Analysis Overview
SHA256
296e3264a6f0165a46c33dc29a37819fffce6ea99982a244092eae441d156a24
Threat Level: Likely malicious
The file Hone - Installer.exe was found to be: Likely malicious.
Malicious Activity Summary
Modifies Installed Components in the registry
UPX packed file
ACProtect 1.3x - 1.4x DLL software
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Executes dropped EXE
Loads dropped DLL
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Command and Scripting Interpreter: JavaScript
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Uses Task Scheduler COM API
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-08 23:30
Signatures
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1600s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:03
Platform
win10-20240404-en
Max time kernel
314s
Max time network
1613s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish-with-recommended-app\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:14
Platform
win10-20240404-en
Max time kernel
316s
Max time network
1609s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\main\main-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:16
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1599s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\privacy\privacy-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | f.f.f.f.5.e.a.8.b.6.d.3.0.8.0.1.f.f.f.f.5.e.a.8.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:19
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1583s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\progress\template.js
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:01
Platform
win10-20240404-en
Max time kernel
372s
Max time network
1588s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-08 23:53
Platform
win10-20240404-en
Max time kernel
1311s
Max time network
1321s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.0.1953389504\752696341" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a1cdfea-cdb9-4fd2-b5a1-d7506dbdedc3} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 1764 223c9fdb158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.1.581177280\1366633636" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18f71b53-833b-4809-9235-2b05e2ff5b5f} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2120 223b7b72258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.2.299479319\1852512223" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0f7ca79-a05d-48fd-8068-65f0c61d2523} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2956 223ce1a0158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.3.1936062778\763213434" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13813b88-36ad-4bc5-bfa4-985d860037b7} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 3500 223cc99b858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.4.392952536\1348876317" -childID 3 -isForBrowser -prefsHandle 3680 -prefMapHandle 3628 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0b91e03-87dc-431b-9c8d-a1b8fb690b54} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4312 223d0068e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.5.1504639857\335946413" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78c2ad8c-cb08-49de-b738-37fea0d9f8e3} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4948 223d0b14858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.6.1565036666\997746167" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6e5201e-c61b-4c4e-8a76-6d74d5063b83} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4968 223d0b15458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.7.34991625\192674265" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cafc2c2c-676a-43f2-a608-4b42e7431315} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5384 223d0a59258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.8.459955568\421940158" -childID 7 -isForBrowser -prefsHandle 4300 -prefMapHandle 1552 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e173d3ba-20c5-49eb-9dfe-2ad98c9414c0} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2492 223d1bb1e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.9.1103435890\470209087" -childID 8 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5836391e-8f6e-429c-9cd6-d763e27e9697} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2552 223d1e54c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.10.109668219\948067339" -childID 9 -isForBrowser -prefsHandle 5804 -prefMapHandle 5808 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d11c94de-4913-4730-91ee-e88854cf1fa4} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5796 223cfe2d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.11.1640186989\1567315873" -childID 10 -isForBrowser -prefsHandle 5948 -prefMapHandle 5952 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99385567-173c-4a17-9d44-07133ce6ce64} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5932 223cfe2de58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.12.1601616109\1925820300" -childID 11 -isForBrowser -prefsHandle 4152 -prefMapHandle 4352 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86ab0d58-877e-4be8-810f-05f0de67ef5a} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2668 223d1efa258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.13.1249120504\2011680548" -childID 12 -isForBrowser -prefsHandle 9152 -prefMapHandle 8492 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b18da68-7ac6-4cae-ab30-253a0f11dfd8} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 8424 223d38df658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.14.267348966\236922712" -parentBuildID 20221007134813 -prefsHandle 9164 -prefMapHandle 2760 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49fb4df8-6128-42a4-9c42-8ea72c30a3d6} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 10076 223d3910858 rdd
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 127.0.0.1:49801 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.250.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49808 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.reddithelp.com | udp |
| US | 104.16.53.111:443 | support.reddithelp.com | tcp |
| US | 8.8.8.8:53 | reddit.zendesk.com | udp |
| US | 8.8.8.8:53 | reddit.zendesk.com | udp |
| US | 8.8.8.8:53 | 111.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | p20.zdassets.com | udp |
| US | 104.18.70.113:443 | p20.zdassets.com | tcp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 104.18.72.113:443 | static.zdassets.com | tcp |
| US | 8.8.8.8:53 | p20.zdassets.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | theme.zdassets.com | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | p20.zdassets.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.70.113:443 | theme.zdassets.com | tcp |
| US | 104.18.70.113:443 | theme.zdassets.com | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | reddit.zendesk.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | theme.zdassets.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | theme.zdassets.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | 113.70.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.72.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 104.18.70.113:443 | theme.zdassets.com | tcp |
| US | 104.18.70.113:443 | theme.zdassets.com | tcp |
| US | 104.18.70.113:443 | theme.zdassets.com | tcp |
| US | 104.18.70.113:443 | theme.zdassets.com | tcp |
| US | 104.16.51.111:443 | reddit.zendesk.com | tcp |
| US | 8.8.8.8:53 | 203.245.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.51.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reddit.zendesk.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.90:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
| MD5 | cf065e8aa4ac4f6e4089bd6dc0c672da |
| SHA1 | 510df1b3b9b21e35bd265ee62ac7a36fc6d3f667 |
| SHA256 | 1b09e674503ca30f7b80fa66ced4bd05dce3a823278a1ba25e6f1ace4faea490 |
| SHA512 | 1d88170489548d5e1b24163013d1d071fc691bf35964fb3a9ebe2c22628e9dd4c056df52d33c5f3329056d39329ac76be70f83d30b7dc7865357dd956426b27e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\b535c775-ee9f-40dd-9ec0-207c43a0d273
| MD5 | 06c593a1dde7e586f673e8feede8e55d |
| SHA1 | 1fd6b50a8b88401fba430b69c3b457a064a89b20 |
| SHA256 | 12303af6de2124edd1389e9161a75189b43a23d6c7de483844f937b8719fb2e5 |
| SHA512 | fe2f4441e0f1d0f50b11bc5ab938cab2638959831223d66e048f55cc1360e374252c36226c65dccc9a610021f540c089dc5d5a7045adc446ec9e502a364d3183 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\ab701757-2943-4412-8845-396be43eaef1
| MD5 | 289033529b030b519c1f0c14d9bf7e95 |
| SHA1 | 82934c6c04f0f3072fb47cc867fa3bf7a5713f9b |
| SHA256 | 3fa5cc295a09ca491be1d53c5cf7ec2251b014e0ea966856c56c8e0f36934acd |
| SHA512 | a65593692fa47c3b9fd681f4297c3cfbbb99563a59f1c8fde4f540b5fabf3db295a5539bcf03a701b1789bd25539143c36633f58d58a595bf5e665410d6b016e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
| MD5 | 6f7a962a6d57d30f31a53e482c517045 |
| SHA1 | 5461c7ca2ce07cf17680cba421c14ecab35b514c |
| SHA256 | 85d7d562c0c4f04714f078f310b2d9966b30f215492a4e93d83a23b271e3d37d |
| SHA512 | 885fcd406aa5921790431d105c7c37884581aa2d384169495ae47d8f016db84eb53f8eac2b3f35ac2e4899659c3f616586d94c5fdf2bcefa8c2b6f6823476131 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 27597897f94fcb58668b7d2a0c043277 |
| SHA1 | 11c28d04aa4adc7e81a2cfa366150beaebeedf69 |
| SHA256 | 4e44060dae2b1f3face6253a9ed8f48f958b0bb775b205d30cad816c52b27036 |
| SHA512 | af1f572ad6e5a695de87f0f08abcfddf35f4ba5cc0bf13e11d448b763c2b7578fb452c9498e4a91f9c913c3699058ce4ce9dcf335ccca1b42aa88db9443232df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | c11ec3ba91c3b046d64e9186f686ea51 |
| SHA1 | e25e499123a8f10d38a49c579e6955f454eebeb3 |
| SHA256 | 594029f5073a4ab15de9e834e6f87bea4a4933930bb5c56a9b25b0410db3c4a3 |
| SHA512 | db6a27cfdfa029cf8d2460e070cf2dce969ab9b304e019b4245827a3a6cd98a052fb5a8b185553eb829fc43700ca3fedbc0bc7c9a4e19e00e79a417571e354a1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E00BECD303B77CED95A357A7A1E4C8D69B473C88
| MD5 | 018263ae0b1e9e029a1cc36e65f7fe7c |
| SHA1 | 4827f4de8e61f9b76f8a85a42bed3b2a287d5baa |
| SHA256 | e927b66ac01dc27652a1c3a8cc16b302a8676dae524435865f2dd002dbc6d57f |
| SHA512 | 34e809cd1bb133a6508788f5cad0b21b9a549ec9614262bd8ef72835abbb5cc11d33b7c871b5d687604712a6827dba92b919c3b68f666ce6964402c7fbff919c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 765ff5d88cd6b3f46f4da215c9ac7ec7 |
| SHA1 | 5d658b18f78479773d274017b646b0d58de1f0eb |
| SHA256 | b0e0cde19dfde2d4685bc5b8be3ed0ec7970d81947085afea8f73c228b234a80 |
| SHA512 | 64024da1f881b28e8280a381d1ff012874b7d731402a5f79734d385eba91305e9e3c6778b2e35fcb09a7702760357faee3f53a887863bf3473215184b21b1973 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | caf4ed8d36a34028b03dc6e958b3cfa1 |
| SHA1 | b76ffbfad0212f2b45bd5e110f9ba8393ada3726 |
| SHA256 | 27949fa04959975ee25903389830ef2d8432f0fe55d097b346d99fbd872c1d71 |
| SHA512 | 09fa8b363cd2ad0538da5463348febb07a69033d13fe8ddc605f4f764dc722e5de44a3aedcf7cb8552e04b78018abef0b1647cba9be8b51aa46aa672f1e15fe0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dc7f05c488630843558264f28977f4f0 |
| SHA1 | b50f32a39d6a0241a9b5afcaebf0abb91780da06 |
| SHA256 | 53a9f20c6039585382d4673861c660b9b372fde15f924291214b0ef76f4f741b |
| SHA512 | 34b98aa09af0ca0976f05f9ba97d81d903499c996b25487b1c2491a610ee95f39dd8bbf98cd02bbf3ebdda2f91ae47b537cf12b7b3f363f8425f032c4924c0da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 359bc828aead9343a3e9936932ac9cc5 |
| SHA1 | 2980d2d186b48387914660e26d7ea91c1f04f6f4 |
| SHA256 | 34ae46cb23904c7640f2eca44cb5bf86996a03f3ce1d2cd9bc952f6a59d27968 |
| SHA512 | fca3dd39939effb12b9a34ac2185e024d6c74cdc0fa8fe8f8b68241e60a0c1be4fa07cbf962901adeda1d23af2a350dcd29c6cc60f6f9306541eef04e438c97b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e0eee5ea3e89f14b482ebb105145f46a |
| SHA1 | 3a558facc479d36a5151acbcd85afc4dc1929403 |
| SHA256 | 178978cc23dee6156db4c32adfb3e68e57d7f1a3e7eadb349e069ff3404a4a4f |
| SHA512 | 5f880673b261da058dbbf49eacd11b1d8455ea8478e9371c0df0047de6991de82ba84d3b71a588284519f4e439dc4a9470f48bb83d79f65b01704a85fe0e011d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8ba2e099e22276cf93de250e987057dc |
| SHA1 | cd78619144d1e8f216e77dfd761ff3114b4cb527 |
| SHA256 | 046ef0456425c5b8864b1c0a33db8b3461d8a61b0719a5fadd4f391e6fe16449 |
| SHA512 | 692711564f87a30d895fb5972d2679adae5f26947b770f420121d80438d781ee33567f6b2b209a2401feaf96e11124aef2bf25936d43f6e649088be6414b8924 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 450fa2516628d1cb021b66ac2a345130 |
| SHA1 | f081797766e20835f01dd5838824f3d58ebd97d7 |
| SHA256 | 15fab62837ca5f433f934ffbd7060219f061afd4c46e95e6c7a092f430253333 |
| SHA512 | 879df21548fcd8bd408f59995e51634fd632b5a140d848987059e57771e111d89cb42a04ab6be8ce92a4f4ef74181708ac2eb4975a7b258f6c3b8b7991ec1173 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\639028690EAC90CBBCD6DD68DA6CE11697C3C461
| MD5 | 532eb18db9d73dccaf52a77a727a95ae |
| SHA1 | 4ac896b829a8bbb79e75b691561112113b92e746 |
| SHA256 | e430d0d91c46323caaaff293291c670db1d930c4fb5c580a487cbe81602ecacc |
| SHA512 | 84da0965dcd405b359ce601cf56af3a8bacaec5acdc1e869d0cc014d93fb8db97eb14d537d9727df677fb1e38050e0a1f5941b40e22b7288d3db13870018f83b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8b2e0cefa1ae19a1a60e90787e67f936 |
| SHA1 | 4cf3d27094d1cda0e6ed4a106ecd849087681de2 |
| SHA256 | b33a53265d015a052caaafc1a74f0d75e29b89b1f0aba3f8cc73d94306eca4f5 |
| SHA512 | fa9248f5f7111683e46cb91bd2f43fcd76aa418283b98df60d38d985ef9e68e62846b49d7d3775e214144952f831f7d07a934a98b760c03540e3d82dc3e58b4a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 41c4d3b985769e271ac04c98584aea72 |
| SHA1 | 920e689a2247de249315c54611b95f9e60897cbd |
| SHA256 | a14b614b50aa16ac6bc08465c5be8d7d56139bad76ca51f3a03c2fbebfa46e13 |
| SHA512 | 9827486ba32bd8b934202e801e7217363a606a662a5df0e2f89ae3d91f78f121be802abc011939ff085a4c82d06c671ccf672b08c7e04333ac62afe7135fa3c0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\17998
| MD5 | 3d2a10a261b24db26a454d548e780061 |
| SHA1 | 1f40ddcb4f9f4ce9d14079daba9c4822a448b36f |
| SHA256 | d7ce83315cc630831f4bd52f72d81fca6e2ed480bb5920aab64aa163571f8aee |
| SHA512 | f382d0e88ac294a3e1b4e62bc1060cab704dad0a3103856eba1153a873b6734131713f6d433b20c0af3da5018b5430bb002b0402347ea42bb8538733ad15a4cb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\4375
| MD5 | 5e8725e203bd15ff5526b709f11cad2c |
| SHA1 | 78f8bd1e27d2365047da2696f8f53bf4ab2082a8 |
| SHA256 | 84eb53135e7f970dc8a35559b3876009e5172ec22552aa64111e9555657f21cb |
| SHA512 | ed570d68dbc0ef93270a9c01eae8f028d45880bbd3f3d3dbcbc679c65db4f97567e09218e749acf60a4c8cdea646434d7d1f5593f5becbecddbf2189ab967b15 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\1380
| MD5 | 0163034497311edbb6a9e184f2af5e99 |
| SHA1 | cd9d81bc3f9230412da2c66de91ae70ed74d9f27 |
| SHA256 | 2bf29110a9c6625685601a192059487f640aeacfad6cd8619ddc067bb6684407 |
| SHA512 | 9de61fca12b2b076704ee00082c2223e16d647d15c8cfd57bc4a1345c41441ff3afc9f580873d9c94f1883b51c7549fe0c2ba87f295bf3f8c819257608fd0998 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\29536
| MD5 | 35c9acd0988316f2bca6aaff094e00d1 |
| SHA1 | eee8c4e1b55720e099714228e92543e613e20afa |
| SHA256 | 02a3cf1ef4d2556d5bef3d8b9e5a144cae194d3ef85293123cf60c1270c33e0d |
| SHA512 | 5a10ae73362f914a4bfc879a868cd88df66915d9d36732c2fbc4854382f783c8c4c8dff3c27a26cb72654eb1c7e9433d7497f1ec18bb25817bceb662aa30f905 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 676cd77c6fb893bc86369cb2fbe2e12d |
| SHA1 | cfa315f9b1a5eef159970a2d38a37b5134b30089 |
| SHA256 | 31e8cd80949986ce01fc75dc79b700f9e0c406fba36ec33cffa1525687e194cd |
| SHA512 | ef5b231da2a5d54b8f9b439ad290c8ebb1fab3f32cef99f6ef96b5f6e44527884386958ff68a37e690704e4b3f84b78d848a2439ce30a05249a2ab52fe676f12 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\42FBC92BECB6C579184E489E280F0F4B3357EAA5
| MD5 | b459fc03afba11f81b5fd9d68e71186a |
| SHA1 | 162d664e384e40a99e42efb1ed145b72b2ccf714 |
| SHA256 | a82b806952b44fd7cb5de2302d51c125110b1ee9816160d0fae064cc1539163d |
| SHA512 | d9215549f8987b357da9a58eaab9536c1b4b18b48df711327971ab71c603537730f566016af8a78450e3c4640b8fd00c4d37dcf66f3f48638bcadc03f63ca1b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\29965
| MD5 | 927f55d18d154cd04cdf469206df3efa |
| SHA1 | a6b984b7f5c6b042f98835260428dd2f8711f494 |
| SHA256 | 9d6a480c21f35379b8f540283ed1c2162bb4a832cdfaeea518f50a86f1dae60b |
| SHA512 | 9c4f0781c49219f5e6d0eb05a846d34931acfc861a7e8b67dcab6e24eda37daccab4695e8013dca530f703f6b4c201b95027c5ef954b68694effe072e81e5a78 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\20281
| MD5 | 7d04f0892a68f4471716a28ced6572fb |
| SHA1 | 93421f1a91fde564dbd488effa50cf14ab58cfdf |
| SHA256 | d3d266013009fb864368e17e8d7ec1d9e56edbc4db5b738c8e069e6ab80c6229 |
| SHA512 | e5efa65659c1fe2f8c700184a19302645aa80a223a0d74d00616ffa310cefe58c09d3e293bcfd8fccf302f797c93b632ddada0472cb44247b6a43a971f367b3d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\20888
| MD5 | 9965e04f43469413a3abcdb2f90f36fc |
| SHA1 | 34cb3ae0ff405c73931ce6e6e5ffa4f9294777d0 |
| SHA256 | 2335ac7bdd48d17d8c8db8bbdf2b26369fc32d34b837f3e7d4f77278214e73ad |
| SHA512 | c52981ce9b836bd413b0d68516034a9f391ab8e2353fc6117a4af916714e0e2e6f74acb1782ab7bddeafc2c3f86fda9edf625eca14acd1a3de9c3ace2b65fa23 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\30909
| MD5 | 36021583f43d6b79f18e0b9261e9e5cf |
| SHA1 | 90dc186ba81a232e2c53864d58520b6e87478b22 |
| SHA256 | 8feac1eaac6106d050d886d28ba96acba5c65d5217bb8b881eae06796282ca40 |
| SHA512 | 3ff582bb6d3825a18d5a195cc03d6534439ae46ffd9dab46235e50ec60315dde6e2d69f1ffe53216f76ee06401a1a6849c0d284383fb68e3f42dba01910eef8f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5217bec8425db4c08f6b0b83345686fd |
| SHA1 | e43bd75b95b8666298ca2553466eb8dff126858c |
| SHA256 | 653941033229db9d060b94a0a4603b154093282d7b0c8d21a07b500aed6dc743 |
| SHA512 | 4035f81e2dc54cec39bb977b379d64d824001409b9b86e583ef0eea3f2ce45d5581ea69cdf14ff5c566c801c80cd1fe487d70262d60e842942eec9c66458aff2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1311b9fe8394da30f296307485f267bc |
| SHA1 | 5b0f8cd4f768637c43f4a1419be8b9d4fb6fdff5 |
| SHA256 | c4890d6e5a06aa94dfd6524dadc25d95c4bfa77ad8d704e62f8b1850e04a4e4c |
| SHA512 | 6de51b265f0c0cf3651e51f0bb70aa83cbb439c38807006e0db0d2eb5e52e7a3c628411db552d180609d9da2fc8db41ab4727549f41349fd5324c785cd05dfb7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | 68a9104bf26e9f1714e14c9de411c866 |
| SHA1 | 6943f123e03bcccc10227bb154fef2fe6b91091f |
| SHA256 | 3a679824e92b961a0c71dbfcccf0fb4f6929ef74de2a604b0cfefe8369d0f295 |
| SHA512 | 07564a603ca6cb289c3d9667c4a561487575db6bf455f79f09f98c598abc0731a2e2435368bc4fa91d905e10ba266f81e7d4f30ef7215464da6a33ca52a86f1d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | f66d14540349e2820cba7569f707635c |
| SHA1 | 69178b72350607149fbc660858662cc36d0c0148 |
| SHA256 | 899f123e598fdea72258dce4a074eb6b9d9f7c49bfeadb76f0dd88bb790a0e94 |
| SHA512 | fe5de9926ffd89a5d4cb0cd9a40ff60a46b610be59f6a1c5bc98982564a96f3338afae471d3cbcffab858e1235c51e0968426c2a56d716150633900a11e70c74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
| MD5 | 3c261e3deea3f2040b4e0fbd24a4962c |
| SHA1 | a742272742e587da3ec30a44e6e9ad4837e5b89d |
| SHA256 | 3926879add621d364751fd79f3fd32cf116f43b8d067698ca75af896e7a09e96 |
| SHA512 | b2a68eb9cf7bc770506c968c1ed774a8f51846a6eac8f47afa43c9f5edf7bd018162e72d2c783e1d1947ac0cc794b2c060194ed9bbcc1888350298b6a5462a2c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3b85cf84548809b4faec8dd410f0c0c6 |
| SHA1 | db41b44a892102c6d605aad9f3c56f4cb3217f76 |
| SHA256 | 8bccfb765dd6f6ec9872df9019cb2bc3ccb70d8f65598a5a3796d5d2e094bf95 |
| SHA512 | 98ca399651c8d7dfaecfe27fe495f4d540895612e4554e0081e293f9e57463d9e947efe8d25ed6c5ffa874d98480fdecdee3e9d6dcac34fb727dfe5413ba5638 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 1b584e628b6501b666a4867a6c615224 |
| SHA1 | 3d6bb397f06e4651137690304390328a8f580b95 |
| SHA256 | 00ec0cb3f537f1fa9775726b0f5c646e91476c7c26f5b9e50a4cc17a724038fa |
| SHA512 | 774d6c1770cf8de3fc08bff493284cf48136d410e44012f7f6077eb1554569a4dff00f26b3485f2178ac766fa41efd2ecbe8d82699a1eeeb2b1bb20d487ed6fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 3bec5a0393b8eaa07500e6425c649089 |
| SHA1 | 16b6dd92bf3b124f9e474d21f07abfcb678eed5e |
| SHA256 | c8c48a9f730c0b594c2e4f0d41fddb785e555a7a3b8c9f2b604703b89219bb14 |
| SHA512 | 9f9cafa7bb5b863a7466d719c902dc7723d3a3d09b9a76a471bfa40db6d8a55ecea96f0757dbe83c713ae2687edad0edc44128d04cceef0f080c825924211866 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-08 23:42
Platform
win10-20240404-en
Max time kernel
575s
Max time network
691s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Monoxide.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Monoxide(1).zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe"
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe" Sel=0&Extension=mgkabooemhaamambocobpeoeelpadcjhjgbcfhlc&Name=Hone&Referer=hone.gg&Browser=opera -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://download.overwolf.com/setup/electron/mgkabooemhaamambocobpeoeelpadcjhjgbcfhlc --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --silent-setup --app-name="Hone" --auto-close -exepath C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.0.1739363571\2054670421" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e4a0762-117a-445b-b373-90760f93013c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 1780 1e9a4dd5458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.1.2000674027\1031022344" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51406f4a-d35f-446d-807f-bddd54fdc6bb} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2136 1e999b72b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.2.2830639\581240713" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34c51a1-5d8e-42e0-89a2-bb7914d40425} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2872 1e9a8dd4e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.3.610869428\1527259637" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec01eeec-6b61-4816-a5b6-736b8d4a8e4c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 3476 1e999b62258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.4.1161379001\450923729" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46d32583-9ae3-4ac4-b84e-ace924b0d19e} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 3764 1e9a9fc3858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.5.14626809\848848808" -childID 4 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3380bfb5-867c-40ac-b85c-f613c561301c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4572 1e9aa9b0358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.6.1365614784\628681679" -childID 5 -isForBrowser -prefsHandle 4724 -prefMapHandle 4728 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6230a4a-ebf3-4736-979e-7fd19c4655b1} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4712 1e9aa9b1558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.7.945281859\1596812986" -childID 6 -isForBrowser -prefsHandle 5020 -prefMapHandle 5012 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b72db589-c2ec-435c-aeb4-51cf98c2737c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4928 1e9aafa3858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.8.1774190430\2124060386" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {650c6068-a4d8-4523-8f0f-c19c8bc4b2fe} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5648 1e9ac4bd858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.9.1023821036\1261658593" -childID 8 -isForBrowser -prefsHandle 1572 -prefMapHandle 1584 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {196adb9c-d6d8-49cc-9d9e-33a44bf490a9} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 1536 1e9ab178758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.10.1888445333\364346515" -parentBuildID 20221007134813 -prefsHandle 5980 -prefMapHandle 4548 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdff2ac6-1c7a-42ed-96cb-ac56786ba788} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4392 1e9acd3b558 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.11.165646462\325773862" -childID 9 -isForBrowser -prefsHandle 6120 -prefMapHandle 6116 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86f12abb-032b-44cd-81b7-c06881bfafda} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 6128 1e9ab3fa358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.12.481585323\1277186453" -childID 10 -isForBrowser -prefsHandle 4932 -prefMapHandle 4452 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54d79444-a741-4c52-b234-9996afc2f2e8} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5324 1e9ab3f9758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.13.2067926154\993237027" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6152 -prefMapHandle 6136 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a936d3c2-eee7-43c5-97f7-dd8e8a6509c2} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 6156 1e9acd66a58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.14.1055443582\1357413028" -childID 11 -isForBrowser -prefsHandle 10848 -prefMapHandle 10852 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9be14d45-34e6-4d0b-a1e2-422913f656d1} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 10840 1e9ad7daf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.15.774391784\256928742" -childID 12 -isForBrowser -prefsHandle 5848 -prefMapHandle 5860 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3ba81fd-f1e7-4afa-9402-c9f7aaddada2} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 1592 1e9ab82d858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.16.1818627064\1276702652" -childID 13 -isForBrowser -prefsHandle 5000 -prefMapHandle 4544 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {063a4bed-b6f4-4b60-a4d6-55a782bb46af} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4900 1e9a79f4558 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.17.1850729855\438472670" -childID 14 -isForBrowser -prefsHandle 10844 -prefMapHandle 9456 -prefsLen 26891 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf448c96-efc6-4229-820b-f2dd70321cfb} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4948 1e9aa9ae558 tab
C:\Users\Admin\Downloads\Monoxide(1)\Monoxide\Monoxide x64.exe
"C:\Users\Admin\Downloads\Monoxide(1)\Monoxide\Monoxide x64.exe"
C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe
"C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x420
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\co.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\pt.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ru.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\tg.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\uk.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff699b37688,0x7ff699b37698,0x7ff699b376a8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
"java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main
C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\hh.exe
"C:\Windows\hh.exe" C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM
C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE
"C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE"
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
"C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.INF
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.INF
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.INF
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\VideoLAN\VLC\lua\http\js\common.js"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Windows Media Player\wmlaunch.exe
"C:\Program Files\Windows Media Player\wmlaunch.exe"
C:\Program Files\Windows Media Player\wmplayer.exe
"C:\Program Files\Windows Media Player\wmplayer.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe"
C:\Windows\System32\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\Styling\css\PhoneDark.css
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\Example1.Diagnostics.Tests.ps1"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\Example2.Diagnostics.Tests.ps1"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Example2.Diagnostics.psd1"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\ContainExactly.Tests.ps1"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\PesterThrow.Tests.ps1"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\TestDrive.ps1"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugin.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\plugin.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\ui-strings.js"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\main.css
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ru-ru\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\da-dk\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sv-se\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugin.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pl-pl\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\tr-tr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nl-nl\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pl-pl\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ro-ro\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ru-ru\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sv-se\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\cs-cz\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hu-hu\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ja-jp\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ru-ru\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hr-hr\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\eu-es\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nl-nl\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\da-dk\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\eu-es\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fi-fi\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sk-sk\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-gb\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ja-jp\ui-strings.js"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Added.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
"C:\Program Files (x86)\Internet Explorer\ieinstal.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeLessThan.Tests.ps1"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeNullOrEmpty.Tests.ps1"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\ContainExactly.Tests.ps1"
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\InModuleScope.ps1"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\xpsrchvw.exe
"C:\Windows\System32\xpsrchvw.exe" "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00003.jtx"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analyticsnew.overwolf.com | udp |
| GB | 18.245.143.104:80 | analyticsnew.overwolf.com | tcp |
| US | 8.8.8.8:53 | 104.143.245.18.in-addr.arpa | udp |
| GB | 142.250.179.238:80 | www.google-analytics.com | tcp |
| GB | 18.245.143.104:443 | analyticsnew.overwolf.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.233.67.78:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.67.233.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49985 | tcp | |
| N/A | 127.0.0.1:49991 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nek.googlevideo.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1.sn-aigl6nek.googlevideo.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 173.194.183.102:443 | rr1.sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nzl.googlevideo.com | udp |
| GB | 74.125.168.167:443 | rr2---sn-aigl6nzl.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 74.125.168.167:443 | rr2.sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 167.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| GB | 142.250.200.46:443 | i1.ytimg.com | tcp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| GB | 142.250.200.46:443 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.204.78:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.180.14:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.180.14:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 172.217.16.227:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.227:443 | id.google.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 216.58.204.78:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.194:443 | adservice.google.co.uk | tcp |
| GB | 216.58.204.78:443 | youtube.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-aigl6ned.googlevideo.com | udp |
| GB | 173.194.183.74:443 | rr5---sn-aigl6ned.googlevideo.com | tcp |
| GB | 173.194.183.74:443 | rr5---sn-aigl6ned.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-aigl6ned.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-aigl6ned.googlevideo.com | udp |
| GB | 173.194.183.74:443 | rr5.sn-aigl6ned.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nek.googlevideo.com | udp |
| GB | 173.194.183.104:443 | rr3---sn-aigl6nek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nek.googlevideo.com | udp |
| GB | 173.194.183.104:443 | rr3.sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | 74.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.183.194.173.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.225:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 2.18.121.90:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.121.18.2.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | www.videolan.org | udp |
| FR | 213.36.253.2:443 | www.videolan.org | tcp |
| FR | 213.36.253.2:443 | www.videolan.org | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.videolan.org | udp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| US | 8.8.8.8:53 | 2.253.36.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| FR | 213.36.253.2:443 | images.videolan.org | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| BE | 2.17.107.112:443 | www.bing.com | tcp |
| BE | 2.17.107.112:443 | www.bing.com | tcp |
| BE | 2.17.107.112:443 | www.bing.com | tcp |
| BE | 2.17.107.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 112.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redir.metaservices.microsoft.com | udp |
| NL | 104.97.15.59:80 | redir.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | onlinestores.metaservices.microsoft.com | udp |
| US | 2.18.190.83:80 | onlinestores.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | 59.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.190.18.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
\Users\Admin\AppData\Local\Temp\nsc662D.tmp\UserInfo.dll
| MD5 | 9301577ff4d229347fe33259b43ef3b2 |
| SHA1 | 5e39eb4f99920005a4b2303c8089d77f589c133d |
| SHA256 | 090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc |
| SHA512 | 77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79 |
\Users\Admin\AppData\Local\Temp\nsc662D.tmp\System.dll
| MD5 | 7399323923e3946fe9140132ac388132 |
| SHA1 | 728257d06c452449b1241769b459f091aabcffc5 |
| SHA256 | 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3 |
| SHA512 | d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1 |
\Users\Admin\AppData\Local\Temp\nsc662D.tmp\uac.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
\Users\Admin\AppData\Local\Temp\nsc662D.tmp\utils.dll
| MD5 | aad3f2ecc74ddf65e84dcb62cf6a77cd |
| SHA1 | 1e153e0f4d7258cae75847dba32d0321864cf089 |
| SHA256 | 1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8 |
| SHA512 | 8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2 |
\Users\Admin\AppData\Local\Temp\nsc662D.tmp\INetC.dll
| MD5 | 640bff73a5f8e37b202d911e4749b2e9 |
| SHA1 | 9588dd7561ab7de3bca392b084bec91f3521c879 |
| SHA256 | c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502 |
| SHA512 | 39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWInstaller.exe
| MD5 | bd7e748fe91c5f91ae5aac238b4898c0 |
| SHA1 | 38186885842d2d59b539cc50a5ea7fef13fa170d |
| SHA256 | 6037a675cf68dbd4f8884c72492f6782ff242f0ebcc55129a7eefc3980b44e58 |
| SHA512 | b089714f99c3330ad70b159944f1e9ead702b3661074d26aaeb2a8c52619717685d1fb6fbc95b37063dc3da9cb5f0e0c0a58647cddd39fec8dcdc0cf3451fc39 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe.config
| MD5 | 82d22e4e19e27e306317513b9bfa70ff |
| SHA1 | ff3c7dd06b7fff9c12b1beaf0ca32517710ac161 |
| SHA256 | 272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827 |
| SHA512 | b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9 |
memory/1588-136-0x00000240F0CE0000-0x00000240F0D2C000-memory.dmp
memory/1588-135-0x00007FFD1CD33000-0x00007FFD1CD34000-memory.dmp
memory/1588-140-0x00000240F3160000-0x00000240F3204000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OverWolf.Client.CommonUtils.dll
| MD5 | 6a45b1f51b619ba08761fc91567bf0a7 |
| SHA1 | 4c29b1915dbc859ec462d13bfca7f77a9985133c |
| SHA256 | 4ad3ecd0591f8dad217d5d99e11d809cc699c28f55296845148254f6fce69828 |
| SHA512 | 8fd3c507338bee22af8a74922e1deb28e928734f208cea667bd12e434ec23636c77ccc4d33e9d7c9fefb87715dbe6dfaf75011c3a01619a5050656aad85a3419 |
memory/1588-142-0x00000240F10F0000-0x00000240F1104000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\CommandLine.dll
| MD5 | 1d859391711a062c5f48212686505a6a |
| SHA1 | 06db312b20ebfd24e1dd1f729d8ee8dba761c8f6 |
| SHA256 | cee8683c16cc43a542cfa1490894f555857eaf031fcdfb1ed7059e1538e21c8a |
| SHA512 | 340224199c171c3d5b9f06d4a9e6159bc7dab79a58324cffbe7f86857b1eef49e5f9d022b4ec907f9475aba334029ccdf06b8b05ec67b197a9c15809cd8ff7a3 |
memory/1588-143-0x00000240F3740000-0x00000240F3C66000-memory.dmp
memory/1588-146-0x00007FFD1CD30000-0x00007FFD1D71C000-memory.dmp
memory/1588-145-0x00000240F2920000-0x00000240F2966000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\log4net.dll
| MD5 | f15c8a9e2876568b3910189b2d493706 |
| SHA1 | 32634db97e7c1705286cb1ac5ce20bc4e0ec17af |
| SHA256 | ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309 |
| SHA512 | 805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e |
memory/1588-150-0x00000240F3390000-0x00000240F33A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\SharpRaven.dll
| MD5 | 8f6ff3176e7f0b58b033b3d3f1303db3 |
| SHA1 | dc21231170a74f459e45d81fa7dba15e0c6fe2c9 |
| SHA256 | 0ea20361a01f8fc8eab21ab5613e77d36a3506793d4487438c314daf86e90630 |
| SHA512 | a0a3b3548983d15936b8517c2b5d5fa624b902522ab067ad552bedbd361c3192fc2cae889da0f8c986cfd295cccbbaa91596f478154c42f1a1cafbbc7eff86b1 |
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml
| MD5 | 2d022dfc0d319df40d6609587c8b5709 |
| SHA1 | 303bdc55b8b51afe1e782dd35f7c13cd8418ea55 |
| SHA256 | 6ba1d34632514d0caa933422c86a97ffd272bde5b0ac7827c3682455a23ca83a |
| SHA512 | aa4ac9722f68357aac5fbcbd9073208d4079d03901568275aa9eead49ad7b7a63047d946277f3fae7f0ef521cd90336557fdc5440d7318ebf28f6bea4c88f9c7 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\manifest.json
| MD5 | b8e8d71fa7a9474c7875284925aaed4e |
| SHA1 | 0622eaee0daa6f3e36beb71e7a5c8f622ce2870e |
| SHA256 | 949d178dd878e2e5b5fc71a457503f139f052c54947f233a124ce1a0a6e7fb22 |
| SHA512 | 4ab844d7e120b12600e0600c6b7b948a27e02cec4171ec757da0f2e526318cc627c0d2be1ddf375b2cf3483addb2348305ae0fc8bceb6a527ba92beee20a5d50 |
memory/1588-161-0x00000240F35B0000-0x00000240F3660000-memory.dmp
memory/1588-177-0x00000240F3530000-0x00000240F3552000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\Newtonsoft.Json.dll
| MD5 | 98cbb64f074dc600b23a2ee1a0f46448 |
| SHA1 | c5e5ec666eeb51ec15d69d27685fe50148893e34 |
| SHA256 | 7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13 |
| SHA512 | eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\images\icon.ico
| MD5 | 9a03fbfd56d8e501797359aac3d72ed1 |
| SHA1 | b31e87a87486c00f9266559707e2cae4831f9d44 |
| SHA256 | 81c69b545c347e1708603fb912511d8eddf755cb27f37fdc6a6fd959c6cfb94e |
| SHA512 | 29eb96fe4bdded257f3330672b1f9f2086c28e1e863a093a6fb750b6e59210b47b5ed481e3828442f38c5c6d63ef37709716af1e3913afdf37bf8e574f976fb4 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\index.html
| MD5 | 6d8c9edde0ce101ce0abd73be45c684a |
| SHA1 | ce6d94d2d1a7f4761438781affd3aa991018e4f5 |
| SHA256 | f15c54f4ac4f55bcfa281b668220eb144e63b9de2292e970095a4dc566209682 |
| SHA512 | 06f35ece48e4e19174da18ecc5dcac3a7e4d7ffbb102c4859221c7c569027ca72e40c9ed945872bf4396bc02ced7ae46655c88e3ec40d0a2f2e3bd0fcec80203 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js
| MD5 | eb6d6bd7e05d4477e2704dd87b57ca35 |
| SHA1 | f42672ec1e23a3f4bcc2952746d87ba8deff44be |
| SHA256 | 5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5 |
| SHA512 | 1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\main\main-controller.js
| MD5 | 15b665a5c915004e1aa7e9e11a710f7e |
| SHA1 | 7821924e42bb19d60c572ff80bbaaa04d7aaeefb |
| SHA256 | 84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653 |
| SHA512 | dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\main\template.js
| MD5 | a118c7724c208f12083240cafccfd10b |
| SHA1 | f89c676a215b869626737862a08c9eb07d440211 |
| SHA256 | 63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc |
| SHA512 | 9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\finish-with-recommended-app\template.js
| MD5 | d1cb34b57cef7e28b9286454b197b712 |
| SHA1 | f3a964b319bab82d4eda07e126bbfd6dec35c349 |
| SHA256 | b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42 |
| SHA512 | 3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\finish\finish-controller.js
| MD5 | 138240ea22084428e9e25583e9156568 |
| SHA1 | e8bef7eab5b6e7040b996ec9504436e073444bd9 |
| SHA256 | 4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec |
| SHA512 | e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\finish\template.js
| MD5 | f092de7ea66d8e920b345f38537fa35d |
| SHA1 | 82d107a409f18878307ae0cefe24074db64937c4 |
| SHA256 | b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f |
| SHA512 | 14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\progress\progress-1-controller.js
| MD5 | 82f0b997ed552c52a510a9f2ab29dc3a |
| SHA1 | 92aec3a656053c71eccdde610130f5d8008fa96f |
| SHA256 | 838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105 |
| SHA512 | ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\progress\template.js
| MD5 | 92b145e6649ba0add3dee9a69d3fa91e |
| SHA1 | 4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d |
| SHA256 | a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab |
| SHA512 | 747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\app.js
| MD5 | f718bd3f18dd499612623852cd2a2135 |
| SHA1 | 9432b7898f655fbbd8132f4b3f8822959ae3ff97 |
| SHA256 | a14fcaf11a16ad7d904960538ca35d5b05e1c1b6a916f228db6b319c6195acbb |
| SHA512 | 90a697f93f239e8210ad47b6f012d3b40ea9c23a92ab909434d0e2d71bc3d9663d1aa73c64646e3dbf417f9636d1190b3d0cf20d349456dee6b6b8d5536d0338 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\privacy\privacy-controller.js
| MD5 | 15bbec339f5046f525e3aa96d36c30ec |
| SHA1 | f73d40bf06584737fe327f1eec6f4b0446545226 |
| SHA256 | 14d9c60cd97f18e74fee2dd80b6a190eaccc526085991f356feb6b4d330a0fc3 |
| SHA512 | 2b0edfd2d5efb3f739e56eb6f3bcfae4789af3e1639f5f8e5f7530f5af10eb1a61464d665c9d9b2f4eb3796f2445108599d8bea75f1709aa562feebee519da4e |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\privacy\template.js
| MD5 | cf8d2c26520d7c84e560dfa79e31dcd3 |
| SHA1 | 716f2ec17480d5cc9c145bc147833fbfc39d36f0 |
| SHA256 | 95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8 |
| SHA512 | d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\settings\settings-controller.js
| MD5 | 378c18dd7d5cee6ca7c4ddd0396b535b |
| SHA1 | d5f81d4fab29201fd1629dc4d8e6f918c0c30479 |
| SHA256 | b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35 |
| SHA512 | c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\settings\template.js
| MD5 | 28513de0830383a516028e4a6e7585a0 |
| SHA1 | d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5 |
| SHA256 | 8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f |
| SHA512 | 0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\welcome\template.js
| MD5 | 17f54fca6723b983875d940d931e0afb |
| SHA1 | 01774cd5cea36bd74c80a708d6f77567e8091024 |
| SHA256 | 42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb |
| SHA512 | 401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\welcome\welcome-controller.js
| MD5 | 50f676754862a2ab47a582dd4d79ecf3 |
| SHA1 | 1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158 |
| SHA256 | 6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b |
| SHA512 | ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\cri\cri-controller.js
| MD5 | 4e4b4a9e2d86ae3c108105078db6d730 |
| SHA1 | 826946be793c999316af6c1db10523950b18ea2c |
| SHA256 | cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7 |
| SHA512 | 1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\cri\template.js
| MD5 | 76c1ef0cb437db144c2bed53a5a8a5d7 |
| SHA1 | aaab8fff649f8e46d1e9510018118ee9abe01498 |
| SHA256 | 505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e |
| SHA512 | 822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\modal\modal-controller.js
| MD5 | b04bdfd1c7d09bdbdb94a2455fdd677b |
| SHA1 | f000ba4866ff16d75bfd6cf446763498e19b12b1 |
| SHA256 | 4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1 |
| SHA512 | 3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\models\notifications.js
| MD5 | 85afdf9897bb1236eff3afa40d15ece6 |
| SHA1 | 4362bdd139458eaf4a2dcb34294b43e2d53f4a26 |
| SHA256 | 9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32 |
| SHA512 | 4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\modal-events-delegate.js
| MD5 | 117e4fdbdb0ecf211c8bd909efd337d1 |
| SHA1 | 9f8684d856b7c95bdffb139217dfd89f41373187 |
| SHA256 | 267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857 |
| SHA512 | f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\cookies.js
| MD5 | 6c60e675f8c8c68c0174b644d3a63a2a |
| SHA1 | 3635a3fe07ccc4a6f33a986ddb690522d0611abb |
| SHA256 | 9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287 |
| SHA512 | 1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\commands.js
| MD5 | 65015f2e2e490f6786abc0560e33e1d0 |
| SHA1 | 47b5c2b3b1f9381e4d2b9d1f3d82ba62828ce28e |
| SHA256 | e874c959c7b8e4351d730d263231df7176b5062580a7d3e0a2684001b510f5d7 |
| SHA512 | a4ad579acfa6000fd8074893a6b45df74558c57afd5b957217491784fa25df370c59d9f92ff245abbdf3d26b42114cc22359ef95c4baa322e326c7e210f43edf |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\analytics.js
| MD5 | 525281e9959af4c1c0d11b9243c798a1 |
| SHA1 | 237a84c5b57bd132f48446d718b20640cb28c263 |
| SHA256 | c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d |
| SHA512 | fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\utils.js
| MD5 | a0952ebeab701c05c75710c33d725e7e |
| SHA1 | 1da8a2e889f1213d481ae3cd5571670c01e64adc |
| SHA256 | b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246 |
| SHA512 | 5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\strings-loader.js
| MD5 | 9c94eb933d8a43dd3825e67a7e30c980 |
| SHA1 | 7ec7b16af6f399219209ba5967d377040486a11b |
| SHA256 | 96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf |
| SHA512 | a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\block_inputs.js
| MD5 | b5b52c92b90f4283a761cb8a40860c75 |
| SHA1 | 7212e7e566795017e179e7b9c9bf223b0cdb9ec2 |
| SHA256 | f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544 |
| SHA512 | 16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\libs\cmp.bundle.js
| MD5 | 1de143ca1babd3c02744f478c8c05c5f |
| SHA1 | ac918b3d2d5f9cbd9e3b3f5e075ce3c96eec16b3 |
| SHA256 | 7fbc3a088ec303143109e0c1b2c04f4c5a6e450a2d6f3071fefb66e92f643ea0 |
| SHA512 | 6e419e11f35a3258124127970961907ed8fe0619f618a4c15542ee7f8a01a9f4a7af4d290b634444d21b823ca1afea65f97d5788fff6665d55c2231214edff24 |
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\libs\jquery-1.10.2.min.js
| MD5 | 44e3f0db3e4ab6fedc5758c05cf27591 |
| SHA1 | 2d408aa1d35661019c95adcc60b78c0727ed25b4 |
| SHA256 | bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144 |
| SHA512 | 4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc |
memory/1588-214-0x00000248F6DD0000-0x00000248F7576000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot
| MD5 | 6cfad5881181ae658a6efdd68889a690 |
| SHA1 | 5b54f6ccc20ed3a078fbdf94d7a68ac80002624d |
| SHA256 | c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc |
| SHA512 | ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\8bf27e4e-cd15-4699-a599-f6d472b38e1d
| MD5 | cc2fe54d490d683007bdb1f0996e19ad |
| SHA1 | e931c80d9cf19fdbfb76363cae6b1c4ad3cc339b |
| SHA256 | 57852f06633782a4a8d98527a1dccf237ddc89abd95c70034b9ee40e0d24d28e |
| SHA512 | 6706eb7da8d7a915efc5c51513dfaf7e47527791a3ac13281aa796e5aa481b02f444a50c012773434ad4068d6c5ef630f133da2690a80bf81f845a7538fc2f1f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\835f2a8e-d8f6-4044-9e78-36aaf60a8c1c
| MD5 | 4f651bcf23462d09d63e563c6c738bcd |
| SHA1 | 7300d73b80a0036859c612d15f2b8d7a305daf38 |
| SHA256 | 14a84ef21ccc6bd570e359b21d9f64ac27d72b88ebc069f37791bc8c6f13f70a |
| SHA512 | 705827a4f065b97e9fd9f3d5724b6c5157976b3f0940a50f2d50fa785a54bfefa2f9b61f1ea4b24186349e694013351ff23a2adf45aba3633259414897caeba2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7a6c4292c9e684009999fe40abaed3cc |
| SHA1 | cc4f834e931907ff8c20a1d3c08f3bc019e20682 |
| SHA256 | fffc0fb2ac31217fc4b6641da670be022f6c5b90dc709fbe74a10ced4dd51193 |
| SHA512 | 65b4b8c95387d58c7e49bf55626c6ed2bf4c88d4cbf82cec5ad7e6f53e2ddf6c08b34e4b66458bf8be9e6e7aa09118157359f78aecbcb75c58cadeee9940c68f |
memory/1588-291-0x00007FFD1CD30000-0x00007FFD1D71C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | a403e48f95e5fff607f4398713251c7b |
| SHA1 | 884480eef9db97b2338034b663fbe041705fed9d |
| SHA256 | 7fb17cdb9bae2ced66ebcd0b733bd4c8aa412c9eb8ceba27aa36db67dc3a39d5 |
| SHA512 | 3d5eb003048b30bf786dd41e1a8acc5b7a4a9fbd9129e4ca0704cb7e3019d05a9664c7b51c7f074e410c2c3746ce5ea114dbf88401c68afec023e830f3736f7b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 639685a52ba2554bb04d208d4385fbad |
| SHA1 | 5d37c76ec87e21c8ebf651d8e2d13959bf734cec |
| SHA256 | 73afa19b659a032b62bf62bdd48b5d2c3ef161d0a6bb41f6154c2d1115378feb |
| SHA512 | 0146751b13dc1fa3b66475875a9c71cbd46dcecca1c2cccc0e7125a220bdc1b610b658ad36b09904253dc14e6b71d879f2e97c36e144a67427cd8aa41c67da3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | f53e9212d949ff1c7d4a0eccdb2f76e4 |
| SHA1 | 5fdf7b47226b812a6532a18cfd3d899db951d097 |
| SHA256 | 344a18556ad8c5896c4fbe49759cb14b459ab3ee044535dc8da32bacb82be3ea |
| SHA512 | f975e213c563c2094cf03c93d8c6924506f8e6bb670f56e3c5f055c17295e264142b0a1a5c526fc51a0527517966aee5446cb427e28d63de6f678205b7dc1b52 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 43c431d051c602ae68ed89547d8675fe |
| SHA1 | c39b86197bf897bf22820dcd8443aa138d6ae4ba |
| SHA256 | 1def260adcac94bce9f5af9d571f4ac1a9f4398546aee7971c93579d59217d8e |
| SHA512 | 9526b836e62fb0634f4a250fc371d479a60151b5e59da093e270abc82202f39e480959a112c81a6a168a9949f875554fc166c804c5657cbfb25bf84d5cd7edc8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 110f03a239904adf797ebee44c694697 |
| SHA1 | ddb106931a423d4dce0701c4fe503eb8f068b3dd |
| SHA256 | 4ffb0b33d68adb6928b2c0b42d4f5d5c702477d87aac4550ce9bbbcd8acf0b4c |
| SHA512 | 8d41de24c0fa583b52e37907f44ab3682d154e2b6a898840f427bcf02e4fd392e3ec0bba15ba1d53714d5fd3aa0c55701efd0ce3c03ca2c81715e2792a92ef64 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\idb\2232182701SeesravbiacteaWDosrgk.sqlite
| MD5 | fb6fecadb04c5cdc9ccfca789b6e0a44 |
| SHA1 | e0f118efc1af5799ccfac3e01dbe799ae3106067 |
| SHA256 | 0a439b8a109de3b143b33d85c946c01afbfc7059913d6df6ad6585ad18338cb6 |
| SHA512 | a7771ebb22e58ab11a5d4bc5ba60f9dd1c1e8915cb2ae9e79215b1bec0f725cda8641284791fa45ca53bf64f1a1f84d8319f9ad21377552a5d73cbc3ae3fb011 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\37\{98703d4e-9b13-4e09-ac0e-e8861b993625}.final
| MD5 | 2a252393b98be6348c4ba18003cc3471 |
| SHA1 | 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598 |
| SHA256 | 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee |
| SHA512 | 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bd51226e69e8a2d9ffacbdc8c1aca5b9 |
| SHA1 | 4aa407723b26f7ad01be593ccd7f08223275132e |
| SHA256 | ec115dcfd33b052d48cb0cdb9387fe774b824d8aa1c668cd754d981b6a9aaa74 |
| SHA512 | 5326034b6bd19870f74188462d936ddab7315d7e050885b964e9ea1717cb0965da901138752f3d4e1e82e80c424191d8f8a49fdff3efbce840109be91dfd5542 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\8394
| MD5 | 68070d6b008059d8256feeef5cec260f |
| SHA1 | 5c803fdb00da8ced3c51804ad5b6480a6b689064 |
| SHA256 | 5d1d6e6d55730f5a3ff388df3f601487f3f5eb79648e83655eeee09a8608a1c9 |
| SHA512 | ab3e1e25bdd6c7e6dbb7add25ef4e2dc69c939039a128c98878629eef1902463769f86eaa059269dec204ed47e8be0ce9bcb3d5b1216b61bb676df0093d1156b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\9078
| MD5 | 097a53d4e48842280dd4018773d4d77a |
| SHA1 | 6544fee77111f8c59071fd6424fbd6acce5ae1da |
| SHA256 | 129dcf505a32e84fa0e3fb00b0ad04b8732f29d388fc681278534899e6e0cca0 |
| SHA512 | 1c15b6cf7eb22a151a973623d005bcfdff2343e3c05e68a9f3f53db789d156f4de4960ef8f48d0f63fe8a4c433fc33c9ae61ee210fed24a916f142d3225821ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ee6db88e68908ca663f4ac72e5f7fb92 |
| SHA1 | a1c4d7a938f3240f0ad995f34c2980b2d446fbc2 |
| SHA256 | 3be903cc5f6e653759cfe2a0bb8fd7ab62bd5096f95402cfee87311f4fd1e64b |
| SHA512 | 7ab8260c608bed854e50c078fe19967361e3262cf59de2d67d9d7ef9b338d4c71ce4bdbe0240c3f1a49a3c5ae31d63d48aa0eea53bfe6b8f6e93207c3c627acf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{21b1f832-e694-41d8-b8b9-bb47a4a7bff5}.final
| MD5 | fbd22789de072ea78ade96d207db2363 |
| SHA1 | 86b5c4d2835c1aa67e84793d7ab378d4294f8221 |
| SHA256 | 20514655537458bb5b40f09c97ed8643d44b066eae423f050e5805742eceda7c |
| SHA512 | 7479a22ab87eba081f3085efedff571277f6918762dc27852f536ade5c53306e3916cfecf5179cc87ef17b649480c5947a8017987d4cf8ecb07c21f64b6ad709 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\226\{e16eeaca-651f-4e43-9e62-30b79baa15e2}.final
| MD5 | be203547ce77fa7a91259437b55c0d1f |
| SHA1 | cff2ff2c9469ac96eff7baaa308cdc886fab804d |
| SHA256 | e5f9c781a4756c64455652d9b4bd944aab9ecc1eef556814c00b1797209f4840 |
| SHA512 | adf00778a63ea8a143f8fbbf61188392a87a376234e17856339036854cff3a5247aed0b1c0b603332e244d348d58402ba58b32f6df6cc8e18f9d8242f6573f71 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\63\{db7a0f85-d441-409d-87a3-c7094fc4ff3f}.final
| MD5 | 45e25bb134343fe4a559478cd56f0971 |
| SHA1 | 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93 |
| SHA256 | dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678 |
| SHA512 | 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\67\{05cd494a-89fd-4eb8-ac6b-9741a8109143}.final
| MD5 | 5b0f165bbdb71faa1bb5b26c4f022e96 |
| SHA1 | 704bbe81e0d8370e675246e1cbb347bf8599aa45 |
| SHA256 | b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f |
| SHA512 | 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\126\{ac97ba4d-0b3a-4059-9b89-f86ac923f87e}.final
| MD5 | 51bb0fe00991a2ae6707b3aefc583918 |
| SHA1 | 21ec201ebf41ad57faaab02f7961ce5a746e6dbb |
| SHA256 | 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a |
| SHA512 | 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\11F50A8EEC3EEAA349ED4266D483813BF69FCDB5
| MD5 | d77b50924908013a24b92541db58745a |
| SHA1 | fd7fd494a881de0a8b34cc12b2517f13993d955b |
| SHA256 | a9331246b0fe365393216e4acee3b15b88e8d62c840f81e3ae6879463f999504 |
| SHA512 | 692c781d8fe3a15abf86bd228f3b1b730b4a95f1412736573923262ed5acb599d1026d20df6371e1f00934bc66d7234f7dae2ea194df08c206049cb2cb22997e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\20\{04ad1906-3c52-4bcd-9fe4-bd97f9d1d714}.final
| MD5 | b719a3c8378a40cb900349ad2a922921 |
| SHA1 | 10a71eded94cf7fcf70bb4952a35434526264e88 |
| SHA256 | 7d6082dff0e7a043a631ee1ac1c1e094458d7f7607d075db809ca60f531539ba |
| SHA512 | 5bbfe366cc072b80c4d35c45ec91c4ce60a6f5140e6ad7109554ca3dcecb765336ffe938bf490e99c8edddbc3571d41c8e2a34e1becdbd9adaf334b15207e167 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\95\{37cc969a-981c-4864-8600-023b03284c5f}.final
| MD5 | 030dd07949fee4d5e67e6885b76ccedf |
| SHA1 | a83002727b38d84882fdc444a3f5d7fd7963acae |
| SHA256 | 95c8349deca56128ead6daceb682594a737a5af8a03b70065e1f2c6c4fb84209 |
| SHA512 | f094815a8ed89bb7e6376238142cc13887694fb184d9ffffdac56b7fae2bde2ce7acf3d50c0431d14ca2e03620526cc21bfe1b6c44b467e079e30e9dc3a8e87b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\217\{248d54aa-a911-482e-a632-f9cec92facd9}.final
| MD5 | 184e8de5f2d1b10b1cd688026dfec0ca |
| SHA1 | dd632464c3ad026e57bac8efc3348eb7349dad84 |
| SHA256 | e3aaf869118c6db298d843c5308262f88ce5ba474d88e7043badfdea4471c93f |
| SHA512 | e3495544032b7f6760967b0ccf57861ec5454bb32e8f5f7d2165fa63e6ab580e278275a1f719fa55fa17fc0a3aa9788e15ba60ff2ea0e25557f0160607066143 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\241\{2de458bc-c838-4219-b763-7c28a21be5f1}.final
| MD5 | f8a4486578289f338eccea68bf578c6e |
| SHA1 | 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35 |
| SHA256 | 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a |
| SHA512 | e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\59\{b8e0d13e-c102-4ac8-89cb-472ce93dda3b}.final
| MD5 | 41d7c0ee3ebd3ecf60e8f06238d8976a |
| SHA1 | 313d08e7b04eefdb0ec87504462f522d7cb94d4d |
| SHA256 | 7b48b7ea9af7535de272491304ba8988db28c4cdf0d50c800e7d461666e73efa |
| SHA512 | 9619b290dd7e07d7a4d9768ee35dd564e37f1b0f4357bd2cb8a39c1289772f275f23f260114fac395974f544ff70efc168285a34611f40950eded0735d2ca6ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\165\{72d5ba90-ef2c-4aef-959c-0870c2b101a5}.final
| MD5 | 18ea68569ded72b5f8f681906febe6a4 |
| SHA1 | 5797e923cf4e23b0c5b834923ed11b3fd101ebf4 |
| SHA256 | 3f7e5effbbc5b1d293c34e82334eef3f6f20195436b46a97c9322a406af63cc6 |
| SHA512 | e32bfa8081fcb47042097617f10454358b0fa206db22cf3d4ceb09c7134ca97c4cc3d8d283e1dfe7b4db13c0254ca9aae2fc2dad38d50cff4375373d76d9e060 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\85\{f9f628bd-1ef4-446f-b90b-a111cc58e055}.final
| MD5 | a601665adcb4c6be23f3f43db3ecd713 |
| SHA1 | daf1dbb4c74201e6e986283fba3603b508d576d2 |
| SHA256 | 38f281885066fb223a840e11199c5fe053ce470857cb8ffe5fdee25e226e2e7a |
| SHA512 | b60b5afbcafcfb4d4751dda855ce4e40674ba635a28dee30b9ee8dae0cc1a751623ebcc3f1657aa1e847ba317dbb4bcdf44e73fd68b96ddb9ebc3d0a73bb5ae8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\17\{575f9674-cf12-4ea0-b5ce-ec8282a60c11}.final
| MD5 | 31f682f3d011c942f1c41b7f915eec10 |
| SHA1 | 0163e4cb475138b8f6ef221cf0bb15055f628f4c |
| SHA256 | 00392c87ab0206705a7f066ab9b2cad308eb3b2d0b538fa535d053b0c662c48a |
| SHA512 | da32317bdc01471cf7fe107c80d3b69646aafbde3ba9ef7d4fc674c56034d78dfc08ef33d8c133cdf198e4ce265625c8411cd85b2cc6d57016af360129db733f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\141\{3e013cf2-aa6f-488b-a47e-fceaae0fff8d}.final
| MD5 | b0e3a03d13d45c1f130df30ee51eea72 |
| SHA1 | ed19adf38b3978300a958e5287546be08c8fb371 |
| SHA256 | ab156c3358cd6b946718508bda5099c8cba2e4583e3d03fbe0401c0e6f20e5e7 |
| SHA512 | 3fa2fbaa7f78f69d0df8e3b8211ad56532cb0a68a9ac89c37fa5354fce51e114babd0673f2f44d109fe2e518ad7806b7ff3040a840e3099be4cc5f6dc07f8154 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\210\{d8d767ac-8781-408a-9591-185c324d2cd2}.final
| MD5 | 0c93d244125f8056cc0a69a4ca53f049 |
| SHA1 | e35678e1a49498e40e1ed508b521e79779a6d25a |
| SHA256 | f286ce18e4e82f60816536d23dd2b1708cc45a3d1850b132b282feb1d5aec4f9 |
| SHA512 | 198952bcd97b9497f6cabd7c9dd6cf0b8e75416fe5a2eaea15ca1e30919b7219be5b28985752834f0b8d501b9d6f6b637ac799db078a16f1e7e95480dfedcf5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\105\{60df6f90-4d3a-4b20-89ef-b554135c9369}.final
| MD5 | 93215d67966bcb26afdfaa76aa00aa91 |
| SHA1 | aa3252645abeae4e228d6595c93d829afad380a8 |
| SHA256 | aaf4281ab5534bf37010c4e3ed86dab18a9f4cf8185f85ba7b0e6ac59c844849 |
| SHA512 | 52df1847b0b802417b245e1fd51197349639fb25ece34a48003120b2920255b52848b3318f0f9602f8d8bf22bc7e761082befcd21b9d06b6a1e882a23f8c9ba6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\14\{ea1bdc76-047b-4dfe-9863-7e865eabb10e}.final
| MD5 | 8d9443186ccb116d608c8970023a6c4f |
| SHA1 | c280277c0344161167dd348d9267548041e95124 |
| SHA256 | 70feeade7e05a69d4604df99cf1ff6793f7aed0879ae06b50a69b86906a892bf |
| SHA512 | 66240fc8a36102b8d3cc7cf157dc80981bb05ff707efa775b82ad6219fcb72fca9a3c45f30aed6147b222356a06a9b4063c9967f41f1a246735d68bd502eca51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\137\{4e50b760-9a13-4448-ab22-f46eb0d15489}.final
| MD5 | 9d8bbd70725c7ef1461172bcc4e85c13 |
| SHA1 | a4c4db2ae4f58c81ca1de7fced23b522d6bb8f73 |
| SHA256 | 4fd302f56fcfae608964aad2038a1570e38e96b82d52d590387ac91915a8c8bd |
| SHA512 | fc90e23b5e86c1d6aab537069159ce5eeee5068817b6923bcfa33d93e54358fc38c5dd8ec4638b9eb5349da1fed4679af0159ef958cf48227efb14dd67511811 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\15\{cd482e25-cc00-4183-93ad-e9040f0a960f}.final
| MD5 | c6993227cd75c082eb25aee8332d888e |
| SHA1 | a2e27914baf9a1a4b8579506f419bc7167dff937 |
| SHA256 | 75c2bda8599570de972a83352d94cebc61a2bf66c8470a0461f0803c59dd8223 |
| SHA512 | bc37854e6471273085bd3ee362ede016fea6eaccb11194f749c3a092bc803df07c7dfed2d0a3fa538cd447a21d4875f95ccac3ff4f278c96249e7110cb968b39 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\171\{fd89daf6-f2b9-4bbc-8414-442dddbfe3ab}.final
| MD5 | f5ec5b6fdcb0fe6f76aca19310305268 |
| SHA1 | 46d30ca75e110987809f6cd78f52b5cb35302754 |
| SHA256 | c9f94f5a2384b5a253cbc563cae021fb1d15762412fabef25d90b4f0c60814d0 |
| SHA512 | d22ba260c9738129d976df698208c8cc7a9b70dd89c0f81f995f0105940a2956e3097adfd2c300c94387ebbff54af720429795ee1bf4d81f3a1b6a6cc666940e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\162\{b075ef35-b5aa-4e37-b1b8-4baf73a3cda2}.final
| MD5 | 32355676adf4c64f1fe47b92f9500b6f |
| SHA1 | cc2a0c3f0da02c1a1ac32a3a5ba417010f89f73f |
| SHA256 | f4b28298d53a353c23a88b0c82002f1036c376d22154ed21630a8c1d04e2a841 |
| SHA512 | 1945dfb8bf90df999cf7aaed9c881b2d10df4a3550f2bceaef655b2379e79d8128ebefdcd4f37705c7b42dcabbbc4c25dec1c1f9559f4e727c6df45f769a2f95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\57\{15089b7b-701c-4496-9fa0-5f1bb2c89039}.final
| MD5 | c65b0ec9f20fa9e69df1fad2b2a28e33 |
| SHA1 | 4449fe9d195163e22a0b205966b402058d9e8bd2 |
| SHA256 | 0500a3b5295d9ecac1151418dd4279da2aeda76e2b9f05ac56967fcb882dab01 |
| SHA512 | 19a870b77f57e555b2d67116dee5487e700bc64ccf689ef98fa0e54fac162351127c09523f8e8d9a3c3587ce089b84eb5e81076486dfbe93171843b6360f5516 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\44\{11451395-af76-4539-982c-f326516c072c}.final
| MD5 | 004c0529776665be8335ef4beb8d0eb6 |
| SHA1 | 8b1fb58622c92f0ce3e490bbf21b532818797f8c |
| SHA256 | 493593022b630c1c1bdfc20479ebd34465a1bc79e066b04f388c6572375b0005 |
| SHA512 | 6ee9bb5cddee2ae52ad1d3f068d08011ca5696975783fcdc816c0e16dd27c87ec0957d6c4b63cdbd76664899fd8f8df087db375a5eaca8b9d494430a6ae09efd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\166\{9ff4b6b8-4a36-4972-a19c-d2aaa20402a6}.final
| MD5 | bc7d8425fe4aaf118642e9a60d1b764d |
| SHA1 | 7456f9cbd82c691a2832ca856873d8e00901fe1b |
| SHA256 | 0ef51d3deb46884c157b25b78667241a8809dee794e3402c07b3c5fe972c1d92 |
| SHA512 | 0a2dd57fb2ea736faa79c3127af31ad0671a06653d5bd152597fff5275c38d816ad1633cfee6e870c2de82aaea14a976d627fac4458c688d3650ad8197173301 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\25\{5ace803f-210a-47f0-9ead-391f70697419}.final
| MD5 | b6c6d354eb2e7e52adb948c0366f0053 |
| SHA1 | d7f4586d41fcee9be681c70bf002d36f6d2ed624 |
| SHA256 | 8383e636c9249a611493d7c83a9f02bbc0d9566d5d3389d8082ad6042271ef28 |
| SHA512 | 9a08680e4aef9e54a24e7956858ffea9871f874966cb36fef70b5e49f6126b2662c443b4049a3c4d74fdcc00c83d3af12072fadb11a96ecddbb87280a0a2303f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\211\{a8abaab9-e596-4b9c-a5aa-7799fd8915d3}.final
| MD5 | 253a9d7dbf4f2f8141599d38f58f86ea |
| SHA1 | 0766863065b6c57e98fb00fad0e6d8ca1c1f6aca |
| SHA256 | fb659afa77a61d064962153784f63ba71e453e597d98b770c02aa31d1cdfa7d1 |
| SHA512 | 379424e9196ca464ecff6e513cb32a296a63afa9fbb8d19561d0ce9cac304440896f4efb71956bc781cc51eedbda4f6d0e588e075ecba82e482ea2bf6aeb7371 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\207\{19f0f5f7-9841-4e37-8a17-14b13bd5c6cf}.final
| MD5 | 7732897c3667adcbaeb632ed111b170e |
| SHA1 | eee532cc36738b7e586c193db814a088896038ad |
| SHA256 | ea06cf7afba50fefdb6b8ef1a084dab27ba0d9b578814b3b79eecf474b200b67 |
| SHA512 | 08a7130e9b36e13b2cf41be54a7eef19d209c494d177dea1d11e2e224f17a611c649683fc5b49976e244dfc4d91944ef481fe1cbe08d130126817180b97a0717 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\74\{d1b5ec2d-c05e-4547-bff7-46d4985e6d4a}.final
| MD5 | 50af989865f9dad63f573c5f2bb66321 |
| SHA1 | 91c2c613fe2faf799d1916e3245c8f7672926d28 |
| SHA256 | d36552977b70782f63c9fd0ebbadce131eb78616c7c5f0e0274746cb0adcde8c |
| SHA512 | 074f69af44958bf010198bdd2a37272d30da53a22d58313606f5c1f19d67597b98c6cff376bfebf63e199f3965bee93a0588cca0ad70a8eb9e9de3ad9afe5d29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\236\{77a09bd2-8815-42ac-97dc-7baafbfad2ec}.final
| MD5 | 830028a05fd627d68ab70e41825f7f63 |
| SHA1 | 721199e2f117990f999b2a41d91536aa4790fc76 |
| SHA256 | d7f263bba51f160914640b1310d713268e564d9bb1bbb878e67d442589edfca7 |
| SHA512 | 7af9479e45a89cb49053df5657133a83b86553cdbac5be5fa18ed069c111021ad7d82b02404bb3c35b9e8dc1ed66c3c05bd8a5e8afd4c0d66a598be3ba24641b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\110\{27a3d7da-be49-472f-8a20-17af13585c6e}.final
| MD5 | bca3032426d23daed1b2d997b7bd5fad |
| SHA1 | 76a4776fcca6e6add4773481b6b3a82a7c3f5a34 |
| SHA256 | 41b63a851c63d3c6ba8bd92548013e1a472973011f0be1b95eb2e29697b32b34 |
| SHA512 | 67b6c14e89be76624f964eca71653977f3e4c5d8364fa9e008a6810efa9d0ba359aafa79570278bd80e57b6e31820d27dda06a588873c181ee96d8c868c4b822 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\21\{75a03746-aecc-4c74-89af-0525ee241415}.final
| MD5 | df74de9b9890000872199833e120bb06 |
| SHA1 | 9514f328171b10d04003469f6dc8a7a4f7daa741 |
| SHA256 | 3756c1dee77d8250d1431077670e560f38dd9081ec36fa0b5f7f17ad58aa1f84 |
| SHA512 | 73b313870183d2fa4ca5c38d2192b902c7a79796af1fdbe5e64d8b2d212d2ef85d0bb57f2ba486ff8610f22a9e952bb15947289107ac0d1d307c00015f4baed8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\177\{b6b58269-c8fb-4398-a54b-dfe31f5655b1}.final
| MD5 | b85f318ce844cd0ac2d4ccfbfde4d2bf |
| SHA1 | f3eea534e7b991836ce9eef594480ddb1bda1987 |
| SHA256 | 480677e695c4b197a66db44b3d42f937f304e44fc560c6690885827cc99f4a5b |
| SHA512 | 1f8ed38e5dcc51daab4e6bc8af64e6b1b8316436519ccf21b2a8414f493efd374bc541a4de3a00fca1b9f48d113b235b657a94d9bb8aba4eee58d0802c1e10b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\49\{86aade82-14c0-41cc-9726-baabf8ff2431}.final
| MD5 | 2d5401040d875e10273c9d8ca9fc511e |
| SHA1 | 79ba0a97214692e52090f4d2063deb4f20ade88c |
| SHA256 | 31342b78121940f85212b9b664588235affa0cc7fa398e80d5f3914ea12efe88 |
| SHA512 | b82ca313bc8e3daa966316e10c8303d144aebce1c00761df10790b93113b6eac2ebca429f099d88750427dff8de2a7448fa470e5cc2eb000c7cf71ee73c3edc6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\215\{f364ad47-5667-4e38-ac27-5db586eec4d7}.final
| MD5 | 2300eafff09d478fbf68f49fdafbff49 |
| SHA1 | 12f127da15a69beece4f71f600975e0503c77ce1 |
| SHA256 | f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f |
| SHA512 | 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\183\{0dfb372c-c0f6-4fa4-b20b-672ed87e71b7}.final
| MD5 | 5a85b3ec969004ce7b23e6712c04860a |
| SHA1 | dad284278108abf777290add4971eb92142d52aa |
| SHA256 | bfa4bd5ff49d8418628f3a3c0da5b6d8a95d5436168b9482d6de954c0fea74b5 |
| SHA512 | 37d836d572226967995b3f20557f98e4e55b89c08fdfbddd4dc45a6d4ee90a24e5dc8276d0e1971d7b366712bba3382086183e1498b006905169b758e44394a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\108\{3535fffd-8fae-4d2a-b315-6b78db5a986c}.final
| MD5 | 3183686d3a59ab0d15fab2be7411e186 |
| SHA1 | 22d29c6b9fcfa649773e12680f00d868e6714485 |
| SHA256 | 2a1c50b6d5014af422db7ff5661a5a68cb0c27ee9cc4768c99502ada0eb63867 |
| SHA512 | eb7dcb18d20e28d283ea7d4cfdc08c0da81e0499089117ac068194b1ca2be661d380fe7d938d5828c42d711842bd3793b2dc2a3fe6285fab83b90be4fe3c7b16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\175\{f4614075-a36a-4445-bd3e-267a9c0576af}.final
| MD5 | a5b6e175f5a577af3302c7029593adfc |
| SHA1 | 7b21982420c602f2678b28d3eeb7172d5c491903 |
| SHA256 | 02240202d841f7910cfc4d17aebdef67a1084e704359fdf544d80dec3809a8e1 |
| SHA512 | 9e62f4350403815e642a70d746bac7c8862238a8f108491f6e33031db7ebef4ce91a9a97d83f9fe9c15dd70333bda1229dd7d1ee709f964dd8c65071833b6544 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\247\{3185e56d-db66-4d5c-a3d4-af62b45504f7}.final
| MD5 | 440b8569f0166adb464f65b587fc1864 |
| SHA1 | bd9ec70774c72144b24d6b025169adcf97f4100f |
| SHA256 | 7679aaa38924228f58794ffd76387e65f03fb1a7ed42ba79a369069f2da4c13a |
| SHA512 | 2a4d57dabf61b213de49a46569ad00401afeee417d28936851c1ea346d65d5019be0b8092d1857b58ca0bd0f2a1407452920a2f3e0a69688d61bef25b419fcbe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\10\{24076644-c950-4f23-9dee-6cc7982c760a}.final
| MD5 | 4a514bed69506c494569d2de079a4565 |
| SHA1 | cfbcb0c9ef303e49adb4f8c85191593dcbdd95f6 |
| SHA256 | 9b16a083b682783c5014b9a1f4f6914ec9399100e86fd5e56a82fec41ea96a68 |
| SHA512 | c2d81af256d7d5e8bf9b4c2ca467a1972aa625511ad0d63c5da573d0916b85b1b09babf4a606d94f6b79f3db26bc00ff8c4b08db485224383d487749881b88fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\63\{7b335b0b-5850-4670-862d-a05512d5a43f}.final
| MD5 | 5ecad04347c2a8c59c4b6a885e947fcc |
| SHA1 | ddfcb94ac1af832b6a831dfabd66b47138534ee0 |
| SHA256 | 9fb212fc86221efff20faff19c616c41932108a588078ed6a6377cde48e81d4d |
| SHA512 | 9a79703298ad64b902f6a0328f6c80031f540a7267ce4f4c96cc33b6b9ab2ba23f1b190f0ed1a51da1ed7306dab020ef30f87331da5cd77d01789c5e8887faf4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\208\{653e9caa-45a4-4b97-8814-ced9443b1ed0}.final
| MD5 | c4e0cb3d3de8b6bcac527d2f0e5ed241 |
| SHA1 | 2425b0c4ddb89f31d101257662629cac0c3cf0af |
| SHA256 | 3135abfbd2020a12ee327fd81c3739da37a6fdfc11d2032634ce5d33e916505c |
| SHA512 | 29e026c7ece58ce6c56d64073f3b0f6a008286edfef920973b7e399ef57f042780f8cb5a940d8654c41abe2a6fc8f60e4427d70fc285fa7fee5fdf473ae66fee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\230\{8d03bc0b-b2ca-4810-8b90-76150d9c8ee6}.final
| MD5 | 4281c6880b38580a12983db6afe98254 |
| SHA1 | 052f3dbcc36e439f4f23b1e1b608d92ee8e72654 |
| SHA256 | 98cdb9a3eef1764f2034497868bc60328364b1a414eba55860fc1756aa5f85b3 |
| SHA512 | 6b92b3ccf7ab00db56c0cd6c7c180741e1a154be3cc04199b883e7c350a818a6b0357454116ddc86af433f3afd57cc8dd89efed7cd0dfda6c3d9bbb270dba533 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\37\{8e8f8c79-aed4-41f6-993f-b01886288b25}.final
| MD5 | d0d1672cc7d147f9f802ebefdb01e914 |
| SHA1 | 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652 |
| SHA256 | 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f |
| SHA512 | 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\86\{5a0367cc-839a-4efa-838e-f841471d4056}.final
| MD5 | 25bc26013ca16ec022cc26f5370c3769 |
| SHA1 | 0b959045667e2ab2efb992cdfe8abf8d833ffa83 |
| SHA256 | 8e291ff624d1139db9423256f8b7637e909580a54b8838c81119b12cc631b84b |
| SHA512 | ed775d60df5dfa9d6fcabeab00e46d6ddd421f19c8de2ba3d1a78786cf70ddcd86e3dfce18519d916078a36a23f64e9db42149a4e3c26d58ffdd565f3dd9afdc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\0\{0c517f5b-0218-4202-a4b5-b24a86de6f00}.final
| MD5 | d53cdfdc78bbfa83f76b88fec1baf8d5 |
| SHA1 | 44fdfb015f2e0ef773b74c91e7aa3084f86be4b4 |
| SHA256 | b60f85072330edde455cf9a62c94958d66793b18f461289da8a88b6bc0e29621 |
| SHA512 | 07f7f09c3828e81d79f88d768dcee3d8f91aded0b408bde57daf82593eee49a1ef2dfde683b0aef1059031b5f9d701dd6a20673020578801a66555eef720f023 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\132\{ab5c8099-9c8b-49c1-88a7-d645dd859b84}.final
| MD5 | ff1714439da5865eda7a26d7366ecd42 |
| SHA1 | d05ac8350fa53bcb01c187b349b9c0b6cd990da7 |
| SHA256 | f2406a6799cc1538f17a8ae8eb0f6b053fc8f8cc37f77429de1fb638bbbebffe |
| SHA512 | 4d76e9d3676913d82fe7c85f4f481c2508eeb7bdc76f61507353e6af12c70dd2721d43d3405809d518f29b87c0cfdc1658ad688453e37aaceb4e6cb68669204e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\118\{c875ddce-d326-492b-9198-424903ec3a76}.final
| MD5 | 1a840973aaba0bc8aa82cd789f229983 |
| SHA1 | dcdad762a070027acd4d167c919a8b12eb7cd4f2 |
| SHA256 | fbefd71795c1a773b199567dea99ea28a5bd85ed96abffee7e3f4c1cf6f57c6c |
| SHA512 | 871508335ab32879d045ed3309d52512edd03c69e3da9813de212b19ab3ef2e4939f7f108262f12bbcfb593cfff2f1b3774bf4a84076111569fba0f306dcb773 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\155\{8e858147-95e4-44c3-9f1a-f0e725c9459b}.final
| MD5 | 61fe63358ed5c171881bfffc422a3d0e |
| SHA1 | aa75bd2ab0c3337649e0c8b70bda7f026c873854 |
| SHA256 | b595399f19902bc6fd474a33408fa74f5f4f97308c2fc8f8e6226897241e5cb7 |
| SHA512 | 8f8de25ad07e2b76f2e8366d6be5c636cd40e1ea3a36c82595abd42113816a0c7668d1aa6af84b23c57644710cb607d166324330e8e095613190de5159b3b3bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\25\{b38105c3-df47-4705-b1ef-a070959f7f19}.final
| MD5 | 93fe42b9cacad9a58418d5702e29918d |
| SHA1 | fc31ea0118b5b0999dc102efb09ed974b0a6ef9f |
| SHA256 | 10a26c50074171def0db39d8343ce1b08c398e77336f87dac2707492053f891a |
| SHA512 | 9248b47c5b621c6dcd9792b25c765c6bf7dbab2a03eca1f4507ea42c1aff3f08ca165f89c75f43c2bb1f35514845ea7ccea5199bbf57ddaaf631d0a4bb2ccd7f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\9\{f2928f05-7627-4a1e-b274-9974d41f5709}.final
| MD5 | cedfd917c042bfd5faea22058d451ad1 |
| SHA1 | 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f |
| SHA256 | 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2 |
| SHA512 | 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\28\{c4278623-56c7-418d-a3a7-76060f68a31c}.final
| MD5 | 103a3bb224f38cac909b8f5719ac61fd |
| SHA1 | a2f0ca0141add7d8ccf18e2cfb38acfcee45a0fc |
| SHA256 | 63f1c1eb498439212024b5bcc18287e503b28cf7d84c3723d153a78f1cbde45d |
| SHA512 | 00c640a963ab78076b97323b51f2a3e8fbcfe288bf3cb52c97d4c3e5cb8e62e29affc9f616ed35d3ee978027ccc9d8d23dbc9d7e78f48abe8dc707fc6fb215c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\163\{767c4d39-a084-4ee4-874d-eb589828d4a3}.final
| MD5 | 7981f433590b9d8b8a3ddcbd9d4a83ed |
| SHA1 | 58944a6101a8cd3e37574d26f2d03638c0fe2b2b |
| SHA256 | 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1 |
| SHA512 | 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\222\{22162370-3dda-4462-b147-51b574114dde}.final
| MD5 | 680103ce64ae5c8edff61a1e3240326c |
| SHA1 | 03038ee24f31ad0b8da727f0c3dc3b5879b26c8e |
| SHA256 | 3c24065c3b89ce87c07f724caf59d270c80b7a072d751bd51e2f0b27b594442c |
| SHA512 | 68c0beb28e4050858d9ed8f79e0bc4a24abc99b9776faa392aa7d412a83b8d7320645ed498b7de7f1d712ec13abb554862d6c2b01d7223a229a96f27c9e130a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\105\{fe4bd72d-c83e-4dba-9ecd-2e2f15418569}.final
| MD5 | a8ac2b1daf1197439e18577f9341b301 |
| SHA1 | 7c6e18163d4915ae57f27df9cfe607834bb998c8 |
| SHA256 | de289ef6a8ba393577207b6a036d9bb0462b56479d9fceec6b4c094c8891a72a |
| SHA512 | 617ac8779a29725613666c729e3b0976f0bbfda6bfc358f7e606a552dd0ebf712de791d483965a72b225412fd7532764a2ccb2df1b3b91666ff25fb841cd3c93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\195\{9ff8c0e1-8ce0-42d3-9ca2-d40b826935c3}.final
| MD5 | be912f4bcd3b478ace5df6dc46d82aa8 |
| SHA1 | 2485e534279a5fa834a6e099cccc92f20c91052f |
| SHA256 | 8a3103971412691de6ca0bf149f63e274d5347e8942210e0b14470bc2c74538a |
| SHA512 | 8d082b4bbdc165115c47454a3d641a6d6fc9ac732a6f2bc511802fae3ebdba8a84ecf64d1acfe1fc9c023cf40ae2520cd74d5cc428dc9eba7913a2323b27d59a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\250\{0779a03f-ef17-4574-8345-8d9f71e2b8fa}.final
| MD5 | a16ea228c26d9635887c0f16939633fd |
| SHA1 | 4296ff50e58e69f667e69a5eb0e4b33d5584c011 |
| SHA256 | 1147a378214d10a08296484419be2cfe7e251bf90f5f0ea9897ec1b79e195664 |
| SHA512 | 357c2daf556aa2471b6f0887d32000939044ce584534fa0fba618fbec99031d0569c5ce662a9f3c1235785ab3fc9116e095e99396a082cb60e1c763f9e561c74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\62\{28ef7ce0-fb4e-4631-9cd1-2cfa1cfeb63e}.final
| MD5 | 3a412424ac9e9e38359ed78efdadc85c |
| SHA1 | efed1bcfc57a1a6b9917cd3bc20d59f767adf5bc |
| SHA256 | 8cee6015ffd0f547e1bdfc958c906df98b64e24cb6dd5d89cc1aa3b38bd62bd4 |
| SHA512 | 244689ba698e3c6323e8b72acc8ee5672bcdca4f859dc402e463d09b631861c996d90f8740b75d7e1668abc27ec447a1cdea1aaa30434ba56da1f7b06b84d57b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\179\{7ae80c0c-eb6d-4102-9503-a567ee3b9ab3}.final
| MD5 | fef2bec6aa54f4d3b01b7934b6145099 |
| SHA1 | d0ce8827eb647b40e587925bce6baa87a678294c |
| SHA256 | 22b096d01a69cd9c5d08d8e75cb3040c90647ef7ae42e5a7ae3fed4b95876c0e |
| SHA512 | 27e5af3594d7fde882c69a6341065a233cac8250c1c6a42146ccdbc5edf1895856becc62e899b04188a7f0b7cb05cadcca3d90172d67ee8c50ac65a77d6c0026 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\182\{39997b68-0db9-4a7f-a99c-4d5d48c0d2b6}.final
| MD5 | 276cbe7276c7f3a0fc88eafb5ec6e68b |
| SHA1 | de67587eaf19b38f2e9f02fa238219c2469605a1 |
| SHA256 | 8f2a87983ce99d8418be2ccd1a0a69aaa0753c5086ba37d627a272b2b97e184c |
| SHA512 | 4f0d71b0dc2b94016e4983ef8e6288a57a2864f174b3be96809f0a6c4a755115cb198a22988f603e4dfe89f97616b39dae6c47662b2dbc359d40f184122611f9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\235\{d8ff1116-161b-42d4-b04a-19dc4d8baceb}.final
| MD5 | 023b2980a12b8a286407f04572020dc8 |
| SHA1 | 76455972bd74dffc95577ba5e6688d831b47c614 |
| SHA256 | 8c426c0eead731dd3474a18dbf5acef6a90549d9b2dcc691a569991034b5f23b |
| SHA512 | b99b5a16df6b9627c33ae3e90c169ab93d18cc4748c3609963b56f4e5c0a154228d417cdaf6082b961dcbe480c6934d685c7a0a90a80b08f9e8b7ccc67d3aaba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\55\{5b78aeae-c29b-4f67-98e7-2a60f1f0bd37}.final
| MD5 | 86594976122d89366b8176df017e3cc1 |
| SHA1 | 22f5f42d9ee348aa4628fdbacfb1581de8261700 |
| SHA256 | 302fe5310bd3b2995c6624bc1a7eaf2529bd6d0f2b351e10ef3d9e33c87fd9b8 |
| SHA512 | db9eb4602dc4451b8d5e5f6cebd18232e6b5046e2b5c0ca548db4fa0e6b603418140c833d79026514a80c79b3663570b9bb87123cdc07594c773ac0171465b61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\45\{4e0a6357-329a-4a09-9311-08a74dd49a2d}.final
| MD5 | 9aaaac373e73c9d2059b9ab2b43dddf8 |
| SHA1 | 7134c7ec09101b8b3a94c2a6a7acbaca698f449e |
| SHA256 | 26196c7ca915523f018d004c6f83295cb67e0c1ed511e56d2138daf19cb8b488 |
| SHA512 | d9b35001205de8e00819ef253a33e6bc46f50fec805e130cb14861663041a1302ed7ae25d0cd615c6e267f4519e07f70bc814b2e3888f419ad0138de96e27c51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\12\{9e7b918a-51f9-4e77-89c4-90736138960c}.final
| MD5 | 914b9ca76eaa14332c4942d6c54e2407 |
| SHA1 | b4e99668f3c64231cbceffda752f7f4e44eb30c1 |
| SHA256 | 5a4ade92be1975ccc46ebd2c27813e8657c743efca4ce9d2a0e0324835379a6a |
| SHA512 | 1876e62f49f481c30b28bb47a347c4e495e3e405be1fc767564780bab91d4b17764ea6e507360e3587dacfb74ba58bcf5a47e43d608da2b3b3d231f9c1322af7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\148\{8490c1b1-f035-4fec-ab09-901b035f8194}.final
| MD5 | 7454bd7949ca6f818c9fa0981f0573bb |
| SHA1 | af773127364e0e682b4577d01d91bc23d66bbd90 |
| SHA256 | 4f388755d0e889df408524d81b7e72f59eaa63333d27506047365fdad0d3b0a7 |
| SHA512 | cf36700ad0791654a81e40ce63037c1cd7d17bbb601f578b62fab159ec9d9507101871fd08a91f29398dbca26fe184fb44ef5cd3cbbde9044026df3fd4747326 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\123\{ea3fcf34-2308-4320-ac45-1dfd9563d27b}.final
| MD5 | 1871ad8227869c9065eebf84c80192e2 |
| SHA1 | 25a40ac2cad47b0a0f073d969ed57ae10d977ac4 |
| SHA256 | fd92593246f461339368c1675ae6755dbd0c25075d87a858f6196f7bd6f1e54b |
| SHA512 | 5de97aa093110c6d92b692982e2a9ba7d9332b68c7834a6e27b35fa0c4b78162c51aa8bc610d69bd9921f8bfab20d6a271c671bf11a343672afdb6f027836ed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\31\{acd4c232-5a9c-4a80-b7a2-51540ec94e1f}.final
| MD5 | fb3d6634360a9125ce7edd27c987c8c7 |
| SHA1 | d3b094de4065f9302bc48d57637bbe04cca19d0a |
| SHA256 | e75d4b40320638f498c0e1b2daf9a4c9f2ef1f09010d48a88740c48b43d306c3 |
| SHA512 | c880e7c9a5174e0e31a733393744e19c82e6a7f424be9e35a6736cc1209d17552e0c5a6cdb8cd725a77a00f15d2e4065b21db78a99abb5f35758d32adb52a53a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\122\{e6dd75d3-39e4-45a4-8e28-e56706656b7a}.final
| MD5 | b3a912f7ad1772f6fe5812fb79fb8f4f |
| SHA1 | 00443a5067e504d2b102a4358ddb6f0484d464b0 |
| SHA256 | 7663eca944129445deb2757f49ef731ac2a95ac01080067f5938dcc0904fcd7d |
| SHA512 | 58e365169f36ce049bdabe6c19ef7788684a68b2b38fc499f0cd7ea8232dccf0708d585ecd249d9a92b2023fed544145b967848e50ba44b0d2af5447abb0b761 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\172\{95bccad6-26f8-4503-afea-ed1f8d5d27ac}.final
| MD5 | 34eabb6d7873666c4dcd0f6e2c379fde |
| SHA1 | e6dceb2fcd82d2513d383afba73625a4822b44cf |
| SHA256 | 2f6cdfea39358c552286c9a055d5e364e27d8a1e6700de932fd8f406446d7048 |
| SHA512 | ddd2d6d1c98d67ce10e3c4085fcd33499767b0a158de2975cc6993f2cc06c8c09cb1daf1ff628e4cf9127c973e87a6f3559e3459de1ffe4c8685e40c1998ece9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\79\{ec982101-3977-4b98-8094-bb6f40e7514f}.final
| MD5 | 887d18f5d2a951296bceeccc0a2908bc |
| SHA1 | d9ea3e25c31f63fa2b5c234df3f4a22c87b7abdd |
| SHA256 | 47c2305553e87db8d59361705090fda372c32938564297a6db1dec0e5dcbcf20 |
| SHA512 | ce858e1c6730655d32e099d8c2804288a654bf2f7629c9bff0a28636473c1834fc9f8e437e04b0b985998ee7cc499abc3b474ab292f3d7180e5e6adbb4d07956 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\66\{02172765-4e1d-45d1-8c10-442eb2a14242}.final
| MD5 | a57c59c5082da22125cfc69197546e95 |
| SHA1 | ecbc238d1f440562832601a78bc3fdc052df1e0b |
| SHA256 | aa70e89647f51593908420aa5856e5ae4f663065bf8a12cc4ee1aba1a0916a9b |
| SHA512 | ca88eb897f8ef1fbc65b1e2e426a2e8274a7cf8c225e02e5406c39ef5d1bede11a732673162e21379773622207b28c9a45de83a64aed110ca82218e7097e7cd0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\122\{69c80f32-37e7-4e3c-baa2-b6b0931b2f7a}.final
| MD5 | abada082ffc6679a2067c452c7cf2afa |
| SHA1 | 99a4e6c70bfe85066f09c2ac1b2108d05f129c52 |
| SHA256 | fdd42399b41bbb74565be3da15f861b96f044ddee74f6f2ba29940a96b1f2031 |
| SHA512 | a4db103b9409b1a544ad9e449a3cd65db72937fa325f1d08419450997f0de9b1481fc7c31ec915b89dfaee13f42f4e50bed68155d2e39d42332c01f4f4e6fbfa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{5f7dd2f4-f181-40f7-a1c7-dec0f029fa80}.final
| MD5 | 0ef1f531ef723ae794070d8fb9f22e7e |
| SHA1 | 359a185e7e59e52162aa084fab2f31d2131d2da1 |
| SHA256 | 7b92f7b90080f024b9f265b888631c058878628e569fb1301c8dc93ecafc90b6 |
| SHA512 | 876120bfdb112bdbbbeb2a87140af386ebf91d13b9bbc02cf7e96fa0f9f10d66c4a7265811b7ca79223a61fe141712ea64c5c2773aad6199648e3bcd496225eb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\18\{ebce1642-e0b8-4160-9a1b-221ad2e78b12}.final
| MD5 | 6593c3cd0cd304b103124a65062a274c |
| SHA1 | aba82966f9eebb81bcb05ab9eadc5f9ec7087f38 |
| SHA256 | 89e8c95a42b02e26e31e55e66381898d19e3ad9e6da3f27ad837c7470f9b9324 |
| SHA512 | ac4026f5fe5346f518171c3ce08c0ba5652382f1ef83b1358140e5696ae1721d980b925925ca24d2b84cc6a84b5fddc9433ac492c943d09ba2f8f2485e892768 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\230\{e511119d-43b7-4a32-bdea-b0821bc69fe6}.final
| MD5 | c39ad8422f2a033a19029e992171863c |
| SHA1 | d4bc0db91f8b6a7e562632cdbc47238bf7074311 |
| SHA256 | d4b92610c82ebb2fa1beecdec652dd1b40731ced23e5281a1746739bb9636783 |
| SHA512 | abd2d36b411db7e869da2fa6434644768801ee8db91c4b06a15b8af4e3bcb8b58721d654a7208809eaacceb2d17a91bccf8d40aeb81c2ebb0817eeeb0a9c31b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\103\{cdf967c9-9f45-4e6a-8e6c-578e81885867}.final
| MD5 | 3e7dc63be6da02f295c1b9a5c56dd322 |
| SHA1 | 0aa6083dee17a265efa6814d10f0171753c5f042 |
| SHA256 | 6ccac4a1dd37f1f6d1bc68aaa92f48f02d92d3a23be15dee4d83c0b892fd09d8 |
| SHA512 | 3ee1d46e61646303fbe77cfae5231366edd2862e9c2bfa45529fd7e90d7bf8fb62969c95f4125a17760ba6f934e5d51dbb5ba42bb43e24af33b43ffc0faf53b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\201\{2ce70156-deaa-4888-ac37-5d1740a485c9}.final
| MD5 | ed6fd5e11dfc8e4cf53ea851ea9ede04 |
| SHA1 | fc392e8d4f64aec77d892182f63fedcd543977bf |
| SHA256 | 478c763f896d5b271626a85070b75e8d66dd1eed1dcd244d9d6874bb1c24e6b1 |
| SHA512 | 5da78d681d8feed8958b8fc60c4bc7975e9a4cf3e94e884e2525005cc1852c5643cac43cfc0c387381ab6f8d97d90a1d22b31faa0a1ee3529117b471cf6ff21e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\134\{57724dda-455b-4dd6-bfac-23fccfa54c86}.final
| MD5 | 6034306070954b482117c7883f153714 |
| SHA1 | dea03382c66843d3b2f548bcc628dbfbc3cab661 |
| SHA256 | dacb173c166fb4640953753914c783a1c8aecda2eac07dbc30ca70804bd8c029 |
| SHA512 | dc178d0f42734ca82160a12caabd406b1b16f414e09d67fee35092249aed61f570702bd1716a169c1e97e33fcdace6709e98044884e7459e453377f103946e62 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\167\{e8ce7b31-cf0b-467a-b80c-e74bbb1b3aa7}.final
| MD5 | 9aabec02bb846ee3fab89838fc80448d |
| SHA1 | 8b0f294de64204dbee03446885a8f31f03a22b17 |
| SHA256 | 31afb122c87ea568cbf6b96fc5bb8ce12eaa379581d41c269ecc4674d452d72e |
| SHA512 | 198e2db29f6cd3807e92fdc6fb2fce689ead581fec734e414f953595d1d4dfd0de8a23a364d3665380b99e58c4146d4899ba0ba6e3e818dce29bdf809ca00b73 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\101\{97215bd0-8634-467f-a038-e52805901065}.final
| MD5 | 5dac736054f1bfd6efddc9f8941f6513 |
| SHA1 | 8d333e22dc6fa20e26c4732d5ff91c954433185c |
| SHA256 | e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175 |
| SHA512 | 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\206\{276d3753-fcc5-4abd-a27c-7dcdf490e8ce}.final
| MD5 | 7b4110fa3efde7eaa286ecb28002c24e |
| SHA1 | ef18905bf90bcec8d651b137f902e2d70968b960 |
| SHA256 | 3b339433141e9d91736ec678e692c2ec5890be7d216f4ba576461109835b802b |
| SHA512 | bfa6025d1b2638ec2aa85188c52d1d15b9fe8c85f1e431da724f9a28bf6fbe78299539497a24fce08e48985430e713c5982aec2cc5b5c137f5b611be77767fac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\186\{c31f75a6-9ce7-42ae-8198-88b9a31564ba}.final
| MD5 | 8074dc643bfb7d1c60ceaa4761009fb1 |
| SHA1 | 5178bcc18bbe6907f7603a90c9ef1dcc2c3bd9ac |
| SHA256 | df4188f88b0fcb6b315de652baafadc68de7649e7c3e16f83e162d7a8b5a2751 |
| SHA512 | 3d58b3e2a7de3ce79cbb8c43471431f4ea6e7e19116057a655cd997c7ff9889f0352e69eda49009a2de52be254fa2cb125d3566d281bc567d4812c9b5bdba62f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\72\{3e85b975-8a28-44ea-a4f5-c85f42c61e48}.final
| MD5 | 162f09323b6a93d1a573c6059f56748d |
| SHA1 | 01ad3259e6f31b5574868f7e71a180917e480328 |
| SHA256 | 66a152f9fe8afb18db1fa201c5054750721af807e1dfafab9ba70bb17d131cf4 |
| SHA512 | 0ecb45d87d32d12fd0ec446c3a9b8405162465d8b940eef6c86cb634962bc4e6c95e6ec18d6744e4e8ed730ee4417f10a7808b505aa1ccb78deb58ba0161a5e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\155\{b4b35722-4183-48d1-b542-3e5a7c1b769b}.final
| MD5 | c0540c18cbf85eba330f97b8fae2375a |
| SHA1 | 65f9ef9c5b0664ef9bc045344224a266d72c7861 |
| SHA256 | d540c5c26f2eab78ecf7fced4ac767f1af89e7c3eef303e4027d4fc77d6e74ca |
| SHA512 | d6bbc155fccf19afd17cdaf3b9739e8bfa732c4c519aac5516447c23ac9e1d97f5a6a2e003cc7cd09e9e9de14f28c88de6bcae26628dfd0aeeb4ffa8f0d95a56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\244\{da927dbc-3bb0-438a-8586-2587da4cd2f4}.final
| MD5 | 5409f7bf4f5bee52df75c2e72dcc9f36 |
| SHA1 | 7d03d02ac3127b6d3bae88725b830f05e2c19b92 |
| SHA256 | 1e026c82f67c10fc4746f558ac948fa6549402b7331d97fcf7b22690cb8a6696 |
| SHA512 | b3b6a124599c979b29f89ecb3d28f494e1d9046e373539f94acd3d89de284dcadf860c38067bb496e0d8a9d6f1a4e54e15a82d0dbabfcc6280543a25b7bb86f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\98\{14607225-7f02-458d-8a1e-0da56a76eb62}.final
| MD5 | 982db069b2cb3f7b12df524ac058cb75 |
| SHA1 | b3c4cee2073c9b11afd4fd4cafa14506dc7c4c36 |
| SHA256 | 77015506cc1b153afc0ed88730d3248b4a9616edd67cb03d7b671c7962dd74b1 |
| SHA512 | 53d24e86229558747d0291ea42632fc1468c7f672b38493232a75bfa5da6e58312e64905b6291593adad411563968edf9c035ce95c48d60d7a7a0151f0c94692 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\209\{031bd26e-4bc8-4d63-827b-5dbf44f69bd1}.final
| MD5 | a975d247eb217c175e9104e649cfa5d0 |
| SHA1 | d85ba5f059f8b624aabbdcb974b16d05fad94b1a |
| SHA256 | 3165df152edec50d78e9a54edb28e74682976dd15e4bc1e7ae72a5838a8436b4 |
| SHA512 | cd11924a023f8c57315aca37f3b77a90b2ddc2db55417c4002e916c917fa7826c521240a646e24b94ce72192bfcc2739b1ec0edcb790ae33960a3329c2af22c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\190\{de8b197a-f653-4fef-891d-0c20d09f58be}.final
| MD5 | 63c7f2fc0ff6a57ff3d98d003b00abc5 |
| SHA1 | 7eff871879b328e59dc2a5e959c9efdb9e93c91e |
| SHA256 | d750432333b0cf3e88461237110ce0718e2118f3f65d368e9e0d798b9986c440 |
| SHA512 | b3eb057cb9578836664bc1d73ff55a40e66eb48b8a210587dcb2adbad404c99a324e388b2d88a77e61f67bf25a3825a4768e7cf6f126008637feb3dd01255d63 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\35\{6b1b74b6-f0d1-4db5-95ac-680d8cd9ef23}.final
| MD5 | 3642d5820ca7ce4525164aa44f5d6beb |
| SHA1 | b8d4c651b067c3bd08f2fefbc9cee8fda03c9354 |
| SHA256 | 9624b4751a170b67e592dc6b20f93a13ad959ca57a74bdd0998871414f05e512 |
| SHA512 | 3cd72c8df0f244da5aa0ae250bb9ced273a45c30374864ea662b4e518dd03c6b7ff8030bbe1ae5ffd078ccb8b8338d43b7ee61ef7545059e87616c56fd3a079a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\115\{2f6a9057-3d4f-4711-a656-ad0e6cbca073}.final
| MD5 | 501e302df1cacf7ffe388900064433f7 |
| SHA1 | d044ddda684b1a7b8acb5d9a887f1b92f77f10de |
| SHA256 | baad1d86dab561f7abf009b62005456a15797550fd0dd565328f8c1e7e7c23ca |
| SHA512 | 8a75f975a60c979627e4f325e7ca6b8af17df51e425b7df27ea45ccb45b0b37b8ff339a7cb1a22108f1085854c4bdfe8694a6009a41df07ffd93aa7c6766c80a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\124\{0367ec38-0c01-41e1-94cf-e3f40261287c}.final
| MD5 | 590de80c94ccf9eadb9c7d51be8e796c |
| SHA1 | e2c967e833e34a61c7bbb2cacabad6743f3d48c4 |
| SHA256 | 75b7670458b285925b57d33949d24b515dd8fe50466ef7e4a4cbd9a402f168d0 |
| SHA512 | d06068e443b20e3778c98441fd8fab3bcda4fbba3daa683e3e7c18c0de280d59d4261de63ef47ce8fb9a819b3c7f8d612f7d6b7c6fed591be25c19421ebd7a91 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\234\{5698e889-87fc-4c2d-a9a7-6ddceb021dea}.final
| MD5 | 5525a3d889a5f2b22309572b81eb632f |
| SHA1 | 75570ecf4e74c8094526263c3f8fcaf09d4ea87b |
| SHA256 | 82b1f81789c3cf58f4985bcf3dd14d3606a9bda013bc08501e36bf46c4fd4e52 |
| SHA512 | d1e9153d5da3549d63b5833648191ec199a616e64c343b2985a11626465bcb728e39a3a04b906ea5bd42bff8b7376ef1a26e65c4e62b689af0cba19487fe982c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\226\{5467084e-6b62-4f96-86c7-6365bab243e2}.final
| MD5 | a5a12471c60b1660512fce9579675a2e |
| SHA1 | d702b7183c27a6b08b626c9bba460ce0e20a7395 |
| SHA256 | 2b8ad66d9eb14d6020cc86c9472a8d32859faec20e5bc971bbbe068753b378c0 |
| SHA512 | ec69cf09ef623b7971bf8a42267e23c4f5265127608a70d1ea8ee7a910982e075723a0dabd7053022905c9d0e44cbecb4fe2fb1005258fac9a0bd5a33f3b6014 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\65\{8c6c5340-b6a8-4d21-9406-ebfe6bdeb441}.final
| MD5 | fcaa7f35d0b6f5dcc3edf6ea35b7ef98 |
| SHA1 | 37eab86381cd122095b712d205eefd4c15ff49c1 |
| SHA256 | 67b688b893251d9e52650b3cb720b6f8be62c6e1afec8ea4b223a8e975d27b1f |
| SHA512 | becd339b63fb55676cabeed67fbf4e28740feca0995b8734a430359c96e14b8591d4242a526d920ac8893d9d22ac125288e8ae8dbfb0a0fb484ed8544774958d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{fa7ff064-a78a-434d-9660-808b53bee2f5}.final
| MD5 | 321ea72e49df8692233391c1f36451e6 |
| SHA1 | 2f016758fc5830a806ed9891e574936db521c034 |
| SHA256 | 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0 |
| SHA512 | 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\193\{f96d500a-1ed8-4116-88a0-ae7acc6ac6c1}.final
| MD5 | 3f7a4ebdd9e533cda0125618ad02dadd |
| SHA1 | 8f024e90ae75e5926e0f9d0847e2a1520b4f8eab |
| SHA256 | 3408ed8bd0781a9ee0576ff0ddf30150456e0fa59b40406b21248613602c1043 |
| SHA512 | 6257799dd555ca13833a2320b10056a966f1f384d474cc66e6ead51a76b726e66ab64add92d9bf3a85456ec75b5b97404bf7574eab7d3e6090b8f60d2799c1ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\84\{769337b0-6d4a-460e-b971-178da8945254}.final
| MD5 | fe5981f30c81e299a4b3cbb8d54c236d |
| SHA1 | 86d257366f84c5da701ce39084e8bd6b54a644c5 |
| SHA256 | d94c2ef736a7e46e3c6da5ce1b0f4ae07d1aedf5de035104fa48c3804f5cc86d |
| SHA512 | 51bc339682768b4ab038325bc12186aa16836e7179d36ecacdc8b4559b70e76e7868bfbd1ae19af5fc35ee36299060166d5c4da74f70c0816849510f93e2a403 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\96\{722f003f-109f-4f1a-86a6-ce30fdde0860}.final
| MD5 | ee0078268c18aacfbb32f121a2bc2902 |
| SHA1 | 413487a0a575c27405b739fa8938a66b61a24149 |
| SHA256 | 9718aa5eb454fe31d59fb6cb2d7bff3ba1f7e73b171c76390ed97b749493a85d |
| SHA512 | 2d776ef4276e4f8cbe7782e1aaa91d78f1154cafe818b8fb507e7e5f823c1ace750e8b2214a82448fe0d3be43fc25f1c15eb93d9198ca4c6b1962d19af45ccf2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\127\{be47afab-6390-4837-9560-b70202849d7f}.final
| MD5 | 329d8ae08d8dc87f86a511b55ecfc6ee |
| SHA1 | 46a40fb3e9c046870707b0a98fff5a53cb4857f8 |
| SHA256 | a61773d79b8fc91cde32c678a7e7b10cd7ee94c0023a83cce29180c032f5472d |
| SHA512 | 6940b02abfbf4cda7439f2b0ddbfb7b63fcc451b12d2a3fd4dee2e0d1f2fa3c23af1b5177d7e6f68db6252d5aaaa702838bbdfac9cbbb12b6588e9db535324ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\233\{f2c64c87-c09a-4481-8477-12d7a8c74ee9}.final
| MD5 | ab0beabb0034744ba50d0125490b6563 |
| SHA1 | 819052fd166eaf842cce978597e0822d28a066ed |
| SHA256 | 682910185c6177e5cccd258f0ee3d1572e97ef9cf2451d52f239dfdd0cfca502 |
| SHA512 | 2251fefc65563f6dcd5a5e042e7e89210a2f7bc492a79af04b3ab1cff735df75bc2e1b9db95855cd9eb2a7ac9bd309bcca3a09fcb66d5db089455e605e1a99b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\idb\619946941LCo7g%sCD7a%t4a4b5abs.sqlite
| MD5 | 6ff2ff79140b43ae322c2b6fc948c645 |
| SHA1 | ea95cec2eeb12c7c4b1a6936e2f90ced741d075b |
| SHA256 | 33884f9a5188a412374d24d4235ec9675961a9b07f300738cea317ce363bf3e8 |
| SHA512 | e67fa4052101749070439c972ebc7173c7eda318ad281ac2557266d5e713103c17c0a8f13fb59f72069461997d7f4b051ceb49c2789d2cf16cdc7c4d6326c0f2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\143\{669d81bc-9651-43a1-a1df-d69deef3988f}.final
| MD5 | c29c5ff50aa0fd8a46cdfabb014ee3b8 |
| SHA1 | 35548ec8c690c71d36129911d1fc067a9bb848e0 |
| SHA256 | 4e4f53e7b016e60e9821928304849677ec0a48ec864b94941fbfedb16c73b44e |
| SHA512 | 27e6ba5bb678dff4f508e6142f0e6292571a038487881a4ac8a68d883c7a8514422f3a4fd38ba615817ed811599a359e0386d52bafd44714e6d4d49a37af9f48 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\77\{20b6da09-1eb2-4fed-bfd7-b9ea5812e34d}.final
| MD5 | 1a28edd17b38323e8406fe0dee0a7c3b |
| SHA1 | 86717a9231eb082507ab8d5a7d58b14a9b90fceb |
| SHA256 | 2af72d7f30b31451ceea679f2eca1efc33967fca267c79e8ccd3c18e325b7305 |
| SHA512 | ee92e26210569dc795f68a8cd15d333e6a0ece1b839b8e2a078c20beed93bd573f8aac6e7aa6a031f254c99490c489f184748b7f1a156a68a24b8f824e8fd2c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\243\{e5aa8aef-7367-4f18-a2ff-63cae31ce5f3}.final
| MD5 | 36b3af163e76f8c0550efc7b62857c65 |
| SHA1 | adf7a970b74713ab804bed1a0ae35d51e72e5290 |
| SHA256 | a874bc8299c7dcdaf1a507d459eecb176e4b503956e46aecf11bffc36de87a91 |
| SHA512 | 942d5afabdf48957e93680f8517a2648d9d697c2c3210503a89d7352aff41ca944435ed7f9ee2c4eee48b43ab303914f50804747b0a0501849ab97a5f4274145 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6F881B5F2C5AA994673B59D2213DE52530183A6C
| MD5 | 4bef232347e2c024b32b789a91e92ea9 |
| SHA1 | aee8f47e5a14b8d81db247aec43abf3db66c6ad2 |
| SHA256 | 2e63072f0d9f1c669399929ec8c5b73f5c2167231ce99fa89117c6cc23c7d3b8 |
| SHA512 | 3c6a54a5657a251c72140a1dc1ec97d01e97da9b011387aa82d9f43e20af15ea5374a56ed636a16fa30aa81c69da82a8e872e40cfaa1265efb0b6eb8c2261efc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1163c8309cbe04fa06423b9f5d74ff94 |
| SHA1 | cb4d2245c71dbda7d235893a350ec4a4f0b63fe3 |
| SHA256 | 402ee95f4d718859944d028944c84498c275d4d4121f5b873b3624374e722a77 |
| SHA512 | a43b5ee6ec73bba65b5a3b462a18bc4bf29fbe9d26ce73da0b6d9bda7743d1b284aad437d5d8be7cb09e3b9ae7849ba9fadc5c82df2a3d14768a641c0e4117e9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\621
| MD5 | 93d6e3582cb272e6ff575b30ba768818 |
| SHA1 | a305903044d99039925019c4a2a3173a74fc1120 |
| SHA256 | beda71ec65d3db8a50fc3d809e2197fc9e24b8a6f5f7ae384ec230df3d891521 |
| SHA512 | beae8fd9416e4a218607f94c8d4e6dbb7959f317e9483ef3533d88c4bcb87cf51bcb5d7f4b3471ae075c0b9eedd75387e2dbc1d3b5a744e1ced44bb3cf3a2e77 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\5185
| MD5 | 6ac81a920e44e3292753942ff9eb4b72 |
| SHA1 | fb7abec2d25cd3e199c5f97c8f926e863240533d |
| SHA256 | 65cb83906594b0d89e1237ab2e58e38bfde4f4c63b8917266b0f858cfd8bd2bc |
| SHA512 | 484157e4280102d38a6c77cd8db8e2408bff5e12502c163610790701d651162d4fde21625aed648c3b52a776c2c820594c7ddbdba3c5f9d98434616fa40f2ad9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\242\{e04f646f-0d3f-45ce-843b-ea55bcd6bcf2}.final
| MD5 | e6439fdf901953e5ab6e693a280ca6e0 |
| SHA1 | 2b3f3ef8262539b3a2e8befa8149c46208423450 |
| SHA256 | 4bb28ff82407d52939a492d933275faeb56001360202de40c1886630f31159d2 |
| SHA512 | aeecb7477ad84f2d1b1eecbfad426b37d2a056b0d5eca5c74b553090defa408082b8877889f6bfc7bec4b62b515cfe45037398a5db13172970d5c080741e18c4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\27742
| MD5 | e04501a157ee66a5c8df282590be713c |
| SHA1 | eaac1defe5a6e295f843ef7976f24ba14033c5f4 |
| SHA256 | 4b605a810faa6acaf446dd0484277a3c1c19cf2b9dc964728ee676a0985462e9 |
| SHA512 | dae8451fe69b90ed80c10ff0516a47e64656075b2f263e0cd45f71d35e8761895c0d31200a7b874f3120d7927acd5c27058e92d9747d2f6fa19bc3e249f459e3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\30706
| MD5 | c92430940158f5b91e2ff6293628e2b9 |
| SHA1 | 9fd7a0e52cf664c97fea22cc3cd87932a966ff38 |
| SHA256 | ea454f968d6eb316418edfc5d1fa8002ee20c1cbe4673278bd978f5eea4d423b |
| SHA512 | 36900323bbce7496ab48732a851825e9578a63c1fad904c06d8dffbf8e7c43475e7111cccc3a5a06f20471a411fd79af8ac4b592aeb4999eda24b7985366b036 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\20909
| MD5 | 5673f92c1cbabe9f2e01fc20649583f3 |
| SHA1 | 15aa2878cd2b26b4bfd5e2ed0635cc40138e8b0b |
| SHA256 | d5558c11f34b0cbf3b1071ac19ad728d6233599b17813e6c7faadb5f2dc514cf |
| SHA512 | eb85dfca1b5bb6237501607ebdc9eba35d22b192a9c3a295e87c79360ab741cca508c6159601aaf64b475cf91bb1dbdf411af9d996109384706f7515e2e5afa6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\17644
| MD5 | 11ca2120d7f4c2fdc5b3f3593c1e27dd |
| SHA1 | 85f2967ef18557fc62ae4bd1da43cef5c2fedf40 |
| SHA256 | e09c4235bf2beaba09ae8d9f96e20fbacb845d7adb5ac9a54b44ccc857e59022 |
| SHA512 | 8609e66a24056fa77725d7455c7fccb08ef54d96f10ff4adcd387a912568442e5f06546d96a8934671617930cd30b55dbc5d866988a49f4a544c8a5cef69e4e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 11e69a76d4256e849634bc2a46953bf0 |
| SHA1 | 0bcde58a83ee46ce4eecaa4c3b1e7c3019d09f02 |
| SHA256 | 18310584f7ace428a80b1df2a70abdaa4f5adeabf1c9011cf386b8f3f5382985 |
| SHA512 | b9a6c5ef51e5a25ddc2a8bb8ed32773c11777ed58ddebc1265cb2daeeceb0297039abe739dce3ac43c9a053505cf07aa36c03737174b0ce267c4c7b5311a6e35 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\9228
| MD5 | 00956a0858b440f76b5efd8849bdf9ee |
| SHA1 | 17a4c1e55eeaa4710dac531256604b3df47fe8eb |
| SHA256 | ac0d3808bf56bb00a053e7abaeb918802fd89f17e699ba271c01e93a71818919 |
| SHA512 | 5de1bef2b9227d8bb4515ebd627b88fd98357f75f1f4801af20ab5cece030b63fa1549c0c28871bc555529e0e5ca18229efc73f8d7654cc51067e51db3f87ff6 |
C:\Users\Admin\Downloads\Monoxide.6P5xhjX2.zip.part
| MD5 | 0e352bd195cd56a89310dd32c039cd17 |
| SHA1 | 00a5c20dd0496a11243843bb85e871f6f21dc052 |
| SHA256 | 4f8a9bb01f5d9a3c18772a433078486916cac7250a1a967139c03d15f2b9d50e |
| SHA512 | 335c4d3917e78b753492125ca9a76b800146a6b38ddde70372fc55d090715ec223d6a9ce99527275fb0b51baf0b01fdddc6945ebc5cc4fa544618e075f535e94 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\26812
| MD5 | 8384cb53782930522191506be7d0a5d4 |
| SHA1 | 73e5e053657fa009bdaaea58dc83a8b327e4666c |
| SHA256 | 5b40c70046bb7bbb742f72fe8930a2240a0a8cd1c70dfc3058d8bc9849c725d3 |
| SHA512 | 0414acd975b959d288036a574f4a88d3ce35eef6b3ff9e73dcd9be0c7a45ba36712e952982f117725bb531e36426faaff400d15b06dc678418554dc3aa35ca35 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\8\{725356e5-45b0-4bdb-ab9d-8a6cb5274c08}.final
| MD5 | 0552a7950745b6a5bff8a69688fc1ac4 |
| SHA1 | f3eac7e3b002f65c8d526faa32c51390abca3b8f |
| SHA256 | a0f7756592a37918d717fb8336c99059d6c544a29644e510fcfd97a481f966b8 |
| SHA512 | 03ff26369ff92d25753a1fa9b6508d53184cd7dea326814e0b98ac021e8a1b4ce90bba8cbc5b6b8a25dcc3049992f337fe66b0af383521ca4db01bdc84fcca18 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\145\{b18458d5-a874-4043-9d69-5c90cd377891}.final
| MD5 | c5b76c5098a2ae6cadf330df8d8a920f |
| SHA1 | 63f7cf062a248301062e9a6add9abad1ce758998 |
| SHA256 | 495fd4027b52b4ba5595df1387fcf3145d878cd332bb207b5d9fc66160eae162 |
| SHA512 | 07d96d1341ef61f7b2419b867c9ac0e4b18567745518274ea83d00e7180bf8246a444dfbe12cdde05e9becdc3fd867b0b7a3c94fd8339b807420ff5f506d2798 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2b6225ee6069a9eaf7dac169dc45ae3e |
| SHA1 | c37f16a34eb1daf47ea6363f9fd5afb05fbe4a45 |
| SHA256 | 15c99bb065152e1e982ecdea993486cf8f1f70ed71e3a1be6f7aa5ebe40c71ea |
| SHA512 | 0e0f858ab5282722a1f2ac48cb746caa4a8f3519870d54352ece043866b5ba32258f25858c4d19baf5270a375b7d062c90098dd33cdda4b154164371b44060b1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 9a6c4119bbe0ca551ca7620bbb2973a1 |
| SHA1 | f85f20082f5f62bfb81dce0f5e3322b10cc3c4eb |
| SHA256 | 1db5e0ac7738feac489e12012ba0fc5e09d6703b61bc63d816dbe16982308e03 |
| SHA512 | 7c6bd6944b1d1390a6858f314ade5c5ff398dd356c6dfe8a4f97623e21a8371ae618a1ba41144d3cbb2123119e5519c103a9f182d957651435a1f583730220c7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\5285
| MD5 | b50ca0371088601bee1ed9d6d6d211e4 |
| SHA1 | d2324d4946edab1dce055cc6c95bfa21a0fb1392 |
| SHA256 | b60336223fc38874e593c01d253a39ac187a555f228ca3d7d7c93531c31c0b91 |
| SHA512 | a0c4650c8d6bd598c4712bb45ea2a881c8c54a866bf892f2df0f82271c9555b73c2fe58e02151a6be2067b61e7d8bc2e9fb24cf3673bc1564677fc4834f4658d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\16264
| MD5 | 073186d0391b30d45f3308f3106426c2 |
| SHA1 | b7a95d167675a7573726c64f0d6896a32f88933b |
| SHA256 | d3d118de48249c7f267bb4fdedadd740f7f1cd698f8e532295b40955e0f6421e |
| SHA512 | fe98830f198cac7de1be65c7634621cc476d41017328dd6f79341ad7ac1194c582cac5b35a58c873ab5a04cc47bb2fbce76a8709ec78e85070f5131e968420d4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\BA822DE6BF3F3F67B4097D2431A0A995A9F7CB63
| MD5 | 688ad3eaa5cc79dfb8bf4a959fdc5e56 |
| SHA1 | 4b949f6353001b3b1d60f63748f5280d41a97795 |
| SHA256 | 5a9507768af538eb07380c598b5d000223ddb221612623364a43c34cd6aafa77 |
| SHA512 | 9fdb1251bb247f445102589a9d6f7bbc4ec621c57feca68d08f3090eef7a109e80fd02bf7c6818dad8b24fbea11b30ae16caf07cc158ac019fbf75ab0b9b23ec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\25411
| MD5 | b80ee322074a0350b33dd853c503d687 |
| SHA1 | 3c9f5a95b6fd44f17d7772320fabb6734a750c7e |
| SHA256 | 045104d77706d28e0ead5aa2e4e756e0f7733848281854b3f90c2c78d0d07a61 |
| SHA512 | 8ddf7d0c295c35a342853353c60b6b5f40aceb21253ecd05cf5af717b1aa2d3d77e57c7b660395084e8287dfd9c60823f31b8e24d767ca8dade03d56b3f19076 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ebc0a73cb6ced38a910063802c0ec31e |
| SHA1 | 810142023ccd11ffe04bf296e451994fb895c968 |
| SHA256 | 357f7f643b60d90a88ea82536715a53952f64156c7cd6a61bd41b1e8840035cf |
| SHA512 | 9e9b42399da4a388822cc75aa2cef46c75826cd1e77f24eb8ed547eecd3a6c94724c7d0a961a7a887c808da5487dcdf8f046a707fc8e86470c8230427d845885 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\25077
| MD5 | fedd0ea71ce7ee3c14c47ef357077107 |
| SHA1 | 40e0c401e9b945d8f39c33be12e514bf3481b585 |
| SHA256 | 950029f00e73ae41a048c017b3c43605c2f6fcc2402402db99a318fb03615718 |
| SHA512 | 552a102c34545dc30bb568b6e5b6621b74adbc3a7c82ef3b30dc916e9004215d235442d9eb6c82105d35e95ea2e2d1a54a5fd9ab64e8273a77cfd6844b40c200 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0b94ce5f8d562b6a4456023855167618 |
| SHA1 | c8a7e50d9f5bfc1a3b0bd59e200257714575c73c |
| SHA256 | becd9ff3edad260fc79867f9586491989bd6caf5a3fbcf7bd70aaf8a5820ab85 |
| SHA512 | b51f5898ba6ccedd619db79876084e64acd6c7a8a4bdf5c739a04240a2777b8b4995301cd951e82ebfe1013dc3aa04d4cdd59945fbf2740c5786500f1dedb97f |
C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe
| MD5 | 692361071bbbb3e9243d09dc190fedea |
| SHA1 | 04894c41500859ea3617b0780f1cc2ba82a40daf |
| SHA256 | ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe |
| SHA512 | cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e |
C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.txt
| MD5 | 99ddf1968498523f11dbbf2d5efacc84 |
| SHA1 | d8a3101e780759f630c4f8b8734aaf6e956729cc |
| SHA256 | 59c17fb48660961ba17547f4691c74267fead60deaa63ca40e7e3b374a1b172a |
| SHA512 | 40800f9c4198b0421b7fac52b3ef089d0f40b75e65560b44cc81832a3f480a70bb83d67e495b99ddef6d83685e39ac8cf028fa4b4bb4823936f32a9b247a591b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js
| MD5 | 5997aeac3b387149daead1102dd631d2 |
| SHA1 | 669633135f380f3d85f3b8f1243582f00f36012b |
| SHA256 | 12561ff48e89110fa778a2ddc44e2f4ebe1e90a21028590c3426b9425a1bd0a0 |
| SHA512 | 6ba888b4f85c5bbb7c447cee6de215fad16651d8e6f70e08d458decab7a1a265e80d93da57e59182ac05a681ccf46ccb95b911595e97d801d82919cdd2afdf2b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | 5e4fdd558ab257d6938d530e38ede05a |
| SHA1 | 5905d43c55c27699ba7cba3a2f4238ba302aee71 |
| SHA256 | 15ee97a45f52b423ad5a46adece05fb5b2810e2fa470358a4e0a165bee12dc24 |
| SHA512 | 8e532997ebe935c179b1a08d53a5e621d65eb3b725e23d44258bf55ac8470b4e899ff34be26fb8f587f0b5941d1ca8706a3e208ba0e8a5a4c020450c2dc423a5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4027a719253929461f5e5316680d0387 |
| SHA1 | 459a96766162bfc356ce881a9a7bc452a115b273 |
| SHA256 | 0c24dec0466eaed91ef85cdaf8e3e5878e27bee09c906310477ff179130b30f8 |
| SHA512 | c9988cb4d19fbf6b97efd67bd0b0b94fb233fc8625aabd74c8cc9b177b7c6535ce08f936722ee56732bdb4da5570e96e9eb4e363cb88fab1df8a3de886fd774f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 58062f69cc24e01b6bc14ac7379aa7e0 |
| SHA1 | be8cd9a7a190cfefa5019a1a88226e93cd89e530 |
| SHA256 | b2485e613ad024531c59100bed1d760359079dd1513b058cc3bc18590343a672 |
| SHA512 | 15fa390cf2c51d631f233b28c95b7982a44ec9e6db0ddca6864291054b584d6e006eaa0c9fada41d07c4a163e0a517bf68d78035f678986b0d99d809c281344a |
memory/4784-3129-0x0000016561E20000-0x0000016561E30000-memory.dmp
memory/4784-3113-0x0000016561D20000-0x0000016561D30000-memory.dmp
memory/4784-3148-0x000001655F3F0000-0x000001655F3F2000-memory.dmp
memory/5748-3164-0x000001FD84900000-0x000001FD84A00000-memory.dmp
memory/6352-3173-0x00000231C6010000-0x00000231C6110000-memory.dmp
memory/6352-3175-0x00000231C5980000-0x00000231C5982000-memory.dmp
memory/6352-3182-0x00000231C59F0000-0x00000231C59F2000-memory.dmp
memory/6352-3180-0x00000231C59D0000-0x00000231C59D2000-memory.dmp
memory/6352-3178-0x00000231C59B0000-0x00000231C59B2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d0342c50b4099e5eb0521acc252dbe6e |
| SHA1 | 58d3c69c4a34fe4ea2801e631c3161ef793e12b4 |
| SHA256 | 14f94a8bab12ae627a7c9d595906d2b542536e0c13ecd33fe83903839f697de5 |
| SHA512 | 065d5d07b1a6463a9d985c508b78ea4eff359b29fcb07d4688d4e482dbfefa044889d288f59c2cc733ed4892e9fd142c8403ec2654d88ca9752804ab46fb2e1e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\Windows\3720402701\1568373884.pri
| MD5 | 13e8857c11c103c86af5a010ba171f66 |
| SHA1 | dd8f6ee3cd8b1ac01c480e0843c323805c3cf2ae |
| SHA256 | 8b69fd5d6b540b3080b438f3cf0d42f3266654e786ce7dc5e85855d309e962ac |
| SHA512 | 8454d4a02c15e12428628aaf9df2f5ec48d261e692a8b4f2e7e81d83c3acd6921bfb2d3ebc76f78f124fd0065852af348bec56a91e7ba9c54525615d6b7804b0 |
memory/1268-3198-0x00000237FA100000-0x00000237FA200000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | be77882acf4348ccbde3d38ee4ee08c9 |
| SHA1 | 7f6259361514f20b01f774665fee509945787b5f |
| SHA256 | 6ec6aaaaa32c3591362d141a191e0563d66e21808442ff88b84af73315dcbfc1 |
| SHA512 | 684b4396be33161e8042ebf1bfae2de7d346af158995b429fca59f3086434c5f0703166a9de1ed572e824dfd3b1dfa4cb6dd2ed067352a4e934bf7b1e5f5f40a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P1Z2RULQ\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
memory/6748-3282-0x0000027E6CB00000-0x0000027E6CC00000-memory.dmp
memory/6748-3314-0x0000027E7E120000-0x0000027E7E122000-memory.dmp
memory/6748-3334-0x0000027E7E180000-0x0000027E7E182000-memory.dmp
memory/6748-3324-0x0000027E7E150000-0x0000027E7E152000-memory.dmp
memory/6748-3312-0x0000027E7E110000-0x0000027E7E112000-memory.dmp
memory/6748-3310-0x0000027E7E0F0000-0x0000027E7E0F2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\07W2M6B6\favicon[1].ico
| MD5 | 9c9964c95355aab3c179df77b9b9e558 |
| SHA1 | 50e995f391853ed2b651a0c0ff5a2ee6a2421a21 |
| SHA256 | 8f80f6042654d323d0b9012e5a66e6824c277cd9ba49a2bd997333e186aa2ac4 |
| SHA512 | db7c9ff754284dbfb6e90d0c666eddf41454373659c95551bec84fb8bae092585e113685770f4c61a88743ede45a6e05dde65a95a06f9fcd160ed0cf210e99a6 |
memory/4784-3350-0x00000165685B0000-0x00000165685B1000-memory.dmp
memory/4784-3349-0x00000165685A0000-0x00000165685A1000-memory.dmp
memory/6748-3449-0x0000027E7D3E0000-0x0000027E7D400000-memory.dmp
memory/7876-3539-0x000001D47D0A0000-0x000001D47D0C0000-memory.dmp
memory/7876-3534-0x000001D47CF80000-0x000001D47CFA0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R1JVE73O\warmup[1].gif
| MD5 | 325472601571f31e1bf00674c368d335 |
| SHA1 | 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a |
| SHA256 | b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b |
| SHA512 | 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | f8d15bb44365a589f52d11f2436b4b4a |
| SHA1 | e6860fcf11199991c5abb0fdd82d7865b1ba1583 |
| SHA256 | cd2d1a73b38e1d28a69b8c97cc3de325bf06771284a404103ef1c5805305f9ce |
| SHA512 | 3f43afaa6c25b9650833687a853b6c6631d2cb96d9e5a02723a5e897db92e331b6d70458d94df6dfa14d1ec06df55576c87b606a08162ede37aeb27da99fa25c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | d9ac49f35c43826cd5e021add44c32f4 |
| SHA1 | a8b0f5a503e297f021054af317840cb6e1872cd1 |
| SHA256 | 9efc5fbc3d1b95503070022c21996306bd6973f52d562eac2d7079da5ebcce15 |
| SHA512 | f1f0d44fb4fb8fb73b72e14e0fa295046840e01586f59410e7f06f5089eb433ba5ec98f2f95f3835cbbb44942b0d4856bef2a4a6492decc0b29f0b8f7fd9a48a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
1798s
Max time network
1687s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596846597571324" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd42d39758,0x7ffd42d39768,0x7ffd42d39778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| GB | 18.245.218.13:443 | content.overwolf.com | tcp |
| GB | 18.245.218.13:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.109.69.13.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1296_KFQIXPFWURCJCIPW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1040a3d412e3eb42b7fc05bf06b486c5 |
| SHA1 | 83e1a6e56895d53069d4837841aa8575be2fa924 |
| SHA256 | 8a35307ca2017b7986d12cde0db565facfda730753dbc13b7c946c1a165e2649 |
| SHA512 | 30fc3932838dfbb107d864a7beb54b8fd8567d3770180769e5d65500282b3199306a27f2b6cc9bac74f479b38590061057d4018aaf5c53bc1869a2ceeacb0768 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5b9649b3e324db8a74fab0939a575df5 |
| SHA1 | ade391d2b5bf0f62a8fdf5105324f94768dd9325 |
| SHA256 | 46afa6597c10780b2cd08fbc80cf77e2cdf90e1ee3c925eab1984800356b4aff |
| SHA512 | 9b7da5d610512c6abc7083c589b2c7d2db01efe51cd9b44469a851e3755e665b4ab6fc1c861dfc1c3250d297b451187db5a3bdf8e27bb2c130b2e71edea1271c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae92eb228b8c50ea1dc7db4e77249f46 |
| SHA1 | 9a402a75cdfaa72c16c6824925deb25b6eb560d2 |
| SHA256 | c4a47502d45e9191246fd79d11b920e531a593e8b223c5b066d256d9aaa0ec41 |
| SHA512 | ca9517573a56adf70a4244ca711732077badaeff059e564eb6efdb9cfa93e821593eb490a746424375e80cc0092de964be2544dfe80e8e96726824610205a89b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e07a9ba9c8dc4abd1a7d3fce6abd7001 |
| SHA1 | 68c3b898bf4babc559036e0765fcd8010afba574 |
| SHA256 | 5b12c512a8928328fb25a983e96b04becddbdc3dabebf1b3d9d1e7b344ce48f3 |
| SHA512 | 8acc745390e2ba749a6fa6c2ade4757186ebbfb47be0c711d97cee6746c099d95973bcdb7ce187f5e877eb783d32f3b152e566f5c390dbe2ca9921b1deea7186 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3591490cddb7ca80d4f1b073bdcd2422 |
| SHA1 | 82980892b13b0e3ce91bc247e4471ffe9216287e |
| SHA256 | 47825cb51eddd8e6150d40bcaccdc4edde293bc20c565a3eeda58aa9e20fe126 |
| SHA512 | c37595dd5ea689be340509686b3f705bfc0b43e248f7077cc17b2578e22321e7603b37138179f9e7f5a7f3588be9c42e7259761367c0d2e0bc5ebab463a87d34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 04d13452024bcf1ca82d27a973656899 |
| SHA1 | 3541135755febd5d8a20d6f0438c488f57c55baa |
| SHA256 | 0f238702df465c283d289ce647318dd40c3caf3862ebcb19131b235a5d627611 |
| SHA512 | f2202d3def080bfc2bea9c663e9ba5da1e03d67bedf4425ea8bc5f1c4bd326964936126957b4da29df03ea8dab72ff7944e8f232678fc8b0c4e2e33886d90152 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:01
Platform
win10-20240404-en
Max time kernel
316s
Max time network
1592s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1590s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:12
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1596s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.116.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:26
Platform
win10-20240404-en
Max time kernel
316s
Max time network
1597s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\settings\template.js
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:01
Platform
win10-20240404-en
Max time kernel
1798s
Max time network
1749s
Command Line
Signatures
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\2717123927\1590785016.pri | C:\Windows\explorer.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| File created | C:\Windows\rescache\_merged\4032412167\4002656488.pri | C:\Windows\explorer.exe | N/A |
| File created | C:\Windows\rescache\_merged\4032412167\4002656488.pri | C:\Windows\explorer.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\2717123927\1590785016.pri | C:\Windows\explorer.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
Command and Scripting Interpreter: JavaScript
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\ImmutableMuiCache | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 14000000070000000100010006000000140000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcc000000000000002000000e80705004100720067006a006200650078002000200033000a005600610067007200650061007200670020006e007000700072006600660000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074ae2078e323294282c1e41cb67d5b9c0000000000000000000000003a24054aa3a1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000002000000e80705004600630072006e0078007200650066003a002000360037002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000073ae2078e323294282c1e41cb67d5b9c0000000000000000000000006fcae449a3a1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b0031004e005000310034005200370037002d0030003200520037002d0034005200350051002d004f003700340034002d00320052004f0031004e00520035003100390038004f0037007d005c0047006e00660078007a00740065002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e807050050004300480020003100350025000d000a005a0072007a00620065006c0020003600390025000d000a0051007600660078002000320025000d000a004100720067006a00620065007800200030002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000bb79804ca3a1da0100000000000000000000000047006e006600780020005a006e0061006e0074007200650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b00360051003800300039003300370037002d0036004e00530030002d003400340034004f002d0038003900350037002d004e00330037003700330053003000320032003000300052007d005c004a0076006100710062006a0066002000510072007300720061007100720065005c005a0046004e00460050006800760059002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000000000000e80704004e0070006700760062006100660020006100720072007100720071002e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fffffffff9a6406d323dcb4f8a86be992e03dc760000000000000000000000006772bf1b8a86da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a0066000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\ImmutableMuiCache\Strings | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Cortana_cw5n1h2txyewy\WasEverActivated = "1" | \??\c:\windows\system32\sihost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\WasEverActivated = "1" | \??\c:\windows\system32\sihost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133567065551368052" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133567065551368052" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 14000000070000000100010006000000140000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcc000000000000002000000e80705004100720067006a006200650078002000200033000a005600610067007200650061007200670020006e007000700072006600660000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074ae2078e323294282c1e41cb67d5b9c000000000000000000000000fb67ab51a3a1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000002000000e80705004600630072006e0078007200650066003a002000360037002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000073ae2078e323294282c1e41cb67d5b9c000000000000000000000000e1ab7151a3a1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b0031004e005000310034005200370037002d0030003200520037002d0034005200350051002d004f003700340034002d00320052004f0031004e00520035003100390038004f0037007d005c0047006e00660078007a00740065002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e807050050004300480020003400360025000d000a005a0072007a00620065006c0020003700300025000d000a0051007600660078002000310025000d000a004100720067006a00620065007800200030002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000a29e4f54a3a1da0100000000000000000000000047006e006600780020005a006e0061006e0074007200650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b00360051003800300039003300370037002d0036004e00530030002d003400340034004f002d0038003900350037002d004e00330037003700330053003000320032003000300052007d005c004a0076006100710062006a0066002000510072007300720061007100720065005c005a0046004e00460050006800760059002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000000000000e80704004e0070006700760062006100660020006100720072007100720071002e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fffffffff9a6406d323dcb4f8a86be992e03dc760000000000000000000000006772bf1b8a86da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a0066000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\0gktrk2121.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.0.458377291\982225481" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e745df-728c-437e-b4da-a7bbb924b7e4} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 1780 21f3b5d6d58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.1.1952419156\4417958" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43f5e12d-cff3-494b-b2a3-48b941b3e60b} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 2132 21f3b2f9e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.2.1253959038\307460483" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2896 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae3f44ea-7fbd-411c-ac62-aa55a08a94f4} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 2872 21f3f598758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.3.469032881\1785591027" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3408 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94632932-0947-46e5-909e-1683888cdee5} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 3428 21f28f62b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.4.1236218330\1893310547" -childID 3 -isForBrowser -prefsHandle 4356 -prefMapHandle 4348 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b49f0cc-cd73-4b07-b6b5-310af89cb9a8} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 4368 21f410a9258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.5.1718797952\1514798706" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c94f8b84-357a-48dd-bc33-87a8e39f5a0a} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 4880 21f41677e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.6.924085201\972246467" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80225f1b-0f5f-4016-8d00-bf79b7c1b369} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5100 21f41d4b258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.7.532460341\1156663133" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef2d60ac-b92f-4112-8a3a-94f39fcfbb10} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5208 21f41d48858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.8.1705511308\1259242508" -childID 7 -isForBrowser -prefsHandle 3840 -prefMapHandle 2592 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eefc6d08-0413-422d-99ad-a8ac155c9e0d} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5520 21f42aec958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.9.1428476092\1708015815" -childID 8 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb9d2c2b-18a0-4bc2-9da0-8741afba1ed7} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5880 21f43228358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.10.1153788310\422221396" -parentBuildID 20221007134813 -prefsHandle 3912 -prefMapHandle 6128 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c82338b4-f2c0-4d34-946e-bb26cb4b026f} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6100 21f43280958 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.11.1032511920\689244890" -childID 9 -isForBrowser -prefsHandle 5348 -prefMapHandle 5364 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e545319-2e8c-42b5-8718-76c3edc15f22} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5336 21f42a5e658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.12.1870314092\1339357622" -childID 10 -isForBrowser -prefsHandle 6268 -prefMapHandle 6264 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {137371b0-7f1c-40ed-9295-6b98733d542f} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6276 21f43771858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.13.299635797\950566886" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6240 -prefMapHandle 6244 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64cc921d-13a6-492c-b986-90911fed9848} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6532 21f43965b58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.14.1861724641\576469849" -childID 11 -isForBrowser -prefsHandle 6876 -prefMapHandle 6872 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e05e50b2-1c78-421f-ab80-055d73bce117} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6884 21f43a59d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.15.110793640\1168130426" -childID 12 -isForBrowser -prefsHandle 5688 -prefMapHandle 5844 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46ddd345-6040-43bd-8a37-13dc48f9ef61} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6816 21f42b8be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.16.797033447\152126643" -childID 13 -isForBrowser -prefsHandle 520 -prefMapHandle 6168 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {387c8c98-f6e7-4c88-b084-b1b23d8d0024} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 4368 21f43226558 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.17.832467401\1966232919" -childID 14 -isForBrowser -prefsHandle 6440 -prefMapHandle 6256 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5e0c658-484e-4921-845a-097e6235344f} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 520 21f42646a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.18.1547927059\983554285" -childID 15 -isForBrowser -prefsHandle 4684 -prefMapHandle 4356 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c7f22fb-7f8d-473e-acd2-f87cd24df82c} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6848 21f42754d58 tab
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
\??\c:\windows\system32\sihost.exe
sihost.exe
C:\Windows\explorer.exe
explorer.exe /LOADSAVEDWINDOWS
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s IKEEXT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s WpnService
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.19.1829647289\777491294" -childID 16 -isForBrowser -prefsHandle 5148 -prefMapHandle 5144 -prefsLen 27960 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a7b0539-1c86-4cf4-a204-a203416d3ef3} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 4900 21f42b8df58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.20.468371757\838502806" -childID 17 -isForBrowser -prefsHandle 10956 -prefMapHandle 10960 -prefsLen 27960 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {655061ae-afd2-4762-9dc0-82fbd5cba8cf} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 10948 21f438ea458 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.21.1188077682\1926174881" -childID 18 -isForBrowser -prefsHandle 2564 -prefMapHandle 5288 -prefsLen 27960 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dfc21ef-4a50-4fb9-a9b7-e80ba7573425} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5376 21f4419f158 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:49779 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.250.164.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:49786 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nek.googlevideo.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| GB | 173.194.183.102:443 | rr1---sn-aigl6nek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-aigl6nek.googlevideo.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 173.194.183.102:443 | rr1.sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nzl.googlevideo.com | udp |
| GB | 74.125.168.167:443 | rr2---sn-aigl6nzl.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-aigl6nzl.googlevideo.com | udp |
| GB | 74.125.168.167:443 | rr2.sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 142.250.200.46:443 | i1.ytimg.com | tcp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 142.250.200.46:443 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 167.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | rr3---sn-q4fl6ns6.googlevideo.com | udp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-q4fl6ns6.googlevideo.com | udp |
| US | 74.125.1.104:443 | rr3.sn-q4fl6ns6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-q4fl6ns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3---sn-q4fl6ns6.googlevideo.com | udp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.178.1:443 | photos-ugc.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.178.1:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.204.78:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.204.78:443 | youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.180.14:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.180.14:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 74.125.1.104:443 | rr3---sn-q4fl6ns6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | youtube-ui.l.google.com | tcp |
| GB | 142.250.187.206:443 | youtube-ui.l.google.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 173.194.183.102:443 | rr1.sn-aigl6nek.googlevideo.com | udp |
| GB | 74.125.168.167:443 | rr2.sn-aigl6nzl.googlevideo.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rr5---sn-q4flrnel.googlevideo.com | udp |
| US | 209.85.165.234:443 | rr5---sn-q4flrnel.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-q4flrnel.googlevideo.com | udp |
| US | 209.85.165.234:443 | rr5.sn-q4flrnel.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-q4flrnel.googlevideo.com | udp |
| US | 8.8.8.8:53 | 234.165.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-q4flrnel.googlevideo.com | udp |
| US | 209.85.165.234:443 | rr5---sn-q4flrnel.googlevideo.com | tcp |
| US | 209.85.165.234:443 | rr5---sn-q4flrnel.googlevideo.com | tcp |
| US | 209.85.165.234:443 | rr5---sn-q4flrnel.googlevideo.com | tcp |
| US | 209.85.165.234:443 | rr5---sn-q4flrnel.googlevideo.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | udp |
| GB | 142.250.178.1:443 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nz7.googlevideo.com | udp |
| GB | 74.125.168.104:443 | rr3---sn-aigl6nz7.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nz7.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nz7.googlevideo.com | udp |
| GB | 74.125.168.104:443 | rr3.sn-aigl6nz7.googlevideo.com | udp |
| US | 8.8.8.8:53 | 104.168.125.74.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.70:443 | rr1---sn-aigl6nzs.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.70:443 | rr1.sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nzr.googlevideo.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rr1.sn-aigl6nzr.googlevideo.com | udp |
| GB | 74.125.175.134:443 | rr1.sn-aigl6nzr.googlevideo.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rr1.sn-aigl6nzr.googlevideo.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 74.125.175.134:443 | rr1.sn-aigl6nzr.googlevideo.com | udp |
| US | 8.8.8.8:53 | 70.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.175.125.74.in-addr.arpa | udp |
| GB | 142.250.178.1:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6ns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-aigl6ns6.googlevideo.com | udp |
| GB | 74.125.105.9:443 | rr4.sn-aigl6ns6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-aigl6ns6.googlevideo.com | udp |
| GB | 74.125.105.9:443 | rr4.sn-aigl6ns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 9.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| GB | 74.125.175.70:443 | rr1.sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 34.117.188.166:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 35.244.181.201:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 2.18.121.73:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 216.58.201.110:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 216.58.201.110:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 173.194.183.166:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 173.194.183.166:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.78:443 | youtube.com | udp |
| GB | 216.58.204.78:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 44.242.34.204:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 173.194.183.102:443 | rr1.sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 74.125.168.167:443 | rr2.sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rr1---sn-5hne6n6e.googlevideo.com | udp |
| NL | 172.217.132.230:443 | rr1---sn-5hne6n6e.googlevideo.com | tcp |
| NL | 172.217.132.230:443 | rr1---sn-5hne6n6e.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-5hne6n6e.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-5hne6n6e.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-5hne6n6e.googlevideo.com | udp |
| NL | 172.217.132.230:443 | rr1---sn-5hne6n6e.googlevideo.com | tcp |
| NL | 172.217.132.230:443 | rr1---sn-5hne6n6e.googlevideo.com | tcp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| GB | 142.250.200.46:443 | i1.ytimg.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| NL | 172.217.132.230:443 | rr1---sn-5hne6n6e.googlevideo.com | tcp |
| NL | 172.217.132.230:443 | rr1---sn-5hne6n6e.googlevideo.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.72:443 | rr3---sn-aigl6nzs.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nzs.googlevideo.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.72:443 | rr3.sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | yt3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | yt3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | yt3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.178.1:443 | photos-ugc.l.googleusercontent.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.114.21:443 | glb-db52c2cf8be544.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\9088875c-ca46-4c34-a01f-6b2d69a93757
| MD5 | 2dd4c1462646b6d8c69eb4e20dad6937 |
| SHA1 | 67f94bf1226b23be3805b8aaf5810a4fcc004439 |
| SHA256 | 36e73a01d3a8fa6a84df76811b3c6b46f9b9d3cee87b8377d1346836e9b29b15 |
| SHA512 | a797f962dc42ce2c8331193a02b66e63914cc0d7fa6dfa3e3226e04817b9d6358eb412572438ba25a6bb72a57399ae251d0688256e8a90a065505353acdeca3d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\f0d4c397-7f37-415d-a573-4fa9226efc4b
| MD5 | 3b290baf8193d9cb43f165b68f2bedbd |
| SHA1 | 6641bfb01a76a4bcc84110987153aee85560a2dd |
| SHA256 | 9546f14aa785a952cafe48d8359526ef6beeeb1ca16cc76303940cace922b3d0 |
| SHA512 | c94acda5edbf4fd7def0b30e036079977c0970f8374672e33e9540f731e434c0c6e71e8b562bc24153c2cacc22f6a585b6254728112e8f71ddf28da6ec8377a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 68b27c20ce268b68271363a95bfc33fb |
| SHA1 | 2da540077307a110b4f1a99839757aa30982509b |
| SHA256 | 00f49b49b9f92883abdc4a001728e9239ee708fe6dd9cc5e86cdb99b6f432a75 |
| SHA512 | e41563bcb9d0a0a78d2049224f9ef6eaac625f1e49b71071a51e71c53d9de857cc3b04f11889e3351f07a9ecef0b8b426a59fab17b1f2934729a04307a9f23fa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | c4f99645b66c26f2267ce1e3306a6f35 |
| SHA1 | d617de8854d7461b437f96d4e34bb5146cb8b209 |
| SHA256 | 0ecb6f15e9a847fb6384adeb1d18dd127262b70c070e1b731b2a5dfd434d2b68 |
| SHA512 | 010e45ba614d8603980d4688eccddb073dabaa30b0ce30527900770b9615945c96ce20efe0b287f303bbe56a23f0ed4d875a0b34a680b9dc19f0ad22f6431e88 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 90ab70ed3b3b15c3ce6420ed8706934a |
| SHA1 | 5eab130856c9b8c94bae04308f1fbfe951d875b3 |
| SHA256 | 6a9a5cc2161750c8f9ca8341798195d431623850928a6ccbee40f2529187ea38 |
| SHA512 | d4e1e33662ffb8b376ae2dce713170c116d47e9e22c623efdd48cb1f01dffa1ec32ddfdc1ea0256181962b3cfecf4db559659c7da9a23c3a64b809be9df227e8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | 673df62ba09610bf8926357cd45c2b2f |
| SHA1 | 0fff2ed2353fdd338b1bff99fce7eb957eb7012d |
| SHA256 | d98d71d7bfea253e663ba929b37bc6acf7d066bc9d1c46220b543d5948d252d7 |
| SHA512 | 4f4f842a6c51015148f4afe18b5d56c544c28e7649e886bbbbfe02b5d48e197fa46912c90724d4da127e4b91b0c20340e9555d85dff152b3693f6307f82852d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 03742ee3622290535b7d8d7434c89d22 |
| SHA1 | 270955e9ccd5f9d5a0d75f8f598971765e8e1d23 |
| SHA256 | f0a4996b0be9ac422e0de23b79bbbe6f725af7bc1ea8c8a2dde4278e3f24e295 |
| SHA512 | 008e9804677d951bbc1aff1b4abf8ec9af0e6586adba78a1c634a107326f662587eaf9cbb3b3cdf7518e2715bf84e075444fb16c4967f95673f8c27e4db284f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\idb\1241031584LCo7g%sCD7a%tcaab5a9s.sqlite
| MD5 | ce61ecd743b386d489e7ddc60593f243 |
| SHA1 | ad27e13f480091a14c233b284e782f579a46fc5b |
| SHA256 | 2ad7b37e05d5f9ed0d3e9cc12e1adce07b842b8260f87253bd54f17d8b88beb7 |
| SHA512 | 94cb8699354a34c84b25644ecfae66b2238c6deb62eae04f006071850c7c679f77bee19e6d853b9e5f3b4a6ec4a8860adf5490487898d33785d88f0a1015b1f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\119\{7ec7bf13-1dd8-4ed6-861c-74b438e11d77}.final
| MD5 | 2a252393b98be6348c4ba18003cc3471 |
| SHA1 | 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598 |
| SHA256 | 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee |
| SHA512 | 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b81d475fafe9d9bf8822680495466170 |
| SHA1 | 625b5449e20581bf2037add4ab25c80a302bb611 |
| SHA256 | 689fa2817d218401f630360f8eb0702c56622968d8dd7b1c108553fa995915d4 |
| SHA512 | d12435222a0f9a859f6d0711cccb8b9deca7fb849faa4b6673a3752fa90d108025487b634de8d12e5f783bbd8897328c4217a3fef231867714f758bf82c35679 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\15444
| MD5 | 197ae020168a4c35a9c6bcd3e720e68f |
| SHA1 | 4539354ec00637c43f8dcf787f8b35220a28c701 |
| SHA256 | 8b83931f0feb4149b9d43aab0b789d8dbc20d6e4ff9104f7100a0c77637628e7 |
| SHA512 | 77a8101f9e2997a7cb88ef18e484c3d731b4d20fca96deccf629305cda1e91ccc05a2ce3dde2d000b6ab292edbc8e0fc6509a1f1979356eeb46a27256c0c1298 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\22814
| MD5 | e86eb795f3ee32899b783024ce00c950 |
| SHA1 | 3b398d8b70a4f411cbe7602cd9cb592b6be0b884 |
| SHA256 | db9d54a15165c098293edaf08573ed1a717bcef2ec2e9bcfaf8570deaaf4eb54 |
| SHA512 | 50cdcde963d2a773e61e1a272ad93f26921bd7f9092ad55485836abe22124ec9349c9ccc02fb96e7dded72a8ce8cbee2d69d907c5e801f7a6c37ca69615a2412 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\1933
| MD5 | 69b4187f22fcae2e723a739f189d393d |
| SHA1 | decb4945d3fa3b339e0c1f3bdaea07c74bc3c8df |
| SHA256 | dc66bcfc69731c960ffb5108fe2f0378d58787a8559e9c00c476f4d77966e32e |
| SHA512 | 82f3a63a25cd406c58521c3f3d2950cb57dee1383b466ff1a8ba473ab8539e1d52747a6ab946a69fac2c74ae7c2c0bfdcc8f2e944b3fa6690353aaadbffd763a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\5\{2dd723e6-0010-401b-95e4-3085559ba205}.final
| MD5 | be203547ce77fa7a91259437b55c0d1f |
| SHA1 | cff2ff2c9469ac96eff7baaa308cdc886fab804d |
| SHA256 | e5f9c781a4756c64455652d9b4bd944aab9ecc1eef556814c00b1797209f4840 |
| SHA512 | adf00778a63ea8a143f8fbbf61188392a87a376234e17856339036854cff3a5247aed0b1c0b603332e244d348d58402ba58b32f6df6cc8e18f9d8242f6573f71 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\164\{6b9472a8-b5d6-4aea-862a-cf1b1586b6a4}.final
| MD5 | 45e25bb134343fe4a559478cd56f0971 |
| SHA1 | 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93 |
| SHA256 | dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678 |
| SHA512 | 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\155\{3692fa82-4af3-4251-af8f-123156cb929b}.final
| MD5 | 5b0f165bbdb71faa1bb5b26c4f022e96 |
| SHA1 | 704bbe81e0d8370e675246e1cbb347bf8599aa45 |
| SHA256 | b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f |
| SHA512 | 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\97\{b49fa4d1-31aa-42c5-a9b2-1d4686f4ba61}.final
| MD5 | 51bb0fe00991a2ae6707b3aefc583918 |
| SHA1 | 21ec201ebf41ad57faaab02f7961ce5a746e6dbb |
| SHA256 | 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a |
| SHA512 | 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\82\{ce8710f5-c79f-49e2-8e97-979de5d5f752}.final
| MD5 | dc9a7fbc5e4c905d180f1e4af881e592 |
| SHA1 | 10fd3d3c3c0a7fbb4246bddec89405790d5ac88c |
| SHA256 | dc5e1c62c3c105bdbd2643cc83cff3593ae9c24531c161d45c459e24679326cf |
| SHA512 | d348838561513841cd6d3886811888622ffe7c7963c3a0a521dd80ffdae18d21ab044da2772fd5684014293872d172e6aac71493d048cf6731cfb1b37fbf9121 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\59\{f6ffd2d5-6bfe-43da-a6ad-023ec01a583b}.final
| MD5 | 184e8de5f2d1b10b1cd688026dfec0ca |
| SHA1 | dd632464c3ad026e57bac8efc3348eb7349dad84 |
| SHA256 | e3aaf869118c6db298d843c5308262f88ce5ba474d88e7043badfdea4471c93f |
| SHA512 | e3495544032b7f6760967b0ccf57861ec5454bb32e8f5f7d2165fa63e6ab580e278275a1f719fa55fa17fc0a3aa9788e15ba60ff2ea0e25557f0160607066143 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\67\{1a3e2d69-9b52-4e46-903f-c2749d402a43}.final
| MD5 | 440b8569f0166adb464f65b587fc1864 |
| SHA1 | bd9ec70774c72144b24d6b025169adcf97f4100f |
| SHA256 | 7679aaa38924228f58794ffd76387e65f03fb1a7ed42ba79a369069f2da4c13a |
| SHA512 | 2a4d57dabf61b213de49a46569ad00401afeee417d28936851c1ea346d65d5019be0b8092d1857b58ca0bd0f2a1407452920a2f3e0a69688d61bef25b419fcbe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\198\{5fa25cf9-b184-4fe3-97a7-16b0fa88b6c6}.final
| MD5 | 4281c6880b38580a12983db6afe98254 |
| SHA1 | 052f3dbcc36e439f4f23b1e1b608d92ee8e72654 |
| SHA256 | 98cdb9a3eef1764f2034497868bc60328364b1a414eba55860fc1756aa5f85b3 |
| SHA512 | 6b92b3ccf7ab00db56c0cd6c7c180741e1a154be3cc04199b883e7c350a818a6b0357454116ddc86af433f3afd57cc8dd89efed7cd0dfda6c3d9bbb270dba533 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\190\{6306b9a5-9756-4da2-b670-fc24158a2fbe}.final
| MD5 | 590de80c94ccf9eadb9c7d51be8e796c |
| SHA1 | e2c967e833e34a61c7bbb2cacabad6743f3d48c4 |
| SHA256 | 75b7670458b285925b57d33949d24b515dd8fe50466ef7e4a4cbd9a402f168d0 |
| SHA512 | d06068e443b20e3778c98441fd8fab3bcda4fbba3daa683e3e7c18c0de280d59d4261de63ef47ce8fb9a819b3c7f8d612f7d6b7c6fed591be25c19421ebd7a91 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\2\{95aaf1b9-b964-42a0-9cc5-b26bb6839e02}.final
| MD5 | 5525a3d889a5f2b22309572b81eb632f |
| SHA1 | 75570ecf4e74c8094526263c3f8fcaf09d4ea87b |
| SHA256 | 82b1f81789c3cf58f4985bcf3dd14d3606a9bda013bc08501e36bf46c4fd4e52 |
| SHA512 | d1e9153d5da3549d63b5833648191ec199a616e64c343b2985a11626465bcb728e39a3a04b906ea5bd42bff8b7376ef1a26e65c4e62b689af0cba19487fe982c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\19\{33bdcbb5-502e-4a27-8320-1d4020518413}.final
| MD5 | a5a12471c60b1660512fce9579675a2e |
| SHA1 | d702b7183c27a6b08b626c9bba460ce0e20a7395 |
| SHA256 | 2b8ad66d9eb14d6020cc86c9472a8d32859faec20e5bc971bbbe068753b378c0 |
| SHA512 | ec69cf09ef623b7971bf8a42267e23c4f5265127608a70d1ea8ee7a910982e075723a0dabd7053022905c9d0e44cbecb4fe2fb1005258fac9a0bd5a33f3b6014 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\16\{ac7874e1-f781-4bf0-88c3-137c6b541510}.final
| MD5 | fcaa7f35d0b6f5dcc3edf6ea35b7ef98 |
| SHA1 | 37eab86381cd122095b712d205eefd4c15ff49c1 |
| SHA256 | 67b688b893251d9e52650b3cb720b6f8be62c6e1afec8ea4b223a8e975d27b1f |
| SHA512 | becd339b63fb55676cabeed67fbf4e28740feca0995b8734a430359c96e14b8591d4242a526d920ac8893d9d22ac125288e8ae8dbfb0a0fb484ed8544774958d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\246\{82178e61-98c9-44d1-9062-748ae16e0af6}.final
| MD5 | a5b6e175f5a577af3302c7029593adfc |
| SHA1 | 7b21982420c602f2678b28d3eeb7172d5c491903 |
| SHA256 | 02240202d841f7910cfc4d17aebdef67a1084e704359fdf544d80dec3809a8e1 |
| SHA512 | 9e62f4350403815e642a70d746bac7c8862238a8f108491f6e33031db7ebef4ce91a9a97d83f9fe9c15dd70333bda1229dd7d1ee709f964dd8c65071833b6544 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\141\{02aff09e-203a-4893-815a-6cf83308998d}.final
| MD5 | 3f7a4ebdd9e533cda0125618ad02dadd |
| SHA1 | 8f024e90ae75e5926e0f9d0847e2a1520b4f8eab |
| SHA256 | 3408ed8bd0781a9ee0576ff0ddf30150456e0fa59b40406b21248613602c1043 |
| SHA512 | 6257799dd555ca13833a2320b10056a966f1f384d474cc66e6ead51a76b726e66ab64add92d9bf3a85456ec75b5b97404bf7574eab7d3e6090b8f60d2799c1ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\161\{24a1470b-e0f8-4b75-8f81-24e816616ca1}.final
| MD5 | 321ea72e49df8692233391c1f36451e6 |
| SHA1 | 2f016758fc5830a806ed9891e574936db521c034 |
| SHA256 | 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0 |
| SHA512 | 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{2a61617f-7ceb-4a22-86cf-7fce1a5e90f5}.final
| MD5 | fe5981f30c81e299a4b3cbb8d54c236d |
| SHA1 | 86d257366f84c5da701ce39084e8bd6b54a644c5 |
| SHA256 | d94c2ef736a7e46e3c6da5ce1b0f4ae07d1aedf5de035104fa48c3804f5cc86d |
| SHA512 | 51bc339682768b4ab038325bc12186aa16836e7179d36ecacdc8b4559b70e76e7868bfbd1ae19af5fc35ee36299060166d5c4da74f70c0816849510f93e2a403 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\6\{c4b364e5-0882-489c-92bb-8eee50243606}.final
| MD5 | ee0078268c18aacfbb32f121a2bc2902 |
| SHA1 | 413487a0a575c27405b739fa8938a66b61a24149 |
| SHA256 | 9718aa5eb454fe31d59fb6cb2d7bff3ba1f7e73b171c76390ed97b749493a85d |
| SHA512 | 2d776ef4276e4f8cbe7782e1aaa91d78f1154cafe818b8fb507e7e5f823c1ace750e8b2214a82448fe0d3be43fc25f1c15eb93d9198ca4c6b1962d19af45ccf2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\2\{b8764f5c-4060-4cea-ab2c-f8455cfa9002}.final
| MD5 | f8a4486578289f338eccea68bf578c6e |
| SHA1 | 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35 |
| SHA256 | 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a |
| SHA512 | e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\181\{f0f84fb3-e8c4-4a27-a478-2c23018f72b5}.final
| MD5 | 41d7c0ee3ebd3ecf60e8f06238d8976a |
| SHA1 | 313d08e7b04eefdb0ec87504462f522d7cb94d4d |
| SHA256 | 7b48b7ea9af7535de272491304ba8988db28c4cdf0d50c800e7d461666e73efa |
| SHA512 | 9619b290dd7e07d7a4d9768ee35dd564e37f1b0f4357bd2cb8a39c1289772f275f23f260114fac395974f544ff70efc168285a34611f40950eded0735d2ca6ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\100\{54c5fe8b-d204-4df5-b5f6-baaefe935164}.final
| MD5 | 18ea68569ded72b5f8f681906febe6a4 |
| SHA1 | 5797e923cf4e23b0c5b834923ed11b3fd101ebf4 |
| SHA256 | 3f7e5effbbc5b1d293c34e82334eef3f6f20195436b46a97c9322a406af63cc6 |
| SHA512 | e32bfa8081fcb47042097617f10454358b0fa206db22cf3d4ceb09c7134ca97c4cc3d8d283e1dfe7b4db13c0254ca9aae2fc2dad38d50cff4375373d76d9e060 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\55\{a9470083-bb5c-4c46-92da-f09b0a1fae37}.final
| MD5 | a601665adcb4c6be23f3f43db3ecd713 |
| SHA1 | daf1dbb4c74201e6e986283fba3603b508d576d2 |
| SHA256 | 38f281885066fb223a840e11199c5fe053ce470857cb8ffe5fdee25e226e2e7a |
| SHA512 | b60b5afbcafcfb4d4751dda855ce4e40674ba635a28dee30b9ee8dae0cc1a751623ebcc3f1657aa1e847ba317dbb4bcdf44e73fd68b96ddb9ebc3d0a73bb5ae8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\76\{36a0bce5-efbd-49f4-8e4a-0b486c26ef4c}.final
| MD5 | 31f682f3d011c942f1c41b7f915eec10 |
| SHA1 | 0163e4cb475138b8f6ef221cf0bb15055f628f4c |
| SHA256 | 00392c87ab0206705a7f066ab9b2cad308eb3b2d0b538fa535d053b0c662c48a |
| SHA512 | da32317bdc01471cf7fe107c80d3b69646aafbde3ba9ef7d4fc674c56034d78dfc08ef33d8c133cdf198e4ce265625c8411cd85b2cc6d57016af360129db733f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\197\{1b44d773-79b6-4f82-9f29-c054819b5ec5}.final
| MD5 | 25bc26013ca16ec022cc26f5370c3769 |
| SHA1 | 0b959045667e2ab2efb992cdfe8abf8d833ffa83 |
| SHA256 | 8e291ff624d1139db9423256f8b7637e909580a54b8838c81119b12cc631b84b |
| SHA512 | ed775d60df5dfa9d6fcabeab00e46d6ddd421f19c8de2ba3d1a78786cf70ddcd86e3dfce18519d916078a36a23f64e9db42149a4e3c26d58ffdd565f3dd9afdc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\194\{a12650e6-67b1-4e6b-aaca-5cc1bae63cc2}.final
| MD5 | 5dac736054f1bfd6efddc9f8941f6513 |
| SHA1 | 8d333e22dc6fa20e26c4732d5ff91c954433185c |
| SHA256 | e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175 |
| SHA512 | 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\73\{e2106920-5b80-493f-a6fb-6ac7a48ad349}.final
| MD5 | 3a412424ac9e9e38359ed78efdadc85c |
| SHA1 | efed1bcfc57a1a6b9917cd3bc20d59f767adf5bc |
| SHA256 | 8cee6015ffd0f547e1bdfc958c906df98b64e24cb6dd5d89cc1aa3b38bd62bd4 |
| SHA512 | 244689ba698e3c6323e8b72acc8ee5672bcdca4f859dc402e463d09b631861c996d90f8740b75d7e1668abc27ec447a1cdea1aaa30434ba56da1f7b06b84d57b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\143\{13f3dd23-fe26-48f5-a176-23255b791c8f}.final
| MD5 | b3a912f7ad1772f6fe5812fb79fb8f4f |
| SHA1 | 00443a5067e504d2b102a4358ddb6f0484d464b0 |
| SHA256 | 7663eca944129445deb2757f49ef731ac2a95ac01080067f5938dcc0904fcd7d |
| SHA512 | 58e365169f36ce049bdabe6c19ef7788684a68b2b38fc499f0cd7ea8232dccf0708d585ecd249d9a92b2023fed544145b967848e50ba44b0d2af5447abb0b761 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\252\{1a6eb76a-ddb1-48c6-b571-d280988c71fc}.final
| MD5 | 34eabb6d7873666c4dcd0f6e2c379fde |
| SHA1 | e6dceb2fcd82d2513d383afba73625a4822b44cf |
| SHA256 | 2f6cdfea39358c552286c9a055d5e364e27d8a1e6700de932fd8f406446d7048 |
| SHA512 | ddd2d6d1c98d67ce10e3c4085fcd33499767b0a158de2975cc6993f2cc06c8c09cb1daf1ff628e4cf9127c973e87a6f3559e3459de1ffe4c8685e40c1998ece9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\39\{0764df43-3137-4bc8-847c-60136ad9bb27}.final
| MD5 | 887d18f5d2a951296bceeccc0a2908bc |
| SHA1 | d9ea3e25c31f63fa2b5c234df3f4a22c87b7abdd |
| SHA256 | 47c2305553e87db8d59361705090fda372c32938564297a6db1dec0e5dcbcf20 |
| SHA512 | ce858e1c6730655d32e099d8c2804288a654bf2f7629c9bff0a28636473c1834fc9f8e437e04b0b985998ee7cc499abc3b474ab292f3d7180e5e6adbb4d07956 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\6\{e2a15c99-3339-480e-949b-6ecee6878c06}.final
| MD5 | a57c59c5082da22125cfc69197546e95 |
| SHA1 | ecbc238d1f440562832601a78bc3fdc052df1e0b |
| SHA256 | aa70e89647f51593908420aa5856e5ae4f663065bf8a12cc4ee1aba1a0916a9b |
| SHA512 | ca88eb897f8ef1fbc65b1e2e426a2e8274a7cf8c225e02e5406c39ef5d1bede11a732673162e21379773622207b28c9a45de83a64aed110ca82218e7097e7cd0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\145\{7e20fc52-1e99-46aa-ac58-d399b3e4b791}.final
| MD5 | abada082ffc6679a2067c452c7cf2afa |
| SHA1 | 99a4e6c70bfe85066f09c2ac1b2108d05f129c52 |
| SHA256 | fdd42399b41bbb74565be3da15f861b96f044ddee74f6f2ba29940a96b1f2031 |
| SHA512 | a4db103b9409b1a544ad9e449a3cd65db72937fa325f1d08419450997f0de9b1481fc7c31ec915b89dfaee13f42f4e50bed68155d2e39d42332c01f4f4e6fbfa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\227\{aabc36f7-e1e3-4e81-b4ab-c726be4860e3}.final
| MD5 | 0ef1f531ef723ae794070d8fb9f22e7e |
| SHA1 | 359a185e7e59e52162aa084fab2f31d2131d2da1 |
| SHA256 | 7b92f7b90080f024b9f265b888631c058878628e569fb1301c8dc93ecafc90b6 |
| SHA512 | 876120bfdb112bdbbbeb2a87140af386ebf91d13b9bbc02cf7e96fa0f9f10d66c4a7265811b7ca79223a61fe141712ea64c5c2773aad6199648e3bcd496225eb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\223\{3d2c990b-60d6-4a51-babc-4db21a74d2df}.final
| MD5 | 6593c3cd0cd304b103124a65062a274c |
| SHA1 | aba82966f9eebb81bcb05ab9eadc5f9ec7087f38 |
| SHA256 | 89e8c95a42b02e26e31e55e66381898d19e3ad9e6da3f27ad837c7470f9b9324 |
| SHA512 | ac4026f5fe5346f518171c3ce08c0ba5652382f1ef83b1358140e5696ae1721d980b925925ca24d2b84cc6a84b5fddc9433ac492c943d09ba2f8f2485e892768 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\108\{94d58a78-0626-4d01-9aa5-7237d505ac6c}.final
| MD5 | a16ea228c26d9635887c0f16939633fd |
| SHA1 | 4296ff50e58e69f667e69a5eb0e4b33d5584c011 |
| SHA256 | 1147a378214d10a08296484419be2cfe7e251bf90f5f0ea9897ec1b79e195664 |
| SHA512 | 357c2daf556aa2471b6f0887d32000939044ce584534fa0fba618fbec99031d0569c5ce662a9f3c1235785ab3fc9116e095e99396a082cb60e1c763f9e561c74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\85\{f6b91a70-ae36-4e35-88cd-81d633ab3055}.final
| MD5 | c39ad8422f2a033a19029e992171863c |
| SHA1 | d4bc0db91f8b6a7e562632cdbc47238bf7074311 |
| SHA256 | d4b92610c82ebb2fa1beecdec652dd1b40731ced23e5281a1746739bb9636783 |
| SHA512 | abd2d36b411db7e869da2fa6434644768801ee8db91c4b06a15b8af4e3bcb8b58721d654a7208809eaacceb2d17a91bccf8d40aeb81c2ebb0817eeeb0a9c31b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\37\{0848080c-c116-43d5-8d89-0b5ede4bc925}.final
| MD5 | 3e7dc63be6da02f295c1b9a5c56dd322 |
| SHA1 | 0aa6083dee17a265efa6814d10f0171753c5f042 |
| SHA256 | 6ccac4a1dd37f1f6d1bc68aaa92f48f02d92d3a23be15dee4d83c0b892fd09d8 |
| SHA512 | 3ee1d46e61646303fbe77cfae5231366edd2862e9c2bfa45529fd7e90d7bf8fb62969c95f4125a17760ba6f934e5d51dbb5ba42bb43e24af33b43ffc0faf53b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\191\{78df9aa5-6952-4e85-80d9-22fd2832efbf}.final
| MD5 | be912f4bcd3b478ace5df6dc46d82aa8 |
| SHA1 | 2485e534279a5fa834a6e099cccc92f20c91052f |
| SHA256 | 8a3103971412691de6ca0bf149f63e274d5347e8942210e0b14470bc2c74538a |
| SHA512 | 8d082b4bbdc165115c47454a3d641a6d6fc9ac732a6f2bc511802fae3ebdba8a84ecf64d1acfe1fc9c023cf40ae2520cd74d5cc428dc9eba7913a2323b27d59a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\117\{2c2060ba-2581-4cce-88f9-cfb46ec3b075}.final
| MD5 | ed6fd5e11dfc8e4cf53ea851ea9ede04 |
| SHA1 | fc392e8d4f64aec77d892182f63fedcd543977bf |
| SHA256 | 478c763f896d5b271626a85070b75e8d66dd1eed1dcd244d9d6874bb1c24e6b1 |
| SHA512 | 5da78d681d8feed8958b8fc60c4bc7975e9a4cf3e94e884e2525005cc1852c5643cac43cfc0c387381ab6f8d97d90a1d22b31faa0a1ee3529117b471cf6ff21e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\253\{3da669ad-23d6-45a1-a0cf-6e108fe640fd}.final
| MD5 | a8ac2b1daf1197439e18577f9341b301 |
| SHA1 | 7c6e18163d4915ae57f27df9cfe607834bb998c8 |
| SHA256 | de289ef6a8ba393577207b6a036d9bb0462b56479d9fceec6b4c094c8891a72a |
| SHA512 | 617ac8779a29725613666c729e3b0976f0bbfda6bfc358f7e606a552dd0ebf712de791d483965a72b225412fd7532764a2ccb2df1b3b91666ff25fb841cd3c93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\61\{e156e296-1fd8-401f-9abd-ab22d5416d3d}.final
| MD5 | 6034306070954b482117c7883f153714 |
| SHA1 | dea03382c66843d3b2f548bcc628dbfbc3cab661 |
| SHA256 | dacb173c166fb4640953753914c783a1c8aecda2eac07dbc30ca70804bd8c029 |
| SHA512 | dc178d0f42734ca82160a12caabd406b1b16f414e09d67fee35092249aed61f570702bd1716a169c1e97e33fcdace6709e98044884e7459e453377f103946e62 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\119\{4d83b4b2-187c-4464-b1cd-8ae258e81577}.final
| MD5 | 9aabec02bb846ee3fab89838fc80448d |
| SHA1 | 8b0f294de64204dbee03446885a8f31f03a22b17 |
| SHA256 | 31afb122c87ea568cbf6b96fc5bb8ce12eaa379581d41c269ecc4674d452d72e |
| SHA512 | 198e2db29f6cd3807e92fdc6fb2fce689ead581fec734e414f953595d1d4dfd0de8a23a364d3665380b99e58c4146d4899ba0ba6e3e818dce29bdf809ca00b73 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\202\{7b3369d8-a861-4dfe-9d87-e9489252e8ca}.final
| MD5 | 7b4110fa3efde7eaa286ecb28002c24e |
| SHA1 | ef18905bf90bcec8d651b137f902e2d70968b960 |
| SHA256 | 3b339433141e9d91736ec678e692c2ec5890be7d216f4ba576461109835b802b |
| SHA512 | bfa6025d1b2638ec2aa85188c52d1d15b9fe8c85f1e431da724f9a28bf6fbe78299539497a24fce08e48985430e713c5982aec2cc5b5c137f5b611be77767fac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\149\{99f81555-f75c-47dc-850c-8b14cd65a495}.final
| MD5 | 8074dc643bfb7d1c60ceaa4761009fb1 |
| SHA1 | 5178bcc18bbe6907f7603a90c9ef1dcc2c3bd9ac |
| SHA256 | df4188f88b0fcb6b315de652baafadc68de7649e7c3e16f83e162d7a8b5a2751 |
| SHA512 | 3d58b3e2a7de3ce79cbb8c43471431f4ea6e7e19116057a655cd997c7ff9889f0352e69eda49009a2de52be254fa2cb125d3566d281bc567d4812c9b5bdba62f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\125\{1a43980c-1bdf-48cc-92d8-fb20f3f1aa7d}.final
| MD5 | 162f09323b6a93d1a573c6059f56748d |
| SHA1 | 01ad3259e6f31b5574868f7e71a180917e480328 |
| SHA256 | 66a152f9fe8afb18db1fa201c5054750721af807e1dfafab9ba70bb17d131cf4 |
| SHA512 | 0ecb45d87d32d12fd0ec446c3a9b8405162465d8b940eef6c86cb634962bc4e6c95e6ec18d6744e4e8ed730ee4417f10a7808b505aa1ccb78deb58ba0161a5e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\133\{c7811f0c-e73c-45b8-ba3c-b67747ebd685}.final
| MD5 | c0540c18cbf85eba330f97b8fae2375a |
| SHA1 | 65f9ef9c5b0664ef9bc045344224a266d72c7861 |
| SHA256 | d540c5c26f2eab78ecf7fced4ac767f1af89e7c3eef303e4027d4fc77d6e74ca |
| SHA512 | d6bbc155fccf19afd17cdaf3b9739e8bfa732c4c519aac5516447c23ac9e1d97f5a6a2e003cc7cd09e9e9de14f28c88de6bcae26628dfd0aeeb4ffa8f0d95a56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\228\{855bd000-8bdb-4274-bf33-56869db9f3e4}.final
| MD5 | 5409f7bf4f5bee52df75c2e72dcc9f36 |
| SHA1 | 7d03d02ac3127b6d3bae88725b830f05e2c19b92 |
| SHA256 | 1e026c82f67c10fc4746f558ac948fa6549402b7331d97fcf7b22690cb8a6696 |
| SHA512 | b3b6a124599c979b29f89ecb3d28f494e1d9046e373539f94acd3d89de284dcadf860c38067bb496e0d8a9d6f1a4e54e15a82d0dbabfcc6280543a25b7bb86f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\209\{e1282fa5-b346-43fc-aad1-baf3659d9cd1}.final
| MD5 | 982db069b2cb3f7b12df524ac058cb75 |
| SHA1 | b3c4cee2073c9b11afd4fd4cafa14506dc7c4c36 |
| SHA256 | 77015506cc1b153afc0ed88730d3248b4a9616edd67cb03d7b671c7962dd74b1 |
| SHA512 | 53d24e86229558747d0291ea42632fc1468c7f672b38493232a75bfa5da6e58312e64905b6291593adad411563968edf9c035ce95c48d60d7a7a0151f0c94692 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\209\{7df28d44-78e4-4d98-85b1-d89a71daaed1}.final
| MD5 | a975d247eb217c175e9104e649cfa5d0 |
| SHA1 | d85ba5f059f8b624aabbdcb974b16d05fad94b1a |
| SHA256 | 3165df152edec50d78e9a54edb28e74682976dd15e4bc1e7ae72a5838a8436b4 |
| SHA512 | cd11924a023f8c57315aca37f3b77a90b2ddc2db55417c4002e916c917fa7826c521240a646e24b94ce72192bfcc2739b1ec0edcb790ae33960a3329c2af22c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\55\{8e4ffa5b-2159-4c42-9050-0f4faef7cb37}.final
| MD5 | 680103ce64ae5c8edff61a1e3240326c |
| SHA1 | 03038ee24f31ad0b8da727f0c3dc3b5879b26c8e |
| SHA256 | 3c24065c3b89ce87c07f724caf59d270c80b7a072d751bd51e2f0b27b594442c |
| SHA512 | 68c0beb28e4050858d9ed8f79e0bc4a24abc99b9776faa392aa7d412a83b8d7320645ed498b7de7f1d712ec13abb554862d6c2b01d7223a229a96f27c9e130a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\204\{76b9d880-4d57-4f6e-9620-82b77aa580cc}.final
| MD5 | 63c7f2fc0ff6a57ff3d98d003b00abc5 |
| SHA1 | 7eff871879b328e59dc2a5e959c9efdb9e93c91e |
| SHA256 | d750432333b0cf3e88461237110ce0718e2118f3f65d368e9e0d798b9986c440 |
| SHA512 | b3eb057cb9578836664bc1d73ff55a40e66eb48b8a210587dcb2adbad404c99a324e388b2d88a77e61f67bf25a3825a4768e7cf6f126008637feb3dd01255d63 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\76\{fb2f1a68-7ddc-410b-b142-d2fb1c78eb4c}.final
| MD5 | 61fe63358ed5c171881bfffc422a3d0e |
| SHA1 | aa75bd2ab0c3337649e0c8b70bda7f026c873854 |
| SHA256 | b595399f19902bc6fd474a33408fa74f5f4f97308c2fc8f8e6226897241e5cb7 |
| SHA512 | 8f8de25ad07e2b76f2e8366d6be5c636cd40e1ea3a36c82595abd42113816a0c7668d1aa6af84b23c57644710cb607d166324330e8e095613190de5159b3b3bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\42\{afadac48-41a9-46a0-84d6-e611f0e6a62a}.final
| MD5 | 93fe42b9cacad9a58418d5702e29918d |
| SHA1 | fc31ea0118b5b0999dc102efb09ed974b0a6ef9f |
| SHA256 | 10a26c50074171def0db39d8343ce1b08c398e77336f87dac2707492053f891a |
| SHA512 | 9248b47c5b621c6dcd9792b25c765c6bf7dbab2a03eca1f4507ea42c1aff3f08ca165f89c75f43c2bb1f35514845ea7ccea5199bbf57ddaaf631d0a4bb2ccd7f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\226\{18680b25-53fe-4c99-8bb4-7ce56d20f6e2}.final
| MD5 | cedfd917c042bfd5faea22058d451ad1 |
| SHA1 | 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f |
| SHA256 | 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2 |
| SHA512 | 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\199\{6a806932-8723-46f3-9ec9-f0ca03c5c5c7}.final
| MD5 | 103a3bb224f38cac909b8f5719ac61fd |
| SHA1 | a2f0ca0141add7d8ccf18e2cfb38acfcee45a0fc |
| SHA256 | 63f1c1eb498439212024b5bcc18287e503b28cf7d84c3723d153a78f1cbde45d |
| SHA512 | 00c640a963ab78076b97323b51f2a3e8fbcfe288bf3cb52c97d4c3e5cb8e62e29affc9f616ed35d3ee978027ccc9d8d23dbc9d7e78f48abe8dc707fc6fb215c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\129\{8db37232-e8d6-4ce7-8cd8-59dead2f2881}.final
| MD5 | 7981f433590b9d8b8a3ddcbd9d4a83ed |
| SHA1 | 58944a6101a8cd3e37574d26f2d03638c0fe2b2b |
| SHA256 | 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1 |
| SHA512 | 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\89\{9b18fd59-73b0-4dae-b08c-4f10deaaa259}.final
| MD5 | 1a840973aaba0bc8aa82cd789f229983 |
| SHA1 | dcdad762a070027acd4d167c919a8b12eb7cd4f2 |
| SHA256 | fbefd71795c1a773b199567dea99ea28a5bd85ed96abffee7e3f4c1cf6f57c6c |
| SHA512 | 871508335ab32879d045ed3309d52512edd03c69e3da9813de212b19ab3ef2e4939f7f108262f12bbcfb593cfff2f1b3774bf4a84076111569fba0f306dcb773 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\150\{eda38cda-43cc-458d-90a6-2e7e68fbcf96}.final
| MD5 | 3642d5820ca7ce4525164aa44f5d6beb |
| SHA1 | b8d4c651b067c3bd08f2fefbc9cee8fda03c9354 |
| SHA256 | 9624b4751a170b67e592dc6b20f93a13ad959ca57a74bdd0998871414f05e512 |
| SHA512 | 3cd72c8df0f244da5aa0ae250bb9ced273a45c30374864ea662b4e518dd03c6b7ff8030bbe1ae5ffd078ccb8b8338d43b7ee61ef7545059e87616c56fd3a079a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\212\{9724f3b7-c99a-4023-881d-b03e2e7ce7d4}.final
| MD5 | 501e302df1cacf7ffe388900064433f7 |
| SHA1 | d044ddda684b1a7b8acb5d9a887f1b92f77f10de |
| SHA256 | baad1d86dab561f7abf009b62005456a15797550fd0dd565328f8c1e7e7c23ca |
| SHA512 | 8a75f975a60c979627e4f325e7ca6b8af17df51e425b7df27ea45ccb45b0b37b8ff339a7cb1a22108f1085854c4bdfe8694a6009a41df07ffd93aa7c6766c80a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\90\{f6734980-9335-48f9-9496-8825031a475a}.final
| MD5 | ff1714439da5865eda7a26d7366ecd42 |
| SHA1 | d05ac8350fa53bcb01c187b349b9c0b6cd990da7 |
| SHA256 | f2406a6799cc1538f17a8ae8eb0f6b053fc8f8cc37f77429de1fb638bbbebffe |
| SHA512 | 4d76e9d3676913d82fe7c85f4f481c2508eeb7bdc76f61507353e6af12c70dd2721d43d3405809d518f29b87c0cfdc1658ad688453e37aaceb4e6cb68669204e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\181\{9b0fde1a-be92-4442-820e-879cf46250b5}.final
| MD5 | d0d1672cc7d147f9f802ebefdb01e914 |
| SHA1 | 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652 |
| SHA256 | 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f |
| SHA512 | 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\66\{3e84b7e4-12d1-406d-b453-ba3ce3ef9a42}.final
| MD5 | d53cdfdc78bbfa83f76b88fec1baf8d5 |
| SHA1 | 44fdfb015f2e0ef773b74c91e7aa3084f86be4b4 |
| SHA256 | b60f85072330edde455cf9a62c94958d66793b18f461289da8a88b6bc0e29621 |
| SHA512 | 07f7f09c3828e81d79f88d768dcee3d8f91aded0b408bde57daf82593eee49a1ef2dfde683b0aef1059031b5f9d701dd6a20673020578801a66555eef720f023 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\167\{1ddcc686-e4a7-4a4e-932f-4bc80edb2ba7}.final
| MD5 | 4a514bed69506c494569d2de079a4565 |
| SHA1 | cfbcb0c9ef303e49adb4f8c85191593dcbdd95f6 |
| SHA256 | 9b16a083b682783c5014b9a1f4f6914ec9399100e86fd5e56a82fec41ea96a68 |
| SHA512 | c2d81af256d7d5e8bf9b4c2ca467a1972aa625511ad0d63c5da573d0916b85b1b09babf4a606d94f6b79f3db26bc00ff8c4b08db485224383d487749881b88fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\244\{a3be2514-fa90-495d-b1d6-0bc62cd958f4}.final
| MD5 | 5ecad04347c2a8c59c4b6a885e947fcc |
| SHA1 | ddfcb94ac1af832b6a831dfabd66b47138534ee0 |
| SHA256 | 9fb212fc86221efff20faff19c616c41932108a588078ed6a6377cde48e81d4d |
| SHA512 | 9a79703298ad64b902f6a0328f6c80031f540a7267ce4f4c96cc33b6b9ab2ba23f1b190f0ed1a51da1ed7306dab020ef30f87331da5cd77d01789c5e8887faf4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\194\{4f5de06a-782b-4c3d-ade5-40c8eb4e53c2}.final
| MD5 | c4e0cb3d3de8b6bcac527d2f0e5ed241 |
| SHA1 | 2425b0c4ddb89f31d101257662629cac0c3cf0af |
| SHA256 | 3135abfbd2020a12ee327fd81c3739da37a6fdfc11d2032634ce5d33e916505c |
| SHA512 | 29e026c7ece58ce6c56d64073f3b0f6a008286edfef920973b7e399ef57f042780f8cb5a940d8654c41abe2a6fc8f60e4427d70fc285fa7fee5fdf473ae66fee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\56\{63ff0eb7-affd-4d01-8609-835444aa8c38}.final
| MD5 | b0e3a03d13d45c1f130df30ee51eea72 |
| SHA1 | ed19adf38b3978300a958e5287546be08c8fb371 |
| SHA256 | ab156c3358cd6b946718508bda5099c8cba2e4583e3d03fbe0401c0e6f20e5e7 |
| SHA512 | 3fa2fbaa7f78f69d0df8e3b8211ad56532cb0a68a9ac89c37fa5354fce51e114babd0673f2f44d109fe2e518ad7806b7ff3040a840e3099be4cc5f6dc07f8154 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\6\{6cd59dac-5704-4ab2-9fc3-9ab5dff1e006}.final
| MD5 | 0c93d244125f8056cc0a69a4ca53f049 |
| SHA1 | e35678e1a49498e40e1ed508b521e79779a6d25a |
| SHA256 | f286ce18e4e82f60816536d23dd2b1708cc45a3d1850b132b282feb1d5aec4f9 |
| SHA512 | 198952bcd97b9497f6cabd7c9dd6cf0b8e75416fe5a2eaea15ca1e30919b7219be5b28985752834f0b8d501b9d6f6b637ac799db078a16f1e7e95480dfedcf5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\48\{62c597c0-da46-41e2-88b8-96b1d1d51a30}.final
| MD5 | 93215d67966bcb26afdfaa76aa00aa91 |
| SHA1 | aa3252645abeae4e228d6595c93d829afad380a8 |
| SHA256 | aaf4281ab5534bf37010c4e3ed86dab18a9f4cf8185f85ba7b0e6ac59c844849 |
| SHA512 | 52df1847b0b802417b245e1fd51197349639fb25ece34a48003120b2920255b52848b3318f0f9602f8d8bf22bc7e761082befcd21b9d06b6a1e882a23f8c9ba6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\221\{374ced01-da05-41f6-8e4a-de89eadf9cdd}.final
| MD5 | 8d9443186ccb116d608c8970023a6c4f |
| SHA1 | c280277c0344161167dd348d9267548041e95124 |
| SHA256 | 70feeade7e05a69d4604df99cf1ff6793f7aed0879ae06b50a69b86906a892bf |
| SHA512 | 66240fc8a36102b8d3cc7cf157dc80981bb05ff707efa775b82ad6219fcb72fca9a3c45f30aed6147b222356a06a9b4063c9967f41f1a246735d68bd502eca51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\162\{37ad2f60-179d-49ea-b600-e58589de99a2}.final
| MD5 | 9d8bbd70725c7ef1461172bcc4e85c13 |
| SHA1 | a4c4db2ae4f58c81ca1de7fced23b522d6bb8f73 |
| SHA256 | 4fd302f56fcfae608964aad2038a1570e38e96b82d52d590387ac91915a8c8bd |
| SHA512 | fc90e23b5e86c1d6aab537069159ce5eeee5068817b6923bcfa33d93e54358fc38c5dd8ec4638b9eb5349da1fed4679af0159ef958cf48227efb14dd67511811 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\150\{4c3bd208-ff32-45f2-9393-a51e211a7796}.final
| MD5 | c6993227cd75c082eb25aee8332d888e |
| SHA1 | a2e27914baf9a1a4b8579506f419bc7167dff937 |
| SHA256 | 75c2bda8599570de972a83352d94cebc61a2bf66c8470a0461f0803c59dd8223 |
| SHA512 | bc37854e6471273085bd3ee362ede016fea6eaccb11194f749c3a092bc803df07c7dfed2d0a3fa538cd447a21d4875f95ccac3ff4f278c96249e7110cb968b39 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\225\{2d4a5162-d429-4405-b070-ea5788ab53e1}.final
| MD5 | f5ec5b6fdcb0fe6f76aca19310305268 |
| SHA1 | 46d30ca75e110987809f6cd78f52b5cb35302754 |
| SHA256 | c9f94f5a2384b5a253cbc563cae021fb1d15762412fabef25d90b4f0c60814d0 |
| SHA512 | d22ba260c9738129d976df698208c8cc7a9b70dd89c0f81f995f0105940a2956e3097adfd2c300c94387ebbff54af720429795ee1bf4d81f3a1b6a6cc666940e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\192\{737a1a05-5609-4307-8ffa-000e05ec0fc0}.final
| MD5 | c65b0ec9f20fa9e69df1fad2b2a28e33 |
| SHA1 | 4449fe9d195163e22a0b205966b402058d9e8bd2 |
| SHA256 | 0500a3b5295d9ecac1151418dd4279da2aeda76e2b9f05ac56967fcb882dab01 |
| SHA512 | 19a870b77f57e555b2d67116dee5487e700bc64ccf689ef98fa0e54fac162351127c09523f8e8d9a3c3587ce089b84eb5e81076486dfbe93171843b6360f5516 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\118\{ee9d795c-9901-4abe-93d4-b2d0f59ed976}.final
| MD5 | 32355676adf4c64f1fe47b92f9500b6f |
| SHA1 | cc2a0c3f0da02c1a1ac32a3a5ba417010f89f73f |
| SHA256 | f4b28298d53a353c23a88b0c82002f1036c376d22154ed21630a8c1d04e2a841 |
| SHA512 | 1945dfb8bf90df999cf7aaed9c881b2d10df4a3550f2bceaef655b2379e79d8128ebefdcd4f37705c7b42dcabbbc4c25dec1c1f9559f4e727c6df45f769a2f95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\50\{76882167-eb86-442f-903e-f50f0eece632}.final
| MD5 | 004c0529776665be8335ef4beb8d0eb6 |
| SHA1 | 8b1fb58622c92f0ce3e490bbf21b532818797f8c |
| SHA256 | 493593022b630c1c1bdfc20479ebd34465a1bc79e066b04f388c6572375b0005 |
| SHA512 | 6ee9bb5cddee2ae52ad1d3f068d08011ca5696975783fcdc816c0e16dd27c87ec0957d6c4b63cdbd76664899fd8f8df087db375a5eaca8b9d494430a6ae09efd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\161\{0ba97783-c9e0-43e7-8255-51549ddf26a1}.final
| MD5 | bc7d8425fe4aaf118642e9a60d1b764d |
| SHA1 | 7456f9cbd82c691a2832ca856873d8e00901fe1b |
| SHA256 | 0ef51d3deb46884c157b25b78667241a8809dee794e3402c07b3c5fe972c1d92 |
| SHA512 | 0a2dd57fb2ea736faa79c3127af31ad0671a06653d5bd152597fff5275c38d816ad1633cfee6e870c2de82aaea14a976d627fac4458c688d3650ad8197173301 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\40\{257aa140-3ede-49fe-8113-c98398f5e628}.final
| MD5 | b6c6d354eb2e7e52adb948c0366f0053 |
| SHA1 | d7f4586d41fcee9be681c70bf002d36f6d2ed624 |
| SHA256 | 8383e636c9249a611493d7c83a9f02bbc0d9566d5d3389d8082ad6042271ef28 |
| SHA512 | 9a08680e4aef9e54a24e7956858ffea9871f874966cb36fef70b5e49f6126b2662c443b4049a3c4d74fdcc00c83d3af12072fadb11a96ecddbb87280a0a2303f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\50\{2b86543f-1a4c-431d-ab76-c6a2186faf32}.final
| MD5 | 253a9d7dbf4f2f8141599d38f58f86ea |
| SHA1 | 0766863065b6c57e98fb00fad0e6d8ca1c1f6aca |
| SHA256 | fb659afa77a61d064962153784f63ba71e453e597d98b770c02aa31d1cdfa7d1 |
| SHA512 | 379424e9196ca464ecff6e513cb32a296a63afa9fbb8d19561d0ce9cac304440896f4efb71956bc781cc51eedbda4f6d0e588e075ecba82e482ea2bf6aeb7371 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\206\{7ee17999-0cc7-41b0-a91d-bed011f6e3ce}.final
| MD5 | 7732897c3667adcbaeb632ed111b170e |
| SHA1 | eee532cc36738b7e586c193db814a088896038ad |
| SHA256 | ea06cf7afba50fefdb6b8ef1a084dab27ba0d9b578814b3b79eecf474b200b67 |
| SHA512 | 08a7130e9b36e13b2cf41be54a7eef19d209c494d177dea1d11e2e224f17a611c649683fc5b49976e244dfc4d91944ef481fe1cbe08d130126817180b97a0717 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\159\{f4153115-e713-40b5-8a77-337c87e8cc9f}.final
| MD5 | 50af989865f9dad63f573c5f2bb66321 |
| SHA1 | 91c2c613fe2faf799d1916e3245c8f7672926d28 |
| SHA256 | d36552977b70782f63c9fd0ebbadce131eb78616c7c5f0e0274746cb0adcde8c |
| SHA512 | 074f69af44958bf010198bdd2a37272d30da53a22d58313606f5c1f19d67597b98c6cff376bfebf63e199f3965bee93a0588cca0ad70a8eb9e9de3ad9afe5d29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\58\{0c5879c2-abe6-472b-b0b1-a8360f97503a}.final
| MD5 | 830028a05fd627d68ab70e41825f7f63 |
| SHA1 | 721199e2f117990f999b2a41d91536aa4790fc76 |
| SHA256 | d7f263bba51f160914640b1310d713268e564d9bb1bbb878e67d442589edfca7 |
| SHA512 | 7af9479e45a89cb49053df5657133a83b86553cdbac5be5fa18ed069c111021ad7d82b02404bb3c35b9e8dc1ed66c3c05bd8a5e8afd4c0d66a598be3ba24641b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\49\{20d013b3-501b-4334-afbb-21a5f6b8a631}.final
| MD5 | bca3032426d23daed1b2d997b7bd5fad |
| SHA1 | 76a4776fcca6e6add4773481b6b3a82a7c3f5a34 |
| SHA256 | 41b63a851c63d3c6ba8bd92548013e1a472973011f0be1b95eb2e29697b32b34 |
| SHA512 | 67b6c14e89be76624f964eca71653977f3e4c5d8364fa9e008a6810efa9d0ba359aafa79570278bd80e57b6e31820d27dda06a588873c181ee96d8c868c4b822 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\42\{9d1af2d0-c1f6-4bbd-bc2a-7be642460f2a}.final
| MD5 | df74de9b9890000872199833e120bb06 |
| SHA1 | 9514f328171b10d04003469f6dc8a7a4f7daa741 |
| SHA256 | 3756c1dee77d8250d1431077670e560f38dd9081ec36fa0b5f7f17ad58aa1f84 |
| SHA512 | 73b313870183d2fa4ca5c38d2192b902c7a79796af1fdbe5e64d8b2d212d2ef85d0bb57f2ba486ff8610f22a9e952bb15947289107ac0d1d307c00015f4baed8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\20\{6a5a6ace-3d2b-4db7-b530-8783ee73ff14}.final
| MD5 | b85f318ce844cd0ac2d4ccfbfde4d2bf |
| SHA1 | f3eea534e7b991836ce9eef594480ddb1bda1987 |
| SHA256 | 480677e695c4b197a66db44b3d42f937f304e44fc560c6690885827cc99f4a5b |
| SHA512 | 1f8ed38e5dcc51daab4e6bc8af64e6b1b8316436519ccf21b2a8414f493efd374bc541a4de3a00fca1b9f48d113b235b657a94d9bb8aba4eee58d0802c1e10b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\178\{f8bbc8d2-37e4-4038-8a4f-9ba75b4a18b2}.final
| MD5 | 2d5401040d875e10273c9d8ca9fc511e |
| SHA1 | 79ba0a97214692e52090f4d2063deb4f20ade88c |
| SHA256 | 31342b78121940f85212b9b664588235affa0cc7fa398e80d5f3914ea12efe88 |
| SHA512 | b82ca313bc8e3daa966316e10c8303d144aebce1c00761df10790b93113b6eac2ebca429f099d88750427dff8de2a7448fa470e5cc2eb000c7cf71ee73c3edc6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\1\{a848ae52-40a6-46c4-a1d6-e3ecba01d701}.final
| MD5 | b719a3c8378a40cb900349ad2a922921 |
| SHA1 | 10a71eded94cf7fcf70bb4952a35434526264e88 |
| SHA256 | 7d6082dff0e7a043a631ee1ac1c1e094458d7f7607d075db809ca60f531539ba |
| SHA512 | 5bbfe366cc072b80c4d35c45ec91c4ce60a6f5140e6ad7109554ca3dcecb765336ffe938bf490e99c8edddbc3571d41c8e2a34e1becdbd9adaf334b15207e167 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\175\{de5c6ee6-b97a-49db-b04b-6e04bd18cfaf}.final
| MD5 | 030dd07949fee4d5e67e6885b76ccedf |
| SHA1 | a83002727b38d84882fdc444a3f5d7fd7963acae |
| SHA256 | 95c8349deca56128ead6daceb682594a737a5af8a03b70065e1f2c6c4fb84209 |
| SHA512 | f094815a8ed89bb7e6376238142cc13887694fb184d9ffffdac56b7fae2bde2ce7acf3d50c0431d14ca2e03620526cc21bfe1b6c44b467e079e30e9dc3a8e87b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\105\{cc8102b2-afad-4265-b004-b54b59bd7f69}.final
| MD5 | 2300eafff09d478fbf68f49fdafbff49 |
| SHA1 | 12f127da15a69beece4f71f600975e0503c77ce1 |
| SHA256 | f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f |
| SHA512 | 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{c8a33df0-87dd-4779-a1ff-a0e1bcfbfe80}.final
| MD5 | 5a85b3ec969004ce7b23e6712c04860a |
| SHA1 | dad284278108abf777290add4971eb92142d52aa |
| SHA256 | bfa4bd5ff49d8418628f3a3c0da5b6d8a95d5436168b9482d6de954c0fea74b5 |
| SHA512 | 37d836d572226967995b3f20557f98e4e55b89c08fdfbddd4dc45a6d4ee90a24e5dc8276d0e1971d7b366712bba3382086183e1498b006905169b758e44394a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\172\{a6785dd4-5f2a-47ba-8a0a-698d33d073ac}.final
| MD5 | 3183686d3a59ab0d15fab2be7411e186 |
| SHA1 | 22d29c6b9fcfa649773e12680f00d868e6714485 |
| SHA256 | 2a1c50b6d5014af422db7ff5661a5a68cb0c27ee9cc4768c99502ada0eb63867 |
| SHA512 | eb7dcb18d20e28d283ea7d4cfdc08c0da81e0499089117ac068194b1ca2be661d380fe7d938d5828c42d711842bd3793b2dc2a3fe6285fab83b90be4fe3c7b16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\237\{7fa1a5de-6143-4dd8-b814-214c3945aded}.final
| MD5 | fb3d6634360a9125ce7edd27c987c8c7 |
| SHA1 | d3b094de4065f9302bc48d57637bbe04cca19d0a |
| SHA256 | e75d4b40320638f498c0e1b2daf9a4c9f2ef1f09010d48a88740c48b43d306c3 |
| SHA512 | c880e7c9a5174e0e31a733393744e19c82e6a7f424be9e35a6736cc1209d17552e0c5a6cdb8cd725a77a00f15d2e4065b21db78a99abb5f35758d32adb52a53a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\226\{42a1365b-923c-4fc1-87d3-6d59727ea2e2}.final
| MD5 | 329d8ae08d8dc87f86a511b55ecfc6ee |
| SHA1 | 46a40fb3e9c046870707b0a98fff5a53cb4857f8 |
| SHA256 | a61773d79b8fc91cde32c678a7e7b10cd7ee94c0023a83cce29180c032f5472d |
| SHA512 | 6940b02abfbf4cda7439f2b0ddbfb7b63fcc451b12d2a3fd4dee2e0d1f2fa3c23af1b5177d7e6f68db6252d5aaaa702838bbdfac9cbbb12b6588e9db535324ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\43\{12cd1d5b-c4ad-4cf4-95b5-0ea105545d2b}.final
| MD5 | ab0beabb0034744ba50d0125490b6563 |
| SHA1 | 819052fd166eaf842cce978597e0822d28a066ed |
| SHA256 | 682910185c6177e5cccd258f0ee3d1572e97ef9cf2451d52f239dfdd0cfca502 |
| SHA512 | 2251fefc65563f6dcd5a5e042e7e89210a2f7bc492a79af04b3ab1cff735df75bc2e1b9db95855cd9eb2a7ac9bd309bcca3a09fcb66d5db089455e605e1a99b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\141\{a7403759-b725-48a7-bc17-4ea23b8cf68d}.final
| MD5 | fef2bec6aa54f4d3b01b7934b6145099 |
| SHA1 | d0ce8827eb647b40e587925bce6baa87a678294c |
| SHA256 | 22b096d01a69cd9c5d08d8e75cb3040c90647ef7ae42e5a7ae3fed4b95876c0e |
| SHA512 | 27e5af3594d7fde882c69a6341065a233cac8250c1c6a42146ccdbc5edf1895856becc62e899b04188a7f0b7cb05cadcca3d90172d67ee8c50ac65a77d6c0026 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\98\{b5aa459b-24e9-4100-93e8-78e7c266da62}.final
| MD5 | 276cbe7276c7f3a0fc88eafb5ec6e68b |
| SHA1 | de67587eaf19b38f2e9f02fa238219c2469605a1 |
| SHA256 | 8f2a87983ce99d8418be2ccd1a0a69aaa0753c5086ba37d627a272b2b97e184c |
| SHA512 | 4f0d71b0dc2b94016e4983ef8e6288a57a2864f174b3be96809f0a6c4a755115cb198a22988f603e4dfe89f97616b39dae6c47662b2dbc359d40f184122611f9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\143\{6878cc77-f16f-4292-9314-fc0e95e5f38f}.final
| MD5 | 023b2980a12b8a286407f04572020dc8 |
| SHA1 | 76455972bd74dffc95577ba5e6688d831b47c614 |
| SHA256 | 8c426c0eead731dd3474a18dbf5acef6a90549d9b2dcc691a569991034b5f23b |
| SHA512 | b99b5a16df6b9627c33ae3e90c169ab93d18cc4748c3609963b56f4e5c0a154228d417cdaf6082b961dcbe480c6934d685c7a0a90a80b08f9e8b7ccc67d3aaba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\147\{66c67cc8-066a-4343-a875-128ca06e4493}.final
| MD5 | 86594976122d89366b8176df017e3cc1 |
| SHA1 | 22f5f42d9ee348aa4628fdbacfb1581de8261700 |
| SHA256 | 302fe5310bd3b2995c6624bc1a7eaf2529bd6d0f2b351e10ef3d9e33c87fd9b8 |
| SHA512 | db9eb4602dc4451b8d5e5f6cebd18232e6b5046e2b5c0ca548db4fa0e6b603418140c833d79026514a80c79b3663570b9bb87123cdc07594c773ac0171465b61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\210\{b84b6747-a1bb-4e2e-9216-9fb8a90affd2}.final
| MD5 | 9aaaac373e73c9d2059b9ab2b43dddf8 |
| SHA1 | 7134c7ec09101b8b3a94c2a6a7acbaca698f449e |
| SHA256 | 26196c7ca915523f018d004c6f83295cb67e0c1ed511e56d2138daf19cb8b488 |
| SHA512 | d9b35001205de8e00819ef253a33e6bc46f50fec805e130cb14861663041a1302ed7ae25d0cd615c6e267f4519e07f70bc814b2e3888f419ad0138de96e27c51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\114\{30ede496-fbec-471b-acf9-8e51b1663f72}.final
| MD5 | 914b9ca76eaa14332c4942d6c54e2407 |
| SHA1 | b4e99668f3c64231cbceffda752f7f4e44eb30c1 |
| SHA256 | 5a4ade92be1975ccc46ebd2c27813e8657c743efca4ce9d2a0e0324835379a6a |
| SHA512 | 1876e62f49f481c30b28bb47a347c4e495e3e405be1fc767564780bab91d4b17764ea6e507360e3587dacfb74ba58bcf5a47e43d608da2b3b3d231f9c1322af7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\25\{011f3249-7629-4825-8283-7ff5747daa19}.final
| MD5 | 7454bd7949ca6f818c9fa0981f0573bb |
| SHA1 | af773127364e0e682b4577d01d91bc23d66bbd90 |
| SHA256 | 4f388755d0e889df408524d81b7e72f59eaa63333d27506047365fdad0d3b0a7 |
| SHA512 | cf36700ad0791654a81e40ce63037c1cd7d17bbb601f578b62fab159ec9d9507101871fd08a91f29398dbca26fe184fb44ef5cd3cbbde9044026df3fd4747326 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\154\{0b0f750a-0e35-4581-9136-18ea8b46d39a}.final
| MD5 | 1871ad8227869c9065eebf84c80192e2 |
| SHA1 | 25a40ac2cad47b0a0f073d969ed57ae10d977ac4 |
| SHA256 | fd92593246f461339368c1675ae6755dbd0c25075d87a858f6196f7bd6f1e54b |
| SHA512 | 5de97aa093110c6d92b692982e2a9ba7d9332b68c7834a6e27b35fa0c4b78162c51aa8bc610d69bd9921f8bfab20d6a271c671bf11a343672afdb6f027836ed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 476077ab137710fdd3f4197e7e23ecfb |
| SHA1 | 8dc580d629e1b5edc3febd36996a7fe3b26f0558 |
| SHA256 | 62beff21d79ff98f54bb5b3b8194ae243264e1d4019f705a5c157ef9ef4c4ab4 |
| SHA512 | d0bff8b4911d09b7d7cbf96aafe4e40cde1964a160e0e0cf103ecc31e13339105547b4de3e0af4af7cd3ea687ffccf6e6df28f6c6fb4f00c8b4847552ed7df25 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b848321f5179dc0b08229a0790355683 |
| SHA1 | 15bb3c5139ea05822005f1e5f93777b892e977b4 |
| SHA256 | d7cf61248e3255548b4b616dd042b7db5f5d81e8e7d05c7a6b3f7553eacf1784 |
| SHA512 | 3985f9546f86e2ac10bacf67641265031d1751244bd802abec5bc4c95dd010adbb106b9417d9d1f004dd22d4aada2be790bc8d14f36d09c85e35f419d46bfe77 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 39629833c7ec865cdb5dd281a6028e43 |
| SHA1 | 802314613c3ec6b00c8513636ab8913140032a32 |
| SHA256 | 44eb82ba3aba13ff425278e872178265f2cead8a52907a3f78ef5c5712702397 |
| SHA512 | c63c097bd7e5ab3666d8541841857e89604ced8cb3e04e21ed0e60b2968438812449f63efc9a8f75893b8ab713c2c5902d64d5dc4657a56f02c138bb036dd33c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 22058c97dd3d59803fefc7e355487c02 |
| SHA1 | 5de5e2fbfe464b3a37fd2b37774dae9470e22124 |
| SHA256 | a8e12120b1ee2e5e56d906169362c3d3ac8f2bbf50d7732c105b43e75c4032da |
| SHA512 | f050eea5ab8b4b7315a09044e70f5b62a90674ba5c8c4c065768693ac5e9e74997cbdb013dc9d39ca03f52659af21368a161be3e92c196a0eed8161006ecc954 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\30487
| MD5 | 11582fe88b72e4a6ac88f8dc2906ad89 |
| SHA1 | c9e1dd7e1f4eb73d25b51bc9660a7bc17ed120ab |
| SHA256 | ce027d4370e791691cfd7c50444c19d8168c11b7b5a3ea0f5cb562dbc06d5272 |
| SHA512 | 273df0cfd38eca97db611c65694cfaca63ef6e2b92902fd2b071045cab28abc9edb544e9f9cafc57805d22c1435738ee3579a79e1bbab19ef64461689ace1ec2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\19922
| MD5 | 6d9d69fbf7b35d0f34dc37a0bbeaa746 |
| SHA1 | 50b036521d69fcd09c814d564874ac62b0cc7d6f |
| SHA256 | 57e35a142cc118756efa520672f7b2fee05d34f1c5e2aa272f80d14ffca2d4b0 |
| SHA512 | d41e165e63e6d2548e6e363d85496b34195dc0be6f68484441503742456a2c5e77f5460f9dad711616f90662690c90e629f4431d47c4ca91884eac20a1dd8243 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\3465
| MD5 | ac230761afe81b00078eb7ab9e555231 |
| SHA1 | f4649a513a47b80b62f3bdd79de889632e9fe796 |
| SHA256 | ac00b8e3d0898fe731be85c06e982adb32381091212bb371f29c55a57615f2b4 |
| SHA512 | 444b2774edaf99c78f3cb52e304ebadfa83796a4fc63e971dc0be91beffda711c43098b22e29bfa0e6f8a1e62ea4f66d1bebfe1bafc8d1b7d8ffcb6305c3e645 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{e403298d-5260-411d-bad0-4b9cd50d52f5}.final
| MD5 | e6439fdf901953e5ab6e693a280ca6e0 |
| SHA1 | 2b3f3ef8262539b3a2e8befa8149c46208423450 |
| SHA256 | 4bb28ff82407d52939a492d933275faeb56001360202de40c1886630f31159d2 |
| SHA512 | aeecb7477ad84f2d1b1eecbfad426b37d2a056b0d5eca5c74b553090defa408082b8877889f6bfc7bec4b62b515cfe45037398a5db13172970d5c080741e18c4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\30522
| MD5 | d3e8a9538a73d7691ce1dd6668e6784e |
| SHA1 | b4c62322c58a8efbb87192e9fa7898a0dc6fba83 |
| SHA256 | 95c26ea4e1372bcbe8b34b47d66839a342b987b848683c8c0045ac7e2a51d421 |
| SHA512 | 235ebf93acdc39a72f7e1633e12431fb3330fdc77bd2e5a815f0c72167e223e104fbb0264c7186b6b405b52ac710e0647a71120eec6efbcee9c84181b7bab5c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\15722
| MD5 | 32bf738be3759c00d80fdeaf3e090826 |
| SHA1 | ecb517cde4302a945b839825d176272a4aec2f83 |
| SHA256 | bb9b330955d05cf55c760b245a4aedc99179c47c49d5189fc58e6fc2c3594170 |
| SHA512 | 7076a13ea43d84eec8b87acad4fda114dcfbc8cdfe805b8145c6c9cbbf1a6affea38e15a42c4804a4798b60773b44515be0a5a8f70731ae7ad8feb8795dab6cb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13512
| MD5 | ee12582fc184dda80a53088f7ab5f627 |
| SHA1 | 272cfed65aec1b5fd3ee7839ae128f457eb38ade |
| SHA256 | b7b23d38df7411ab7d3a3d4f112cbc36707a40eb07343b0eaaa393af43f8ad4a |
| SHA512 | c3857f0ec16040e941e6d82f936d0a16af660a72025604033969f6839c4409ac45e906bbb37c072ef78aa9af76f5cdd75ad7f4bf02261d85d6f7d15e757f3eb8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\11F50A8EEC3EEAA349ED4266D483813BF69FCDB5
| MD5 | 1ee7c33a957a275ad12c6293af4af38c |
| SHA1 | 8b03d979dd44313713fb31e94bcb0f24385d28ed |
| SHA256 | 5ddbda1f37534bd48cd9fcae3edfe89d87c928e6b7d5e38370cb90597c05edf5 |
| SHA512 | fece1a4d80bdfaea1660dd5f1cf8b26186216cd1a14acbffe6a2ab6569b98e600875e8dd1e60da809476a380b2d17bb1f81ab2f9a054ea16ffd6d1c6f8a895db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\220\{6d73ff2f-3bc0-4eec-98b8-dbcfea05abdc}.final
| MD5 | c29c5ff50aa0fd8a46cdfabb014ee3b8 |
| SHA1 | 35548ec8c690c71d36129911d1fc067a9bb848e0 |
| SHA256 | 4e4f53e7b016e60e9821928304849677ec0a48ec864b94941fbfedb16c73b44e |
| SHA512 | 27e6ba5bb678dff4f508e6142f0e6292571a038487881a4ac8a68d883c7a8514422f3a4fd38ba615817ed811599a359e0386d52bafd44714e6d4d49a37af9f48 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\241\{ac0e86e0-29b7-4412-9b64-99b3bea65bf1}.final
| MD5 | 1a28edd17b38323e8406fe0dee0a7c3b |
| SHA1 | 86717a9231eb082507ab8d5a7d58b14a9b90fceb |
| SHA256 | 2af72d7f30b31451ceea679f2eca1efc33967fca267c79e8ccd3c18e325b7305 |
| SHA512 | ee92e26210569dc795f68a8cd15d333e6a0ece1b839b8e2a078c20beed93bd573f8aac6e7aa6a031f254c99490c489f184748b7f1a156a68a24b8f824e8fd2c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\121\{89b1b7c1-381d-4c21-9e00-ed878964a279}.final
| MD5 | 36b3af163e76f8c0550efc7b62857c65 |
| SHA1 | adf7a970b74713ab804bed1a0ae35d51e72e5290 |
| SHA256 | a874bc8299c7dcdaf1a507d459eecb176e4b503956e46aecf11bffc36de87a91 |
| SHA512 | 942d5afabdf48957e93680f8517a2648d9d697c2c3210503a89d7352aff41ca944435ed7f9ee2c4eee48b43ab303914f50804747b0a0501849ab97a5f4274145 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fe36f4b2690fa4965a53499c62415a18 |
| SHA1 | 3d203bf451db8c09ee3b5c160de28e8c070ef784 |
| SHA256 | 2b7a30b6944924068d0807ae607ab986aa041f482c1bba6fd1058fb1d1782a1e |
| SHA512 | 4d910f6329f38acc20039e1a74c22c62fd203b3fdd7f2ad9964b5fef0bcbcdc41747e8eeb13cf42a0ac56b9f09da381fad6b5db0358f899eb9312f7371e79e1f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\135\{1f258e67-912d-420a-8318-2d8baf74d487}.final
| MD5 | 0552a7950745b6a5bff8a69688fc1ac4 |
| SHA1 | f3eac7e3b002f65c8d526faa32c51390abca3b8f |
| SHA256 | a0f7756592a37918d717fb8336c99059d6c544a29644e510fcfd97a481f966b8 |
| SHA512 | 03ff26369ff92d25753a1fa9b6508d53184cd7dea326814e0b98ac021e8a1b4ce90bba8cbc5b6b8a25dcc3049992f337fe66b0af383521ca4db01bdc84fcca18 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\249\{3e2a68c9-6987-4de7-bc35-c328b6a9fef9}.final
| MD5 | c5b76c5098a2ae6cadf330df8d8a920f |
| SHA1 | 63f7cf062a248301062e9a6add9abad1ce758998 |
| SHA256 | 495fd4027b52b4ba5595df1387fcf3145d878cd332bb207b5d9fc66160eae162 |
| SHA512 | 07d96d1341ef61f7b2419b867c9ac0e4b18567745518274ea83d00e7180bf8246a444dfbe12cdde05e9becdc3fd867b0b7a3c94fd8339b807420ff5f506d2798 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6b83933139318ae9fe7a8a64335f5403 |
| SHA1 | 161779fd78fa6c81594d7a3ca2994845cf90d430 |
| SHA256 | dab4d2ee12d35bc8f89733e64fdf639afc3ebf70e13ddae28d98dc7065e244a1 |
| SHA512 | 9900bd86d5587d984a13325158941933e48c2342ceb54dc828df0a7cf11561c7db6ba57e562ee0082461c9f5a2a5c4e18b2bd991e4a3bbb598e7f84675e5b255 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 407dd5b0a74e308f875346448b52ba56 |
| SHA1 | ec27e563d356d79a12082107268966048e149a35 |
| SHA256 | 50cccf616b2ad365395a92646dc2d55680fd61a8f2d9b8800ca1bd01b846821a |
| SHA512 | d021181a3bcd4ed733c4b4999cecbfce03707a8d783a2013bab8bfeeaa3d690fade91e65cf04e829d805c3d5b9687e44c8478ce8ad5859edaf72414c121f2c84 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2ab6d311c1f0e41e02e90e6f351bb284 |
| SHA1 | c82cd80481c936b38625d0dfff3f0f9527863af8 |
| SHA256 | afc76fe3bd9499a556b3f767f4bf8d53c84ce29c80b6e2cc557623109348ed5d |
| SHA512 | 14e6eb58e958c222a6d081ffef0ca24492361c5a5d841283b31b1a05deb13cfddc12365ea1dd137ce74f600737a0f62cf9b2727d30e550fa798b6efa14e76c4f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DA917C75619ED601F0FC9D17F6B3E20522076C5D
| MD5 | 6c50ee41a2b57742465352395e0705bb |
| SHA1 | 459c2e5a2db68fa7f89e7e82e125e1edb10ceabe |
| SHA256 | 4c4d04cd11e10594ab2fd9a752452632b4970c0b4b0eed9e169b221379ee9002 |
| SHA512 | 0b01d5073d04e88eb5234e64d813e7d424acd9e7f63856c2f1d8232610bcb14238f1b14848926b22ad4fc776b4b50339150542f12bbafa7bdeaa2c66549dc9c7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61
| MD5 | 991fa3d7a0bf854bac0c555d64d495f6 |
| SHA1 | dde0c7ff649812a538c662429e71677ffcbdbcdf |
| SHA256 | a3f77fecbd778ef0d7363a8e30624913d6540280701c243a26aaefe0e95ee11b |
| SHA512 | de73c43db8fbb1ddc03c3e3de82bcd70f633f2df4e14b49fe35a5d758b5ef3a74232533c6b13707efcbd3865303a69e131e52e510955fcbc9f8b3df4c7df80ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6f7b9860528956d11319f8dd7ecba20a |
| SHA1 | dfad931a0cb963e1b9cbb6bd9d40f9fee3a04316 |
| SHA256 | 78c89628137433503b8fcb20144f9bc74c51e57cf71a9cad1154dcd6abd2beaa |
| SHA512 | bcc8f61f0b819ba125ececc590ccc12f3a0c0ea03cbcf312d5a53f21a69417893ee00dc1489a25305903ea23f254217f5f345c594932ce64d15d790a8e88b570 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9f42d8ef8364685b280cbd2af836abfc |
| SHA1 | 840ad3f0e241790cf839d0ad8cedae9ef63c31be |
| SHA256 | 427813f1287465129ea05a03ffcf120b3b91da046aaabd469cc9a51f1fa37c6a |
| SHA512 | 67694c0e0a07fba3c83c11ab4c98bf5b04f685ca9ab0bf93e22f81c87cc7e0ee13d7f0e2ccce4276e062dc37385e0e383285f08e399a977c35c158922360ab41 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 3af5295e4a6ee629fc84ba4adabf790c |
| SHA1 | 2d51746c95c395f25d9b4a2a70f9eaea191a02b9 |
| SHA256 | e3bfe9923752d8c142efac4b83a4696cb336f49e77e49d6d2ba9049ee86913ad |
| SHA512 | 02da0eef855c1a76665ce7244502a9efc01535392d97310ddc409fc38f50f8b8b228a47223989f557cc436b30284be1b95960227110a7d5e5513fdfdc97da909 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\21700
| MD5 | 357ae5e4f156c41731aeabbf9bc9785d |
| SHA1 | 6e1574fb5f5e7a2b4fd71a039d4e0a075996ee15 |
| SHA256 | ee5bf5ee7881bbdc8bcb923d085e12a32535859a146ba264f1542a15d258e674 |
| SHA512 | 62ef3b60ba73e2ba19856b6f9b9fed4e82451a9b6466a1898f000514c0ca5c10825cc69f6f983aa0d951a55ed02a5d677e8640a8c092a2de6db7c7ba59d2c03f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6c471e73ccd98ca76991cc1acfd0ee84 |
| SHA1 | 82d57644bef3948f51f775068f2c0b0985ef5055 |
| SHA256 | a3fdec9c0341a1c13deacc87c0c12765c763d7a3c3fff4f31cd05c98f237f794 |
| SHA512 | 9d2e9a4b56dfffea7562435447020997dd3facf8fba6a01c19ca1f63eff31eb6c26139e8d8a6cf8bd97c718a434660becd1e151071d2435b26347f1d67689945 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js
| MD5 | b9122666ebe3fd3f0df5e7b91abfbc02 |
| SHA1 | 32906b0392ca971cfae5ef7253772585dec13487 |
| SHA256 | e0cc826451978531bf174ab0bd4169d984d47fa281029bb2191717f5caae1dc1 |
| SHA512 | ebac9dc5349047cf74787e2aa44b2c607c682ddc5f67dacf2bc895a27626bf31251156ace9ad794bccd7937a847ac54d1111f06187bf4178427e49988f940537 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | af1872eeff0ab127ae1340344681c5be |
| SHA1 | 0e316aac930a999f6e10dc72880b88ec2afd8825 |
| SHA256 | 965aa1c500412cacbef1d32cf8815c69cfda2cd2792339e37e4d9cada16941eb |
| SHA512 | 8987b192bb4b9fff4564764ae211bbe0ec15f4066d29160f8f322c6035204677c1cf7f6d5d8d8a74dda084ad3312924136eb3c7cdb4634b8d0dc17943b51e98b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b00c1e7ac7a32e37ebf23b500a092b50 |
| SHA1 | 0ebe4eef07d58793d10cd04a6da2c5c3209a5c60 |
| SHA256 | 42fc88088367a683f12d0dcfad90d31178d9327d6a942450e10cc748cf87c35f |
| SHA512 | 4ec90fb594e92c79dc2b5facbd0801f4a6edadead8eaa594eb178a04e5ef79cf2d6b66ced4dcd8ad38fbf3a3375c130bc076cc7e59e8621fd68dc8d082ac0cbc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\255d9015-2914-4d01-93b8-b40e2540a20d
| MD5 | f517fea4ae00e1c144344308999d6208 |
| SHA1 | f4c53678539fac0e4ffb6b20cb5db85ffd5e825b |
| SHA256 | ff8368c6708be9a6caef38f4f6ea522a3e8d97f20a908153c9bc37d24a3057b7 |
| SHA512 | db692befd058baa65eaaae0762330d1056783fc3337339a12cc3ecfad9ccdc20211dee5300a20baa1afb9db4be6738a1f631934a2dbbad9db5f0f9a2010eed08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\37ece8e4-ef86-4259-9680-eea792151850
| MD5 | dbdaeb8d02c3290ddf3c7c548c7a8c1c |
| SHA1 | 1709e5fe91661884c657f640834252a0e494698b |
| SHA256 | 966ffda30f87c8ba43106306c4c82410cbc9d5c60ec7287ec83feff7ee81fca0 |
| SHA512 | f34fc748614ae5effe49ac04fc8fae3461f98cc0398ac15af83fee53409557c699713d341e7d7465d31f933e23e4e30d19c5a1a253914f7dbbc395f8ed63129f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | edbdf862de10551daff2eb4d85f42809 |
| SHA1 | f5d1feb50c0e4735b22c59b9e1a327384c528a1a |
| SHA256 | 4fb89de8cf6b4c807594310108bb947ff5c09148efa3fc9edbaa29fdc899d01b |
| SHA512 | 771c55c93677d2f878213c9f073222deddc87bfe3702c5aec9afc59279ee4b91225a120613cdcb51537e02ef8340212a8360829f3036feff05abc7e834c50a05 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | 562a5d5a67054275ea067ff657026c07 |
| SHA1 | 553e5f97d3e6d6ae0d84d2e27606b712710c3469 |
| SHA256 | 09ca96668d180118b7e5e850100badb0cb63dc03412c48c8c376ca9cb5892653 |
| SHA512 | 20dfa58e606a58e7dbd5ad53635fb0091373d6a062db842ae627d271accde017837bf987a17b2dd8862d8e2a3eca285246eb6159f1a12a1c722040c9649bfac7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 9f3bfdd03335e5e7f837e61ac7fe6f7b |
| SHA1 | af4890a0421330599f3ee85da955e628ba0269e4 |
| SHA256 | 64fec566afe527937832b3af75de5159e8f27426ecf06df6a93d66909dec66e4 |
| SHA512 | 206e07981bec5e23ae36dc9173ba4da8d05a8bcc9765036cb9b550b365e62469fdcc886963e81b2233b0a81132ddd3cb46ad5fc7ab2e44d98f226f202f8d7fba |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c4ffcc801d25fec320a54f0bf657ee21 |
| SHA1 | c7e98a1c1f4048c7df078c9a3a072534a5ea44f2 |
| SHA256 | 7ec4e38e50fab5ec96f57df9d1b4f9a00d88581be8bdfc20d3eb6ad0d7052b87 |
| SHA512 | 6a2e84de57ed3fbfb6f37b705d8c79c5fbc98728d04db0b84ae7372d4bd6e4aa9ab6e55b38a48044ffd749b354276da33b4deb16135ed22bddd7fab31a914757 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\ls\usage
| MD5 | 1207f00a5343454e3bb7ba3592df898e |
| SHA1 | 3a06594fa54eaf6de38d3fc0a2711b5995c06659 |
| SHA256 | 3ae9d654ceabcfce836b6a916e659ceef5b17d4622cb0fe92697fcedab6d8e9b |
| SHA512 | a1496ebf81c6dde0b91e273cbefbf0e56fbbeb6d75b1836fc0be925e92ec0935a93b5652436efc783c0ae5304e78b052dc81a42a7ff3e28fb6e3c9c9faa5b6df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c1f655fae772f00af81e7259fedc7c54 |
| SHA1 | 25be53d1ab4f520ab6ff5769df64b7fe59a3ce4b |
| SHA256 | a8371a2dadda02d7d3a2f5f2204db5c5d26cff7eeb586fdb28d0b6c903148d12 |
| SHA512 | 5a9d1681eef1d2df98f8642660469bec563d3fc145f9e7bb2a654c6cebcf28cfa82d188ac50c40636c2123acadffd9dcd07c698739f7701f12440f152e8f420f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\43C85D8BB481B4E8B77E9F87A648730E521BEFD4
| MD5 | c3de4fed9a166deb85dd2659cccb8d45 |
| SHA1 | 4de082018165fb27b133ad1daa3294438326ae95 |
| SHA256 | 1be2c1cfe11978122e9b38a0a1aaa57b2a623a777c6139ddf77972d164a5ce90 |
| SHA512 | a6e1ba263f3c86b056cf592332c5a8b1c3aa4b606680ec944b76e8927e13885db7606ff8060454cb867d4303de62376f93f9d470bbd377628330f46ba71f41f2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\8E0A4603C1C815FDBBA6B131DE29B98D96AB57CF
| MD5 | d42f8362aedde5bd991d0f92a75fcbba |
| SHA1 | 6c5bed550454276571a3a9d3a93be68d35366486 |
| SHA256 | b4ef9a86eb3ede33a5a7c099245a6e21f65d7f902b44043834ebefa16a9d33cd |
| SHA512 | 18bffbb8ba9b0b695cde92dba7e40e588daacaaff882bf92b19e2f0c80a94d91d372611e98459f25ffd41d20f3291ead537532231a83396ca79147167d96c972 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9D3F5498990E93A22236A0A517D2EB12EBD0B9AC
| MD5 | 6a67fddf3618bb76ca94cf073acdfdfd |
| SHA1 | 96929b3eedc5e606db9a78b440d5caaec4baf93c |
| SHA256 | 65ba02bf52c857278c860d7c1637497907007ac73d80b9b5dedb2c6785f5462d |
| SHA512 | 6b31fcb64ac6373dc1dde65107472c12d6da5b78b6e938e0a7e7a124782fa0fb07ffc19638d9e5f327a57f4727458e24f0ebffccab551245e6edd82e3913d2f0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\98435D18FB033ADA01F4B4C27ACAB5C5B08DFFAF
| MD5 | 4cbdbd26b5469797ed9479550ee7101a |
| SHA1 | fed60fd6b9ab07814052366c09cde390c01e6e7f |
| SHA256 | bf89e86e18fe5bd034dd9b48862ed3618fd0a0a4e5015313f9b845eb3265c2bb |
| SHA512 | 9e98d97092fe5dfc3f2358a35ebe0b0588f413798750df7ef5d772dc5a92ce9bb24ee961c0941653997b06189e36d63e6e5a316524bd7776d4bab238fda38e08 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DDCA4D8394BE14D644795FBC0B7BD4BEEE482714
| MD5 | aa04305d5d06631a9784964f5d1f6ec2 |
| SHA1 | 69550a3da6291b50a20e949ab543ddc82ee00864 |
| SHA256 | d16dd772b90dfc497704c6b25980c3b48d7266976f7673d1348448ea6fdbf7b7 |
| SHA512 | 78dac549a836916e37b5c89e82dd1950bd41ab2479056508ca089d3877d8d09f57c82c7df5d90b21373fb1c7ac73ee6e76f9f2a3c1a518bbf7bff49f64baeb65 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B6F5261F797EEA2A5B8E2888C872E346BDCB0923
| MD5 | c328c8918f01e7efd9de06ad3a4e72a2 |
| SHA1 | 2c2b3bd2b89c822da272d80aa5945d741da118e6 |
| SHA256 | 92cac20f752cce3de19090c4d3f4652b001e3aeec7228aad43e6b947f17ff212 |
| SHA512 | c092fd3eab083564cd0a862621df14bde5d443f18b1d100667394d14359ce34341a2ba207936cd798f2b087becc1174f200ef84d037f664491a46589e67df1eb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A43157105A8C95622FD541E1865BC1496CE3BF6E
| MD5 | 97eeff8f636eb2b9defa6822897c5925 |
| SHA1 | 38647bc42bc3ee009ce4862efa0b5f0881ee995c |
| SHA256 | ca313f9bc9f06293e76c208f7c611a61d8047570952e78a3494cfd5d0e786596 |
| SHA512 | 650ffd2dbd193de0bffcf1c6e5a19c8d0d6817d2d0d160c2150f4aa3fdd60ccbfa71d9b2e8f5e1a736383c1e1988274347583658802964b55e38b6aeb23d2a8a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\0262126691EA9DE90661D439265A08ACD297D74F
| MD5 | 7dbe021300101d343f98b9802f35daa5 |
| SHA1 | ed3ec2b778e0b701c4effd1a5200c1b2e67146fc |
| SHA256 | 2cf4a5bb98526b510e3391cb01b7e23255de1425a5d3875f02f69bc924e6235a |
| SHA512 | b4824d45110b165e13fd46745141a52d9ad0dc63bb1e4b5983449957019a2ceeeba3cec2b0a977f348ac0591f7f158314f7f00c7bdc17d694e57031bea197bfe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\09984D9AF8B8290FD38961BD7994B095A2D23A73
| MD5 | 3a2e213e1da260be7c8f94aa8e10aa58 |
| SHA1 | c765a5050a4c16cd236a44160b11f26ef896e062 |
| SHA256 | 39dddf43c42c6c336dc16673b083d502f73ceb7280ac6c33b282bf4d2353baa0 |
| SHA512 | 804cbdeddcfc9e81fbdca3bea780a465f3cf041e1156507fd7f6b8a9b173e947f46f75fd7339dc71a736f159994a2f3e4de8e63256d1cac67931bdced1fba23a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\F4861270581D9505A9273300124157CC01255E29
| MD5 | de340155105c0560f269b23dad94fbbc |
| SHA1 | 7b5c97d0581e2ac57c68a5ad4b79771f22bd7789 |
| SHA256 | c5474fdcc6903aa9cbf4f1390a0fbc3d8a26a87555e94bbfbf04f496f1505e75 |
| SHA512 | 7e64ba42aa84d4116b3338147d8f62e52420ff6a31b660fff58d20c33649ed9a14b16869b1ad92e66427c8956478d6c7c049c9df50cc76ed01134dcdcaab5762 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\30B7284BDBB908C7C68F776FFB95B529DB9ED70E
| MD5 | c17cbd8b42cba36385cd7407474a113e |
| SHA1 | 7cd44b8a458b75607c19d8c86c6575c673eaa1d7 |
| SHA256 | 8bedd97436fc537751b4f1202f1e712e9307a015036217d8ab4370553ef96ea9 |
| SHA512 | 2e13de8297e79a449f237fab213dee8ebe340fb2a8f435c5c78f595bb4ceacd89f78566d4ac8a17acf16369d8fa310320ee9783bff1a537f8597661eda5cc776 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\691B1EFB75AA8B413DE53C01CDCD9343303F641F
| MD5 | c11ff1ebd569b93a3124e13fdb9043aa |
| SHA1 | 6a8e3154e982f12f0c7fa543fce0d6a8de683268 |
| SHA256 | 948ea2ab2889500bab659aa00449baa020d93439caa9d0105ac8c71e9c53c16e |
| SHA512 | 336e64b57c94a3263600e169ebadc33db9a7770b24e471c8258f16abd245010e3308ee4005f4917ad6df019797c602f6243536cf5e20b32cbb12877c6f57af55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | c5e8f2c6ac01fa30dac7107f1c1efb11 |
| SHA1 | dd3b57778f5663f7e2efa77b3f8d2885c5eb27e0 |
| SHA256 | 6d55998fc155578370356ba9600f7d8eec2fe9054dd48b0dc74669ad47fb829c |
| SHA512 | f7d2cacb201f55b99de1e06f44e8d7e79ef721092428122e855fdb27327563657355bdb2a3908fd6a71e859704e43a57aed152c67a2471b8d1885968d4f2af5a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1ef62d517441cb3c3e2d3a4ba4605a29 |
| SHA1 | fc931b20414953872598f137e3a448ba98c22feb |
| SHA256 | e3111b9fcc561a9135ec1dd57e00fd2eed9492e671d8a7a97adb55e5611cbb91 |
| SHA512 | dcc936ea0ce608bb19f6b0444d3b5e2d5d24aa5e1dac82e5ec94d412709147d98aeff25cdc38f3679eda03c962712ee8bb510033dd35b52a43dcf7b054fbfcec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 42bd20f84bcd5e4930e6c99a2883c127 |
| SHA1 | 0b9a8eacc6185a831a925094b3f8b596add9377d |
| SHA256 | 77d03a194c6ad41a4d66ea9e1adca1ecaf3586a1bebaee995a44bc972dfaff99 |
| SHA512 | 0450a4cb656c54ebb0f2e966289928a6ce6609f4b05a2d114849691f60eed0fc24acef68bc19f03d51dcde163cfbf8d778981fff52e48f812aa6864fda1c13a6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri
| MD5 | b8da5aac926bbaec818b15f56bb5d7f6 |
| SHA1 | 2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5 |
| SHA256 | 5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086 |
| SHA512 | c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri
| MD5 | 30ec43ce86e297c1ee42df6209f5b18f |
| SHA1 | fe0a5ea6566502081cb23b2f0e91a3ab166aeed6 |
| SHA256 | 8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4 |
| SHA512 | 19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae |
memory/8004-3561-0x000001D58D530000-0x000001D58D630000-memory.dmp
memory/8004-3562-0x000001D58D530000-0x000001D58D630000-memory.dmp
memory/8004-3560-0x000001D58D530000-0x000001D58D630000-memory.dmp
memory/8004-3565-0x000001D58DE40000-0x000001D58DE60000-memory.dmp
memory/8004-3586-0x000001D58DFC0000-0x000001D58DFE0000-memory.dmp
memory/3828-3641-0x0000000002080000-0x0000000002081000-memory.dmp
memory/5676-3644-0x0000019A09500000-0x0000019A09600000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GO5H5QJ1\microsoft.windows[1].xml
| MD5 | 02e0be48c21ff925b5f6aefc7461fac7 |
| SHA1 | 10a13ff97554874a087ab0dcb84a9fcf46afb6e4 |
| SHA256 | a99f3e7a18e8044b5c97975449a9b95e186c4f1d2862308460bd7dcad0379902 |
| SHA512 | a7664817e1148693f31a73edc6131003c43026dee871adbb52525bdf3bf8c02751a1cbf35e6e4d5f80b5229957d0f20bc221774033dab5195123c7f627bb01e3 |
memory/5676-3670-0x0000019A0A060000-0x0000019A0A080000-memory.dmp
memory/6248-3712-0x0000000002C20000-0x0000000002C21000-memory.dmp
memory/6680-3715-0x0000016F52510000-0x0000016F52610000-memory.dmp
memory/6680-3714-0x0000016F52510000-0x0000016F52610000-memory.dmp
memory/6680-3741-0x00000177554C0000-0x00000177554E0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7d5bf40e153cf73c91e1be34968ecdb6 |
| SHA1 | 6762a86f50913bbe0dd4dd1f163c0f1d5b2502ae |
| SHA256 | d47dbe46cad8d217766375ecea876ac5959984b7c2c268486831ce6a2b79e018 |
| SHA512 | c9901a71433fe188b1dce8b1cbca67ba59d5203048e7d4fb93463c66a71d5225d854a15757efb0c361b8c06bcbe65835494e24cd2a8467dcd8f9c03ee4e14362 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 17bb6c491dd5d71fa011c5fac94c9cdf |
| SHA1 | bfd3f9eb201808d332f4f266dd08ac0b73c430b7 |
| SHA256 | 596b16c6723637580e4912a423cf27db3d39b258281fa88fa76a9f2aa9ff2ec6 |
| SHA512 | d76069eceb7e2695f200e6fc795b30f5ee1cb0c4908fd3c0542b0a095c88f21481cff4618bc675ab348ef1bc3b7847333de9c8a8eaef421e9b3dae22c6d210de |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6F881B5F2C5AA994673B59D2213DE52530183A6C
| MD5 | 1a8c78b859efaf6af63ae021a3bcc44b |
| SHA1 | e31425aba57ca54f9a9af5147c3178b9b2c21129 |
| SHA256 | 2602ce2334dc0e61bd1364a92b0d79af22fc8d62e3c3ee60e0300b4093a18759 |
| SHA512 | d26734c9ea9ce8ef75fe7b183a7cd3ea5cb891328400d38ac6c22d7483478c6466c760e3f72f8bf7590190db90f6f444f41db2fe9c13bf9f16b81410b2c703e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\27067
| MD5 | 82eac8ef2c65f4b2d8d128b51506d01e |
| SHA1 | 4709f3d405a837a4e72a46b8e144e356610c044e |
| SHA256 | 45b2cdac1d2674c9e550a63a82d61c87d52fdc9e34094a0604e8e18c78ee84b7 |
| SHA512 | c948e69533170dd5b4626a5eb9031a1e8e4a7d59d153eb1c206f9ca74eb6eb638b398d936556e820ccedd4899491b7907639aefe5c35087da48480da25e1c21a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\16720
| MD5 | 075f19b9700c90225282a3fc4cc384ba |
| SHA1 | 3fd45560095dffb36cf23a275b472f0a3983a8be |
| SHA256 | b75003bd31091d59420242e1c374d6e4f99772b433dc09ff81eaecbb749232fd |
| SHA512 | c02639291800766f58b83cf7b60d7233c5aecd29b7622e0d5f2bbfd5cb64b3d231a8d9c4f7dfd57719457f1f31b8c0dcac015001ef364a47a1ed1311288bad65 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13343
| MD5 | 0ebf0975cdc6ec5f62b1ee9636f5a7e7 |
| SHA1 | 52fd9f33daf0de409d95ff74211d8cb28c7314c9 |
| SHA256 | 7f15c84bf0906fd312c5ff30d74c1ef8fe17d9fdf11901d63fb3b8cfd8861da4 |
| SHA512 | 4e7f67c57cad8b628d966a71a0b827e657c81d720cdb3edbe84ba7e4b9ff26f69534e8537e2792e1ee9fe03c979fbf437199ac8a9b162b9a74cc1dde95c4b1d0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13455
| MD5 | 22d40ed97084e7077b8744dfd2e7ca2c |
| SHA1 | a8d42014f3d6af212e4507f753f4648cf9a1ef47 |
| SHA256 | 57e2a83100cbff29c0b4c7f465ee097623b9f8faaa7566e99b62daf60b428ed3 |
| SHA512 | 921564e17d1162e22cec6523d122b048630653edafa1f9ca2f6bf94f0510c197bc0b1c90f8d101f6521dac6c49bffa81a6b39dda5fb97984a79f6d83c4945ab1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B43CD2EAA4AD095BBDCADD86AB8AB1E68B390D9A
| MD5 | 2c14471afc04946e9f1351b3dac44a92 |
| SHA1 | af322bae8ac246cc0921ece634bbb9250829f80a |
| SHA256 | c2a60986ecff363dd463d554a6922d85a19b3d64caef9f293eea2b07e5b113e1 |
| SHA512 | a7db6ce56c636b98539da55c973f6fc8ac927a7ee6301c1f2eb17dad9c8334e9d568a9f1e64a9e505c003a120333498d6dc5306c3e270d44179cb473bff07350 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\40B9416F0E473BCF2A7415B52D1715E2A820A8A3
| MD5 | f13527cbd0c04a3e129415e665f9740f |
| SHA1 | bc6e74be9ccf6faee33bd956731d5346a751994f |
| SHA256 | 1592845a89790108f48d4234c5e226cde6c7be482eb03c31bea41534ece5c25d |
| SHA512 | ca78ec6303c5d62031764504a3155f3336d05342a0aa2a6c1e8d091765da9c79ae7464ce41cf1d89e6e88a9ca18a22340b9fc6025541fa0934f1b51e745cc4e7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9B06C9250DE4D8C98D0203224240EBC286A37A34
| MD5 | ceb3ace113bd97b484ab8a37d234f634 |
| SHA1 | 72700b8357f8a00ba245d28bbb391d2c2b50dc9a |
| SHA256 | 6bbf7a97f47451388b73fd1d56c8034512b0ce9d6914249070d710dd2d406073 |
| SHA512 | c447043cc207e56522b91063c57f021266c5c11411f72a69c8c18d6d71db55cef04d0f6607f4724d4ed2cc30526bd17f8d6b6eebde23dbb53bbf046e307a0a2b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\BA822DE6BF3F3F67B4097D2431A0A995A9F7CB63
| MD5 | 191f77f6d3ad11efeedff2f109f6561f |
| SHA1 | 4a7dcb0cd2c471a91acb5ed874bd24bd1c0f87ad |
| SHA256 | a04a33ee61bf6ddb9239f954798d130a726f0d87b000e20c549c65af48171182 |
| SHA512 | 1d7737fb811b7ba95e6e140162ad11a410064a72c59830ce1022a928d285e37e2b6f2001632afe77fbb46505d889d8024efde8e3ce4d80a1bf922a7c9f0e97f2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\27449
| MD5 | b45a1457a6979867cda13dc8a9437417 |
| SHA1 | 3fdb259f753e8bf00a1b521a14f6af833ebf6c28 |
| SHA256 | 5f9a03687be7dc9ece6687405a0c809e0a34956bba7d92ecfda23699288ec7fb |
| SHA512 | 78345973ec8f0903698cd7c05fe19f572996f524ba81366b5ad75cdf46eb16bfceb0a630ba84655c8cd3e8d08740dca3a7032aecf624c7693ae08b2a8747c1ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\3ADEBC46DAEA2D77E1DF4B4AB6C524084F97786F
| MD5 | 101f947422cee3d34111274c5900a35d |
| SHA1 | 616d0417ebc0e5c55174d4d5f2ef2f820dfcca64 |
| SHA256 | 5162d64f92fc948cbc083f577605a3faa09b453eb410019a7519441798a540ad |
| SHA512 | a68d033289c65b714d9836efdf1a92ffc2bc9e4f5f1dcd53a2668c20810ab4f051474a005ce8deb84f3b088116c7b4cd2e45c6b589a125fe3569726be6efdc67 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\3D2EE65213655611AE063776EA786EF2A8F7901B
| MD5 | 8ed169c2822a88c454a5d96c2778c0b9 |
| SHA1 | 4dc88761dd65567e744c646896c8a6a82fa0af82 |
| SHA256 | d46d85edb006d3b93ab784dca650078c4095f1598f6a6812785774433ebb761f |
| SHA512 | 3140871c591e9b38bdce463dff7df0d6fb21834d152a3394c1acb7189dd676c43308f522c3e78eec14f42b903ff6fb9863a7f7025ee1853de32dd6cee6e35c62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\40EE86962A167F85FF635E63C180D94A8BE50B96
| MD5 | 2d8b6d643418e38d82a1c8e76986c718 |
| SHA1 | 88b9b61d386dfbd0722db45704193633b9ec2753 |
| SHA256 | 3dd1a23b0da9fcdfeec3da7986f03c54f4f6c5d94a5843152e73d0f884ef2991 |
| SHA512 | f4cebd499adee6c8db3c873ed239efe410a4d72f0a0e0b6472ce0d4cbb26345d60e76bf5c82608344b799bf56fccf2b7e3c0bca22190a1eba71462095ba5bcdb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\14FF324BEE8F75081FE9C38BDD3C16ACD05B921B
| MD5 | a02a3c380e98c827ed5db92efa744e26 |
| SHA1 | 3d2d9867f5cb4f930622c4627198bee0f7793d65 |
| SHA256 | 018490cf7091f490fb4dd3049dd3b55a3a9339d1b928e3d14c7b6eba159bb7de |
| SHA512 | ff40259d218dd98063ec6d3b9a0e2c9da5074dded4e44dcea498501be070d4485b56874db9ddfcc2390f3f6b1d6736733b86fbe46e4cd0fc5b71691d181a28a2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9F2F682CA19694135208D60A7695B6933D763620
| MD5 | 7ebb3585c3c4274d9d85378d0f724141 |
| SHA1 | f063888cca082599ac03981019be4e7809a44d27 |
| SHA256 | 50fa801bf2f042858bfe2b64e8956de16c2cd8f5357851bc8b23aef42da46eb9 |
| SHA512 | c8755ac6debc5a1c84f95d176e5b72644e45e1a81cb637aacda6d4c499ccd4597a15e943e06bd7221eb5341aff4dbbd8ed4fab3cc1d5a2ae147b6f49efd504d0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\F014401240913F9C8DA59BDD862C5F0805A92286
| MD5 | 6abdc3a42aac9d9867b25b071047bec5 |
| SHA1 | 2f9e88010740bb222f21c990f14a8a9523eb5e4d |
| SHA256 | 257924ee10d34276e106587b308637698e62f3e799417cf3d54dd4bd3dc724a9 |
| SHA512 | c528aea22cca28534fac6561a44a5303f3326d4d5a78476d92ac429661e7e8ed6cf6a72e2837b92a381037ec77f9f688bd8da68ef1d65fc85a296f935ea0b4bd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\73F858C8767183112D8183021CA08AEB773A4120
| MD5 | e706dcc9e264182b4e253ac3fa567e40 |
| SHA1 | 08b1c1b7bd6b52f7a71420a24402eadbe0eefd07 |
| SHA256 | 72d4e54903a2b81bb355259c4dce97445fcd4e872a1a7c14e20587a67a02f37a |
| SHA512 | e256757fa5c1a64f35b7336215ef29a7f87f35e9cd7244891ca11ab021b3d39fb43a82dd8d29dca3bdcb69f169a82ecc21505d229c78c89cf15a1fde00c85247 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\25151
| MD5 | 09fcfd6a99a1c25f78a50b2f934be46f |
| SHA1 | e272b7a801259037e6fa082bfbea7fc984d25574 |
| SHA256 | e0933fed760883e65520a36f810ba946af28c55b5c0235d0b7a0b151ec92e116 |
| SHA512 | 8727ababbeaa5f06d80bb5887fb23df0e5b2a4f2a0b7d826f30f36a9611530f35d37b36f3430f7f35924185c9a90e5b02f6d16739a54eceb745bdda5eae4a3ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 63a245ae03b768b3195e8a6e8fbf55a4 |
| SHA1 | 16e1f8c01d66faab9b58c28a19a73b831a2f4abd |
| SHA256 | 4d4ebaae83085875277425d2614aed4213b7c948bf3f5768075bbbffec04124e |
| SHA512 | c3afb82c95f572c8d3b5f7520c09f0e8f035e1148a0515280e024b2c16db8ceed4040684e6809ade88984ff06f1d3d478722c44fd20e47373a59d70dcaf147e3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DCDCCD97B615F85660C06CBDC3964009DD7EF67F
| MD5 | c5a5c3a50299b062f6bf2bc67211f51b |
| SHA1 | b0707799e8553db0e7f8a3910e9972dfbad3f0c1 |
| SHA256 | d681fcdf8ac20a51f3f27abd01af1f942206bcc972c1cd76b4efd237cff697b8 |
| SHA512 | a455be68245a911f7d7dac165b417d66cbbcba79334bd8f69d008ac024223ff419345cc8aa4361a2925b1724072a1cd8dac59046213404bfb113d9f166610f21 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\C1FDD8335B710C52C105645A49A66B4E7F3A4EDB
| MD5 | 823774c68da9bc59badaaba1c74f207f |
| SHA1 | 2ac9e2ca1f2dd8cb60cf88bbe5a47c3e7caeec39 |
| SHA256 | 9af08a36ee2af7a265f4235c70aea230bbd1998b0f225fcfc365ee066b2d950c |
| SHA512 | 6fa4a1a84660fd52138b2e4e9c2b547a5f5c8980bccc00e506438bacf0d02767a17f594643aa573bca037c45ee2100f692451ea4918f072275278107c84726ca |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\551188A5BBB9C014D214C9829437470D277ADFD1
| MD5 | 99ad84c28b63a9a7d993cab5880e8ac1 |
| SHA1 | 369bc47ab1c6cc538e476069e7214a2c0f6b6db9 |
| SHA256 | 7a699f9b4b6eaa16b91d81e10f7eda477df8af489022b90b30cfd46df1ab79f2 |
| SHA512 | efb7ecfd3250e791d3cf4ea83cf1238464b9a8b63ced2382a497fd2f6afdd533c9a75543089213dcff98ac780642e2bbefdc5571f810f37f209224caf4f6ecf6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B20635A9E3239966DF1AF8702BD403FE7FB90005
| MD5 | 964cc9a59b307971f200254b1291860e |
| SHA1 | 4d13ea3911595914848cefe8e225a32d98e4d93a |
| SHA256 | f7de21b8ccb5c0ffa5128c87e55e389a88f58ae4c0ff06cfd786383f12f8ee93 |
| SHA512 | f9ed9f86009ce98e483c66eb7d621edceef7ba1ce36cbb8cbd290e016895d2054c96c51be0923d2197a1588bd4c998a2ad0963cd327c3e0def242050996d7b36 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e7b62cc3a83e1636ba8a13ae822475ac |
| SHA1 | db393422b75493cb4a6373cc6544093a601fd855 |
| SHA256 | 432c548b130bccc8cef5bd9ae0019c32bba369ed5682a5d88ab7686ca7ce1b19 |
| SHA512 | d79e51c6c4472fae7f9b97a01896e0f1850f9669e24f3b0829bbaa168a7f9a29877ae5fe9cc20a1f1a62c7eb7d8837e3963c31c25069ed9825d8ed8becedfd43 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\22635
| MD5 | 4ca32597c5071a328653d4ec2382c4da |
| SHA1 | 0d93c2230e6438910ae4ea2fdedde15cd3b2e688 |
| SHA256 | c7f7622eca915e1e78893d979c45d3e17c708ebbb3176dc2a101249b5eefe7c2 |
| SHA512 | d846c438a82d9f909c8591bb62355122ff2bd1215e3c57289e77f4e3541d106f4cd4603fac107af1e05ecfa0ee019ac23de4a6dccf5129760e3556af135b3039 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 089b12553e9177c344ac9f5311ed7d18 |
| SHA1 | c0797a04f70d2b05fd853f552e71cac6ec7fc73f |
| SHA256 | b041c68b369b7dccc67b9a1908ecdbda0c9046ba0bd945a4b867f7c83d2790a8 |
| SHA512 | bb888422693fd531f1d691c586dd74bee32d3a8f283416ca3160bfe111bb9eda949d932d1ef224d26c83968b346885b38b297fa44009306265c7aa926ffbde53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 41e5d1b872d9af991fbf12ed25e92d4f |
| SHA1 | 5da5110bc0dbb405ee4a15c4bf0ec1a55c05e0e8 |
| SHA256 | 98ed15146a375c6135d04981dcd1bfc8da2714cbf00670cfd7aba2cac03de748 |
| SHA512 | 85b90ff6fb52cfec26b12ff17d22be2bc6626d19690facc3e3f6dbbf17de1b8f127b58308fca1a60d1e5a6080e7fd00b22c72dc43e672186868dd0fae93865fb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\21445
| MD5 | 919922b572f3c49569a968dadd957fac |
| SHA1 | 44f89c07592ce291d349a1787bc040ba580dc67e |
| SHA256 | e9b2ea9ee4c42acdc31058cda3d10c9148d15331e2cbbb314fa3f43a634a9dde |
| SHA512 | d533fb88f29e07c3d832ae98757d6010f9b33a11a06aae1fb26ec05c0ea8c43fa06cc19d8ce83ffd0e2fb27d2c0ec0927b5286877c687bcf999a07b5d1282ff5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2e37dbe38450df5b25007bbe7fd81306 |
| SHA1 | f332cf686779d9782b3a4e6bd47868bae7c8e6e0 |
| SHA256 | c138a207cf012d8212c798bb55acbf41502459d23f7bfcba41d860403bbf2c62 |
| SHA512 | 3618e5663b5881da948567e2368386db23ceb7eb927694ed329f4297446e4cbe8c863d80f6b0bfff1f9a85e809cf80b60b3f22408e681c4c23dc9ba22f688be7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fcff6428db20e03dba6aad5f1285ebdd |
| SHA1 | 84c857d6da6ac788bbd315afd7c488ff5046f890 |
| SHA256 | 782ac650df6e076198b8ff56f92db0ba3a043c475a231fbdcbd52ebc766e0795 |
| SHA512 | c67601c7d02db0a73ac3478a778ecddb1efedbff6e06e42bf8567eac3ffef0378d6b1493595d5e781933848d95b01f995de61be90c93d93e18cad334525f3548 |
C:\Users\Admin\Downloads\HVA2aHlq.zip.part
| MD5 | 0fb4c5f7aa6e752cfc00e163dd922a34 |
| SHA1 | d37bb8aa6630f71eb631ac669203b1a3065d4af3 |
| SHA256 | 64bb156bbd9c1cd1403c1f40b22f1039ce64216c4ec6e25d4222f1cb9f8195fe |
| SHA512 | f7a6d08ebd27ae8f95984866f6540f26c1cbdc6ab639ecdbf060f5a4e2ace1cf7879eddb8fa0bf3de832362c99b9d05e6ab5c21ca165a1fd9cdfded3a6326e73 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3402302088352148aacdb5f74556c22c |
| SHA1 | b142bb2bc72e53e669e87d665611ff9af09552e8 |
| SHA256 | d11dfd349dfff9a2586b9d7c251273bfd689a9a0cce711b5efbdba0477916741 |
| SHA512 | dd3bd11fbefe7e8ee920623333bcb0becae325db985e14fc35df2fb4ac81700cdbce82119805a8401ec2d63836feb92a4083e66171467b081db926928109c989 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
| MD5 | 2f318b52a9b74defdd7cdaccf6881357 |
| SHA1 | 183b14773d90ab1072ef5240df36800fb0c07789 |
| SHA256 | 5153144bb6ce509007c31766b4593f4f7c1e069c15241e8a55330402b793c51f |
| SHA512 | 617e3ad1da28050b08dbee7a9e89d66e40e013174541d457dbf5b7f649c54b66fc22ae9208b6b4cae6a6317c1952422ba71131d6dec172d33c82508b8eaaf031 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\favicons.sqlite-wal
| MD5 | 62f742f3815ec17be2fe9e90d9f74383 |
| SHA1 | 365ac96ea69e13e6aff62fff83abf00d28643d2f |
| SHA256 | 0729c23aa09f513ee5f11c49e7a8742d787cd0683d6c9c554cd903e05b013400 |
| SHA512 | 270b313ab49564c6b8ab12daff5caec7c382c992136245ee67524567796bb6af1e5179f2e5b616c0d180fffe863755a3aca5294c5cde7d9aaf30bd426a1b2fd4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite
| MD5 | 60c69383593de11026ec8846bd4887c1 |
| SHA1 | 5e8c87206c09992cff30d185be8fcf247df47aaa |
| SHA256 | a6e6e9c1983326ce9897a80c4f67c5c0646eadda08cc6ead9a6e8e04102790b2 |
| SHA512 | 82a43521c5f464ae872514a5ff211d84ce0ccec9174ed131ecb1d7a18c38f76befe9df47301bf7346ff166fa658727f61e07fdf10d9d1a208fc2a7ac3a4f1056 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4
| MD5 | e1033b501a61f4795c89e17ce529f031 |
| SHA1 | 67d775f69ea54c08cb23f13396e715e219c16d74 |
| SHA256 | 879fd6ee0db18187e853e9b0d732276cb1d16d143dfcb5e9fc6bbff07da53f64 |
| SHA512 | 0c51a65af0c05115f90a33592bdb39eb0a34fc15bcc026240ea739d16a2f0748e7c364e1bce7803a95a3de2dea1ed12564f08f46bed7a81bde68ae068d8e8666 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1612s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:26
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1608s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\welcome\welcome-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1600s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
616s
Max time network
1587s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:15
Platform
win10-20240404-en
Max time kernel
316s
Max time network
1593s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\main\template.js
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1604s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
615s
Max time network
1590s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
496s
Max time network
1589s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.162.46.104.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:16
Platform
win10-20240404-en
Max time kernel
316s
Max time network
1597s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\modal\modal-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:18
Platform
win10-20240404-en
Max time kernel
347s
Max time network
1589s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\progress\progress-1-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:21
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1601s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\settings\settings-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:26
Platform
win10-20240404-en
Max time kernel
865s
Max time network
1589s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\welcome\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
1797s
Max time network
1688s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596846596546729" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd6dba9758,0x7ffd6dba9768,0x7ffd6dba9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=304 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=940 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content.overwolf.com | udp |
| GB | 18.245.218.13:443 | content.overwolf.com | tcp |
| GB | 18.245.218.13:443 | content.overwolf.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
Files
\??\pipe\crashpad_5008_DQBFAJHUPTSXZBAN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cf788c1f-0fdf-49bb-addb-78e7fc13b12e.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2c7dd78ddee2b7d4858d7e7bd8f05a7b |
| SHA1 | 520297da701d8e74004a0522298c7b7561d33381 |
| SHA256 | 74760c1a94fe7be0d968b2d8e9a73f38bb42738bb5cdac3cf2a02327ee2f60b0 |
| SHA512 | 207149c000df39c41d85d9c46022547e00b80becc5bd081cf13d15c875f815a6a3ac07967b30d1b0431826571166ac9bcba04200ca58164060d85f52c430026a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 82b5a540b31b7c3121b6d4786fe2ad21 |
| SHA1 | db8b90e6ff93fc2145d6b5c3988c7f6ad3f8425d |
| SHA256 | 7d75d9114ccddff24225d082fe79bb244ed09b81815cc3c9fde51b083c5c093b |
| SHA512 | 87c6771a6148ef728ac3eb713146e0c57453cdd330ea7a1d3a2d480f2d06dc9c7ef31a40607883ef87f26349f216d8e6e7053cae62a38da0afc01624f097592e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b0ea8df788ac68e2438d9176976c309d |
| SHA1 | 5a43524da25d2e96da9595ebeccc9d40dd1149ea |
| SHA256 | d8d5c905da238431139acc2da4cb58e22cf74da6b0074f203b15ef7f9661b1f8 |
| SHA512 | 33f2c40055b0d484f59cb91d358b8b239f8dd3f570ddc47f6b33e7069d315504a4735175bb6ee4095f341215186de7092b0348e0b8a6e30421957615b9cbae6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2de026f9f9893beb4d9227ee91347b54 |
| SHA1 | 129132628fed7fcdfc224e740dd9666d4c012fd0 |
| SHA256 | 2178835305aea31ec7250ba3399860c3f8bd2ac2967bee9b77603aa21858b35f |
| SHA512 | cc21951d64971c9477eba4fbebbd34801933f2789c711e8d3635f4b8997ca5364bcc77a098a849f2ead670f53a301a79c9d5c9c1534f57fb8fa9150b416c6616 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d5390105de211a46f21d05c896735c7 |
| SHA1 | 32febaeeaab523bb5acfba506c55a0790330d168 |
| SHA256 | 24b99700160b7534e3545c0ebda17801c97927ebdf68899c42dc514106bed74d |
| SHA512 | 9216c4b5dbee11a5528e61a7c3869e21705c4929a5ed68a89126f50c1093a2ce19e95ad3d00b8fc8994e9d947d25497d44b6cc858beadf71f47ddab641d727a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f6048316da52de552477aff06981f60c |
| SHA1 | 4a7d582e8f6d861d2285e9dc8673c39b422a1a90 |
| SHA256 | b027aa51a0f4c9e43dcc1ceb3ffb000e0cd90236e65925195dcde7d5bdf213f7 |
| SHA512 | 0c42ce21afafd7899102b04e98d864ec89c3a5c674daadd58bbfaaa0a67b2f5bd1564a2048a7a3386e1ce9a472e08710ecebcc69e553a659e2ad7a795f901da1 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:00
Platform
win10-20240404-en
Max time kernel
615s
Max time network
1592s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:01
Platform
win10-20240404-en
Max time kernel
403s
Max time network
1613s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:09
Platform
win10-20240404-en
Max time kernel
315s
Max time network
1602s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish\finish-controller.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:30
Platform
win10-20240404-en
Max time kernel
1799s
Max time network
1684s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596864195927652" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\progress.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc2aca9758,0x7ffc2aca9768,0x7ffc2aca9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=876 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.183.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4404_QZRNDPHXRVIXPHZA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 01b5b2d6457066d6b4bf2f4bdeb242b0 |
| SHA1 | 79b9563c1eedceaaa9e64d76d70b971a3b07c118 |
| SHA256 | 9fd5c610442b899acf0ff6bf823f27dea91cb03b1434609509f9a355b81df1d5 |
| SHA512 | 6f12009781d1ded7b6b90aeea1ece6e2d32a57d946837f7e0e9a48f091f348c51455f28b474501984422bd338de0fc29f3281f8884898fa87448db4f82f31dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 813293dd3433171a5af913b97eb75638 |
| SHA1 | 1d5f5a7d9e9f8ce32f3e57900c146e023b40173b |
| SHA256 | a933cdbf2da3a47f121f566649153ea718c278ec33db0b4d8ca6dc03546e5171 |
| SHA512 | c36960a40201205f7c2ca57dc28865e19c60d3787778a4eedce9957527f73023340d99ecf341de7ca45fae7dfab1c2a2e8d23850a67ead9d7fce5c20e940f493 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | df0192c5ea883554830f764c25c536c1 |
| SHA1 | 7b6bd83e0ebbbd93380961a72540c2b1578fd195 |
| SHA256 | e6b96584fc17044f325ca545ca454378a664485f52c8310154e3c025a9f4a49a |
| SHA512 | 4f9685ba71cf5e75bcb0d90bb09f473389f923c26100262311d80e8ea60e5c52587b8ea8cdd343b313813fe5c0e9c4fb21fc0a49550a7cf3b146ed62aec8d6bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 907d444fae5264f87d6085e8e3187e37 |
| SHA1 | d944bf1590133edc4bc2dab38337f9f5c37d2086 |
| SHA256 | df658d37f1ba838ad891769d1caac437e1f0a742d7948c4b74a2ab8566032e47 |
| SHA512 | d47346532bce91bbc79a080b4e2b2ccbe2bffe47c5fbb1b64f3156a2ee3cbaa1aa3afdaf4dc48acaaddd55363fdb0c6a92583d1281f19f75f17392a2da3f589d |
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-08 23:30
Reported
2024-05-09 00:17
Platform
win10-20240404-en
Max time kernel
316s
Max time network
1608s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\privacy\template.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |