandle 6436 -prefMapHandle 6440 -prefsLen 27961 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53450d88-8d97-44ef-9208-94fb3eef84d4} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6396 1cba031b958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.12.1687753543\763199163" -childID 10 -isForBrowser -prefsHandle 4752 -prefMapHandle 2572 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb83f940-6e8d-46c3-ae38-fbca2ff16baf} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5780 1cb8c72fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.13.441876517\503134974" -childID 11 -isForBrowser -prefsHandle 6628 -prefMapHandle 5744 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eccb705-6813-44b9-a8b7-4c4e4f890017} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6640 1cb9fd78b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.14.264948044\1593455322" -childID 12 -isForBrowser -prefsHandle 10708 -prefMapHandle 10712 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c89e81d6-1985-441e-8f1c-27ecf7b973c7} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 10700 1cba1612b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.15.744178665\2098367988" -childID 13 -isForBrowser -prefsHandle 9848 -prefMapHandle 9864 -prefsLen 27961 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d783e145-4286-46eb-ae8e-db8971e001e7} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 9836 1cba18ad858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.17.1044140151\473036434" -childID 15 -isForBrowser -prefsHandle 6132 -prefMapHandle 5028 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98126efd-bb51-4a64-a689-af033394c5e4} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6204 1cba1615b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.16.2008860395\1826381478" -childID 14 -isForBrowser -prefsHandle 4864 -prefMapHandle 5084 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {889ccf5b-8881-46f2-b28c-659f57387859} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4860 1cba1614f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.18.755887891\669129577" -childID 16 -isForBrowser -prefsHandle 4936 -prefMapHandle 4892 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1faaedf-f25c-4451-a1cc-bb8be2e9aa8a} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4896 1cba16b2558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.19.1066273429\1065327706" -childID 17 -isForBrowser -prefsHandle 1136 -prefMapHandle 6600 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c10f68b5-07ac-4738-8b3f-ec7f6e138271} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4800 1cb8c75f558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.20.22333904\669469429" -childID 18 -isForBrowser -prefsHandle 5448 -prefMapHandle 4568 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da11e5b9-5ce7-45ee-a6d9-a402bddabb10} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 6128 1cb97fb7a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.21.1835063325\576889338" -childID 19 -isForBrowser -prefsHandle 10612 -prefMapHandle 6320 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdfccd33-a2df-4964-bb54-9c84b7e0987b} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4644 1cb8c75c458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.22.1323779503\798849925" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4808 -prefMapHandle 4724 -prefsLen 27970 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19d147be-1695-49c8-b91e-8e3fc0b34029} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5220 1cb9fd77958 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.23.2022917673\1823809278" -childID 20 -isForBrowser -prefsHandle 5936 -prefMapHandle 5888 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61109e00-268d-4177-ab8f-804d4ea38676} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5892 1cba013c858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.24.1551558298\1213878788" -childID 21 -isForBrowser -prefsHandle 9832 -prefMapHandle 9736 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8df86a0c-69ee-4f9d-a9cc-6c7b29e562ba} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 9980 1cb9e5b2258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.25.1495675625\12712878" -childID 22 -isForBrowser -prefsHandle 9912 -prefMapHandle 3240 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8429c7c-7f1a-436d-aa5d-cf1c2865c5a3} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 5988 1cba031b658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.26.1658355580\1060566404" -childID 23 -isForBrowser -prefsHandle 9892 -prefMapHandle 3836 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f710d872-c954-461e-8581-b0ebcae509a0} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 4864 1cba0c5da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.27.397515893\1878558781" -childID 24 -isForBrowser -prefsHandle 1216 -prefMapHandle 6544 -prefsLen 27970 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b166b303-0a7a-4b1c-9101-055f3e83684b} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 9736 1cba1632a58 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c0 0x2f4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3940.28.1961255558\1276126866" -childID 25 -isForBrowser -prefsHandle 10700 -prefMapHandle 9412 -prefsLen 28349 -prefMapSize 232675 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae88df73-5e74-496a-a42a-fa681283a2f4} 3940 "\\.\pipe\gecko-crash-server-pipe.3940" 10676 1cb9ffa1458 tab

C:\Windows\system32\werfault.exe

werfault.exe /hc /shared Global\71752796461e4e96be95455fa77ccc40 /t 1232 /p 1756 5060

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\5a4973ee564f4b01b3cb08e9651830b8 /t 1444 /p 3940

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NoEscape\" -spe -an -ai#7zMap18258:78:7zEvent6078

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\77c9546676e64dcaa5e8175e1f6383bf /t 1444 /p 3940

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\d8bfc6751d734fd3908353ab335e9fc6 /t 2572 /p 4664

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

"C:\Users\Admin\Downloads\NoEscape\NoEscape.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa397e055 /state1:0x41c64e6d

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault98c01956hce9bh46fahbf89ha783f89d4b56

C:\Windows\system32\werfault.exe

werfault.exe /hc /shared Global\c4f66dded9ab483cb3771d0181facb27 /t 4864 /p 1328

Network

Country Destination Domain Proto
US 152.199.19.161:443 tcp
US 192.229.211.108:80 tcp
US 192.229.211.108:80 tcp
US 152.195.38.76:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 204.79.197.200:443 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp
US 8.8.8.8:53 73.254.224.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 48.101.122.92.in-addr.arpa udp
N/A 127.0.0.1:49734 tcp
US 8.8.8.8:53 151.122.125.40.in-addr.arpa udp
N/A 127.0.0.1:49741 tcp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.3.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
N/A 127.0.0.1:49760 tcp
N/A 127.0.0.1:49762 tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 54.214.73.137:443 shavar.prod.mozaws.net tcp
US 34.117.65.55:443 push.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 150.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 137.73.214.54.in-addr.arpa udp
N/A 127.0.0.1:49828 tcp
N/A 127.0.0.1:49857 tcp
N/A 127.0.0.1:49870 tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 35.83.144.93:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 54.149.21.141:443 push.services.mozilla.com tcp
US 8.8.8.8:53 93.144.83.35.in-addr.arpa udp
US 8.8.8.8:53 141.21.149.54.in-addr.arpa udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
US 204.79.197.200:443 www.bing.com tcp
NL 104.73.130.131:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 131.130.73.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-4g5ednz7.gvt1.com udp
DE 74.125.173.233:443 r4---sn-4g5ednz7.gvt1.com tcp
US 8.8.8.8:53 r4.sn-4g5ednz7.gvt1.com udp
US 8.8.8.8:53 r4.sn-4g5ednz7.gvt1.com udp
DE 74.125.173.233:443 r4.sn-4g5ednz7.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 233.173.125.74.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.246:443 i.ytimg.com tcp
NL 172.217.168.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.246:443 i.ytimg.com udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 246.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com tcp
NL 172.217.168.206:443 plus.l.google.com udp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
NL 142.251.36.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
NL 142.251.36.3:443 id.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 198.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 memz-trojan.en.download.it udp
US 172.67.75.124:443 memz-trojan.en.download.it tcp
US 8.8.8.8:53 memz-trojan.en.download.it udp
US 8.8.8.8:53 memz-trojan.en.download.it udp
US 8.8.8.8:53 124.75.67.172.in-addr.arpa udp
N/A 127.0.0.1:50393 tcp
NL 142.250.179.206:443 youtube-ui.l.google.com udp
NL 142.250.179.206:443 youtube-ui.l.google.com udp
US 172.67.75.124:443 memz-trojan.en.download.it tcp
US 172.67.75.124:443 memz-trojan.en.download.it udp
US 8.8.8.8:53 cdn.download.it udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 spn-v1.revampcdn.com udp
US 172.67.75.124:443 cdn.download.it tcp
US 172.67.75.124:443 cdn.download.it tcp
US 172.67.75.124:443 cdn.download.it tcp
US 172.67.75.124:443 cdn.download.it tcp
US 8.8.8.8:53 cdn.download.it udp
US 172.67.75.124:443 cdn.download.it tcp
US 172.67.75.124:443 cdn.download.it tcp
US 172.67.75.124:443 cdn.download.it tcp
US 172.67.75.124:443 cdn.download.it tcp
US 172.67.75.124:443 cdn.download.it tcp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 cdn.download.it udp
US 8.8.8.8:53 www.statcounter.com udp
US 172.67.75.124:443 cdn.download.it udp
US 151.101.1.91:443 spn-v1.revampcdn.com tcp
US 151.101.1.91:443 spn-v1.revampcdn.com tcp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 n.sni.global.fastly.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 n.sni.global.fastly.net udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 151.101.1.91:443 n.sni.global.fastly.net udp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 151.101.1.91:443 n.sni.global.fastly.net udp
BE 13.225.233.15:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
BE 13.225.239.54:443 cmp.quantcast.com tcp
NL 172.217.168.194:443 securepubads46.g.doubleclick.net tcp
US 104.20.218.77:443 www.statcounter.com tcp
NL 172.217.168.194:443 securepubads46.g.doubleclick.net udp
NL 172.217.168.194:443 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 c.statcounter.com udp
US 104.20.219.77:443 c.statcounter.com tcp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 15.233.225.13.in-addr.arpa udp
US 8.8.8.8:53 77.218.20.104.in-addr.arpa udp
US 8.8.8.8:53 54.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
SG 103.229.10.192:443 global.px.quantserve.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.118:443 id5-sync.com tcp
US 8.8.8.8:53 id5-sync.com udp
SG 103.229.10.192:443 global.px.quantserve.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 141.95.33.111:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 d057b4c821db1c42f70281b159b76319.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 d057b4c821db1c42f70281b159b76319.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
NL 142.250.179.161:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 77.219.20.104.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 192.10.229.103.in-addr.arpa udp
US 8.8.8.8:53 111.33.95.141.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
NL 172.217.168.225:443 cdn.ampproject.org tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
NL 172.217.168.225:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 172.217.168.225:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 142.250.179.193:443 tpc.googlesyndication.com tcp
NL 142.250.179.193:443 tpc.googlesyndication.com tcp
NL 142.250.179.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 rules.quantcount.com udp
US 18.65.39.30:443 rules.quantcount.com tcp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.250.179.194:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
DE 91.228.74.206:443 pixel.quantserve.com tcp
NL 142.250.179.194:443 www.googletagservices.com udp
US 8.8.8.8:53 225.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.145.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 142.251.36.3:443 id.google.com udp
NL 172.217.168.246:443 i.ytimg.com udp
US 8.8.8.8:53 downloadmoreram.com udp
US 188.114.96.0:443 downloadmoreram.com tcp
US 8.8.8.8:53 downloadmoreram.com udp
US 8.8.8.8:53 downloadmoreram.com udp
US 188.114.96.0:443 downloadmoreram.com udp
US 8.8.8.8:53 rlv.zcache.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 prod.zazzle.map.fastly.net udp
US 151.101.0.241:443 prod.zazzle.map.fastly.net tcp
US 151.101.0.241:443 prod.zazzle.map.fastly.net tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 cs41.wac.edgecastcdn.net udp
US 8.8.8.8:53 prod.zazzle.map.fastly.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cs41.wac.edgecastcdn.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 asset.zcache.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 151.101.0.241:443 asset.zcache.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.200:443 syndication.twitter.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 241.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
DE 157.240.20.19:443 connect.facebook.net tcp
US 8.8.8.8:53 19.20.240.157.in-addr.arpa udp
NL 142.251.39.104:443 ssl.google-analytics.com udp
DE 157.240.20.19:443 connect.facebook.net udp
DE 157.240.20.19:443 connect.facebook.net tcp
US 8.8.8.8:53 web.facebook.com udp
DE 157.240.20.15:443 web.facebook.com tcp
US 8.8.8.8:53 star.c10r.facebook.com udp
US 8.8.8.8:53 star.c10r.facebook.com udp
DE 157.240.20.15:443 web.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
FR 157.240.195.15:443 static.xx.fbcdn.net tcp
FR 157.240.195.15:443 static.xx.fbcdn.net tcp
FR 157.240.195.15:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 15.195.240.157.in-addr.arpa udp
US 8.8.8.8:53 15.20.240.157.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 93.184.220.66:443 platform.twitter.com tcp
US 93.184.220.66:443 platform.twitter.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 216.58.214.22:443 i.ytimg.com tcp
NL 216.58.214.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr2---sn-5hneknee.googlevideo.com udp
NL 74.125.8.71:443 rr2---sn-5hneknee.googlevideo.com tcp
NL 74.125.8.71:443 rr2---sn-5hneknee.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-5hneknee.googlevideo.com udp
NL 216.58.214.22:443 i.ytimg.com udp
NL 74.125.8.71:443 rr2.sn-5hneknee.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-5hneknee.googlevideo.com udp
US 8.8.8.8:53 22.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 71.8.125.74.in-addr.arpa udp
NL 209.85.226.71:443 rr2---sn-5hnekn7k.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-5hnekn7k.googlevideo.com udp
NL 209.85.226.71:443 rr2.sn-5hnekn7k.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-5hnekn7k.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 209.85.226.71:443 rr2.sn-5hnekn7k.googlevideo.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 71.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.250.179.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
NL 142.250.179.193:443 photos-ugc.l.googleusercontent.com udp
NL 216.58.214.22:443 i.ytimg.com udp
NL 172.217.168.206:443 youtube-ui.l.google.com udp
NL 216.58.214.22:443 i.ytimg.com udp
US 8.8.8.8:53 rr2---sn-5hnekn76.googlevideo.com udp
NL 209.85.226.7:443 rr2---sn-5hnekn76.googlevideo.com tcp
NL 209.85.226.7:443 rr2---sn-5hnekn76.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-5hnekn76.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-5hnekn76.googlevideo.com udp
NL 209.85.226.7:443 rr2.sn-5hnekn76.googlevideo.com udp
US 8.8.8.8:53 7.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-5hneknes.googlevideo.com udp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-5hneknes.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-5hneknes.googlevideo.com udp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-5hneknes.googlevideo.com udp
NL 142.250.179.193:443 photos-ugc.l.googleusercontent.com tcp
US 8.8.8.8:53 rr2---sn-5hneknes.googlevideo.com udp
NL 142.250.179.193:443 photos-ugc.l.googleusercontent.com udp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com udp
NL 74.125.8.199:443 rr2---sn-5hneknes.googlevideo.com tcp
NL 74.125.8.199:443 rr2---sn-5hneknes.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-5hneknes.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-5hneknes.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-5hneknes.googlevideo.com udp
NL 74.125.8.199:443 rr2---sn-5hneknes.googlevideo.com tcp
NL 74.125.8.199:443 rr2---sn-5hneknes.googlevideo.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.202:443 jnn-pa.googleapis.com tcp
NL 142.250.179.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 202.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 199.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net udp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
NL 142.250.179.198:443 static.doubleclick.net tcp
NL 142.250.179.198:443 static.doubleclick.net udp
NL 142.250.179.193:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 i1.ytimg.com udp
GB 216.58.208.110:443 i1.ytimg.com tcp
US 8.8.8.8:53 i1.ytimg.com udp
GB 216.58.208.110:443 i1.ytimg.com udp
US 8.8.8.8:53 i1.ytimg.com udp
US 8.8.8.8:53 rr1---sn-5hnekn7l.googlevideo.com udp
NL 74.125.100.6:443 rr1---sn-5hnekn7l.googlevideo.com tcp
NL 74.125.100.6:443 rr1---sn-5hnekn7l.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-5hnekn7l.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-5hnekn7l.googlevideo.com udp
US 8.8.8.8:53 6.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-4g5ednss.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-4g5ednss.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-4g5ednss.googlevideo.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 play.google.com udp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
IN 20.207.73.82:443 github.com tcp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 216.58.214.22:443 i.ytimg.com udp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
NL 216.58.214.22:443 i.ytimg.com tcp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com udp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
NL 216.58.214.22:443 i.ytimg.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
NL 216.58.214.22:443 i.ytimg.com udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
NL 216.58.214.22:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

MD5 108b97b1ff7efbdb1aecce96d55ff2e5
SHA1 bb72b2e0c3d859fe5e821632307a32df331b55e1
SHA256 c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e
SHA512 e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3534f690bcb99d88ed20bbe0fefe6d40
SHA1 ff95590965042b93de16a9f927225656f3bf5a14
SHA256 77b165a182475984b0379089a4ab51032d8c7a1b7fbcb0675090e4b2d25620a3
SHA512 1d05a8cfe16baaf2f5bb16ca5349d2f0a56d565e7f3026d073c47e9b0c0a6a6ebc71e3fd9b591d4cfbe123428fb9181944e9f687d39cae2a2093cbfaf2a06ad5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 9c0f325e038d1cb59659892ba5d141b5
SHA1 28c4a008cc7e5f19c9451aa636340a33cde981d8
SHA256 70e4dab45226bfba754dddcf1e666b52850dd15d4dc21f6dabf595d8e5967320
SHA512 5b92eb6e1665ad2113cc72226183d5f29d6787ed8154ae2511678b2becc10295718c64d4f54134241df1900e8e12248a3d4fc26ac3a37781fcf584162af5f721

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\scriptCache-new.bin

MD5 7ec28238910c217c3cc5cb01bd9cfde3
SHA1 c850f704f3a78fe63866fa54767d069a3284bf94
SHA256 1714477b594330be9ed43a296f5cdf3278ba98a99557471fd4a741a3db8260a7
SHA512 bd97129384f6d739d689352e15f68cc217384bdf1265b5d8656a5f1e9c34244ab082111bb745fae9293cdd9b3324d4ec9b89e5b1372f178f3d31f98d2daf00c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\startupCache\urlCache.bin

MD5 2f3e18f45444790efaa87ad8eea97fa3
SHA1 2518eb8d0d4bd352417cd7da2e8e3eceb4562d58
SHA256 420126560e8de7644721e4075a2cca820a9769a45897179d99907f38c8858fc9
SHA512 aaf604014a2f432a6ef40844b8ae5ff85e2743330614d1ba0bd4e51a7249576ee3e19490cc9dcf44ae1f011e43e3e2474391c04b11bdc93097aaa7ef7e181ea0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

MD5 108b97b1ff7efbdb1aecce96d55ff2e5
SHA1 bb72b2e0c3d859fe5e821632307a32df331b55e1
SHA256 c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e
SHA512 e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\12037

MD5 00bf85fcf3d0db7c7d5a658a93e77f99
SHA1 ebb2905ef9ecc86675b52375771c52144e9e2687
SHA256 0423ee30b43de2f30c10d259fc6cd18123781ef4e7862ab5f6af54e55407396c
SHA512 38d52b03982da7e50bde6ef8802c6fb6d842fbe51138766319e25d311c6082a85dfffaa90479d1a1c6db662bfafbfee09d0b0434dc9fbaf2dd318596421ac55f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3534f690bcb99d88ed20bbe0fefe6d40
SHA1 ff95590965042b93de16a9f927225656f3bf5a14
SHA256 77b165a182475984b0379089a4ab51032d8c7a1b7fbcb0675090e4b2d25620a3
SHA512 1d05a8cfe16baaf2f5bb16ca5349d2f0a56d565e7f3026d073c47e9b0c0a6a6ebc71e3fd9b591d4cfbe123428fb9181944e9f687d39cae2a2093cbfaf2a06ad5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage.sqlite

MD5 e754fbe11ba0e708fa319a0396ff4274
SHA1 46687e5fe95275f8d9512e64659a7ad985343553
SHA256 33f31db8b6798aad9d7752c69ddbf9c4b97621fb924c9171f7f8c4d4e6c59704
SHA512 e02fc85d8b3bcc22c33e93dda90993122df5be0dcdff02302577978f47fb202ecb20cfaa899c2c67f4d09c6381b076eae6b2e0af682de10b8df7e187e735bdab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 508d05d32f0ce9532c34b625d11f0099
SHA1 dc757cdaa7e18a8fb88b1d18c681f8c559d1bef0
SHA256 b4ee15f34cb38ef8b1b7890121c48d1378a7971967b720c405b935c167ab45bc
SHA512 b77df5b6d852b91f4618b070ee8d2096f90470aee55cc36225a82fd172401d5a6e4111e32de7365073d2c08f12c1204f9f8d7c6f9d5da451757128e0e3336f79

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cert9.db

MD5 eae59c1c8cd5bc91c0ad5d27f3420cb7
SHA1 08c28abf5f8d23a28c30d34da6c9d7ea4c5f2f9a
SHA256 0dbbf52ec8547dfe9671b2630bb764c07b8411a81879f7d3df8925db3a300546
SHA512 8979babc7593516a4d461d49cd534ac02f919a4934ad025fb09f2f6c06984d09ee6311d62bd1e1d98212e772381896f6f0957cec236df0f531b78bd032e36514

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\search.json.mozlz4

MD5 033eb0645837c8b618a593f7b9a72642
SHA1 cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172
SHA256 3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582
SHA512 27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

MD5 51a03fca4c7390f4fd528d17daa00ba7
SHA1 554b9370aec9ad6f44e85adfc55f645cabe9ec3c
SHA256 32db765ee3070bd7c16249904ac30a869adb4762735be8da1d85a744580a0f85
SHA512 51ccdb66b712fdd76664b30fa1e8fbfde699b3212b4eca59f71262cbaca3246da6eb70b0b58ef303cd97012123eb663c6b74c14ef086aa4f29e9d5fe4d2b9f13

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json

MD5 02cbd6a677e407c2235d8e312286f4c5
SHA1 80e142b4da28c394e6a318a5e78ced205e034d15
SHA256 498a3f7d87f2b48ec1fadb21be455e61d964ae338745faee261a5dd2d7b6deac
SHA512 641a01370e9a6e4b5b3df1e1d801dbbbe7e13b349f5ce23c8b35a9e2bae798cdeea137bf9d1734d5c4fd349630489fab92fcf95a915305f9d0c84fba58425821

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 9e910def9cb609985a127734ea74cb4c
SHA1 180ddac0cb93848a71634f4e5ac206f7bb433e12
SHA256 b1bdab119eb3de9914342197c7fd5bade8b5787b6fee4fcd05188b0414ad982d
SHA512 fd8770c64529d5ae0e8f6379130e8b7160020ea85aea535339a68ce5a4018aaee833c7bf4f516bea9a062babad99443069319d10b9678b76e8a1fe9ec7a8d51c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143

MD5 f45058dcf673ee57eb665e1037362ae4
SHA1 49242b2f733b6eeb2cd9701bc76154839fec9ce3
SHA256 1a4cdda749dd04189becd9d111e6cb13c09cf227bfa326bbbedbfa604dd97ceb
SHA512 f5a0f5770f784c140c9648ee9536c4d0533958eee1ed70d6c37d6da857d8512d4b8e7cd43700fa790c16cf538d3b37f70512fc83babc197df0b6b82832bd26ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\glean\db\data.safe.bin

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\protections.sqlite

MD5 c85d1bbdcb2505d7f5c6bd0dd2b06492
SHA1 b045492af83bf1549827343014eae43cc0a817d7
SHA256 a5cbb5daa9ea1b98935ab288b6293bd08abab25a4576a400334c68e6b781c64f
SHA512 7343830acaff4a89de4a47e71e10f9a99539d075fcfef3ca0d9e9701f6a8fbfbfb8ad342764314a01a171a1acb3b3d5eb404817d40ca5b0a2444c06e8f925f37

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 76397e10cd80f104a5163e14db3ef58a
SHA1 2e5a4d53230fbcf940724a6dbb496e91061783ce
SHA256 1e82fcb537c383fd99b206f1d6a21ab43d9c45df67b28ce48406573ba65996b8
SHA512 86b6c6d6df35aadc2323c1fec6e5d73a446b82618ae636d7f9350283276d0d3990c5740da03e06229ce7eceb7d55664932bffe69d875db8f3a9675232f234dc4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\state.json

MD5 3e32e2cc1ed028dd8ff9b06f50a4707b
SHA1 b3910351bd8e13ad1479db699cf6fac6544a5bef
SHA256 4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c
SHA512 4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js

MD5 4df83bfa6c58af1bf31924d9944653db
SHA1 da671fe861b309760f47a5d9242f629e71b70323
SHA256 766e377de93eff3ebf4cffd947cbf127b35807bb911362f8d8d813c1895590dc
SHA512 4d791757d6b4d52b915f8f83f0e30d880de6077ed90ee277f59d8126150cb9ac1859565026d91d4fd01dd2a45cbd6a87e9efd3666bd36ea0818b221c228a2bc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965

MD5 be10dcde1aa6c717754d2f3f54e10d24
SHA1 146229ea42b5908dc8cc8d6fabc3b3459fdf333a
SHA256 b85dcae103e00885bca2d0364c193264b5e72820edbd2c66761b9e42253eb9cc
SHA512 6f4dba1caad1064c22726fe7b4dad654dcc3dd7aa0d65ebe3a5d7d16c50ea52ec3b0c42ce1d01832bd897094b1178bd8f666d605cf7c0036895b2024e6f8b8e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

MD5 222a90025b7307217e3a5f7f4ba8e556
SHA1 b66780d38fb4594db23e7ba7e6358e9e166830ec
SHA256 d3854bc82e48f1886bd1b5afa045d3b3652edf7be349b09906426c39a4d10659
SHA512 fb013b71bee81493f9ed044a57d77d12271c26433d302b9931897dabf9d5407671c5d4cc228c74c15a68be13ccdcd9d548ab815c910499727e675dcf0cb4b098

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\crashes\store.json.mozlz4

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 438c3af1332297479ee9ed271bb7bf39
SHA1 b3571e5e31d02b02e7d68806a254a4d290339af3
SHA256 b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194
SHA512 984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json

MD5 6981f969f95b2a983547050ab1cb2a20
SHA1 e81c6606465b5aefcbef6637e205e9af51312ef5
SHA256 13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665
SHA512 9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js

MD5 703f7fad2e37e92f0429e861c0559bde
SHA1 56e1a00300bf69a18829608464165762b33f97dc
SHA256 dccdd16a8e757116467a4ea528886f8d8f4dde2299a1ddaec55c777c896ce374
SHA512 b1dd10427f2f0a869f1de80c55b9b963a0d4469f26905f0673b77dde10c650a773c11400d6317f9ef169f8ceb3c16d465b2d61494656c91f66ce4311903f0a2d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll

MD5 54dc5ae0659fabc263d83487ae1c03e4
SHA1 c572526830da6a5a6478f54bc6edb178a4d641f4
SHA256 43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e
SHA512 8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig

MD5 dea1586a0ebca332d265dc5eda3c1c19
SHA1 29e8a8962a3e934fd6a804f9f386173f1b2f9be4
SHA256 98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60
SHA512 0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 cfae870f10f77141be5869e6191a3b9b
SHA1 469fb620acbbd764a973d33cc7d3b89683e932bf
SHA256 ed009676b9b1a1ebdd856dd4d079b1dc0290502f3849b7655b1425be08b69807
SHA512 cbcb39ffc04ca82c203e64d651aa48ef976820bad0c720f7c761828f665996a484dd97676e7041e28cef00aa6f0e17b6857923ce14ca0d5c6d9687f8afd02a94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\27757

MD5 786437767b7fc0628fb4d65eeb883bee
SHA1 ae0437d75fe34fb278270166a98cc20cd09f7766
SHA256 12bb2dda4e721a8c3294702ab2578ad2a0f167a07f6cce1e358729fecffb3a23
SHA512 f39bd119c37151ab835e9ea3fe1349cc4e585f3fe1f619b6176a68cd6db23d91a90df121a010cd1e79c343faea912ed0b652216f8a8ca9f4400f5da38218f17f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js

MD5 e3c1f4544c6a0476fbd0bdf6d8402e93
SHA1 34c097ecb24e0f4ea5088a3fd9cbe4db832d7e55
SHA256 79f3d72ebc1901a135581d6e4c9eacbb02a526199e11252e9673d6b89eab6969
SHA512 50ae7975da1e0e271faa7db52a26ccf0aeb345a15ec219a65d45d4018621ae20233110cb9a5d906eebff099a97da4a6a64a6cd25c91b79ada40308aec48159ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\11317

MD5 65e7079bb1edf4025443681dc7dca987
SHA1 c9e2c749c32639c3ff64a7300e94b0c28033a3de
SHA256 80cc6f2e817b337a98be20be60a1871df7bb6c86ad1eabd405319a3c4bbca516
SHA512 90cc3dc1ba2d033134344eaef3bae85519b25b292d75c8162977a986c58005570ae7c86dd7e3b1cb005c03603c3821cdec1ced5042b39754b28071c12b5d38d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\25832

MD5 2b6296210f693bf1d40d351e68f36615
SHA1 3e7fee2011a6b71c6e7179acded84fc68f497e10
SHA256 e7e2c19a15da632d1bd1f81e57eb81855541cd4af3cd4587836acee6fcd68922
SHA512 37f2f8a7f0f487ddc577a7865189c80eaee90a71abd2e4eee529e0d78abee56ea03ccbbbf9a134c40cb5785744e42afced3fb08938da9906719a284b478cea6e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 b64f69992c029ca025c35f4717f8c01d
SHA1 7ef441de06cf235b4fd6bc494f5bfb90d3842840
SHA256 c5387a0577b01a50ba26e4867715876990397c96c70f1ec1864f5db00721af04
SHA512 8f934c479023d89c4eb7004d7b1b5aac06a79efff2ce20b95ab632bf64e32e3046a8df0f81ce3ee67785c13de12737cca3d36fae070bb3352e36b02e76a9b57e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 dd0fe36adb3d62aea9044bf5c5cddb3e
SHA1 47b0ba693a9e376f6b15b0ccf72bee8d34a17509
SHA256 1de9c45dca114e422ebdc684e0e32ec75172d583b59df4540920f3ea9f69749a
SHA512 239411d68b5b68335c095eb5bd1824c5a7dcc8f622452c0c16c93d74a98b33dbbd9d9f6277c59655636b513043ad4e3df2838a3c9bf11d2c9268d12207bf54c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\EB981269246B016AC259421FF59F9E5B3AC32032

MD5 c6936f2ebbf6f66f65d37a9d22399e00
SHA1 def3d609f2543fdfe6ba705aa778d2afc5edc26e
SHA256 491339265bb45e929ac564d705f8671d6e021f669e03a9ef5d3439a17a02e6a7
SHA512 6a4d7877ac07d3e82e8f0543f13a07ed5e21df94473bd87cba842ee207a808a784129c98276230ef08064b9fd33042d75c05af9f177898f79fbff4fea41f9883

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js

MD5 d24d1dc5ea3fbe714f846c30e461d343
SHA1 a777346e1f49a127bfb63a2eef8d054c60f5b898
SHA256 5ade378818d7cacc87638ee9823e355635205bfcf811df6491bdc2c63fed1d22
SHA512 8b5648cf22d08c2e22fdbaccec466e07a41c41ee9534f7c6f60548d64583451fb5dc4fd8d5d01ef4a03c9ef1b8cc475071418eafd9ddba92a58fc0688399a454

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\5978

MD5 f8f9b56163b0698cd43f8271be85ce26
SHA1 e027f30fcd7ebd7075905208705013eb6d6dc99c
SHA256 8b87d7146dfd40940926c72d42a59c24d7a4121ddee2a28023158b56b799bd23
SHA512 b015b7fa21f8680ae02af200220beb10df5ab2ff8d52d379b34207fc3fb2df596dd0282eada4b7a285242cc72922e50e06ef517c63a0f7b996b9061a9796ff0d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\15314

MD5 fab5616ee66cbf05c0ec468cddcc134e
SHA1 12d9521d095f97ccd80e6d58f4f85e13383e1217
SHA256 a639f9ae25624f94f5280bb6ede54c82a0ede42a8419a63b8435a9ceb3ddc9b3
SHA512 fdb4b5e0559503fcc228ecb81894203e2b91392a23a74dc2edc6e108fda2052200f1e316d847bfc1e4b8df27fe2849757f81c328b184545384d8c6c64bf61a38

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\23013

MD5 822e47ba89d2420f482355d82a000592
SHA1 de35e6a073530eb5e1ba997d4dc01f925e4ef5c3
SHA256 c689df0ef3bae3eb219e7d1ee574a6a7ae29373672cdf8b1dca19db728778c8d
SHA512 3ce2af6cbc99849c0c88e7ad436b77aae82d2e8faff69d28396810c1c8ec07586a0e8b1b3f559ffd4f2f48ae7c93f2388a924b5c3f23a8df611f0d9922f60bfa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\10691

MD5 53b04fe27893363736f68d5caadb4d37
SHA1 b6ba3d215722ecd20907e12ce80923cd1f527d8e
SHA256 496881e7c2f29afc3e17bb73befa17d35ceed6219305d705b134764ba20fe304
SHA512 950715a652c7d27c0983bc2048247b65048d8bbe499fc1d86ba36c6d6d6e59c014c00b9f48f426f74fa6283613441de1734817126b7e54db4d45f53d2f0a9942

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\31594

MD5 0691243e073e980bc5a0900339985c2d
SHA1 97554ecc97abff9120236223e92096749b6f1f67
SHA256 be51338ef28de8e2f005cb618193575356ef64cb461adcdcbc85015450b09c01
SHA512 a9e3ec818af516c44748b412e9a019fbaceb38528c68e4f4a6897cf87d6573b439d2d52c243be39fa1fd153a8ac0145b9a267631796a1b2e675364a3ea890e5e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\4757

MD5 08f1c8420471d73ca170bca5562cd353
SHA1 0c0d86314dca4081a1c7e18ce1dbc108cf7e5f01
SHA256 0e7a3a9b71ef65433a6722303271480547c9b1debafda895a4ce598f46176603
SHA512 9d6a7469df58a8fba297eb8a2467dd17d91775c7e006b5802d5e883275cbd2bce0d85f01538cc4fa6b5448ce8b27c06c0b82911e1c585ae8c9680752360dfd25

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\27455

MD5 9bada6783bbf3894038f2eef360090b9
SHA1 9399fec6fa360f19c5662d2f33bae5f95857ee71
SHA256 eb81f941578d2e589b3299a9d811b070e2e88fcdd7df82ae4c787942bc241182
SHA512 32a538e5c53f06c3190146a9ae1f55899a9d0016439ac9a2708990c088b7c8525747420961a145d4dc48fc4254c687152cbbc98859fef1b2710cd39127f03e4e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\default\https+++www.youtube.com\idb\2171031483YattIedMb.sqlite

MD5 cd660f895b9d5da29506164a2b2964c6
SHA1 0dba3e7cf805302c5c3db60264d174621a75032c
SHA256 e5440cce0ec2eddbdb0b252f26af074c7695bf03dc8549fe9df2281cb99855c7
SHA512 37cb5508e84f590d16c4256344ddda5cc60f5d7a4b135b7eedddd2582da0e10c95c0707fbc76948ab78b8a192c5f39598fb9743d7dd1ad1dee2d22a1f8cfc2a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\8920BCFBA63F48FDB210BE007081B27F4B607C9E

MD5 0ceff056099bf1f70256db26472bb87c
SHA1 92d02e285afc9cd032ba7f306a2c4c71be339eca
SHA256 d2b02972e260161c855c090ab68550d490dfdbc5b42cf7f9b079b136e66144b2
SHA512 22d44b1f8d5e8dcf880bedc9ac8505bda615a5dbd5d3df23299e91e34a8c1505f9a0bb6c165f318ffc2a3cdfd24cc191009a1a8c45ab7a674c4bf49fe9af287d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d92a0c0df6e6630e65c4bbde56a90603
SHA1 323758c91b2840f0a49e1033af1f697ff22420d8
SHA256 5ab2a33d98b7e080c54c2ba7b0e4bd36a23793a50967d1c53a88ea1a41867ebd
SHA512 dd33f2917da59adb945ffc33564c75b578adc6bda9fcc3b8b6108a0adaccf6ee06e0c11e3d394e9ff011a324fc8481a0ad783ee039e32c4954df7098f52157f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\jumpListCache\iz+75n6qYriNqjp0XHBluQ==.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\F323E20FCB4690E8889A662A7C8FFAC9C66E3EF9

MD5 e4be44d07e48485318de1e3f4c824989
SHA1 5f153893ce926853bb997a13aef7569b290985aa
SHA256 f10f6ec9685e3ef36fd545ce8368bc718825ae12e69097636dffd98471bc5019
SHA512 d4d0bcf631c3ac52e142aeb77f694f5f479a00e05a065a53983d20a2b3342d98cb671fde0f8e4cf3cb31296e087eaaa556f00bf122323faa9e9265940947c3cb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\298

MD5 8cc748cd218ae0309d1ee52dc6a0d60f
SHA1 75d4400b725600a4c0337b4f1bd0ba91cb0fa43a
SHA256 a7d14ef55f8d14dac635c6bffee6af1d49a8b15f2e12fdc71b2283fdb505d940
SHA512 72c8fef3c10b6dbb11d5865f52060732faf2394cbd7ea81cc872961e8e655abc1853d44383fff2fb5170b4943c2c0be1992297999dcd3c9fd35425c902799496

C:\Users\Admin\Downloads\TMC7vfbf.zip.part

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js

MD5 d0d2b3892c6a6481935ecc945ccc35bb
SHA1 e4ddfc8f7c98928b4f8041baf7af9abf4eba3fac
SHA256 dc882a3c0c95edcc1455a13473f0e7f31cb6b96e4ebd0b420d42f2f74a470388
SHA512 7e57a1904f1cabf6364aab3c97c0581d5a8f3df09054aecaf3d19d56e635b9ad5a6454400eac592c4c3cdf461bfe8a2a783b4a7b26c3960522f3c6a61eb15735

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\0262BDE1A7C28E5711495287DE474F548B164B19

MD5 b221059a9ee8517cce0ed7707e49af99
SHA1 554f56ab3a8639c1dd15fbc0c316dd5d991f04a1
SHA256 3a111f58ec70591a0eb9482d0821c3a3de6b55d8f1855eab8a5fb708bb65fe79
SHA512 473e11c18175ae8a013889a22b593d0dde7969c938e2f8a6ce1bbfa4da59050e7de5cf046bddb650dd46d54b6597b78a293d8e45a26f588e523b0ffe8284ea5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\default\https+++www.youtube.com\cache\morgue\18\{e7d1eee4-088a-4e0e-aeba-75bfdf11f312}.final

MD5 196f904cbad495794ee63bc53403786c
SHA1 a735a1131c5b154a5a70ca250869a42c53fafe81
SHA256 4d60e93c0b6bafbfec80535a148bbd0d32ec7754288abed9fcae44b5fd39fbef
SHA512 42d2744de1c708f1b590a924ba05970b107d8bf37c9f48e2560e1b5e197fd914e2e3be1cb0aa27b6dbe5fe00959b75f9815ac2c886ba9e4347fa7646a6df0ffa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js

MD5 b9ce5bc4cbc14c4496a215e56eae9ed9
SHA1 208efeab8c91c0958a646963259432517e3cbbfe
SHA256 a1bb3a6733e6e582cf48d8064e1e8ceacc1833bb25b3d064165521626c2ca4f7
SHA512 b72d63acd71933ac75c255d0e7a28e1ac5f8880e003353ba8fb21ba6c390b25e30fb43576f36e53521a5dfb4f1cde373f4887cd8e6ba348a624fba2f4eb59743

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 0f5195fdb7685160031c75716884dc73
SHA1 a04957dc179cf6cf8e5716b161810d773de09645
SHA256 edcfd457bec9ce71f98cf2f566138edeabd50d07bf3e2a23ce8dce48ab954ed9
SHA512 2ddd74ea9e1c0e08659712f87c24315acf61deb22103b534139432c6ea597611bdc22c2155dd81488f49efe0e5fb9dc5003265a8d99aeffe00d77c3cd29d770f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js

MD5 cf6f1ea038778963794edb677c68116f
SHA1 1e116333d9899640b4c665875439c9f4d6165c71
SHA256 973721f7fbabf713de8dab320df7ddfa150a1e036273e3796e7756fa4a4a877c
SHA512 37ca0994b4e1cbaf076a0de99cbe53fcbbb67f9872dec4d834389315f661086a0ee0b6ccbe28674375866d578cb7fee2b2361c71824ee9ae7ec41cab3b82c4c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\glean\db\data.safe.bin

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\datareporting\glean\db\data.safe.bin

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\Downloads\NoEscape.zip

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-2.js

MD5 454f9ef48bba6777886100acd40d795a
SHA1 a19cd91ea3a7cab4550720e1043f96d5c18c3215
SHA256 ef88ea9dcbd7cbdbe0c7ee772b9ee5618fdb542f474073e0004a5ef3eee4ac28
SHA512 5dcc71c770cbb2a57ca9266ee85a414340d99c21c331074233cf78347ffa5cd65dbfb5454120c594eb52d711322da2b6e104d6fb9e2cdec59393b3da52519a8e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 cd26e2b839b91bce4ef30c97d0897a52
SHA1 cfe282830072e1a782083333ad9b28e7361a3e91
SHA256 0635b998e1e127c663511a4e0489cc6c4c6bbd301c6e44f8283ad1989021ea3d
SHA512 ddd59c941bc6628a5b89405f81e4b604bcedda3f215aff5890c01533e12125b6238ea483adb20d2dceb03a35d83a524602b24b39506a0c8c7d6aa517f696ca7b

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

MD5 989ae3d195203b323aa2b3adf04e9833
SHA1 31a45521bc672abcf64e50284ca5d4e6b3687dc8
SHA256 d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
SHA512 e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

memory/4664-2104-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

MD5 989ae3d195203b323aa2b3adf04e9833
SHA1 31a45521bc672abcf64e50284ca5d4e6b3687dc8
SHA256 d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
SHA512 e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

memory/4664-2106-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/4664-2110-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

MD5 989ae3d195203b323aa2b3adf04e9833
SHA1 31a45521bc672abcf64e50284ca5d4e6b3687dc8
SHA256 d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
SHA512 e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

memory/4504-2112-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/4504-2113-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

MD5 989ae3d195203b323aa2b3adf04e9833
SHA1 31a45521bc672abcf64e50284ca5d4e6b3687dc8
SHA256 d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
SHA512 e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

memory/336-2115-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/336-2116-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

MD5 989ae3d195203b323aa2b3adf04e9833
SHA1 31a45521bc672abcf64e50284ca5d4e6b3687dc8
SHA256 d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
SHA512 e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

memory/3224-2118-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/4504-2119-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/4504-2120-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/4504-2122-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/1348-2123-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2125-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2124-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2131-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2130-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2132-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2133-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2135-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2134-0x0000013A69530000-0x0000013A69531000-memory.dmp

memory/1348-2136-0x0000013A69530000-0x0000013A69531000-memory.dmp

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

MD5 989ae3d195203b323aa2b3adf04e9833
SHA1 31a45521bc672abcf64e50284ca5d4e6b3687dc8
SHA256 d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
SHA512 e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

memory/1664-2138-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/1664-2139-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

MD5 989ae3d195203b323aa2b3adf04e9833
SHA1 31a45521bc672abcf64e50284ca5d4e6b3687dc8
SHA256 d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
SHA512 e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

memory/1020-2142-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/4504-2143-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 6bd369f7c74a28194c991ed1404da30f
SHA1 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA512 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 d2fb266b97caff2086bf0fa74eddb6b2
SHA1 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256 b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512 c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/4504-2160-0x0000000000400000-0x00000000005CC000-memory.dmp

C:\Users\Public\Desktop\⇺ᄄ⍩シ⏦⚏᭶ᄖの␈Ֆ≻ಂᚴら⊣

MD5 e49f0a8effa6380b4518a8064f6d240b
SHA1 ba62ffe370e186b7f980922067ac68613521bd51
SHA256 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13
SHA512 de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

memory/4504-2340-0x0000000000400000-0x00000000005CC000-memory.dmp