Analysis Overview
SHA256
ca1b3ed6054976e233fe145a526168b95e97220a6fe2ae63738d9672b6144cd7
Threat Level: Likely malicious
The file unreleased.html was found to be: Likely malicious.
Malicious Activity Summary
Stops running service(s)
Command and Scripting Interpreter: PowerShell
Possible privilege escalation attempt
Credentials from Password Stores: Windows Credential Manager
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Launches sc.exe
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
NTFS ADS
Checks processor information in registry
Runs .reg file with regedit
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-04 15:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-04 15:25
Reported
2024-10-04 15:40
Platform
win11-20240802-en
Max time kernel
412s
Max time network
857s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Stops running service(s)
Credentials from Password Stores: Windows Credential Manager
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| File opened for modification | C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| File opened for modification | C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| File opened for modification | C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\NoWorkingDirectory | C:\Windows\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership | C:\Windows\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\command | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\command\IsolatedCommand = "cmd.exe /c takeown /f \"%1\\\" /r /d y && icacls \"%1\\\" /grant *S-1-3-4:F /t /c" | C:\Windows\regedit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\command\ = "powershell -windowstyle hidden -command \"$Y = ($null | choice).Substring(1,1); Start-Process cmd -ArgumentList ('/c takeown /f \\\"%1\\\" /r /d ' + $Y + ' && icacls \\\"%1\\\" /grant *S-1-3-4:F /t /c /l /q') -Verb runAs\"" | C:\Windows\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\HasLUAShield | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\NoWorkingDirectory | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\Position = "middle" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\Position = "middle" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\HasLUAShield | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\NoWorkingDirectory | C:\Windows\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\command | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\command\ = "powershell -windowstyle hidden -command \"Start-Process cmd -ArgumentList '/c takeown /f \\\"%1\\\" && icacls \\\"%1\\\" /grant *S-1-3-4:F /t /c /l' -Verb runAs\"" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\command\IsolatedCommand = "powershell -windowstyle hidden -command \"$Y = ($null | choice).Substring(1,1); Start-Process cmd -ArgumentList ('/c takeown /f \\\"%1\\\" /r /d ' + $Y + ' && icacls \\\"%1\\\" /grant *S-1-3-4:F /t /c /l /q') -Verb runAs\"" | C:\Windows\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\command | C:\Windows\regedit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\ = "Take Ownership" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\command\IsolatedCommand = "powershell -windowstyle hidden -command \"Start-Process cmd -ArgumentList '/c takeown /f \\\"%1\\\" && icacls \\\"%1\\\" /grant *S-1-3-4:F /t /c /l' -Verb runAs\"" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\AppliesTo = "NOT (System.ItemPathDisplay:=\"C:\\\")" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\command\ = "cmd.exe /c takeown /f \"%1\\\" /r /d y && icacls \"%1\\\" /grant *S-1-3-4:F /t /c" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\ = "Take Ownership" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\NeverDefault | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\runas\ = "Take Ownership" | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\TakeOwnership\HasLUAShield | C:\Windows\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\TakeOwnership\AppliesTo = "NOT (System.ItemPathDisplay:=\"C:\\Users\" OR System.ItemPathDisplay:=\"C:\\ProgramData\" OR System.ItemPathDisplay:=\"C:\\Windows\" OR System.ItemPathDisplay:=\"C:\\Windows\\System32\" OR System.ItemPathDisplay:=\"C:\\Program Files\" OR System.ItemPathDisplay:=\"C:\\Program Files (x86)\")" | C:\Windows\regedit.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Add_Take_Ownership_to_context_menu.reg:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\unreleased.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\unreleased.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1900 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ec9028-849d-4543-80e1-6c40cb51fdab} 848 "\\.\pipe\gecko-crash-server-pipe.848" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8729a6cf-bd0a-43f4-b86e-01c19818f34b} 848 "\\.\pipe\gecko-crash-server-pipe.848" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 3188 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8db9fc3-311a-4318-8019-675ae955c8ab} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -childID 2 -isForBrowser -prefsHandle 3752 -prefMapHandle 3740 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {477609b5-d54f-45a3-84d3-672a59d10525} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4736 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4728 -prefMapHandle 4724 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1caa5c3d-5327-4ac2-a99e-b902c65a06b0} 848 "\\.\pipe\gecko-crash-server-pipe.848" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 4920 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ad3fc47-6580-4a49-add7-fd6c502448dd} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 4 -isForBrowser -prefsHandle 5708 -prefMapHandle 5644 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe278dbf-4a34-4ed8-8568-7fec1f3f326a} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 5840 -prefMapHandle 5316 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f9e5ac7-d2c8-4de2-b382-d4befe93262b} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5972 -childID 6 -isForBrowser -prefsHandle 5984 -prefMapHandle 5988 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb09e0b4-ae12-47cb-9d2d-fbabe7ebaa52} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6084 -parentBuildID 20240401114208 -prefsHandle 6248 -prefMapHandle 6252 -prefsLen 29276 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ce66642-7423-46f0-a45a-2176c48bacbe} 848 "\\.\pipe\gecko-crash-server-pipe.848" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6208 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6236 -prefMapHandle 6240 -prefsLen 29276 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97f04e75-ad8e-4f5e-a522-8f91f8c3fbef} 848 "\\.\pipe\gecko-crash-server-pipe.848" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8498ba85-0555-445b-9964-6541cdd408ee} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c614ed-adec-48b8-b760-bed8d6aaff82} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3352 -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3344 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c44c3ee-9cdd-413d-8f2a-99ef4d5fa3ca} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3624 -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3660 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22baf2fd-74b0-4a7c-9d57-26f5386bc8e1} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4680 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4668 -prefMapHandle 4628 -prefsLen 29142 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b415484-87ff-4ffd-94d8-bbb8e7bff6fb} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 5224 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d22ca40-6fe0-4d74-b878-44b2b8bb03dc} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5152 -childID 4 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0bd0b32-098d-48f5-922c-2beb1a1e9bb2} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5528 -prefMapHandle 5176 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37b20570-5135-48bc-8a65-805ae2550a59} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 6 -isForBrowser -prefsHandle 6016 -prefMapHandle 6012 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d789fa1-5b23-4e8e-b6d6-494ef749d390} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5004 -childID 7 -isForBrowser -prefsHandle 440 -prefMapHandle 2664 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6037d50-1fb0-4fa9-ade9-a2c01327fd0c} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 8 -isForBrowser -prefsHandle 5600 -prefMapHandle 5616 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {825d840a-b363-466d-8014-6eb90bbedc17} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6096 -childID 9 -isForBrowser -prefsHandle 6040 -prefMapHandle 6120 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc400ee7-c574-4c62-b580-7c55156e88af} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6164 -parentBuildID 20240401114208 -prefsHandle 4420 -prefMapHandle 3860 -prefsLen 30396 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b8a6b98-6eea-41a3-b8af-69cc981f39d3} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5996 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5800 -prefMapHandle 3668 -prefsLen 30396 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6945abc-eca1-485f-9f23-102adf852f94} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 10 -isForBrowser -prefsHandle 6676 -prefMapHandle 6628 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {051901b0-c9c6-478b-91d3-a5e8b9fe7096} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6868 -childID 11 -isForBrowser -prefsHandle 6884 -prefMapHandle 6896 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {842a787b-b0e0-48c7-8a16-9017fb45d702} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6724 -childID 12 -isForBrowser -prefsHandle 6772 -prefMapHandle 6760 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {481abb8e-6e72-4a70-b2ca-9716f41144c6} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7856 -childID 13 -isForBrowser -prefsHandle 7932 -prefMapHandle 6704 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {551304f6-cef6-4e60-b148-1a6ba33b507c} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8068 -childID 14 -isForBrowser -prefsHandle 8144 -prefMapHandle 8140 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6208576-0bdb-4568-adfd-daecebdaf993} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6760 -childID 15 -isForBrowser -prefsHandle 8380 -prefMapHandle 8400 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15270aa8-5b6e-4a83-82ce-2a768a99d5d5} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8612 -childID 16 -isForBrowser -prefsHandle 7932 -prefMapHandle 7844 -prefsLen 27864 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18ae5b44-ea2c-4496-831d-807c0f9d955b} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\Add_Take_Ownership_to_context_menu.reg"
C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"PowerShell.exe" -windowstyle hidden -command "$Y = ($null | choice).Substring(1,1); Start-Process cmd -ArgumentList ('/c takeown /f \"C:\PerfLogs\" /r /d ' + $Y + ' && icacls \"C:\PerfLogs\" /grant *S-1-3-4:F /t /c /l /q') -Verb runAs"
C:\Windows\system32\choice.exe
"C:\Windows\system32\choice.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c takeown /f "C:\PerfLogs" /r /d Y && icacls "C:\PerfLogs" /grant *S-1-3-4:F /t /c /l /q
C:\Windows\system32\takeown.exe
takeown /f "C:\PerfLogs" /r /d Y
C:\Windows\system32\icacls.exe
icacls "C:\PerfLogs" /grant *S-1-3-4:F /t /c /l /q
C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"PowerShell.exe" -windowstyle hidden -command "$Y = ($null | choice).Substring(1,1); Start-Process cmd -ArgumentList ('/c takeown /f \"C:\Users\Public\" /r /d ' + $Y + ' && icacls \"C:\Users\Public\" /grant *S-1-3-4:F /t /c /l /q') -Verb runAs"
C:\Windows\system32\choice.exe
"C:\Windows\system32\choice.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c takeown /f "C:\Users\Public" /r /d Y && icacls "C:\Users\Public" /grant *S-1-3-4:F /t /c /l /q
C:\Windows\system32\takeown.exe
takeown /f "C:\Users\Public" /r /d Y
C:\Windows\system32\icacls.exe
icacls "C:\Users\Public" /grant *S-1-3-4:F /t /c /l /q
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6640 -childID 17 -isForBrowser -prefsHandle 8392 -prefMapHandle 4472 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {144bf225-d7b6-4dde-a30e-ee5f0375f514} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -childID 18 -isForBrowser -prefsHandle 8388 -prefMapHandle 1736 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f4c5d1d-64db-4f2f-a504-635c1a0a22c1} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9148 -childID 19 -isForBrowser -prefsHandle 8376 -prefMapHandle 8380 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4167f4a4-d61f-4764-997c-54270f30833a} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"PowerShell.exe" -windowstyle hidden -command "$Y = ($null | choice).Substring(1,1); Start-Process cmd -ArgumentList ('/c takeown /f \"C:\Users\Admin\" /r /d ' + $Y + ' && icacls \"C:\Users\Admin\" /grant *S-1-3-4:F /t /c /l /q') -Verb runAs"
C:\Windows\system32\choice.exe
"C:\Windows\system32\choice.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c takeown /f "C:\Users\Admin" /r /d Y && icacls "C:\Users\Admin" /grant *S-1-3-4:F /t /c /l /q
C:\Windows\system32\takeown.exe
takeown /f "C:\Users\Admin" /r /d Y
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7916 -childID 20 -isForBrowser -prefsHandle 8568 -prefMapHandle 8524 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfefae63-cf42-451c-b05e-0bf7bde7ac13} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6832 -childID 21 -isForBrowser -prefsHandle 8156 -prefMapHandle 8152 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66009216-bbdf-4a57-b46d-97eb6886b5c2} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7292 -childID 22 -isForBrowser -prefsHandle 4248 -prefMapHandle 6944 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {452f2c01-ff2b-408d-8056-04aaf05b279e} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
"PowerShell.exe" -windowstyle hidden -command "Start-Process cmd -ArgumentList '/c takeown /f \"C:\Windows\explorer.exe\" && icacls \"C:\Windows\explorer.exe\" /grant *S-1-3-4:F /t /c /l' -Verb runAs"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c takeown /f "C:\Windows\explorer.exe" && icacls "C:\Windows\explorer.exe" /grant *S-1-3-4:F /t /c /l
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\explorer.exe"
C:\Windows\system32\icacls.exe
icacls "C:\Windows\explorer.exe" /grant *S-1-3-4:F /t /c /l
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8900 -childID 23 -isForBrowser -prefsHandle 6860 -prefMapHandle 8836 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73fef148-7942-4be7-9a4b-4891ec2257f8} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7504 -childID 24 -isForBrowser -prefsHandle 6896 -prefMapHandle 4584 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24e16353-bf08-46e3-9697-4b97178fa213} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 25 -isForBrowser -prefsHandle 6896 -prefMapHandle 8828 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae483bc8-87c7-4ffe-b602-da3df5e5d0af} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\icacls.exe
icacls "C:\Users\Admin" /grant *S-1-3-4:F /t /c /l /q
C:\Windows\write.exe
"C:\Windows\write.exe"
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Windows\write.exe
"C:\Windows\write.exe"
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8504 -childID 26 -isForBrowser -prefsHandle 9856 -prefMapHandle 9868 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e94b7652-c6cd-49ca-8835-13422ae43d6f} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9772 -childID 27 -isForBrowser -prefsHandle 6220 -prefMapHandle 8512 -prefsLen 27904 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99e9e7a6-c3a1-459a-b43d-4c41996957e9} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa70e93cb8,0x7ffa70e93cc8,0x7ffa70e93cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3728 -childID 28 -isForBrowser -prefsHandle 3740 -prefMapHandle 3216 -prefsLen 27960 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28223f54-fdeb-4a62-93b1-ac4ffd918050} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6916 /prefetch:8
C:\Users\Admin\Downloads\ep_setup.exe
"C:\Users\Admin\Downloads\ep_setup.exe"
C:\Windows\system32\taskkill.exe
"C:\Windows\system32\taskkill.exe" /f /im explorer.exe
C:\Windows\system32\sc.exe
"C:\Windows\system32\sc.exe" stop ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
C:\Windows\system32\sc.exe
"C:\Windows\system32\sc.exe" start ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host.dll"
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6777778016778019582,6137287887857784029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2404 /prefetch:2
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Program Files\ExplorerPatcher\ep_gui.dll",ZZGUI
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Program Files\ExplorerPatcher\ep_gui.dll",ZZGUI
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38da055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49797 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| GB | 216.58.204.70:443 | static.doubleclick.net | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.204.70:443 | static.doubleclick.net | udp |
| GB | 172.217.169.65:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| N/A | 127.0.0.1:49805 | tcp | |
| GB | 172.217.169.65:443 | yt3.ggpht.com | udp |
| GB | 142.250.179.238:443 | consent.google.com | tcp |
| GB | 142.250.179.238:443 | consent.google.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:50277 | tcp | |
| N/A | 127.0.0.1:50299 | tcp | |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| GB | 172.217.16.238:443 | redirector.gvt1.com | tcp |
| GB | 172.217.16.238:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | tcp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | udp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | tcp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | udp |
| GB | 142.250.179.238:443 | consent.google.com | tcp |
| GB | 142.250.179.238:443 | consent.google.com | udp |
| GB | 142.250.179.238:443 | consent.google.com | tcp |
| GB | 142.250.179.238:443 | consent.google.com | udp |
| GB | 92.123.128.155:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.123.128.155:443 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.123.128.137:443 | r.bing.com | tcp |
| GB | 92.123.128.137:443 | r.bing.com | tcp |
| GB | 92.123.128.137:443 | r.bing.com | tcp |
| GB | 92.123.128.137:443 | r.bing.com | tcp |
| GB | 92.123.128.137:443 | r.bing.com | udp |
| GB | 2.22.249.210:443 | e28578.d.akamaiedge.net | tcp |
| IE | 20.190.159.2:443 | login.microsoftonline.com | tcp |
| GB | 2.22.249.210:443 | e28578.d.akamaiedge.net | udp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | udp |
| US | 150.171.27.10:443 | ax-0001.ax-msedge.net | tcp |
| US | 104.26.8.212:443 | www.elevenforum.com | tcp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net.cdn.cloudflare.net | tcp |
| US | 104.26.8.212:443 | www.elevenforum.com | udp |
| GB | 18.172.88.26:443 | cmp.inmobi.com | tcp |
| GB | 216.58.204.78:443 | analytics.google.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| GB | 216.58.204.78:443 | analytics.google.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| CZ | 65.9.98.75:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| GB | 18.172.88.26:443 | cmp.inmobi.com | tcp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | udp |
| CZ | 65.9.98.75:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| GB | 18.165.160.104:443 | config.aps.amazon-adsystem.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| DE | 52.58.75.155:443 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | tcp |
| DE | 52.58.75.155:443 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | i.connectad.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | prg-apac.smartadserver.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| NL | 188.166.203.175:443 | amsrt.marphezis.com | tcp |
| CZ | 65.9.9.197:443 | aax.amazon-adsystem.com | tcp |
| CZ | 65.9.95.100:443 | tags.crwdcntrl.net | tcp |
| IE | 54.77.142.86:443 | ads.servenobid.com | tcp |
| IE | 54.171.78.50:443 | g2.gumgum.com | tcp |
| IE | 54.171.78.50:443 | g2.gumgum.com | tcp |
| IE | 54.171.78.50:443 | g2.gumgum.com | tcp |
| IE | 54.171.78.50:443 | g2.gumgum.com | tcp |
| IE | 54.171.78.50:443 | g2.gumgum.com | tcp |
| IE | 54.171.78.50:443 | g2.gumgum.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 104.22.55.206:443 | i.connectad.io | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| FR | 163.5.194.37:443 | prebid.a-mo.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| IE | 54.216.230.172:443 | bcp.crwdcntrl.net | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | 206.55.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.230.216.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 52.95.115.196:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| GB | 142.250.200.33:443 | 24eafd79ae009b68b7f04f5fe3831c95.safeframe.googlesyndication.com | tcp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | 24eafd79ae009b68b7f04f5fe3831c95.safeframe.googlesyndication.com | udp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 142.250.180.2:443 | adclick.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | adclick.g.doubleclick.net | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| FR | 178.250.7.12:443 | rtb.fr3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 178.250.1.22:443 | staticassets-creator-design.nl3.vip.prod.criteo.net | tcp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net.cdn.cloudflare.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| GB | 18.172.88.26:443 | cmp.inmobi.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| DE | 52.28.26.73:443 | 1x1.a-mo.net | tcp |
| GB | 142.250.200.33:443 | 24eafd79ae009b68b7f04f5fe3831c95.safeframe.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | 24eafd79ae009b68b7f04f5fe3831c95.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | cdn-content.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn-content.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn-content.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn-content.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn-content.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn-content.ampproject.org | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 142.250.200.33:443 | 24eafd79ae009b68b7f04f5fe3831c95.safeframe.googlesyndication.com | udp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| FR | 178.250.7.12:443 | rtb.fr3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | cdn-content.ampproject.org | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| GB | 142.250.200.33:443 | 24eafd79ae009b68b7f04f5fe3831c95.safeframe.googlesyndication.com | udp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| GB | 143.244.38.136:443 | om-cdn-jfsdk.b-cdn.net | tcp |
| GB | 23.44.64.21:443 | contextual.media.net | tcp |
| GB | 23.44.64.21:443 | contextual.media.net | tcp |
| GB | 2.19.117.27:443 | a267.g.akamai.net | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 44.199.128.210:443 | adrta.com | tcp |
| US | 104.18.13.250:443 | verify.amxrtb.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| FR | 163.5.194.33:443 | nld-prebid.a-mx.net | tcp |
| FR | 163.5.194.32:443 | nld-prebid.a-mx.net | tcp |
| GB | 23.44.64.21:443 | contextual.media.net | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 18.210.133.142:443 | adrta.com | tcp |
| GB | 2.23.220.28:443 | hblg.media.net | tcp |
| US | 34.98.84.165:443 | ox-rtb-europe-west4.openx.net | tcp |
| GB | 2.23.220.28:443 | hblg.media.net | tcp |
| GB | 2.23.220.28:443 | hblg.media.net | tcp |
| GB | 2.23.220.28:443 | hblg.media.net | udp |
| US | 34.98.84.165:443 | ox-rtb-europe-west4.openx.net | udp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.9:443 | apex.go.sonobi.com | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| FR | 163.5.194.37:443 | nld-prebid.a-mx.net | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| GB | 142.250.200.33:443 | 24eafd79ae009b68b7f04f5fe3831c95.safeframe.googlesyndication.com | udp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| GB | 95.100.104.26:443 | e64300.a.akamaiedge.net | tcp |
| US | 151.101.193.124:443 | prod.magentocloud.map.fastly.net | tcp |
| US | 151.101.193.124:443 | prod.magentocloud.map.fastly.net | tcp |
| US | 151.101.193.124:443 | prod.magentocloud.map.fastly.net | tcp |
| US | 151.101.193.124:443 | prod.magentocloud.map.fastly.net | tcp |
| US | 151.101.193.124:443 | prod.magentocloud.map.fastly.net | tcp |
| US | 151.101.193.124:443 | prod.magentocloud.map.fastly.net | tcp |
| US | 151.101.193.124:443 | prod.magentocloud.map.fastly.net | tcp |
| CZ | 65.9.95.65:443 | scripts.luigisbox.com | tcp |
| CZ | 65.9.95.52:443 | widgets.trustedshops.com | tcp |
| DE | 157.245.25.14:443 | front.optimonk.com | tcp |
| IE | 63.33.186.64:443 | seal.digicert.com | tcp |
| CZ | 65.9.95.12:443 | cdn.luigisbox.com | tcp |
| CZ | 65.9.95.12:443 | cdn.luigisbox.com | tcp |
| CZ | 65.9.95.12:443 | cdn.luigisbox.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| GB | 143.244.38.136:443 | om-cdn-jfsdk.b-cdn.net | tcp |
| DE | 3.123.217.142:443 | api.luigisbox.com | tcp |
| DE | 3.123.217.142:443 | api.luigisbox.com | tcp |
| GB | 143.244.38.136:443 | om-cdn-jfsdk.b-cdn.net | tcp |
| DE | 3.73.231.55:443 | live.luigisbox.com | tcp |
| DE | 3.73.231.55:443 | live.luigisbox.com | tcp |
| DE | 3.73.231.55:443 | live.luigisbox.com | tcp |
| DE | 3.73.231.55:443 | live.luigisbox.com | tcp |
| DE | 157.245.25.14:443 | front.optimonk.com | tcp |
| GB | 79.127.237.132:443 | cdn-limit.optimonk.com | tcp |
| GB | 79.127.237.132:443 | cdn-limit.optimonk.com | tcp |
| GB | 143.244.38.136:443 | om-cdn-jfsdk.b-cdn.net | tcp |
| GB | 143.244.38.136:443 | om-cdn-jfsdk.b-cdn.net | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| GB | 79.127.237.132:443 | cdn-limit.optimonk.com | udp |
| GB | 143.244.38.136:443 | om-cdn-jfsdk.b-cdn.net | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 200.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 34.117.177.207:443 | jfapiprod.optimonk.com | tcp |
| GB | 2.23.205.29:443 | e7808.dscg.akamaiedge.net | tcp |
| GB | 2.23.205.29:443 | e7808.dscg.akamaiedge.net | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| GB | 23.215.235.50:443 | magento-recs-sdk.adobe.net | tcp |
| US | 34.117.177.207:443 | jfapiprod.optimonk.com | udp |
| US | 3.219.192.124:443 | k8s-gateways-gwlh2-8b9819a160-1697331022.us-east-1.elb.amazonaws.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 52.73.155.192:443 | sp-20190626072927664900000008-1504206740.us-east-1.elb.amazonaws.com | tcp |
| US | 52.73.155.192:443 | sp-20190626072927664900000008-1504206740.us-east-1.elb.amazonaws.com | tcp |
| DE | 3.78.168.176:443 | eu-tlx.3lift.com | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.9:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| GB | 23.44.64.21:443 | contextual.media.net | udp |
| GB | 23.44.64.21:443 | contextual.media.net | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 34.98.84.165:443 | ox-rtb-europe-west4.openx.net | tcp |
| GB | 2.23.220.28:443 | hblg.media.net | udp |
| GB | 2.23.220.28:443 | hblg.media.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 178.250.1.56:443 | in-ftd-65.nl3.vip.prod.criteo.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 185.89.210.90:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.9:443 | iad-2-apex.go.sonobi.com | tcp |
| GB | 142.250.200.33:443 | 24eafd79ae009b68b7f04f5fe3831c95.safeframe.googlesyndication.com | udp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.vip.prod.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | udp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | udp |
| GB | 142.250.200.49:443 | csp.withgoogle.com | tcp |
| GB | 142.250.187.238:443 | youtube-ui.l.google.com | udp |
| GB | 23.44.65.132:443 | e13678.dscb.akamaiedge.net | tcp |
| GB | 23.44.65.132:443 | e13678.dscb.akamaiedge.net | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| GB | 95.100.104.13:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 2.23.205.233:443 | c.s-microsoft.com | tcp |
| GB | 2.23.205.233:443 | c.s-microsoft.com | tcp |
| GB | 2.23.205.233:443 | c.s-microsoft.com | tcp |
| GB | 2.23.205.233:443 | c.s-microsoft.com | tcp |
| GB | 2.23.205.233:443 | c.s-microsoft.com | tcp |
| GB | 2.23.205.233:443 | c.s-microsoft.com | tcp |
| GB | 95.100.104.6:443 | analytics.tiktok.com | tcp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 152.199.19.160:443 | cs22.wpc.v0cdn.net | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 172.67.201.171:443 | massgrave.dev | tcp |
| US | 172.67.201.171:443 | massgrave.dev | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.201.171:443 | massgrave.dev | udp |
| US | 104.21.22.3:443 | massgrave.dev | tcp |
| US | 104.21.22.3:443 | massgrave.dev | tcp |
| GB | 184.28.176.81:443 | tcp | |
| GB | 184.28.176.81:443 | tcp | |
| GB | 92.123.128.152:443 | www.bing.com | tcp |
| GB | 23.213.251.133:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.201.171:443 | massgrave.dev | tcp |
| US | 172.67.201.171:443 | massgrave.dev | tcp |
| GB | 92.123.128.182:443 | www.bing.com | udp |
| GB | 92.123.128.182:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.132:443 | r.bing.com | tcp |
| GB | 92.123.128.132:443 | r.bing.com | tcp |
| GB | 92.123.128.173:443 | th.bing.com | tcp |
| GB | 92.123.128.173:443 | th.bing.com | tcp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 92.123.128.132:443 | r.bing.com | tcp |
| US | 204.79.197.219:80 | msdl.microsoft.com | tcp |
| US | 20.150.38.228:443 | vsblobprodscussu5shard61.blob.core.windows.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| GB | 92.123.128.195:443 | r.bing.com | tcp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 148.117.19.2.in-addr.arpa | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| GB | 92.123.128.132:443 | r.bing.com | tcp |
| US | 52.123.129.254:443 | dual-s-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | t-ring-s2.msedge.net | udp |
| US | 13.107.213.254:443 | t-ring-s2.msedge.net | tcp |
| GB | 2.22.249.227:443 | ow1.res.office365.com | tcp |
| US | 8.8.8.8:53 | 227.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\23b75a10-02fe-46dc-b9e7-dcec22b24ad2
| MD5 | 7da08c1987617098336ae76480331774 |
| SHA1 | ad8c5ac5a189a9ae94655fd01596551737a790ba |
| SHA256 | 9529390501e4ad1ab6559083ac9d44a772050404eedc8abe5269655ab1be9ff2 |
| SHA512 | c8ee3b5a44f8d2b384a444f704113207f503f1dcae546291e53dca35b13e880fd2728a9eba91d0e58339114d44983a2cf1400f67d36ef864a58881c20bbcdf16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\ff0f56ed-f08a-4ee2-8d26-d6dd0cd9d36a
| MD5 | 49c59292c19edb5f89593e524890d42c |
| SHA1 | aa26800b9362ed4dc64c425e1bd9f20260174bdb |
| SHA256 | 7e432a2bdde2008e216244ee5a8929d6bbc4f4a40b1d237e147710239393d2c9 |
| SHA512 | dd20dd525d1e804d7b6032172b2f6e9b0a38c2693dff846521723aa104866f4a7fd522030f6ea0c51b8ee7c5e0aeed62845da8a48ffba586db0585bdd034376f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\97336b81-8d0f-478d-aa55-cbb3fde02d13
| MD5 | b89d6e700bb46569da3cfc867fda7b5e |
| SHA1 | 5af7b50d4b02d68f47520bd189c660c5da8b6392 |
| SHA256 | fe585ce08979cc2963b5bd0085f85427ff978eab8a3d92a267109b9d09256dc4 |
| SHA512 | 89120b06359fa6e76cc1ca939c94a7e8fdccf31d917012dc118e4c288348d7efbbbeb0c2e0578b26ef308e6fed1c522d74e79df0cef65682143ac3b1ea5b7347 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0f9b550a6c9bbf04b52bb3135d9bc8a3 |
| SHA1 | 43344e2a894d249b7bdde90ec5b23451b6dee709 |
| SHA256 | 314cea0bb7ced8fa172c8e397bdaa3bc5c961561ffab8324c238eefcff9318e3 |
| SHA512 | 888f8f56128e1e7f262ee91575edffdf560ed3e844facec1a8546c7900d102bf47590775bace33d104a51fdbdd6a267444d427e17f5c4f081fb240ae1f53b6f8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\activity-stream.discovery_stream.json
| MD5 | 70089e84b6d6fa48e38606d690204cc5 |
| SHA1 | abd06651eb90261806e172030d1ac6b164bab636 |
| SHA256 | 2cda38ae16118e5bb20ff4db847dbb2fd9c0922063780437a23639d262d2c232 |
| SHA512 | 94ddc45a812c49cdfe39d96994c0433970c56a4e305b6eabeccae1560528cf6482e5764015c7bda5310b3eb224e79f1db81c74ec0bd585e47c8b19a0f8302ae4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin
| MD5 | 5e0e1fe67f0432c6e7b4088aee39d244 |
| SHA1 | 4e4a6cb614182860c2046c0dd490ec6d27e24b77 |
| SHA256 | a1355d31bb3aaf66d99a223ea21b9a1f1c115dafc51a6059cc468a9275f62442 |
| SHA512 | 7ccde03d3b893ba2acf759bee6b6cb47cedcc207bcf98fd625c13ba740ca2e22fdd3e71aa11f492d5f2382ebfce30e0dd4f099faf916984449932aee284edd8c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin
| MD5 | 2264a4176b150839de0f26d21f26323e |
| SHA1 | 9237074e2e834eed8c729695641c9b72a1e64940 |
| SHA256 | 2b528fc7b45519a4d014f0db1b27f35a2beab37515f549b52b604eadab8e4f3b |
| SHA512 | 8190dae5f4215a07b9bc28e76db4234526b15ef574536c082be825e528d4c599b6a5fbb044aeb9f7a47b0d9c8768d14e0aaf26e175efeb6deed0ba84f948d8c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js
| MD5 | b0aaa0f600b71bb155455c712ceb3663 |
| SHA1 | e59c3e36c380db00d50905a45501f371175d8ce8 |
| SHA256 | ec0a1011b66a1babb906211238cf1afffd6663bec40c5c7d84c343bd4f9f8686 |
| SHA512 | a80b9845e45e2b89e55f8895fb024bcbc5c32da94315049bab3c9729ebd1a42ae4372198bb057c8c928269e2b676565f050da969b7a62f47c3134b45e23163b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 72a5bb38dfaf61b81607cb175e16ebed |
| SHA1 | 7e8acfba4cb4285b02fd1718a03cf0075223a97a |
| SHA256 | 1528adf8dfda2dc1ac072cc5a6dbbd57a44e640fbc33cc8c4f3d703f722eedce |
| SHA512 | b1ba6dfe06c55ef95ae4469e0cf885caba0dd917962a9470d9d011b89ef15f441299c4201172faeef68096f358613e93985772f83f13b96fba43f4686844decf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionCheckpoints.json
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs.js
| MD5 | b05becce12c1de719efb5874c0567274 |
| SHA1 | 8a557a85dd228b8736bbdcf258413c8397ca65ba |
| SHA256 | b69ef2fa71437760ea422761045b5fba3bb4ece714ac406180db2d3204920eee |
| SHA512 | e388e459b18f53118de9b43732d13b078dfbaa452cc6cbc9e70a1dc904eeef7e2e59988301aef46f4ea76a91740c7c72e82772ebcca91e050cc9f8c06d1ac925 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\startupCache\scriptCache-child.bin
| MD5 | 4749a5e9e430e6f56e38cc488aba50e9 |
| SHA1 | 1812d38efec74342d93aae5f73ebd8115b2981c7 |
| SHA256 | 1d810fd340a20cffb85a86986d75ff0dab5a7b46a9ce3d9235971f7565618632 |
| SHA512 | 026b01b0358983976160346deb342bc54612c0a3e242045cfcb4dbc8486860e8bf0fd9cf5e927da514d88409289008430cf3bac0e8f686ec17b133df5a19b2de |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\startupCache\urlCache.bin
| MD5 | 638ea345627721b444d5f9328c8d631b |
| SHA1 | b576fd00cb3f9a282e675eada0f413c757a770f5 |
| SHA256 | ec637ee21e5a6509b3b9efdb7b2c239089a367aba33532da0d0c934b3c3f0a3b |
| SHA512 | 36cb61a295f0ca42e51682780a2a66790121c07e9367a7a7067329629616757b60980e479595e434cd36fea7d882824a5db381feafa4e72515f2afc0883f2742 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\startupCache\scriptCache.bin
| MD5 | 170b7b37fe29fad9bfcfa7c1c088f224 |
| SHA1 | 9ba31b560ef0a82af19a3bb42e81bdd99c70329c |
| SHA256 | c96a8dccafb859585ae713cec98683dbbc9a67119ef5a3b3136f69765baf33e3 |
| SHA512 | 261975e1cc65784da3ced5f744f3e09bd83bf3302b9ab84a8474e10d8feb15fea4fb7e2c7afce97e4b521b83f0a7000d62ecea7851ad2be0e58c1845b17b05fe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\cookies.sqlite-wal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\cookies.sqlite
| MD5 | 5e63ba40482a0d8f6424992835f2d194 |
| SHA1 | d4b77a538c5e3df2d63b24614e97790448619b69 |
| SHA256 | 11ab95a920602865185f9404366638d0ec95e201818a42dc4d96e721c6066666 |
| SHA512 | 21017cfd9bef5ad05a8208aa152b285ade969d2249089118449d92483d2201b3ab5856b30c42eff6fbae0a0ac57a559683cc2a938e89994e529f60ca58d57f91 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\startupCache\webext.sc.lz4
| MD5 | 4fdea168a5f852c4bb085646a99b5251 |
| SHA1 | 84c6b1624958f066202c2eef1f0726e7463f69fe |
| SHA256 | e37a6c00c62d9420f6e50b1a272f54ec8f1b067889f6e4b71866d2f3dfb16585 |
| SHA512 | 17e9cae195e94b620347afcfee415fdff3919aba6986b48076eb6a41575069f022a4552a7699ee2bcadc545431be3e42a026bd8eff152d12d54f913eafce06e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore.jsonlz4
| MD5 | 0606487f5ba850b5c42beb4673a17a90 |
| SHA1 | 50263a7c7dd797c2346daee033b145d41b769288 |
| SHA256 | a50a7835b11798d2fb3e03dcf74cc89b9ad07f0614048cae8e858c729caa7bfb |
| SHA512 | eb0eb2ff3508017fa9a96e514ef43f9ed43d2babfc9632a0b5e9dfd1e2585ec03177be654cdd90a81adb8a2c5f05ecc5b12927aae75afbc69526e216afe93fe5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 900d9f787d39afca9e407d6718345753 |
| SHA1 | 2265a381397086a9299e517cfa7444c8fc7940c6 |
| SHA256 | d0bafb76c5d29ac9ed473a581eeb6623c65298390440a6493e8dded18d09e179 |
| SHA512 | 121bdc80364497cc6c48e36537059002ccc56d7773fbd8fff41a1da38e028d1b00440ecd19c11bca8c7de2a8a8ace50ad2ccf610f72b6b45fb6b1a18d62e2ebb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage.sqlite
| MD5 | 6deab5295bb390c0eb93b4bddf506738 |
| SHA1 | 9465acacc30a71e89f8400c6f133215a471c29ea |
| SHA256 | 611344c1494d2c9653bfafa4df769b87d65d5a666500f970d11af99a1111770e |
| SHA512 | f2e3b04b3db514c82856b1f9ecbaed60ac66bf8f5741eb16e150e1d69bd2b0d90ae582946bff022a7862a1264e074d39cbf7cbcbc1c452488e17674ae2ab428a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e8f48960526a5e456c33dff59e5a835f |
| SHA1 | 578ce1738417e9adaf6028ef3acf053fd2674769 |
| SHA256 | 394ff47f135240d391b33fd9b15c65b76a24e8abbed27fd77240326cce8cd404 |
| SHA512 | 42b4052be9e316d37918ed67c4abc19e7a2ffc16e0d522c71c307d3ef21b99f2e646b9c3f4a28c370fb321ac76926054379cdd0caaee38571871d53a888d580f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 29cbda57dd7d7f5f6dfed12d48d4d12d |
| SHA1 | 2a662d41b2ad4bc98494e7c923c12e83e3d0c62e |
| SHA256 | 6752085b4d0a762ada52a8c5d40c640dc1208858c36258547a75ee5d6ce89ba5 |
| SHA512 | c968a0c60621ea2d3546e002298321f49683e12ab7541948a9c1fa6440a209ecf85b4849a5dbd07bc485022f806db11dee1a7f1ef570766373bc7dba66609037 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\d1e1e893-9f73-4016-86c0-e1f6b626299a
| MD5 | a289174c8c42789b21c9f9f5ae4e5630 |
| SHA1 | 7a49888261538caf0fbad8d15e742ecd90209eee |
| SHA256 | 21e1e309cd462f404dad440aa1ec35fea757b896054f9d475f240b1dba0021f3 |
| SHA512 | fcc9153c0219f52d349c8682214d4b335b2af0e805a3d39ee75590f37057c2173191655861fcc6f8c04ff45bdd2112854752fad01609dc02dd445bc03c2cd667 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\content-prefs.sqlite
| MD5 | b41ed219e2c8dac47f2701562d092621 |
| SHA1 | 90d507eae3ec943a121dbe5a080412e40470b54f |
| SHA256 | cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f |
| SHA512 | 5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\protections.sqlite
| MD5 | 76786a4c0dd19d88d6d3ed95a293bf2f |
| SHA1 | b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7 |
| SHA256 | 1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31 |
| SHA512 | 8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\7904bf33-ef4d-4250-8d74-ba20687e02ea
| MD5 | 604304cc47bcfed8ab4dcf11597476b0 |
| SHA1 | cc9960063a69d92efaccaaa5bd2d33861c49584b |
| SHA256 | dfb13b73da38464fbf5b63f99e1b2d4fd7af6513d01fe0dd99f591ddf7769ee4 |
| SHA512 | ee4a24e4312736364927e5969ac9ba444b121f0318ecb9a9701a954c9e3e4e84a23a51f5e33314de7c95b1ddcd94f5a5ad0d379541f8e81e624ef43379c8fe0f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\events\events
| MD5 | defbf00981795a992d85fe5a8925f8af |
| SHA1 | 796910412264ffafc35a3402f2fc1d24236a7752 |
| SHA256 | db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d |
| SHA512 | d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 6ac9f224cca07bafc46ccaa847c7cd82 |
| SHA1 | 88bc5be1f7431d19a7efc29babd6dfb3cea787e7 |
| SHA256 | 3502f939bba68ad91ffeb49f6259b1f62ebb94f071bd8cadf0f2e274f4888b71 |
| SHA512 | 8003ce6c013d6d30ee3396c8f71ca7153f258ad048245acbb5fe8bcebf8bfbd249c4185f30c9320e106c36950d75518c49cb41bb052243719cee79d796dfcc10 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 0487344d4a58bf9fda61d40608c99acb |
| SHA1 | 68fdc744665eb068ef769653435e16cac79b0f99 |
| SHA256 | 6ee1a6765f06aaf1c21fe8608f9e36dfc5bf0cfb6f77b469e9553191321e8ed1 |
| SHA512 | 887bb33a9a76e9f9319ef38161e31124f2e8d2670cf14acdd06539266d4e2e346f4a154ed53e15887bb0a9c3ce6dcb2c8a399587e69bc1d212f7e70b959d1f13 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin
| MD5 | 89e4a959e095bab758389ce4ffcd4ca0 |
| SHA1 | 68dff3b3f7e4b3783cb01559f4bb98490b6268d5 |
| SHA256 | a30c9a6b1cc08c5cc50d953b4749325d5a21bbd508fee18aaf497935bd844383 |
| SHA512 | dab1e475ecc11be20c0492621e728bbd22f03e2aec175ac2ad9a6b357a68d87ec7715a30d77fd2348fd11f918392959f238fe6914c5196da55b4d8d34f656884 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\places.sqlite
| MD5 | 514e097557d0c4a40ec94cb82b33fed8 |
| SHA1 | 4ddc397a7dab9edcd59bc52ca0b249ed14b960b6 |
| SHA256 | b9042efe46979b85505a867f959279b03e67cc0a7a79fed3812819556f508867 |
| SHA512 | 530eea7708abd3d53a9426cee5f8d190067f266df951c04977b814d6c50e2eb4fd369e70ba7e99b5d8cf308af7f4252f4e55c028b3730547157c6db546c314d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\SiteSecurityServiceState.bin
| MD5 | 957187b43647afa19f64a77f8cbe0ffb |
| SHA1 | 2a165b0cdb058f798df3ef1ff7b6cd58980cef03 |
| SHA256 | 8fc41a6da353fe3e9c9f60fc171f16e31d3455bde951f0697ba989fa0b93be98 |
| SHA512 | 4cc2b89185b8bff2a258238427cba0f60da56f79fa6213bc54006b707361ab5a22be3efe1c60ebc695fefc3523a1e84a375ad32c9abb6bda342a07569f26fb13 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\cert9.db
| MD5 | 1c83ee7a3fcae05eb359ad5c24bfccef |
| SHA1 | f361ed03d4b0dee9727f7ffa55950d5ac3a2fe6a |
| SHA256 | 046bf1ba003d09754e5854eb65d74c3b9796ce20139f5a266bc662fd03d64246 |
| SHA512 | 6ccfb0f8aa6b8cb5b77bcc5b9e0ef5069a355244d1afca6954482dbfc3c6eece68760f9b9b7c82c60d93d1261ce3baa4e0031675d9506ed0cdab27871817f637 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 826c8fabe51de6a16210d67e0e4c3492 |
| SHA1 | 7264391bb6f9e361af1940d639fd517a19c657e6 |
| SHA256 | 1cbf1eac08448d2294a50c083ecc1bb1afc276bd6060c8ba3d1238953fcb0cd2 |
| SHA512 | 9f895c040bd9fc5d446bea939825e89bc0ce4a2437257cf12cde6dec6d135e2eef80e63db38427895f4950f77f0f356bf7e018171599d7af2e0f01772d182a6e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js
| MD5 | 4ff7269bace5f0e59fafc40e7cbf7319 |
| SHA1 | 9a9908a302bcfd6a4a5889f4cedf7cc85faaf6b7 |
| SHA256 | 74b161b9efd8440f292c2af201389466b065eb1a07ad6b83c16e47b4511c257b |
| SHA512 | 3b51a2d1668e785c24b3a1de33ebe4f642e7d7296479b9a38cbe62184fe9ee0d78926d2116d322fdcda6a94198b95b4cbd9e17a2f16348b4581334a0dadff742 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\default\https+++www.youtube.com^partitionKey=%28file%2C%29\ls\usage
| MD5 | a4b57866747aa8bc0828ccb259689903 |
| SHA1 | b77c045f5580c81a6cd07a5e5d2271064aa52233 |
| SHA256 | 395c2160a5f25f4ebff4939482f032465544c7d1105b8f93b529552a1f8f7b88 |
| SHA512 | f5e9b04e525e1bb7a913c3e02504f98b1f860cbc487029075c668cfb560bcf85855d7e48ad19586368becbb6157872b70a083a40081c2c109314ccbe9e5825b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\default\https+++www.youtube.com^partitionKey=%28file%2C%29\cache\caches.sqlite
| MD5 | 53796012e6f93cd460424e184a5ff44e |
| SHA1 | 68d2d20c2e739a393bb222bc316f800a19801b08 |
| SHA256 | c61189e0032514f16b97a17458c931596024f184024158eb6f743a8c46b1a13c |
| SHA512 | b534e559567da2e5f370a21aff79f8e586e5533acfe3ba2d31991e2e02e34b7c13b4a71a502701b8a923cc666e3639874f7525b320267d103f56eed15b9f589c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\default\https+++www.youtube.com^partitionKey=%28file%2C%29\cache\.padding
| MD5 | 7dea362b3fac8e00956a4952a3d4f474 |
| SHA1 | 05fe405753166f125559e7c9ac558654f107c7e9 |
| SHA256 | af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc |
| SHA512 | 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\default\https+++www.youtube.com^partitionKey=%28file%2C%29\.metadata-v2
| MD5 | 2e90cfea57a8305a7fef333dc93787e6 |
| SHA1 | a01eb42438bff0c58ffe9ef4201299f61dc754e1 |
| SHA256 | fd702739aeefdd946f40ba4ca5434e763d74f05c3f271874e905c5a0fffbf7e9 |
| SHA512 | 381efbb711b92fee3e3535736bb7456b6a53c0ec4ba4df0a8f2b8c72c42fbc40d54b18660cd2975998f94a6e9937bea0af599fedc2190700ea1816e63f7b798d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin
| MD5 | 7d20509c8d4276a489c70cd5e08c9c55 |
| SHA1 | be7d8ff1e324bd5d4ee2f9cb7acab45fd07c0e15 |
| SHA256 | b7f73e9f62441a1e44e6e983d193ddff462431fc2226e5df860b53ffae898861 |
| SHA512 | 3d7501995ad42444c18cc8c4d93fbbb0c7761a6152b015474ff5629d632aa81229460c551580ddd26026431475a604bb837bdc7929de7cf7e09087582f355753 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 13eba2e228fac8af2fd25f90be04ee63 |
| SHA1 | efba5e699556659a359daae653db636fc9deb26f |
| SHA256 | 2c30c4b61627f9c5e5bec9a24fad51a23854321abd78f3c1feaeeb1a0906254e |
| SHA512 | 4de81d65b67c596a85eaef9ef3bf4e02efb54d169c6f5eb3a8724907ced4997702b5135e44b5f9acdbca7d3e0abd2187603c6ee6453fa2ad3a29165eaf7ee6f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js
| MD5 | 8e7d7653b53bdf8092338f37cef18a4a |
| SHA1 | d94ee2f35b84e502459108660aaeae0fa354ae73 |
| SHA256 | 96a2c8dce1a6b58a46e21aaf25f94130ae2c76871edd4b038a3bae248f2336f0 |
| SHA512 | 8f96f225e3fcea44f59743c36eb08380599b1ecf08eb8a8c8f2a931af95d08fb9706ab1905a98735ac8b5ee8c49887b465cd3de572016def4826077fc3021633 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin
| MD5 | 17fd4c70f1c197915c4009914dcffb58 |
| SHA1 | fd01faced9a5f15d80201f11805830761f79054e |
| SHA256 | f874487cdb8c1b4245020e267da3e49fa41f47f1bc33926f430f50f68a46a6e3 |
| SHA512 | fe1f3842cb588741f607f4553f0a71d092bc9bab7b0005b6b19724fa205d02d1cf7f43a34109451749e9ef3eba6c748ce2d6dc2ea5223cde8a07f16f9c5a7843 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\7F34D320F5B033BA8189CEC7C732CBF697D610DF
| MD5 | ea35ee477c96d3f500092d5c59f97aba |
| SHA1 | 507f444fd7c417bd90ec1c9224c5da5e8e625b58 |
| SHA256 | bccec12f7ac0b9e8eda42af9195cd3c98c73dd9c31884dcd6109408b80f15909 |
| SHA512 | 69034372d492365dabb7218dab76f0c5e52aea333cc9850fb7c8d2ad16a80b56fc28db177c7536e418bd393350763dfed55bf66cfed5d4135b599befb110656c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\946051FF38450F4A6FDF1119288E45EE4DDF4367
| MD5 | bbfb966ea5a9b0ae2d7bd242207e58c6 |
| SHA1 | 8e8838f6645e6ed326aa58ef001433cfc6d09299 |
| SHA256 | 0cb99ace765a17b99a90d1ef7a3e2baf46fc9490031edcce9c4a4b2864418e03 |
| SHA512 | 9377b4b233d8c184e933d44852688e00fb35869f7fbb1627b7761427bff017d41c9bb4fbaf45bc23e5d3f20ff0c5d8fc93f051318aca7c8370f8e356dcb2982c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\8F43299B2BBC180803AAE2295F17077D2C87FC5E
| MD5 | da5fa8f46c2683fcddc351f1a659bf23 |
| SHA1 | 35bf96c5678885be5c83ec5c19c71ee49ffe1c88 |
| SHA256 | c14b4bae410a221a49e907f4cecbbf2b32a257f79b666f534c342548d2d7495b |
| SHA512 | 89a4619d145744ba40bbbc0916e974553a79ad34573d8a513f4c03ee100609f9daa46a9e4cde308f7efdbd7e730ccc1fde4f83a18d3f1ce9b21ec849be85f248 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\CB5A4F33D4F9F4B6BA8DD50F46634FF3303B0DF1
| MD5 | f1ef5a4b245e4ab030462b54f253a09d |
| SHA1 | e4cfc814af3dc4761b420c4fecabcac944db952f |
| SHA256 | eac80df634e8213a87dd17cee4f5ecff04b6417c773b659f0824ead424f244cc |
| SHA512 | a89b580198de8ebe54d5638a70d54d84682859c96c268e3918d422420352e1e332488baa0922378751e1bb7045edfcc702850331250cf0ff76d127ad15d1c9df |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\FFEA186303E2C3A67EF2CE2F981001C786B6A1FA
| MD5 | 0312c8023e59239b69717e30f4c8f82b |
| SHA1 | 0f2a6b4ed57b1af9b3b85cafb60bb5f6142bdafe |
| SHA256 | 9d65081b2e8f6d88772a91ca60d3fb88f05baa257e78f7ae64a593ee73268d66 |
| SHA512 | 66ab82dae4d77bb5f0f484852a004ec73b6f29914c9d7650a1dc7578502ec922ba428fedd1c2510234fc194a3993f796bdfac706374ac3d2f89a61a6bd9e2213 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\BE7972CDC75A44727A5A58EC0AB300EF10F1C5E3
| MD5 | 5631b7c8c85b4068b861ae8d2d489f97 |
| SHA1 | 071e6c14ff8130ae4662f65df0e457a0a5609102 |
| SHA256 | 360e8d0adb9c440a1cdb89e49b46b9376cede659c7d367e8c2cf67598f0305aa |
| SHA512 | fbdc7cfafb371a8c24c78e446fc0ddf502dda240ffc09eacba61ff6ed2679aede12a04957a345ccd7529d8db0418da1d56dea2d123e316ef7ba0d8aeacbdefc8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\A5840EBEFC4185EC3B7EC9C3A577255C26F6C904
| MD5 | 2a3b52e95b93b85664af0487d7bcc87a |
| SHA1 | 8a013b9d3d62ca55be88de9ed17efc15ff22ab23 |
| SHA256 | 58506135885bcd9296c8e4adce2bc023912839fc41aa8fccb13e498f53be144c |
| SHA512 | d4d662625b7125bf011f8e0cee2ad56aa52f22f07578ad8618dc574927380f177bc4b4cc53d7b22b8050296b745055126d72ea83644edfba47233fbf04bef021 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\9F16EBCE0777B2AA36C210816CF31AB489DDE806
| MD5 | 2e8edc920c935388768ecf6df0fdbf40 |
| SHA1 | 1664ed1941e55df801131681018c57e30ce52091 |
| SHA256 | 5bc6404e25bf42d39cd19b0d75a96262f71d421bb8c4c5d065c288093ba8d5a1 |
| SHA512 | 929cf3a9b55640f7ecf9b0648308b66d813898f635fc7cd067c58ce97e6580e1f7dac9cfc9bdd197ac848e21c1a02ca96f1b8328ff2db9229fb07b9ed54a57e9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\8B331D69860B31E1C88FA8032CECBC0E569603C5
| MD5 | d0c0fa78f64142a140b0359a494bfe61 |
| SHA1 | 830d33819b61ebda67e0b8fa5d5f822d36147805 |
| SHA256 | 9028911b1912681c90237c2ab891869afc39926c6bd3b78151e0e4d033779ef0 |
| SHA512 | 4a13d69c51c4196cb597ae86570584c22b45489f2e3a8b175410330bda1d0c75b76b4335f764cb6eab5ff0194e6b477decb122c08bdae0b9875ead1a33e047c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D
| MD5 | cbba9789b59302e8c3d1ab08328a0b42 |
| SHA1 | 57ec9d5075d6560e0882cfff677bb7169391f6da |
| SHA256 | c79c7eea0984a13fc5c40718997613665e2b936f235c542f3966333ed1ae329d |
| SHA512 | e6388d0321ea163e604ac535a668fb9610ad951a03dd4ef999dbf0560f151941acca243567c4e17548f340242c30a2ffca767503f246acb966662907722b353e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\886C4994DF7F76CC40A6BB729FED8352E14F4D81
| MD5 | 8f17790a791d3c0d036f67bfd4317ef8 |
| SHA1 | c843bdd82bbcaa3c9615aac8fa6e442d79375907 |
| SHA256 | aace0e884bf5d2662a52eed6a470a87dc74d150207e45fafec10dc72802ea256 |
| SHA512 | 1b014dc561a95475399554c5bfba796c44583f81ee4a8debc5e953f39beaa87ad01fbfbde033eb2cc6e30fc0ac9be5e4c33ca8ca1827b19b478ea556a2af0054 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F
| MD5 | 31ed54b2ce914d076548936e876fae11 |
| SHA1 | 9aa35bedd82e7d3295ace5c233d481baa4fcc074 |
| SHA256 | 5fb2b613ee6f45ed093bc534c4f8d1ac686aa5561f6d5436672551a641b6e22f |
| SHA512 | 317afd6c876c95165d9a17bf7d4011c0cfe898fd60394da2240e32043ed62676c8b337150dcaf97b6a4a1f923c13fe7c9388ae107059e8bc6fb9791524b8a154 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\4C863284CDA7F859EB300BED16DBCEF9517F1824
| MD5 | 76ca12eb7892e365d4d3e007ee900e13 |
| SHA1 | 71f607d4401ee23389680d0c9d8f4d47937b0c72 |
| SHA256 | 6ec1864b748b7b94f70c7d91d0740c062b876fcc4bbc988ceee822f769ed41f5 |
| SHA512 | 23ec3b039c6d99b2db84226eaa6e2ec1cfa08de734edad5af4bf73ae9e7748554347fc3ff3fbee70e140da5017b844af9ab934dee819abb2d33f6e4ad55bd708 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\467278926FA6BE9CD4598AF97AD16B5222F3D911
| MD5 | 5527a32ffb50c317af7113f71393c1c5 |
| SHA1 | f613ab1fbc63d4f51b7b52b8b07b75cb81941cb4 |
| SHA256 | 44dfa3fe332d31624d547a33227ff87785d9772c7d1dd27b2afcffdfb8506ba6 |
| SHA512 | 9647976c84c1d9e0a51312fec90f97ba324a74e5a76ebfd1cc0d1477b39f500af8d0017ffc8f36eb5c03f29f592e7afb235349339c1c9ab741c40184bedac7d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\2CB9B00BEF717319DA1C0E53220BD4B13B4C7769
| MD5 | f35a8d04a6a63db87372b5e077d17b13 |
| SHA1 | b4b0c9c3040395a707c16ed1fc4d5542aed8ec36 |
| SHA256 | 0695a7d7cc034bdda132f168500837bea1da54ad660b73085436f2c144cfeb86 |
| SHA512 | b8050b46952a4034c2a1ecc50f8f6803b232434686dc35cc7c5230aec581b411a181d6c2895187512eaf4f0a5f92b6bed4d8e2ef1c4853258569e72657f2c5b9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\2875BDC75FEF61E9400E2169528F1EDAFBE603E9
| MD5 | 72aa4ebd0bc91920ac818602ceabd789 |
| SHA1 | 560ca545a62f245aa76cb792f29be659c86a82e0 |
| SHA256 | 37a19ba7c49ea067a5bc9de04f4d2d5680020b3be5f908f5e2956e6ccbfc9100 |
| SHA512 | 7db60d09df30202671a8790c17daa3df3f4608668e4103574ca66779fbf8f82d26d732952a8323b30220760838169729a82a6e5e58ba7d141c4624345faf4781 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\1ACF39648915F0AA10ADDC343CB85B15F9487C37
| MD5 | 2f4b39aac25ec51f601f161624578807 |
| SHA1 | 26ea99b27c19e5c2435712e4218ca1b6055e95b5 |
| SHA256 | fdf1db12aeb2442971984e825a5dc1d1db88b3f59f8e1c73d2e6c28fba219a66 |
| SHA512 | dd5812bdfbce8df66b29828bafa96365e6e89e79894f43095c20f85db1918997d53eab03c2bca0d2d7bb068b85450c33fb427203424f96650e72af6c0392b905 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\0304D768E9110FB36A66DD9433067439C05D940D
| MD5 | adfbc6a515313bf3c553c84e59534d36 |
| SHA1 | ea40a92009566591c20f79dad47618009f362242 |
| SHA256 | 4d7934159b5f20fac11e70bd23c802b90e5382085f91ccf525a8d74cb1c1f159 |
| SHA512 | ec85bd576fa7c3e67c76907a1caf5ac52c9f374bd0eb647edfc31ab0ec133b7a9bfa3147e60fedfb2a5d289ace4345a305776159d6db26bfa1dd625c0a38d3db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 53312705781a407eafa321d0d7efa3a5 |
| SHA1 | 008a8961b7c1c29aaae24d64c492443955dc6a5c |
| SHA256 | b3f9fd6d23562c3238637e1b6d3fa2506053d3a41398cd5785803df85de03550 |
| SHA512 | 725610169567db99c5fcec6b7552fc3f67f4a0b18782b4282af44ec9bc5aecd3581e0a760fa06e4f7e4f6940d9a43848c6dead9b55dafeb21090ec1d983510ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b55a4036ddd369cd3bed5b2b7d16965e |
| SHA1 | adbbfc08e62fbb777804994fce99a3beb09bf72a |
| SHA256 | 0be3b004471ecb077723523aed9e49ad88723da24ffd7c75b86e6dfc6943b0e9 |
| SHA512 | e65f5d00f0bdd49a165c568f67296123c00d43037b675d343ff1bddcdd4b7001e55ae2972d4796a6278507e134c818eb0253db05c37fb20bd8a1d2e9c7721295 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3cd4057318b92ab86a22995034ac3dbf |
| SHA1 | b5b6bc77df03f2f2a9256da5ba3267d7d805ccb0 |
| SHA256 | e26a45e7ebbdb05709691411b453553553e40bd23fb9d5c852a8e048a740c238 |
| SHA512 | 914a0cea32f768887f11ef33f712101d0b292e018c0b31465cc0191fbaedb46bdd34eaf75a11d99ac9dbf584dacdeb40df9dcf47def9dfa997c8ab39c997adf4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\default\https+++www.elevenforum.com\cache\morgue\127\{16f1374b-432b-4de8-8051-1149dc0e9e7f}.final
| MD5 | 13c14e685364c9df708a171e1f7969ae |
| SHA1 | 6a08b3f393889d45f1fe6362f9021c74fff4e43f |
| SHA256 | 3e8091c70e0d802bee5318e0aa4eac76fa9a1d760b36a545b1117c09a8a7ad45 |
| SHA512 | 9064bdb12ee403eecf62d8763dc51bf68aeb7e8fc52eca6958dc7a8dce1411f342052f942234bf8c272114dc353a3cd5bb9e06295d8dd8084625c15ed028e136 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\serviceworker.txt
| MD5 | dd152c6d8b8aad92a9600da4bb4a1008 |
| SHA1 | e1e4753ccf5946fd0b93dfa99fc0c034a2fd7926 |
| SHA256 | 69c30e885a5a5c7fbb38472dd0cd1380412a9f17bef5c4ecfb41ad6b05510587 |
| SHA512 | 01319748b5b3a0bec42cb2b0744a7549b99952a37ac6adef25bc8683253f2983b321fe30880337a0e2c38033728bb9d562c7ee7aeaadd93425c502907b42ac16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\serviceworker-1.txt
| MD5 | c3d763de602bccdfa4043a047d45dee0 |
| SHA1 | fe5510f7682f06770cb606d2f60cb94972cb4929 |
| SHA256 | 0cea423e09511a7a0ace0801a38926ee7c76b9972e3ab30367a383658e7b80fe |
| SHA512 | e3736c65f8b7eef73f6bf7e3559aee3fd0aa9755faaf0ad9cd51acbf906003cf11b84a47fb65b7ca4609a4778ec250d080a7c7f9c9db44285ed2a2a77f2e3ffc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2a985b941b63acb677a33f104b34b0a9 |
| SHA1 | b78a577250555e4823dd9aded4acd783e5a28a20 |
| SHA256 | 7bc6f516077227d902ca5b01530be80d06761c9789a25e80c5b76c095e525990 |
| SHA512 | 3e1959a7a62e593f286012b234f309c6e46c5803842b3bf18165416d7d92a903c53a99224e3fbc74cfd405f7773df91adc9d9f6f8ed12ce986d752c87b85bd56 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\3C7CF54E0DA7F7FD361FBC85817872A8BAC08AF9
| MD5 | 78565607771462c8140babdcc0934423 |
| SHA1 | 0ae8cb834f12ac49fc6bbdb4a08b11f93e139749 |
| SHA256 | 8c8e7dbc61fc487c3aa37ef94d66c416a78eb2562b3d887282d956a371c0aa76 |
| SHA512 | 35f317c8eaaca53e2d0f40d6767052aaab1d0d128a52c93943c190fa71d567a556e89a9ddd27a3238341a353f6f08980e7b093a1ae32d15c7312806de3cda818 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\A9AF7EF8516DD52939D88490D953E8987F2E1663
| MD5 | 8bf3444dd18c1d146b2d36a99c6d0592 |
| SHA1 | b34e8e2ea644b5590176094f81bb18d673720c4d |
| SHA256 | 492d04363f5f7878334ba9cfb37678008be8b7c4b0fd51ccd5f58e2fee91734f |
| SHA512 | 7afd36c79dd3ff3e41a017a8a8cc8c74047f2822d95f4b5112fa02616d2a7dc67dbf783599d5c50915d4cbd5c24ac395de03420c599d03f09af84e15c9e4429d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\BFA88AC837170297DA5737951023BDDA6ABD310B
| MD5 | 33f0618b495ffefd7c31198e00cf8da1 |
| SHA1 | 955dca4de94e02db752dd8d355e76bb77358042d |
| SHA256 | e70fac4964a2a247365abf672cd5a912b9a6651e7e61d4931afe04bbd06ca66b |
| SHA512 | 53353286022882b7d800438c2e6cad8b917e0de2241d66e10557a9babe873da05f8bf1e8124844d97793eb793e4268fa595fe41d63cd4c0b6ad193f5ae6225ed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\8726D34D504C0ED13B81B41DAA04131E1C4773C9
| MD5 | 6a7fd6172b5aa36e148ac2e40fdcacc3 |
| SHA1 | 286c6b13f021eaf94080b3d92ca87b33ade4036c |
| SHA256 | c57ca35d271abd05faf3d4df12ccfae54faf4e8182d38cde2ee07a0c96ff36ff |
| SHA512 | 263804c71a066c38541ab0b08b8ccfb1f621fe1dca5acd05ec2794a64c26ddafeea89c03dfe405dd20d7ac271f3ac9af5581cf924960db93b3d2e9739abdf05f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\4DFA2C33BBF12971A65A127A740B9239CB7432B9
| MD5 | bbc4a6d1059a4b21f0bd1f070d96c090 |
| SHA1 | c246f41e1bfb103ba0f974cbb8c861cba275f479 |
| SHA256 | 4855114ab49683fd1efabb3aa341671aaa752bb6a462982737ffafbe2f54cfcb |
| SHA512 | 83daf9fa9895269db6bff73a603d507b00f23321cc95fb2e9e9e25824f4970514d21dd95c65a093565c9a133908a09d3ac29b1e8bc6ab971e8c4e50b909e2456 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\A65158063E7FDDE747184D1AD06CE2781C6E3BA3
| MD5 | 8cc9d513dadef38d22b063738a260f70 |
| SHA1 | 9a5fb4df9a7f982db69dad9f8cd147ae77694da4 |
| SHA256 | 9779fc65785c90d4c1251dbb087280341aadaea0b64c9cec9f87652e6ab6035a |
| SHA512 | fb7d489da4e9491ba7bc13055eb3efaf14fa2ce192379e15e17532eec6142ab1284e52e0a99d23e0e65e5544a9311b13af6a25bd27efc2769ad42d2b93d368aa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\F402B499127546414266494FD92B13E863B629FC
| MD5 | 72dfdffb38fe35e96a924cd0edbfeb5f |
| SHA1 | 6b6e57702010922be0908e4c4918fd5bb41f5e07 |
| SHA256 | ec2858d27b4586686f47c4793892e162c1edf2aba00ea54d13f8c994ea77631a |
| SHA512 | 1cbfc042cdf0dbde818892b3d683634862ebf196268ee23c2ce92c6559b02a402f726fbdb444de8afae25cb771ec26dbd2f9b15da50c43e5a373a9fccf015179 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\826577A2CB3DF19389D6B1E4CEC353B094304D4B
| MD5 | 1bed3620968a678cb6b1411314a3128b |
| SHA1 | 4595657a319bd41d568abe2c80c906f1ea34656d |
| SHA256 | d89d6f3f4eec5a4d101f0ad2390264bc685b66270e550deae15412bd111a23dd |
| SHA512 | 357cf698d8de14fac931efe1ee0c1a5644c5cf44b3422d272a46a181e9cc6fb79939588e2bab8df64a8c8e2156407c918b9b67b3a930c985d9c4ec6c29a9e173 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\3200DF912D7068CCBC0875E9ECE15455A29401EC
| MD5 | 12301f00b74e4a9836be97a5c2b00e99 |
| SHA1 | ece121a8ff8b67409d4c4ae0fd4b855cd86b94aa |
| SHA256 | e1503b6aef5700311ceb5ffd969eaacab9252eda43129d91100511be83f510c7 |
| SHA512 | 9136a7f769edefbf55451875c67b63a8ac00347bec48c4d28e3159d22c53e51de4745103e0affea022e25a15860b9058baa6a3ed9292eeb6da35fc0dcdf1e0d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 49a6057ff4233fac03e091f3d036e85a |
| SHA1 | 9c61275c9d0e2bb290fe0a5bb161930ceba5a62d |
| SHA256 | e2137e20dd81a122732440ee67eb800fab29a546c44b6b4a6ea1c00734488c7b |
| SHA512 | ced5f4c1dcd9fa362859b4db715b82beeb33c6e07fb81f757d06ff25d07d16ca74f1b85051dbf7b63731bc12b99a2e9221c71fc5523632bf073d3a58393b2a5e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\FAAC65D91C4BF1B93F7F0E11CC0D3EDB6FB143E4
| MD5 | 5e6961885e98e9dfd0323ebb0380a567 |
| SHA1 | 865a9cd488f310a02baa240e0c8224c115a7a28a |
| SHA256 | 29f5309372ed297d7791d640ca82ccc8ec7fc3845b9742dce3984cc414adef5d |
| SHA512 | 5dfdc84bf252afd6dffbf204e3cda7eea5808ee686c03e190d5a9d5c340a9ad9e4ec0a7f8a60bc9cd77ce8e7391116e3a3e9a7bc797528c6dea527feb89d74b1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\9904533E06F6B70EDD58D0740B7FFBDFB1BC61B9
| MD5 | 72ca4715a4fdee172c30b9dc71898ed0 |
| SHA1 | 57b3b29964caa91b12a7b7767405ad442f36ea62 |
| SHA256 | c0836c93930c3e47a9f73cb9a1b104819cc3f8e3dbbdd9584454dac543e21a39 |
| SHA512 | 017a787dd6139e8d879f199a70cd9ac738104cba929526161aa772ae729e761f9b747d0c5bccb4f9a9ca189b327375360059bdb1f5bdd704f6ae8a0d0c54e29a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 79236e2e680b1fea40afa276feb70f8e |
| SHA1 | ef2da2d8b145cfcdc6322beea988d95c48612d5c |
| SHA256 | 0ae98356bf37939d9c1e70577401080ccc68fb30706377dfd5bd085846d4674c |
| SHA512 | fcddc528a22e723b45b6cebb953b76a80bff6a4fa810ffbec72bba8dcc380e41a88026af86d1b61b2e39a8450281b8871bc69ba878e65180a85a4564c9cfe075 |
C:\Users\Admin\Downloads\mMK3gd3N.reg.part
| MD5 | 0af741b8071c5b2fd0e7ec3216feb774 |
| SHA1 | 1ae2c43ace589289e6bc0733601ab0f9236fc4d1 |
| SHA256 | c46f21a7f3a23bc6e4c66df28ae1e594598ede1711063aa1533a80888977850a |
| SHA512 | 69c4265b7a0fa27ce058d8fefc572007ec0261ec47ae4b3c619a7e3ba5fec870a694efad7fd2034ca5a2e88bb9377084c03175606fea5148c74bd957504f2f0f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1d7e0905168951e81a58552c189a090f |
| SHA1 | 4ab804684561b109ed796a59c42f4841fc81d98a |
| SHA256 | 1b6ee27ebf1c5b6dc85c84e54907535e454908d6ba82fac356eb294102f84200 |
| SHA512 | 91aab49a419d98ff682419775a23e43265ee86a9da3b02cd0336f2894c4ad4ef5174207eec62ab258f9ce93a1ccf9ce87a13d7b2db82bc8bf5d144f412989e2e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\0bdcbfb2-49cd-401e-913e-c4f18f9d1df3
| MD5 | eb7503a1d78fd07ed5a3865f7fd605bc |
| SHA1 | a6c1171db134e4915e9c08a2317fbdc7a0c1e418 |
| SHA256 | e1c7355eea08657187b1526d697f8f3fcea9c608d87c7ec4a0ee05023ef9c966 |
| SHA512 | 76be83e632130249bd9b04baeaaf16d8e1ae3aa7993f5273ebd07ede59c4bd71bda7a2cee35dccb4c111430e9bf3b5be94e546190377886866b4e1f40f3264da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\aac38a1f-f1ee-4574-a06e-fe33a7390ffb
| MD5 | b7ae893c4e07095a24bc9525de9451bd |
| SHA1 | f38919145f0c9f69c82838f480f4ffe004c26c6d |
| SHA256 | f14fa7b0910eeff6b00837fa1850d82c03fbe2a01338b58222d78fac68f16281 |
| SHA512 | 0e115c4f11df83c3658498e258043c8dc732d0dc0ab53e4c07ab02cfbc6130aeae7307c21137b13262b6bfe36aa2a3a9f9cad8314b7c7b927d89c43917fc9f43 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 154f7ef7f7d1b197a0dbc9b3a2f766b9 |
| SHA1 | c7d54c0d0f796d2983ae6aff9d3416ba36c2b80e |
| SHA256 | 114df8fa516945bf36077fbffb2e63a5cde979847c4fd7a3b5009dfc1a3e54cf |
| SHA512 | 2305882802836dbf43ba7070e67a89c110a69531ee0775a31d2de609b1a9c7f0da2a0091ad6e195c4ef6cea449596983dad9871e1b4baefb4de94bde3b49fd56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8d56e353d0b08a93e38cb9d0dd7d194b |
| SHA1 | bcc0e65c9fb610541bfcf18813d89cf6405460be |
| SHA256 | 6cf55611dd5a220f475445fdfdd358714ef26b43c5d581f1586c616ba9f38b0a |
| SHA512 | ccc22911a521f4c0908b0d9948320e489b003ca5de1208920229b49e128521de905a7d7af68f50f4c50c82ae7c0a5b3192054a1354dbc5d14a0b999dab7d9a1e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bc258f6931cbef4d9d42cc7ade7a7409 |
| SHA1 | 79f99ccc8f4f45948f83cb470fb6742d2995c09c |
| SHA256 | 487672c6a95a51436b63423526fdc91f9bddb6553cc678a840fe9e9a1298b205 |
| SHA512 | 1847c36f7d0c489ffc870cd73ad85322af207fbd59ae415475c91bc53c329818be25f88d8afa70de8f49877806f2f56d5b73a38cbfb40c5efdf861cbf57e3ff1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\D114FEFAF071930D62699EE829C206E33C7E64FA
| MD5 | eeae631307f3b9bc0c86fd82934f9d99 |
| SHA1 | cae89a6c79b1fb3c19b1deca1a568d363ba0be3d |
| SHA256 | 439ef1be10c789a6bc3acd4c8b0f4b4872bfef1ad494c329d6eb0ef6ba73fb4c |
| SHA512 | dc02114ccfdd12c3009247413a7e8c38c766b69471d0916fc1354e4ee6114a5920dc8891480f3abc86566f9c84cc3c4f176c4c57a4809284da2bcbc6819519a9 |
memory/4544-2788-0x00007FFA71A43000-0x00007FFA71A45000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_egjsbu1h.uxz.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4544-2797-0x000001D626280000-0x000001D6262A2000-memory.dmp
memory/4544-2798-0x00007FFA71A40000-0x00007FFA72502000-memory.dmp
memory/4544-2799-0x00007FFA71A40000-0x00007FFA72502000-memory.dmp
memory/4544-2800-0x00007FFA71A40000-0x00007FFA72502000-memory.dmp
memory/4544-2803-0x00007FFA71A40000-0x00007FFA72502000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\CF25C38E788404C2D24FF9CC99BD93E40619235D
| MD5 | 8ffd211d3d61c9276ba270cbcb1411fd |
| SHA1 | ff96fd8d770d5151a4a71e023b1e3f5d284bcdf3 |
| SHA256 | 31da30d202e13ccefdfbbf205e17ca85ddde49cae7cf6c89abc3501a10036a06 |
| SHA512 | cd885d3584b682c691e8229e686ed7bd63c628eff298a3b7b221e7129698dc33b6271f54c816045fb85a39a28f4218f3cff23815e6b8ac4a9e0caa3a12d3f135 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 3740c14081c6f84c14e55f4d6351edaa |
| SHA1 | d06ab6cfdad76a2dc558ef65079bae1150005fa4 |
| SHA256 | 3aa66a107e3113ed4c008c1a440cda387d43ed161a0e496fb7f9984701ff54e7 |
| SHA512 | 2d55f8486dc939794afe68f7d845a666af02ccd118e8e287376893c57755094aaf31e52833842f5050fb8071bdf8142ffb102ae08f5b6f10f1e0f4c9be453e32 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 1ef57ae395fe28be2b63e125ab353daa |
| SHA1 | 025703c4b5bdf56c94ed05a018e71737e2a2e19a |
| SHA256 | 4423cd6c9a6c47bac1c375f0bfe2e4b1d236a9b9986430f242fe743df48c6151 |
| SHA512 | edfd0ed891aa3edc83b619809e3b3ad0e41aba5245cb542a82d7faed724eaeb53affb5685e0d8dd61875dcb1100a8f11660ac88d18075f119ae2ceab809a5744 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PowerShell.exe.log
| MD5 | aa0a32b11dca7b04f4cc5fe8c55cb357 |
| SHA1 | 00e354fd0754a7d721a270cdc08f970b9a3f6605 |
| SHA256 | e336a593bd31921c46757a88a99759f6a33854d0c8b854c0c8f118e5cede1ea1 |
| SHA512 | 1db91d3540da2c7eb4e151d698f3a9c1d2caed3161c41f1c2c73781a65e9dfc818902f0220c0aa9fc2c617d4851f23f4a576c4e5fe0f40ec78e9ed01c8ad8b30 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b0abf5e575f2456d10c9d985486080f7 |
| SHA1 | 1eba7b4bfb47091bd9182389514bb045c01f9757 |
| SHA256 | 1f900a80fc6bc6adbffe88122ba5f4af474002d8d55f9e74da660d25525f3993 |
| SHA512 | 2e2d90aad3578d8fa25aef45c4b1a531d1f3043743a2e725fab6ba9aaf177501daff685b209d5ffd08440e35f7e5883c90a96a615a7aae5bf9212fe30764b032 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 53f7adffd94733fee8050a220e6cd519 |
| SHA1 | f75537b235441ebc4971131bec06f709bd5294a6 |
| SHA256 | 9a614e9fc189e6eed81f3b02071cc5b7f869ad27b7a1f984a1de85e709a623c2 |
| SHA512 | 0fa921e924c91ce70493e8cec9647176d09a11e428a126bab11af15254868e6e0fa31b2ff9cc02d0150494d0131145e40df0e3cf9d8ad63149d8dc378cdf28f5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | d86bb0ecb22deb7c01dec4ff8493f585 |
| SHA1 | 776a84299a1fe1c61ca2fb603c17754eaa0634be |
| SHA256 | 2fa0267ec6cf55e089aed041f8de4e47e2e60025ab3ae275434cc74ae6cda404 |
| SHA512 | 39f7239139dce9cddc7260e6b69db5446b8d0495ea8c4c87349cf1a4d385ea87babb937d83729d472b5178569f46289a5f1debf5e2c27dc806553db87d61b5c0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 433c3d93329ee09b638a83165309d86f |
| SHA1 | a5b7cc5079e9f1fadd2d6b9dcdd678b935d94006 |
| SHA256 | 645e203dcc2dd14acca9d2b54926b3956322ce3ceda8ed26bf25a5a27c3b3623 |
| SHA512 | e9c4b0bcafd1729ee7f408bfb70bb59a9bd0ae83dcac47ea5aecb20782e685e3c8cbd90b58460d1ad63942f404ae9dcb8d648248b3d8d08dd1187147febbdca9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4b46270b2801551cc3c82d5777aca8a2 |
| SHA1 | 621bfca14e424b45532009a5904a62e2ecfa22c1 |
| SHA256 | a55d488b535a3925f4d9d3e097a1428d20a73e137cb66bb0460d5da898a11eaa |
| SHA512 | 93cacc64e3228fa117d5971ab2737e783de1463bec20f4169ad9bde73e1398cd2af87fe161f158871fe5c3bc3d6d7f3ce7552bae487b5679c1dca5e62fd9816f |
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3ca80dc2605f27317b2933ad760a14cb |
| SHA1 | 6c5ef44e71fb629288d3dc42bbccad4ef43c947c |
| SHA256 | 35d87d7edc2aa68c2e7541045672496936fa7c58b1bd7315528124c9de13ed4e |
| SHA512 | 5b838492daea46e6e950e9d230d005b8486e62e6805216e1633bf389c0451b61ed8cbb7f5d5bad25fdb4cf69904f905fd94446758c043a750ee1c1c328319207 |
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\index
| MD5 | 75211c4c9f71d6d6734b9e622d28cc3c |
| SHA1 | 7ea71e0fc480358a181dd7a253a93b69d199de03 |
| SHA256 | 0c9447746c8306c73f4b092b3fcdc779a20368d38fb5c52617bc61dbc02abee2 |
| SHA512 | 6ec71e1b53ee0fe6630a96f0fbc633757ee61e84569f3730a9614b5e6f9d8cbca909d274aaf78ff1d647311f151fbca508ca923b42145025f131a48a21a73b40 |
C:\Users\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\doomed\14281
| MD5 | 3e3d8b564558e6a15bab2023297aeafb |
| SHA1 | 2880a8576b3ecb804df51d703afd4b3e590aafb5 |
| SHA256 | 9cf875909e3fba07aac3c56735adcb83e2cef03c1f7adbbf635309ffb0124759 |
| SHA512 | ffe6020e3c7194f68c34eb5476e2086bbf582d5d93033caeee4b16872aeee9789380a543ca9dca54dcf05144a96eb9efeb505469dda9ea9013679584e7f0bf2f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 520b259289ff35e29de1d172950c3bcf |
| SHA1 | 1a77257de9bcbe2b274b07a6501eaf5ae7624dd7 |
| SHA256 | 3c20205a1ff4c126986e20564aef9791ba674b9b63c979197d711c7a3eee0465 |
| SHA512 | a02b779ba51e0aff24b10cc50116cd59c5e2fe0e88d1eefe3f416683571236cade80f7d209dca9058dd1f9f68f1cff687ec1a88efb029910b6aa9063426eb2b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | fd3a5399741479d09297125b6587152b |
| SHA1 | 94669d6c18f145baac2615c1af4232544acb73d3 |
| SHA256 | 743bc20066c0d64747d3a809cf564560a28ebd602f4f5cd69e7e439bed11f532 |
| SHA512 | b2c0846f6749eb755993695e2b7c2e927ff785070f5f1c2ae6515388b00252a3b532ee3f024faa01954c25b96115cb10ea4164ef91a8a4277a0d8035e4e163f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6de17188f9f7020b911d70188c7374fa |
| SHA1 | 85babcb92c89d4e82e4c813adcba1d6469797cd4 |
| SHA256 | e4898fbc9da9f45465ca3eb100835991be41908d52c3c543f1f59bd8cddf1978 |
| SHA512 | 68addf15108bf4dd8b26afc81940727f918f72f9269f4c59b349cbf73c42bcaa6d4a84a0188fb0ae3f3fd0022a1ff6468caaa2ef646c3376431c547b03f3802f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js
| MD5 | af12819fe7e7036dbce7551a2935d4ad |
| SHA1 | 3453f4fce07b4ea500e0e13ab0b03e6c466b4bf3 |
| SHA256 | 630fea08d3c7b58dd82d3a7d16e4420102bfe27bfc10a094be6f92f0d296f8db |
| SHA512 | fef898c9e85070edcd2776a16cf2ce6a114657a0fcb16ba5db8a8da6cb0db5cbd625dd90e05390aa6f56ca8414fa312a43b7d273b3ac3f085fe1e56a80ca4e03 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 5ab09986ca82fc614a3939307be79f6f |
| SHA1 | 4ec308d2383a007318d211eda6aae98ef29cb9e0 |
| SHA256 | e26ec3ad52480c92a2066be609207a80aeac3baaa4007d240364f05e688c1056 |
| SHA512 | e4667c1d191bf665d82de85b16341696dbef117605ddafba054c9957d5df1ffe6a323cfc434f57fa65da528a92c61dd9a3c04c832ff2936bf0b7f4500bc151af |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 00846244afa78edd72783ca679cab3fb |
| SHA1 | 92941fb83dbf993368ab6d25c74546d2a9ffbfeb |
| SHA256 | 3c432da685143d2afef0ee133cbd4642c52d21ddab0a43691fb0ad27c3ff18a1 |
| SHA512 | 78a87df82b78bea0f33024fb7bdbe47a7ee11f4ef96afe2a007fa77f6844997ce38f7bd396644bce3408eecd8ea6cd399b886e9276568bb07b9ac0701cc9ddc1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 820df0054663926b7e70aa36d8171c01 |
| SHA1 | 698ce8fc7e10bcd95a0d63c6c98cf019df66f0b8 |
| SHA256 | 8d73cb6c2eb80cf2018c04b7aec07bf5c2ea1a1d47c9e18ce354bfa2a94b1f52 |
| SHA512 | a3c1e779f36dd7ae22c05e8e5c688d04d498d6249f836f5edc8815a06fecde9ce48d26ba37509b6faebd2c1c2540d1fbfa98f568b728256cda2cfd16afeaec27 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a74b6371c0cfe17458dcfe11a46a6100 |
| SHA1 | 01b7429d6a02764a549f16a1af2e0dbf4fb4ca44 |
| SHA256 | 612924e209c6b0fe982990415de76a08afc33f50dd39e0a9c4cad4c9c7382915 |
| SHA512 | 7a63b4a1d6ea413e1cf7359999c555152e82aee37ff37f7ac80b5ed18d612e97fa4c8b7facf48bc207fa85a59bb38321660af232584b1c59fda2f50a0f98d767 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 30c82bc771ae88342ac42cb7152c61d5 |
| SHA1 | 1bcd4bd7a337a02176d22c9cb369ae102d2fb522 |
| SHA256 | bb5b020b6564e56944a335c4db69f51f9479f0a01ed4d6ffbf1a58d370bb6240 |
| SHA512 | e8c2c6dc386a2c677c0505baecc39311c4bdc85fa1be06b902426f572203ed18b37cef373bd47cae69753ea1c6187b241a09dd2ec9bf050d27e5c37c3f4c3992 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | 8c3efe083034762ac0572fef669f82fe |
| SHA1 | 343a0f1f42142548cd3aff0d125d6b2cc2b58bce |
| SHA256 | d8123bca37d79ce9c91c6dabccde9c530d0229ee1b438bd510786299aee4e7b0 |
| SHA512 | 896b6e5c64e3a382786651a761be071a3ecd67cc1473932cb2c5a5e5d5c2e0686dd21e9705ee3bfd9f9b1310d235cb4ac64827ef8149f760fb6a6672c5b2c1e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\0EB2DFCC80CD91677BB9E32F2ED0683F8AD77E92
| MD5 | 32daca23b5af8df4d51c4ddbece92025 |
| SHA1 | c9955e8658fe4e7bf8f0a56dbde0c11dfb932399 |
| SHA256 | 0e28445a935540f7ddab36eade8a8487410430fbd9bcfcd93aaefa1d608af20a |
| SHA512 | bd623e82d93718c42ebdaeb7d3fb6d6a12b7ae0ac845a995a399d70238619e76ba8a8849e11fdd38e21b312338b3f1bff3d8d5e4ae81db09e7733e726e10c50c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\CBB8C53C46B0C5677164BAF0C093F353C3695A6A
| MD5 | 0572b2cacbc611a9a8bd272176cd1118 |
| SHA1 | eeadc91b697f5fb0878080b4194de92e8c848a69 |
| SHA256 | c4a0646a7c2991c391db33003bfd85a6b039f52b44098d4701442fbbde861d37 |
| SHA512 | 5decce3211b24505c4ed2fbcd082af76149e49f85724bfc4a8f29116faebea764700b24eacac80ffb5e7eb05a6dd8f40823c9211ffe394cb732d0c77ab00c392 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\E81E8153C60672CB67A503F0D14CC826079494F4
| MD5 | 05a0bd653bb18b38817296516a9e8ea0 |
| SHA1 | 222760d3aa7a003993ae8b5bd8b6bc629e2bd589 |
| SHA256 | 06975ae33b75a4d9af7bff1a05bf4b19ee375b31042bb8b415d6d76f618fcabf |
| SHA512 | f681aa12c18ac88d341c91f8cd9d7d20fa03dd84d5b2fa46fc0bf825b74702556e1cdf4e1d8a4d20f670997267857afb024011e69e8d1a37ef4866d539196ae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3b346a20622874ad5650c814ce36190a |
| SHA1 | fc48dcb666b92bf440e73768d822dbe09ef6a2f2 |
| SHA256 | 0dd8b1bdd382f8e7244a8a604483bedb9b663aa15b67ac826b1616cbef5f52e0 |
| SHA512 | 205b485708011f6cdef27498f0b63b15e27e0180b3fc84f35f62a454cffe8219d36d27459d795cf2a9cfe412305f98fd0c040c703dfd8b7177ae6d77c1417b62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\jumpListCache\iYf_oLCOJ1UdU4wmO7tcyWwDfY0mVVhKhATEYv6ZOUc=.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 1f5f38fdfeb3b9c970d71bb3344a100e |
| SHA1 | d0858a013f7fad98a04660c673799804bb7bc97c |
| SHA256 | 18ca21d099c2990e72ba63c43b27d69426194bf641cc82031b89fb25a738f888 |
| SHA512 | 9104fa2812b68bdabeabe9c8ef179a7f88bc9a9ed1f1149ca63c24c020eae03e5c6a7505fc9bb73c1751712c1d18f2d8dbd1ef0fdbdce061bbfd5574f8498229 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a882dc1b6254d870abe7d79fb1afba06 |
| SHA1 | deab281ca4db569617df6a624ba0789bdef580ed |
| SHA256 | 68ceb9db8cd831e0c44a3d0aa4e6aababa91cad1334da15136912d6c24537e15 |
| SHA512 | 0b76ef1bc6d5c1f8301ad34f9d13f8b05e3723be38cb3e97ba7904bb11fbf8d6e3e32ac31c0c763060d966fd76ed34d2295a305e7ffc834e8905a683a8da4732 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bfe784f394b2f656f5dc2d1579e672a9 |
| SHA1 | c26fd4cfe89f009d0838c3b2d5bfafbc4bf01059 |
| SHA256 | 7ed47d798cf7d2ea17b467fe8edfb3f0bfd45bcac5fe31809cbd1271131d57e9 |
| SHA512 | a3d9f26eed29271d9f0805718e6ef54143ad6ecc92ad1b099fe6e4b0ce0dd187f66570a3ee24ef95a4758f794820c736770bf8ee38786c041265b6b1fdafaa55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9e2ea27a556755c0f9977e9d1d371821 |
| SHA1 | 3b34971eab79dbc7fe2215551f226e303f111e03 |
| SHA256 | 6212576ba7928a3408a92a4dda03fe989d5b6c9241748e7a836ea6a6ceab2ccf |
| SHA512 | 134bf61b1394601ee69e8df6de249ab12e1b3a36a97afee0e56c24a74b31298dabf3a579ee85f07312d72ebe154207921e891e232321acb0365e0cd6fba26b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f081a02d8bbd5d800828ed8c769f5d9 |
| SHA1 | 978d807096b7e7a4962a001b7bba6b2e77ce419a |
| SHA256 | a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e |
| SHA512 | 7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e681bda746d695b173a54033103efa8 |
| SHA1 | ae07be487e65914bb068174b99660fb8deb11a1d |
| SHA256 | fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2 |
| SHA512 | 0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5b004963-30df-43eb-ba07-face8d2153d4.tmp
| MD5 | 8ca7b7fd8a98528924b97bb644ce1627 |
| SHA1 | 7c381431359e4993db7e462fb2b6eaf7b6e344b4 |
| SHA256 | 44ca30e79769ab0915b90f9941bda17e516331260c5273aedd4e4e92cfe1d173 |
| SHA512 | 3a80d04e39c2c4a7c7331f5477d28dfcbbaf70a5a5d0a23254b7f3146327851175d51eae43295ecf11df3ddc3c650f99c40a3d33bede8135b2151a94c1d21047 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87444d26740d0ff9a0590903fd243d1b |
| SHA1 | 22e0b02d25577dab5e4783dac5d0f4b6c267c1da |
| SHA256 | 9be8c6bb6477312a1bfd89b2607732429eb7effb363ee9c675d47fd57bcebd37 |
| SHA512 | ddf7a81a9ea916ef3e7715ecc468e3e985492346e720c857f439c652ea687c9696f7a5675dd2f2e1c6e77ee49641e2d03555874cc9c0ee222bfdaf874374f2d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb2370b6e72864bdc9640e9280d68fd2 |
| SHA1 | 4ba99c032d92a63c2e09508b2d9ff0bbde0353ed |
| SHA256 | 8c5763ed62d25a67c7579b78d3a97c5bb019806d3179c6c0e7d4a183901e23e2 |
| SHA512 | 57eb55aa0474851915c34489014b84f416c53af8e15e19d9b82f33f2a30dfa800227e67b26158738a1fc09dd8d1e4985f39ae0f54e632e5561904d93b05d5406 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 97c27bad3fb77b658d01bdbd5ce4f699 |
| SHA1 | 18cfd1ba1c4b7cccd71c781bbec4ad16021d1e9a |
| SHA256 | d65dcf53ba31a6f5175bda25dbb174f0e4a2be52adcaf9b90cccb3d8e2a6ae81 |
| SHA512 | ccabd2664570f4b55c7284d9d14a28cf4edfe809903b97ad89b674fe63c0728d8630bff989194973a40911b153611cf77729d52f4e795a646be0609910525d43 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | aa72fa865becb8201dc8c1308d998ae0 |
| SHA1 | 7e38854fb38e86b59641fdba24462fae32d9d49f |
| SHA256 | 8f1680979023997688344792e24764b5a27a9e7e69111bcf49db7eeed97a72ff |
| SHA512 | de05b44d70c6e2026e61a59f82786f61f7a5464c5381846a578a8e1abe5ba8a7b8a9d596848bcda743a3af8b6e745b3cef0ee9b2c6bb4d85c5298f669a2a8dbe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionCheckpoints.json
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 951c9ee5cd476903dcd4a3c6bfd60cc1 |
| SHA1 | d125a40271891f192948a20db16d1beff3a7eaae |
| SHA256 | 5391f0a036d13edf07febbd1037a8751e4f3501a7bb1aa6f18d1e9d4548b13dd |
| SHA512 | 6c2ef202e6e7adae25a12eb57b7d759aa8aa939f9f3af9315ad1fb40e16f5b63b7843dc932b4cf7dce73514b648e4aaee7faf1b5211e7a311214729ee72a278c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js
| MD5 | 807f02db5c4f72c3889954b56da76884 |
| SHA1 | 94094f94f05a60f778ffa57d9aeca2f985693fdd |
| SHA256 | f50abb49e319db256e42cabab36f56b96d36d0fc9f3e9ac57878e3b95ab104fa |
| SHA512 | 1ffb48911518c8e4271c3c3ac6f3ef0b96d093e0c55b87f5648f8cd19b026159b5b3168ed5acd0167573f2b5f586f74e7a079cc98ea487b60d05b5203850eb24 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\places.sqlite
| MD5 | ac6432f1575891220d4e6d987b345d2c |
| SHA1 | af37ac74788675cc597258885c8c18c1cae2de6e |
| SHA256 | af2ff202bbbb7f83d094737b0c226007e3c6ef84cf0b8805665e4dfe7f490d8f |
| SHA512 | de7e716540b4985836ad636ddad7e8c46b6fc88b00f8355dba2ab14e6bc36e6ce74c57db242328286ad0db71e262dc1551e81b1185a3692be362e66e06dd3c86 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | ad88b881f7e1eae9930aa14c3d790536 |
| SHA1 | faec6810f460a463b97a0c96f85558b16609f664 |
| SHA256 | 8ea9e1875e3bd76e718d64413dae0746ac86b886467ac56752de8d5c05e3b0ba |
| SHA512 | f4c2deb7c91398c634d27a67ba05c43f88fccfa4427234473f34509f75c5604e221f0e2c4d01268e6cb073f207db6ac7722694058432a3b80c35886057af81b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e9c484b5d3ad022b36c582a088c1386 |
| SHA1 | dd485fd1a9740c9b72ea298722ebddfb4cbeb492 |
| SHA256 | 807c7b256d931ed44100e9949f4c4b260d4b4ad6ae260afdc487c77d4165a650 |
| SHA512 | 12d82f56a45595a2ecf5565eea742f0bde52baf60d844088532a0eb4d1f30b8a012b229c2e9c7a41e246ded86092428367be6dd7c5edd933c01c02411a84deb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 929b1f88aa0b766609e4ca5b9770dc24 |
| SHA1 | c1f16f77e4f4aecc80dadd25ea15ed10936cc901 |
| SHA256 | 965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074 |
| SHA512 | fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b065adc820189f5ca2b4c0739011d31 |
| SHA1 | 806b90bc7c52ab621886c8131d51f1f5ba3e6168 |
| SHA256 | 50a4ba713b4120bc2a984d4bd350fbe8582b957bba4bbdf5676ce01da2998ff1 |
| SHA512 | 54981771cb5ac8e9465fc5b7c21d516e27b77db0185bdf5684b9686032ad8d1c27530c0a81ce424cbeeffd991876cc2aeaf56edb05d3854c6040d86233df3cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 531335da792ed2977d7e704a9c52ac93 |
| SHA1 | c99924947ecc66ca7ba7c9990f16e00b45c3a754 |
| SHA256 | f2c7453f84918bae30c3d010bcfe5d49622470621f478fef46bb727e403f590d |
| SHA512 | 26dac57dcdf9d4747790d7b2c36814086a15c3f1ebea937b8672ef4a8ae1f15fb0202f80aeb4405b46f1342fdf1a50aad896440ba4cd9af5de66cfa95d450319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a6f4b91bb779424982a81b6cb0ff3ec |
| SHA1 | 77f582f80eaa7a8375979a59bb02c0738abb78b9 |
| SHA256 | 64758ee9e536db6154799d1ed3db8777f78922be6c07a87549b3575dceb75446 |
| SHA512 | c5b59cef8363d3cd2ed52e04c57ee6bb3924adb2ba263277790515559f8ce6baa37fa48a7862e866debbd700d05a497be78791f2bb53386211dde51e8e3ed8b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe61ce5b.TMP
| MD5 | 5aafe3414216aeb4861282326c40bf43 |
| SHA1 | 7767139d1737ecae7940f9ba7bb63a79484d9794 |
| SHA256 | f5ad4498fd3a2b0d6897dcff0706f810746f3a74d5586d4657f3948e7f6574a3 |
| SHA512 | ce07ac3c62c7d3abdae9dfa44e3e58ed0b3da3a5e89de8190dc35c8a810641b2c02bf366802db2aa70a0245b46420c977fc8f0c4aa08a285e0278a989eed6406 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | a6f79c766b869e079daa91e038bff5c0 |
| SHA1 | 45a9a1e2a7898ed47fc3a2dc1d674ca87980451b |
| SHA256 | d27842b8823f69f4748bc26e91cf865eceb2a4ec60258cbca23899a9aef8c35a |
| SHA512 | ed56aaa8229e56142ffa5eb926e4cfa87ac2a500bfa70b93001d55b08922800fe267208f6bd580a16aed7021a56b56ae70dae868c7376a77b08f1c3c23d14ab7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 1b6703b594119e2ef0f09a829876ae73 |
| SHA1 | d324911ee56f7b031f0375192e4124b0b450395e |
| SHA256 | 0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0 |
| SHA512 | 62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | d5397b3ffe80c2a15ed7adcfca073dcb |
| SHA1 | dba5550b6f30c4a7a43f4a7b21eb3a8485fa4ccd |
| SHA256 | 031c0a76216f80d3461631f2029bf92b7aa31aff188c243533b7384866bf70b7 |
| SHA512 | f6384ffca7ded9ebabb1cdf35c23fcd9429ff181f17552deb23fc5f731efac9c537f47aa45c34bde5a43e25a1ef849623805ef19d1f9cc25d3439582f58d81f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | ca39c956585ff3441ed99f219a95908e |
| SHA1 | c17d8ac3a1fa156abb4d7d6f4799bbabc09966b1 |
| SHA256 | c23e03e141a70b1967f6d62a272ecbc588655211752e250f9173bebcc61127df |
| SHA512 | 57b5cbce513d2f1c698e4ca82cb9b2ba1c26d7b80f21e4efa77493d0053943bd5a8eaedc3dccb23192c0145dc411a99a86356777e95afa78ac616ce3f5189a5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 703254fa8db204cf8d8a59bbf482b2f0 |
| SHA1 | af7570a80cb27ed959e91fa3d8c7b8fbcc158983 |
| SHA256 | 3e06efff5e064f67a03e378f24062721f9bd5815c19ed0fe3f1b10048559afdd |
| SHA512 | 6c9439dc2e4b5073e9a3e6fa701b158f8890a7e5b960ad5ad1592e82e992785a8823b7e1e72be1a4f55b7fa8b89d6de76aaad97e0981e97d17126d89f24915a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5192e0266892508c552f5d75b441c110 |
| SHA1 | c628880a4379cd58879cb7fb624436a5c227aa35 |
| SHA256 | 893aea6814d211d00d740d1a70049c9787d299e705344570584619322dad5eaa |
| SHA512 | 41802d6874190c994d2b8e1ddeef73c2b4239957dd51bb0a356e6611c14068b2aa971d2e3bdf81d712fbcab41e4d5f3316780c8c4d97cb257efe378ee7baadf3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 371e4a449c40cd76d733692136dabfbb |
| SHA1 | dbf8dbd5432e57ce636f0e37aea2d9558e7a5db5 |
| SHA256 | 028abbc33d5d96d857b3432c3f2a664f42a089e136f46a26c759388c41f71c9a |
| SHA512 | aed17ecc7429173cb71af7df268f40fd1b37182a45807f2615a5974f80256f8dde9935bae1db308e99d8c77ae7a766d6e8201efe89c604d2b246037e8ca6b91c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca900497f85b72ea4c72bed8076c314a |
| SHA1 | d0914fb863b9d40ee93ad54a2db3e9fdf845f4c4 |
| SHA256 | 0072c6c8fdb4e899bc39d04c4f1a5c4e9264cb3d642c3eb5c3faf31352f669d4 |
| SHA512 | 6d71d8c2c2afe8022ba1e10410264c37a87743d3799df0fd3396ac123df408c5a29d5675a7f99f85a75935ae8c88203746970f4114dfc40b0243774b28511646 |
C:\Users\Admin\Downloads\Unconfirmed 716728.crdownload
| MD5 | 45a5a443c01abd7618efef4827241312 |
| SHA1 | 5390d36a371f0598b86301961d5fdb329e368e7a |
| SHA256 | d7f98b8af8a3bfe9d93ce31558a62e4d5d0cd425bc30bbc0d517901e5b82bf46 |
| SHA512 | 0df6330a020ce3b52320f087f56023db069b56d4579b43a9827b8158be430585b88fb43d98004eae4e7a05f85086f5762da17f51af95fdb302669ae1c581f734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8ced47bb5c552b34804601321bd925b9 |
| SHA1 | dc3ae8bc2f6768c705bb2fbc30af21fcaff65ced |
| SHA256 | 5737c782a5091e2015f7171c3062ee32ad99a1f3b1ee53bdb6e1cda6f6355098 |
| SHA512 | 703a0e2d62ef149679e70717385475730caeaf4694acd5dd510ad2844e670b0a44487adade86f9967eec2dc37a2bf1f65a5a261290153c9282fe1ac29670b091 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 39f94eeee41e59b70c9e6823b8ca6c3a |
| SHA1 | 7d9f1d35cd54d6a81b5e963316a4bc7e7fa97441 |
| SHA256 | 305256cf8a135118b940702a11e6d7f64ea6efcfc632bea9d933c1a40265be66 |
| SHA512 | fbe69f630d89604f6e4cbd5b5ab02f9bfc1c710792c1399a37e6b99ded59289975431de6ee6891c945e991a2681934665759e97160b5847f6a4639b2a1b92fc9 |
memory/5564-5018-0x00007FFA7D010000-0x00007FFA7D281000-memory.dmp
memory/5564-5012-0x00007FFA94030000-0x00007FFA947DE000-memory.dmp
memory/5564-5019-0x00007FFA7D010000-0x00007FFA7D281000-memory.dmp
memory/5564-5017-0x00007FFA7D010000-0x00007FFA7D281000-memory.dmp
memory/5564-5016-0x00007FFA7D010000-0x00007FFA7D281000-memory.dmp
memory/5564-5020-0x00007FFA93500000-0x00007FFA936AC000-memory.dmp
memory/5564-5015-0x00007FFA7D010000-0x00007FFA7D281000-memory.dmp
memory/5564-5029-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5041-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5039-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5046-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5045-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5044-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5047-0x00007FFA7E890000-0x00007FFA7F0C3000-memory.dmp
memory/5564-5053-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5052-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5049-0x00007FFA94030000-0x00007FFA947DE000-memory.dmp
memory/5564-5043-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5040-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5042-0x00007FFA7DB30000-0x00007FFA7E0FB000-memory.dmp
memory/5564-5030-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5037-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5036-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5035-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5032-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5031-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5038-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5034-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5033-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5028-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5027-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5026-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5024-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5025-0x00007FF6675D0000-0x00007FF667A94000-memory.dmp
memory/5564-5014-0x00007FFA7D010000-0x00007FFA7D281000-memory.dmp
memory/5564-5013-0x00007FFA94030000-0x00007FFA947DE000-memory.dmp
memory/5564-5065-0x0000000003850000-0x0000000003851000-memory.dmp
memory/5564-5083-0x0000000003120000-0x000000000323E000-memory.dmp
memory/1924-5092-0x0000028351870000-0x0000028351970000-memory.dmp
memory/1924-5126-0x0000028363430000-0x0000028363530000-memory.dmp
memory/1924-5125-0x0000028373A00000-0x0000028373B00000-memory.dmp
memory/1924-5132-0x0000028374E00000-0x0000028374F00000-memory.dmp
memory/1924-5177-0x0000028374F40000-0x0000028374F60000-memory.dmp
memory/1924-5176-0x0000028373BE0000-0x0000028373C00000-memory.dmp
memory/1924-5175-0x0000028375100000-0x0000028375200000-memory.dmp
memory/1924-5174-0x00000283750A0000-0x00000283750C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c8476c970980f25538b724d84970da3 |
| SHA1 | 3d0b754a3d8ded6244c243f3af4c3115c040db58 |
| SHA256 | 34a79af3597474a50286bce06a320d5dc52b078b796f7ff132732f40f4bffe44 |
| SHA512 | 0b59f4686d5da8fe0e10f29f7e4ab5cacc03c7df0fb91824f4c1f9c33109575de5575340625454b9c2c85549b91539abc7f8c5530dcf5b7175ac7335597d2af7 |
memory/1924-5274-0x0000028379280000-0x0000028379380000-memory.dmp
C:\Users\Public\Desktop\desktop.ini
| MD5 | dc723b859dec1526568ad581aec334d5 |
| SHA1 | 74e7432df4a66f246b5214d60b190b67e2f6ce52 |
| SHA256 | 7148fbbf1aac8b5a54d248df19b60c00d3c0dcb2fd5bb2a1efd4e0f0eac6dd0f |
| SHA512 | 9bb97339f18dc8744bfb7cb8fd9392c580765e707ddc228ef5045150375510b43f1f4c310274e20fc1c0c51f50f40d4430f40561d5cff46ff42214e465490074 |
C:\Users\Public\desktop.ini
| MD5 | 7220fad57a4b3d9d9755c51198cc0386 |
| SHA1 | bd2d52d62d3e9810e1072cc5ca6285da5e5c3853 |
| SHA256 | 6de1a716b5c49541ebc9692b16efa6fdb75b18c2a210974f94f83dcfdf8800d7 |
| SHA512 | e46df475a3e52535913ae369fe56a1230fa11656b6fe31cfd160302a56f599cde45841d10f5faa53ac4c7f2da4a1de34d362153c35dc47cf87a4a8358625b9bf |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133725299102370753.txt
| MD5 | c49501de1bbb5093472658120120f742 |
| SHA1 | 253193982c9e3cbd30d9c231b84fae9e3aa7656b |
| SHA256 | 76e3307ba0fa4f4596e91263f76833acf7e4d84fbad76898cf549d41d831d7eb |
| SHA512 | a3f1dd3e4772c69e8681988f21faf6c31a3b182a1fbf0c0b0cd2d5f16566f3b6f2d233cda59b8e5659ee2c8457b3b28c2b83b4ff906c48b7fcda75038b7ec9dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2b54645f1c654ba5f9396d60423d9302 |
| SHA1 | 63e3e8b73c3a32bc930b362307e3c6caa91ab16c |
| SHA256 | 5f7d18c086227fbb9c889e95f9c881b9d36a3c85444205d0e51fad0992704152 |
| SHA512 | eeb9b17fb748a22a6e99871970fa3938f588dcc979b75036d29075fb6aae947d5614cd51bd50d513155aaa96e7e971871e3dcdee88d516427dd1a44af0710d7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0416b5589ec39ce3e6a5aa10f741a52f |
| SHA1 | 3d4b674103e239104560320ea0af49a256920dbf |
| SHA256 | 647910d72245bd761171bcb35c52c181e116502d80de1caf5121ba50f999ac6a |
| SHA512 | 05747b4370e6b851e99dbcdd418d12c49bd3c325aeef5f7341cc6ad4380489ab3ad4e709f8176d1336e05992f5e0074877f2993b8b41e3121039433c928185e3 |
C:\Users\Admin\AppData\Local\Temp\eptCF06.tmp
| MD5 | 52245177804abe9b1616d2d80353d45c |
| SHA1 | 9728a075dc6912012805161f83cea6030da3fa5f |
| SHA256 | f1a7613fa5c5aa92570254d6faedc57585b7d2f8838115ed3807605b99687e1a |
| SHA512 | 6a7238453632dfa4f6b507517e26fd46fda56f2a08764830517a69860373a11ce6e52eddb9806053cbfc130395307227f6d1514d65febe11dcb5a1e732716c49 |
memory/5088-5396-0x00007FFA811F0000-0x00007FFA813FB000-memory.dmp
memory/5088-5397-0x00007FFA811F0000-0x00007FFA813FB000-memory.dmp
memory/5088-5395-0x00007FFA811F0000-0x00007FFA813FB000-memory.dmp
memory/5088-5394-0x00007FFA7DB30000-0x00007FFA7E0FB000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2d325332345f7ad25d61b4a54e84b475 |
| SHA1 | aa7a2fc1dddf695209a82c956ce4c712f574e1b9 |
| SHA256 | 1895c43b424b53ccbe6188eeb55764244b69d86851dec897979e4ad9c8ee5d5d |
| SHA512 | c3832070089d25040394074890a5aa330cabf1dbd42b8cd6e2a938f13c8d3046aacb92cebca461155daa8b71f5c0558f7bbc8f78e5964ab7e919d226277da023 |
memory/1924-5557-0x0000028378520000-0x0000028378620000-memory.dmp
memory/1924-5560-0x0000028351870000-0x0000028351970000-memory.dmp
memory/1924-5561-0x0000028374620000-0x0000028374720000-memory.dmp
memory/1924-5575-0x0000028376820000-0x0000028376840000-memory.dmp