Malware Analysis Report

2025-08-05 12:51

Sample ID 240508-3hfq9adf4w
Target Hone - Installer.exe
SHA256 296e3264a6f0165a46c33dc29a37819fffce6ea99982a244092eae441d156a24
Tags
execution bootkit persistence upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

296e3264a6f0165a46c33dc29a37819fffce6ea99982a244092eae441d156a24

Threat Level: Likely malicious

The file Hone - Installer.exe was found to be: Likely malicious.

Malicious Activity Summary

execution bootkit persistence upx

Modifies Installed Components in the registry

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Command and Scripting Interpreter: JavaScript

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-08 23:30

Signatures

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1600s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\jquery-1.10.2.min.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:03

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1613s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish-with-recommended-app\template.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish-with-recommended-app\template.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:14

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1609s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\main\main-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\main\main-controller.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:16

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1599s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\privacy\privacy-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\privacy\privacy-controller.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 f.f.f.f.5.e.a.8.b.6.d.3.0.8.0.1.f.f.f.f.5.e.a.8.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:19

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1583s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\progress\template.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\progress\template.js

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:01

Platform

win10-20240404-en

Max time kernel

372s

Max time network

1588s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\app.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 131.109.69.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-08 23:53

Platform

win10-20240404-en

Max time kernel

1311s

Max time network

1321s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2084 wrote to memory of 4340 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 1644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 1644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 1252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 1252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4340 wrote to memory of 1252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\cookies.js

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.0.1953389504\752696341" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a1cdfea-cdb9-4fd2-b5a1-d7506dbdedc3} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 1764 223c9fdb158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.1.581177280\1366633636" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18f71b53-833b-4809-9235-2b05e2ff5b5f} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2120 223b7b72258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.2.299479319\1852512223" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0f7ca79-a05d-48fd-8068-65f0c61d2523} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2956 223ce1a0158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.3.1936062778\763213434" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13813b88-36ad-4bc5-bfa4-985d860037b7} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 3500 223cc99b858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.4.392952536\1348876317" -childID 3 -isForBrowser -prefsHandle 3680 -prefMapHandle 3628 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0b91e03-87dc-431b-9c8d-a1b8fb690b54} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4312 223d0068e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.5.1504639857\335946413" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78c2ad8c-cb08-49de-b738-37fea0d9f8e3} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4948 223d0b14858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.6.1565036666\997746167" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6e5201e-c61b-4c4e-8a76-6d74d5063b83} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 4968 223d0b15458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.7.34991625\192674265" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cafc2c2c-676a-43f2-a608-4b42e7431315} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5384 223d0a59258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.8.459955568\421940158" -childID 7 -isForBrowser -prefsHandle 4300 -prefMapHandle 1552 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e173d3ba-20c5-49eb-9dfe-2ad98c9414c0} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2492 223d1bb1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.9.1103435890\470209087" -childID 8 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5836391e-8f6e-429c-9cd6-d763e27e9697} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2552 223d1e54c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.10.109668219\948067339" -childID 9 -isForBrowser -prefsHandle 5804 -prefMapHandle 5808 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d11c94de-4913-4730-91ee-e88854cf1fa4} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5796 223cfe2d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.11.1640186989\1567315873" -childID 10 -isForBrowser -prefsHandle 5948 -prefMapHandle 5952 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99385567-173c-4a17-9d44-07133ce6ce64} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5932 223cfe2de58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.12.1601616109\1925820300" -childID 11 -isForBrowser -prefsHandle 4152 -prefMapHandle 4352 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86ab0d58-877e-4be8-810f-05f0de67ef5a} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2668 223d1efa258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.13.1249120504\2011680548" -childID 12 -isForBrowser -prefsHandle 9152 -prefMapHandle 8492 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b18da68-7ac6-4cae-ab30-253a0f11dfd8} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 8424 223d38df658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.14.267348966\236922712" -parentBuildID 20221007134813 -prefsHandle 9164 -prefMapHandle 2760 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49fb4df8-6128-42a4-9c42-8ea72c30a3d6} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 10076 223d3910858 rdd

Network

Country Destination Domain Proto
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 127.0.0.1:49801 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 35.164.250.149:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 149.250.164.35.in-addr.arpa udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
N/A 127.0.0.1:49808 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 151.101.1.140:443 reddit.map.fastly.net tcp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 support.reddithelp.com udp
US 104.16.53.111:443 support.reddithelp.com tcp
US 8.8.8.8:53 reddit.zendesk.com udp
US 8.8.8.8:53 reddit.zendesk.com udp
US 8.8.8.8:53 111.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 p20.zdassets.com udp
US 104.18.70.113:443 p20.zdassets.com tcp
US 8.8.8.8:53 static.zdassets.com udp
US 104.18.72.113:443 static.zdassets.com tcp
US 8.8.8.8:53 p20.zdassets.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 theme.zdassets.com udp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 p20.zdassets.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.18.70.113:443 theme.zdassets.com tcp
US 104.18.70.113:443 theme.zdassets.com tcp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 reddit.zendesk.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 theme.zdassets.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 theme.zdassets.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 113.70.18.104.in-addr.arpa udp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 113.72.18.104.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 104.17.245.203:443 unpkg.com tcp
US 104.18.70.113:443 theme.zdassets.com tcp
US 104.18.70.113:443 theme.zdassets.com tcp
US 104.18.70.113:443 theme.zdassets.com tcp
US 104.18.70.113:443 theme.zdassets.com tcp
US 104.16.51.111:443 reddit.zendesk.com tcp
US 8.8.8.8:53 203.245.17.104.in-addr.arpa udp
US 8.8.8.8:53 111.51.16.104.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 reddit.zendesk.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.230:443 static.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.90:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

MD5 cf065e8aa4ac4f6e4089bd6dc0c672da
SHA1 510df1b3b9b21e35bd265ee62ac7a36fc6d3f667
SHA256 1b09e674503ca30f7b80fa66ced4bd05dce3a823278a1ba25e6f1ace4faea490
SHA512 1d88170489548d5e1b24163013d1d071fc691bf35964fb3a9ebe2c22628e9dd4c056df52d33c5f3329056d39329ac76be70f83d30b7dc7865357dd956426b27e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\b535c775-ee9f-40dd-9ec0-207c43a0d273

MD5 06c593a1dde7e586f673e8feede8e55d
SHA1 1fd6b50a8b88401fba430b69c3b457a064a89b20
SHA256 12303af6de2124edd1389e9161a75189b43a23d6c7de483844f937b8719fb2e5
SHA512 fe2f4441e0f1d0f50b11bc5ab938cab2638959831223d66e048f55cc1360e374252c36226c65dccc9a610021f540c089dc5d5a7045adc446ec9e502a364d3183

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\ab701757-2943-4412-8845-396be43eaef1

MD5 289033529b030b519c1f0c14d9bf7e95
SHA1 82934c6c04f0f3072fb47cc867fa3bf7a5713f9b
SHA256 3fa5cc295a09ca491be1d53c5cf7ec2251b014e0ea966856c56c8e0f36934acd
SHA512 a65593692fa47c3b9fd681f4297c3cfbbb99563a59f1c8fde4f540b5fabf3db295a5539bcf03a701b1789bd25539143c36633f58d58a595bf5e665410d6b016e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

MD5 6f7a962a6d57d30f31a53e482c517045
SHA1 5461c7ca2ce07cf17680cba421c14ecab35b514c
SHA256 85d7d562c0c4f04714f078f310b2d9966b30f215492a4e93d83a23b271e3d37d
SHA512 885fcd406aa5921790431d105c7c37884581aa2d384169495ae47d8f016db84eb53f8eac2b3f35ac2e4899659c3f616586d94c5fdf2bcefa8c2b6f6823476131

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 c460716b62456449360b23cf5663f275
SHA1 06573a83d88286153066bae7062cc9300e567d92
SHA256 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 27597897f94fcb58668b7d2a0c043277
SHA1 11c28d04aa4adc7e81a2cfa366150beaebeedf69
SHA256 4e44060dae2b1f3face6253a9ed8f48f958b0bb775b205d30cad816c52b27036
SHA512 af1f572ad6e5a695de87f0f08abcfddf35f4ba5cc0bf13e11d448b763c2b7578fb452c9498e4a91f9c913c3699058ce4ce9dcf335ccca1b42aa88db9443232df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

MD5 c11ec3ba91c3b046d64e9186f686ea51
SHA1 e25e499123a8f10d38a49c579e6955f454eebeb3
SHA256 594029f5073a4ab15de9e834e6f87bea4a4933930bb5c56a9b25b0410db3c4a3
SHA512 db6a27cfdfa029cf8d2460e070cf2dce969ab9b304e019b4245827a3a6cd98a052fb5a8b185553eb829fc43700ca3fedbc0bc7c9a4e19e00e79a417571e354a1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E00BECD303B77CED95A357A7A1E4C8D69B473C88

MD5 018263ae0b1e9e029a1cc36e65f7fe7c
SHA1 4827f4de8e61f9b76f8a85a42bed3b2a287d5baa
SHA256 e927b66ac01dc27652a1c3a8cc16b302a8676dae524435865f2dd002dbc6d57f
SHA512 34e809cd1bb133a6508788f5cad0b21b9a549ec9614262bd8ef72835abbb5cc11d33b7c871b5d687604712a6827dba92b919c3b68f666ce6964402c7fbff919c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

MD5 765ff5d88cd6b3f46f4da215c9ac7ec7
SHA1 5d658b18f78479773d274017b646b0d58de1f0eb
SHA256 b0e0cde19dfde2d4685bc5b8be3ed0ec7970d81947085afea8f73c228b234a80
SHA512 64024da1f881b28e8280a381d1ff012874b7d731402a5f79734d385eba91305e9e3c6778b2e35fcb09a7702760357faee3f53a887863bf3473215184b21b1973

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 caf4ed8d36a34028b03dc6e958b3cfa1
SHA1 b76ffbfad0212f2b45bd5e110f9ba8393ada3726
SHA256 27949fa04959975ee25903389830ef2d8432f0fe55d097b346d99fbd872c1d71
SHA512 09fa8b363cd2ad0538da5463348febb07a69033d13fe8ddc605f4f764dc722e5de44a3aedcf7cb8552e04b78018abef0b1647cba9be8b51aa46aa672f1e15fe0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dc7f05c488630843558264f28977f4f0
SHA1 b50f32a39d6a0241a9b5afcaebf0abb91780da06
SHA256 53a9f20c6039585382d4673861c660b9b372fde15f924291214b0ef76f4f741b
SHA512 34b98aa09af0ca0976f05f9ba97d81d903499c996b25487b1c2491a610ee95f39dd8bbf98cd02bbf3ebdda2f91ae47b537cf12b7b3f363f8425f032c4924c0da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 359bc828aead9343a3e9936932ac9cc5
SHA1 2980d2d186b48387914660e26d7ea91c1f04f6f4
SHA256 34ae46cb23904c7640f2eca44cb5bf86996a03f3ce1d2cd9bc952f6a59d27968
SHA512 fca3dd39939effb12b9a34ac2185e024d6c74cdc0fa8fe8f8b68241e60a0c1be4fa07cbf962901adeda1d23af2a350dcd29c6cc60f6f9306541eef04e438c97b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e0eee5ea3e89f14b482ebb105145f46a
SHA1 3a558facc479d36a5151acbcd85afc4dc1929403
SHA256 178978cc23dee6156db4c32adfb3e68e57d7f1a3e7eadb349e069ff3404a4a4f
SHA512 5f880673b261da058dbbf49eacd11b1d8455ea8478e9371c0df0047de6991de82ba84d3b71a588284519f4e439dc4a9470f48bb83d79f65b01704a85fe0e011d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8ba2e099e22276cf93de250e987057dc
SHA1 cd78619144d1e8f216e77dfd761ff3114b4cb527
SHA256 046ef0456425c5b8864b1c0a33db8b3461d8a61b0719a5fadd4f391e6fe16449
SHA512 692711564f87a30d895fb5972d2679adae5f26947b770f420121d80438d781ee33567f6b2b209a2401feaf96e11124aef2bf25936d43f6e649088be6414b8924

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 450fa2516628d1cb021b66ac2a345130
SHA1 f081797766e20835f01dd5838824f3d58ebd97d7
SHA256 15fab62837ca5f433f934ffbd7060219f061afd4c46e95e6c7a092f430253333
SHA512 879df21548fcd8bd408f59995e51634fd632b5a140d848987059e57771e111d89cb42a04ab6be8ce92a4f4ef74181708ac2eb4975a7b258f6c3b8b7991ec1173

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\639028690EAC90CBBCD6DD68DA6CE11697C3C461

MD5 532eb18db9d73dccaf52a77a727a95ae
SHA1 4ac896b829a8bbb79e75b691561112113b92e746
SHA256 e430d0d91c46323caaaff293291c670db1d930c4fb5c580a487cbe81602ecacc
SHA512 84da0965dcd405b359ce601cf56af3a8bacaec5acdc1e869d0cc014d93fb8db97eb14d537d9727df677fb1e38050e0a1f5941b40e22b7288d3db13870018f83b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8b2e0cefa1ae19a1a60e90787e67f936
SHA1 4cf3d27094d1cda0e6ed4a106ecd849087681de2
SHA256 b33a53265d015a052caaafc1a74f0d75e29b89b1f0aba3f8cc73d94306eca4f5
SHA512 fa9248f5f7111683e46cb91bd2f43fcd76aa418283b98df60d38d985ef9e68e62846b49d7d3775e214144952f831f7d07a934a98b760c03540e3d82dc3e58b4a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 41c4d3b985769e271ac04c98584aea72
SHA1 920e689a2247de249315c54611b95f9e60897cbd
SHA256 a14b614b50aa16ac6bc08465c5be8d7d56139bad76ca51f3a03c2fbebfa46e13
SHA512 9827486ba32bd8b934202e801e7217363a606a662a5df0e2f89ae3d91f78f121be802abc011939ff085a4c82d06c671ccf672b08c7e04333ac62afe7135fa3c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\17998

MD5 3d2a10a261b24db26a454d548e780061
SHA1 1f40ddcb4f9f4ce9d14079daba9c4822a448b36f
SHA256 d7ce83315cc630831f4bd52f72d81fca6e2ed480bb5920aab64aa163571f8aee
SHA512 f382d0e88ac294a3e1b4e62bc1060cab704dad0a3103856eba1153a873b6734131713f6d433b20c0af3da5018b5430bb002b0402347ea42bb8538733ad15a4cb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\4375

MD5 5e8725e203bd15ff5526b709f11cad2c
SHA1 78f8bd1e27d2365047da2696f8f53bf4ab2082a8
SHA256 84eb53135e7f970dc8a35559b3876009e5172ec22552aa64111e9555657f21cb
SHA512 ed570d68dbc0ef93270a9c01eae8f028d45880bbd3f3d3dbcbc679c65db4f97567e09218e749acf60a4c8cdea646434d7d1f5593f5becbecddbf2189ab967b15

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\1380

MD5 0163034497311edbb6a9e184f2af5e99
SHA1 cd9d81bc3f9230412da2c66de91ae70ed74d9f27
SHA256 2bf29110a9c6625685601a192059487f640aeacfad6cd8619ddc067bb6684407
SHA512 9de61fca12b2b076704ee00082c2223e16d647d15c8cfd57bc4a1345c41441ff3afc9f580873d9c94f1883b51c7549fe0c2ba87f295bf3f8c819257608fd0998

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\29536

MD5 35c9acd0988316f2bca6aaff094e00d1
SHA1 eee8c4e1b55720e099714228e92543e613e20afa
SHA256 02a3cf1ef4d2556d5bef3d8b9e5a144cae194d3ef85293123cf60c1270c33e0d
SHA512 5a10ae73362f914a4bfc879a868cd88df66915d9d36732c2fbc4854382f783c8c4c8dff3c27a26cb72654eb1c7e9433d7497f1ec18bb25817bceb662aa30f905

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 676cd77c6fb893bc86369cb2fbe2e12d
SHA1 cfa315f9b1a5eef159970a2d38a37b5134b30089
SHA256 31e8cd80949986ce01fc75dc79b700f9e0c406fba36ec33cffa1525687e194cd
SHA512 ef5b231da2a5d54b8f9b439ad290c8ebb1fab3f32cef99f6ef96b5f6e44527884386958ff68a37e690704e4b3f84b78d848a2439ce30a05249a2ab52fe676f12

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\42FBC92BECB6C579184E489E280F0F4B3357EAA5

MD5 b459fc03afba11f81b5fd9d68e71186a
SHA1 162d664e384e40a99e42efb1ed145b72b2ccf714
SHA256 a82b806952b44fd7cb5de2302d51c125110b1ee9816160d0fae064cc1539163d
SHA512 d9215549f8987b357da9a58eaab9536c1b4b18b48df711327971ab71c603537730f566016af8a78450e3c4640b8fd00c4d37dcf66f3f48638bcadc03f63ca1b8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\29965

MD5 927f55d18d154cd04cdf469206df3efa
SHA1 a6b984b7f5c6b042f98835260428dd2f8711f494
SHA256 9d6a480c21f35379b8f540283ed1c2162bb4a832cdfaeea518f50a86f1dae60b
SHA512 9c4f0781c49219f5e6d0eb05a846d34931acfc861a7e8b67dcab6e24eda37daccab4695e8013dca530f703f6b4c201b95027c5ef954b68694effe072e81e5a78

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\20281

MD5 7d04f0892a68f4471716a28ced6572fb
SHA1 93421f1a91fde564dbd488effa50cf14ab58cfdf
SHA256 d3d266013009fb864368e17e8d7ec1d9e56edbc4db5b738c8e069e6ab80c6229
SHA512 e5efa65659c1fe2f8c700184a19302645aa80a223a0d74d00616ffa310cefe58c09d3e293bcfd8fccf302f797c93b632ddada0472cb44247b6a43a971f367b3d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\20888

MD5 9965e04f43469413a3abcdb2f90f36fc
SHA1 34cb3ae0ff405c73931ce6e6e5ffa4f9294777d0
SHA256 2335ac7bdd48d17d8c8db8bbdf2b26369fc32d34b837f3e7d4f77278214e73ad
SHA512 c52981ce9b836bd413b0d68516034a9f391ab8e2353fc6117a4af916714e0e2e6f74acb1782ab7bddeafc2c3f86fda9edf625eca14acd1a3de9c3ace2b65fa23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\30909

MD5 36021583f43d6b79f18e0b9261e9e5cf
SHA1 90dc186ba81a232e2c53864d58520b6e87478b22
SHA256 8feac1eaac6106d050d886d28ba96acba5c65d5217bb8b881eae06796282ca40
SHA512 3ff582bb6d3825a18d5a195cc03d6534439ae46ffd9dab46235e50ec60315dde6e2d69f1ffe53216f76ee06401a1a6849c0d284383fb68e3f42dba01910eef8f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5217bec8425db4c08f6b0b83345686fd
SHA1 e43bd75b95b8666298ca2553466eb8dff126858c
SHA256 653941033229db9d060b94a0a4603b154093282d7b0c8d21a07b500aed6dc743
SHA512 4035f81e2dc54cec39bb977b379d64d824001409b9b86e583ef0eea3f2ce45d5581ea69cdf14ff5c566c801c80cd1fe487d70262d60e842942eec9c66458aff2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1311b9fe8394da30f296307485f267bc
SHA1 5b0f8cd4f768637c43f4a1419be8b9d4fb6fdff5
SHA256 c4890d6e5a06aa94dfd6524dadc25d95c4bfa77ad8d704e62f8b1850e04a4e4c
SHA512 6de51b265f0c0cf3651e51f0bb70aa83cbb439c38807006e0db0d2eb5e52e7a3c628411db552d180609d9da2fc8db41ab4727549f41349fd5324c785cd05dfb7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 68a9104bf26e9f1714e14c9de411c866
SHA1 6943f123e03bcccc10227bb154fef2fe6b91091f
SHA256 3a679824e92b961a0c71dbfcccf0fb4f6929ef74de2a604b0cfefe8369d0f295
SHA512 07564a603ca6cb289c3d9667c4a561487575db6bf455f79f09f98c598abc0731a2e2435368bc4fa91d905e10ba266f81e7d4f30ef7215464da6a33ca52a86f1d

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 f66d14540349e2820cba7569f707635c
SHA1 69178b72350607149fbc660858662cc36d0c0148
SHA256 899f123e598fdea72258dce4a074eb6b9d9f7c49bfeadb76f0dd88bb790a0e94
SHA512 fe5de9926ffd89a5d4cb0cd9a40ff60a46b610be59f6a1c5bc98982564a96f3338afae471d3cbcffab858e1235c51e0968426c2a56d716150633900a11e70c74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

MD5 3c261e3deea3f2040b4e0fbd24a4962c
SHA1 a742272742e587da3ec30a44e6e9ad4837e5b89d
SHA256 3926879add621d364751fd79f3fd32cf116f43b8d067698ca75af896e7a09e96
SHA512 b2a68eb9cf7bc770506c968c1ed774a8f51846a6eac8f47afa43c9f5edf7bd018162e72d2c783e1d1947ac0cc794b2c060194ed9bbcc1888350298b6a5462a2c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3b85cf84548809b4faec8dd410f0c0c6
SHA1 db41b44a892102c6d605aad9f3c56f4cb3217f76
SHA256 8bccfb765dd6f6ec9872df9019cb2bc3ccb70d8f65598a5a3796d5d2e094bf95
SHA512 98ca399651c8d7dfaecfe27fe495f4d540895612e4554e0081e293f9e57463d9e947efe8d25ed6c5ffa874d98480fdecdee3e9d6dcac34fb727dfe5413ba5638

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 1b584e628b6501b666a4867a6c615224
SHA1 3d6bb397f06e4651137690304390328a8f580b95
SHA256 00ec0cb3f537f1fa9775726b0f5c646e91476c7c26f5b9e50a4cc17a724038fa
SHA512 774d6c1770cf8de3fc08bff493284cf48136d410e44012f7f6077eb1554569a4dff00f26b3485f2178ac766fa41efd2ecbe8d82699a1eeeb2b1bb20d487ed6fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 3bec5a0393b8eaa07500e6425c649089
SHA1 16b6dd92bf3b124f9e474d21f07abfcb678eed5e
SHA256 c8c48a9f730c0b594c2e4f0d41fddb785e555a7a3b8c9f2b604703b89219bb14
SHA512 9f9cafa7bb5b863a7466d719c902dc7723d3a3d09b9a76a471bfa40db6d8a55ecea96f0757dbe83c713ae2687edad0edc44128d04cceef0f080c825924211866

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-08 23:42

Platform

win10-20240404-en

Max time kernel

575s

Max time network

691s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Monoxide.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Monoxide(1).zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4136 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe
PID 4136 wrote to memory of 1588 N/A C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3188 wrote to memory of 1948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1948 wrote to memory of 3100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe

"C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe"

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe

"C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe" Sel=0&Extension=mgkabooemhaamambocobpeoeelpadcjhjgbcfhlc&Name=Hone&Referer=hone.gg&Browser=opera -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://download.overwolf.com/setup/electron/mgkabooemhaamambocobpeoeelpadcjhjgbcfhlc --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --silent-setup --app-name="Hone" --auto-close -exepath C:\Users\Admin\AppData\Local\Temp\Hone - Installer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.0.1739363571\2054670421" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e4a0762-117a-445b-b373-90760f93013c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 1780 1e9a4dd5458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.1.2000674027\1031022344" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51406f4a-d35f-446d-807f-bddd54fdc6bb} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2136 1e999b72b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.2.2830639\581240713" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34c51a1-5d8e-42e0-89a2-bb7914d40425} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2872 1e9a8dd4e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.3.610869428\1527259637" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec01eeec-6b61-4816-a5b6-736b8d4a8e4c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 3476 1e999b62258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.4.1161379001\450923729" -childID 3 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46d32583-9ae3-4ac4-b84e-ace924b0d19e} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 3764 1e9a9fc3858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.5.14626809\848848808" -childID 4 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3380bfb5-867c-40ac-b85c-f613c561301c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4572 1e9aa9b0358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.6.1365614784\628681679" -childID 5 -isForBrowser -prefsHandle 4724 -prefMapHandle 4728 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6230a4a-ebf3-4736-979e-7fd19c4655b1} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4712 1e9aa9b1558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.7.945281859\1596812986" -childID 6 -isForBrowser -prefsHandle 5020 -prefMapHandle 5012 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b72db589-c2ec-435c-aeb4-51cf98c2737c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4928 1e9aafa3858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.8.1774190430\2124060386" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {650c6068-a4d8-4523-8f0f-c19c8bc4b2fe} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5648 1e9ac4bd858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.9.1023821036\1261658593" -childID 8 -isForBrowser -prefsHandle 1572 -prefMapHandle 1584 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {196adb9c-d6d8-49cc-9d9e-33a44bf490a9} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 1536 1e9ab178758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.10.1888445333\364346515" -parentBuildID 20221007134813 -prefsHandle 5980 -prefMapHandle 4548 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdff2ac6-1c7a-42ed-96cb-ac56786ba788} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4392 1e9acd3b558 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.11.165646462\325773862" -childID 9 -isForBrowser -prefsHandle 6120 -prefMapHandle 6116 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86f12abb-032b-44cd-81b7-c06881bfafda} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 6128 1e9ab3fa358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.12.481585323\1277186453" -childID 10 -isForBrowser -prefsHandle 4932 -prefMapHandle 4452 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54d79444-a741-4c52-b234-9996afc2f2e8} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5324 1e9ab3f9758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.13.2067926154\993237027" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6152 -prefMapHandle 6136 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a936d3c2-eee7-43c5-97f7-dd8e8a6509c2} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 6156 1e9acd66a58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.14.1055443582\1357413028" -childID 11 -isForBrowser -prefsHandle 10848 -prefMapHandle 10852 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9be14d45-34e6-4d0b-a1e2-422913f656d1} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 10840 1e9ad7daf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.15.774391784\256928742" -childID 12 -isForBrowser -prefsHandle 5848 -prefMapHandle 5860 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3ba81fd-f1e7-4afa-9402-c9f7aaddada2} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 1592 1e9ab82d858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.16.1818627064\1276702652" -childID 13 -isForBrowser -prefsHandle 5000 -prefMapHandle 4544 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {063a4bed-b6f4-4b60-a4d6-55a782bb46af} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4900 1e9a79f4558 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.17.1850729855\438472670" -childID 14 -isForBrowser -prefsHandle 10844 -prefMapHandle 9456 -prefsLen 26891 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf448c96-efc6-4229-820b-f2dd70321cfb} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4948 1e9aa9ae558 tab

C:\Users\Admin\Downloads\Monoxide(1)\Monoxide\Monoxide x64.exe

"C:\Users\Admin\Downloads\Monoxide(1)\Monoxide\Monoxide x64.exe"

C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe

"C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x420

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\co.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\pt.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ru.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\tg.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\uk.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x7ff699b37688,0x7ff699b37698,0x7ff699b376a8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

"java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\hh.exe

"C:\Windows\hh.exe" C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE

"C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE"

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

"C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.INF

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.INF

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.INF

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files\VideoLAN\VLC\lua\http\js\common.js"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Windows Media Player\wmlaunch.exe

"C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Program Files\Windows Media Player\wmplayer.exe

"C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Windows\System32\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\Styling\css\PhoneDark.css

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\Example1.Diagnostics.Tests.ps1"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\Example2.Diagnostics.Tests.ps1"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Example2.Diagnostics.psd1"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\ContainExactly.Tests.ps1"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\PesterThrow.Tests.ps1"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\TestDrive.ps1"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-fr\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugin.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\plugin.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\ui-strings.js"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\main.css

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ru-ru\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\da-dk\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sv-se\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugin.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pl-pl\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\tr-tr\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nl-nl\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pl-pl\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ro-ro\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ru-ru\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sv-se\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\cs-cz\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hu-hu\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ja-jp\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ru-ru\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hr-hr\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\eu-es\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nl-nl\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\da-dk\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\eu-es\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fi-fi\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sk-sk\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-gb\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ja-jp\ui-strings.js"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Added.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

"C:\Program Files (x86)\Internet Explorer\ieinstal.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeLessThan.Tests.ps1"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeNullOrEmpty.Tests.ps1"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\ContainExactly.Tests.ps1"

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\InModuleScope.ps1"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\xpsrchvw.exe

"C:\Windows\System32\xpsrchvw.exe" "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00003.jtx"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 analyticsnew.overwolf.com udp
GB 18.245.143.104:80 analyticsnew.overwolf.com tcp
US 8.8.8.8:53 104.143.245.18.in-addr.arpa udp
GB 142.250.179.238:80 www.google-analytics.com tcp
GB 18.245.143.104:443 analyticsnew.overwolf.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 211.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.233.67.78:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 78.67.233.44.in-addr.arpa udp
N/A 127.0.0.1:49985 tcp
N/A 127.0.0.1:49991 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr1---sn-aigl6nek.googlevideo.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 173.194.183.102:443 rr1---sn-aigl6nek.googlevideo.com tcp
GB 173.194.183.102:443 rr1---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr1.sn-aigl6nek.googlevideo.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 173.194.183.102:443 rr1.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 102.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.167:443 rr2---sn-aigl6nzl.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.168.167:443 rr2.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 167.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 i1.ytimg.com udp
GB 142.250.200.46:443 i1.ytimg.com tcp
US 8.8.8.8:53 i1.ytimg.com udp
GB 142.250.200.46:443 i1.ytimg.com udp
US 8.8.8.8:53 i1.ytimg.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
GB 216.58.204.78:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.187.225:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
GB 216.58.204.78:443 youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 172.217.16.227:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
GB 172.217.16.227:443 id.google.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com udp
GB 216.58.204.78:443 youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.194:443 adservice.google.co.uk tcp
GB 216.58.204.78:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 rr5---sn-aigl6ned.googlevideo.com udp
GB 173.194.183.74:443 rr5---sn-aigl6ned.googlevideo.com tcp
GB 173.194.183.74:443 rr5---sn-aigl6ned.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-aigl6ned.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-aigl6ned.googlevideo.com udp
GB 173.194.183.74:443 rr5.sn-aigl6ned.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-aigl6nek.googlevideo.com udp
GB 173.194.183.104:443 rr3---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-aigl6nek.googlevideo.com udp
GB 173.194.183.104:443 rr3.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 74.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 104.183.194.173.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.225:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 www.google.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 172.217.169.54:443 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 2.18.121.90:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 90.121.18.2.in-addr.arpa udp
GB 216.58.201.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 www.videolan.org udp
FR 213.36.253.2:443 www.videolan.org tcp
FR 213.36.253.2:443 www.videolan.org tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 images.videolan.org udp
FR 213.36.253.2:443 images.videolan.org tcp
FR 213.36.253.2:443 images.videolan.org tcp
FR 213.36.253.2:443 images.videolan.org tcp
FR 213.36.253.2:443 images.videolan.org tcp
FR 213.36.253.2:443 images.videolan.org tcp
FR 213.36.253.2:443 images.videolan.org tcp
US 8.8.8.8:53 2.253.36.213.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
FR 213.36.253.2:443 images.videolan.org tcp
FR 213.36.253.2:443 images.videolan.org tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
BE 2.17.107.112:443 www.bing.com tcp
BE 2.17.107.112:443 www.bing.com tcp
BE 2.17.107.112:443 www.bing.com tcp
BE 2.17.107.112:443 www.bing.com tcp
US 8.8.8.8:53 112.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 redir.metaservices.microsoft.com udp
NL 104.97.15.59:80 redir.metaservices.microsoft.com tcp
US 8.8.8.8:53 onlinestores.metaservices.microsoft.com udp
US 2.18.190.83:80 onlinestores.metaservices.microsoft.com tcp
US 8.8.8.8:53 59.15.97.104.in-addr.arpa udp
US 8.8.8.8:53 83.190.18.2.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

\Users\Admin\AppData\Local\Temp\nsc662D.tmp\UserInfo.dll

MD5 9301577ff4d229347fe33259b43ef3b2
SHA1 5e39eb4f99920005a4b2303c8089d77f589c133d
SHA256 090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc
SHA512 77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

\Users\Admin\AppData\Local\Temp\nsc662D.tmp\System.dll

MD5 7399323923e3946fe9140132ac388132
SHA1 728257d06c452449b1241769b459f091aabcffc5
SHA256 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
SHA512 d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

\Users\Admin\AppData\Local\Temp\nsc662D.tmp\uac.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

\Users\Admin\AppData\Local\Temp\nsc662D.tmp\utils.dll

MD5 aad3f2ecc74ddf65e84dcb62cf6a77cd
SHA1 1e153e0f4d7258cae75847dba32d0321864cf089
SHA256 1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8
SHA512 8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2

\Users\Admin\AppData\Local\Temp\nsc662D.tmp\INetC.dll

MD5 640bff73a5f8e37b202d911e4749b2e9
SHA1 9588dd7561ab7de3bca392b084bec91f3521c879
SHA256 c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
SHA512 39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWInstaller.exe

MD5 bd7e748fe91c5f91ae5aac238b4898c0
SHA1 38186885842d2d59b539cc50a5ea7fef13fa170d
SHA256 6037a675cf68dbd4f8884c72492f6782ff242f0ebcc55129a7eefc3980b44e58
SHA512 b089714f99c3330ad70b159944f1e9ead702b3661074d26aaeb2a8c52619717685d1fb6fbc95b37063dc3da9cb5f0e0c0a58647cddd39fec8dcdc0cf3451fc39

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OWinstaller.exe.config

MD5 82d22e4e19e27e306317513b9bfa70ff
SHA1 ff3c7dd06b7fff9c12b1beaf0ca32517710ac161
SHA256 272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827
SHA512 b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9

memory/1588-136-0x00000240F0CE0000-0x00000240F0D2C000-memory.dmp

memory/1588-135-0x00007FFD1CD33000-0x00007FFD1CD34000-memory.dmp

memory/1588-140-0x00000240F3160000-0x00000240F3204000-memory.dmp

\Users\Admin\AppData\Local\Temp\nsc662D.tmp\OverWolf.Client.CommonUtils.dll

MD5 6a45b1f51b619ba08761fc91567bf0a7
SHA1 4c29b1915dbc859ec462d13bfca7f77a9985133c
SHA256 4ad3ecd0591f8dad217d5d99e11d809cc699c28f55296845148254f6fce69828
SHA512 8fd3c507338bee22af8a74922e1deb28e928734f208cea667bd12e434ec23636c77ccc4d33e9d7c9fefb87715dbe6dfaf75011c3a01619a5050656aad85a3419

memory/1588-142-0x00000240F10F0000-0x00000240F1104000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\CommandLine.dll

MD5 1d859391711a062c5f48212686505a6a
SHA1 06db312b20ebfd24e1dd1f729d8ee8dba761c8f6
SHA256 cee8683c16cc43a542cfa1490894f555857eaf031fcdfb1ed7059e1538e21c8a
SHA512 340224199c171c3d5b9f06d4a9e6159bc7dab79a58324cffbe7f86857b1eef49e5f9d022b4ec907f9475aba334029ccdf06b8b05ec67b197a9c15809cd8ff7a3

memory/1588-143-0x00000240F3740000-0x00000240F3C66000-memory.dmp

memory/1588-146-0x00007FFD1CD30000-0x00007FFD1D71C000-memory.dmp

memory/1588-145-0x00000240F2920000-0x00000240F2966000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\log4net.dll

MD5 f15c8a9e2876568b3910189b2d493706
SHA1 32634db97e7c1705286cb1ac5ce20bc4e0ec17af
SHA256 ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309
SHA512 805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e

memory/1588-150-0x00000240F3390000-0x00000240F33A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\SharpRaven.dll

MD5 8f6ff3176e7f0b58b033b3d3f1303db3
SHA1 dc21231170a74f459e45d81fa7dba15e0c6fe2c9
SHA256 0ea20361a01f8fc8eab21ab5613e77d36a3506793d4487438c314daf86e90630
SHA512 a0a3b3548983d15936b8517c2b5d5fa624b902522ab067ad552bedbd361c3192fc2cae889da0f8c986cfd295cccbbaa91596f478154c42f1a1cafbbc7eff86b1

C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

MD5 2d022dfc0d319df40d6609587c8b5709
SHA1 303bdc55b8b51afe1e782dd35f7c13cd8418ea55
SHA256 6ba1d34632514d0caa933422c86a97ffd272bde5b0ac7827c3682455a23ca83a
SHA512 aa4ac9722f68357aac5fbcbd9073208d4079d03901568275aa9eead49ad7b7a63047d946277f3fae7f0ef521cd90336557fdc5440d7318ebf28f6bea4c88f9c7

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\manifest.json

MD5 b8e8d71fa7a9474c7875284925aaed4e
SHA1 0622eaee0daa6f3e36beb71e7a5c8f622ce2870e
SHA256 949d178dd878e2e5b5fc71a457503f139f052c54947f233a124ce1a0a6e7fb22
SHA512 4ab844d7e120b12600e0600c6b7b948a27e02cec4171ec757da0f2e526318cc627c0d2be1ddf375b2cf3483addb2348305ae0fc8bceb6a527ba92beee20a5d50

memory/1588-161-0x00000240F35B0000-0x00000240F3660000-memory.dmp

memory/1588-177-0x00000240F3530000-0x00000240F3552000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\Newtonsoft.Json.dll

MD5 98cbb64f074dc600b23a2ee1a0f46448
SHA1 c5e5ec666eeb51ec15d69d27685fe50148893e34
SHA256 7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13
SHA512 eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\images\icon.ico

MD5 9a03fbfd56d8e501797359aac3d72ed1
SHA1 b31e87a87486c00f9266559707e2cae4831f9d44
SHA256 81c69b545c347e1708603fb912511d8eddf755cb27f37fdc6a6fd959c6cfb94e
SHA512 29eb96fe4bdded257f3330672b1f9f2086c28e1e863a093a6fb750b6e59210b47b5ed481e3828442f38c5c6d63ef37709716af1e3913afdf37bf8e574f976fb4

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\index.html

MD5 6d8c9edde0ce101ce0abd73be45c684a
SHA1 ce6d94d2d1a7f4761438781affd3aa991018e4f5
SHA256 f15c54f4ac4f55bcfa281b668220eb144e63b9de2292e970095a4dc566209682
SHA512 06f35ece48e4e19174da18ecc5dcac3a7e4d7ffbb102c4859221c7c569027ca72e40c9ed945872bf4396bc02ced7ae46655c88e3ec40d0a2f2e3bd0fcec80203

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

MD5 eb6d6bd7e05d4477e2704dd87b57ca35
SHA1 f42672ec1e23a3f4bcc2952746d87ba8deff44be
SHA256 5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5
SHA512 1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\main\main-controller.js

MD5 15b665a5c915004e1aa7e9e11a710f7e
SHA1 7821924e42bb19d60c572ff80bbaaa04d7aaeefb
SHA256 84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653
SHA512 dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\main\template.js

MD5 a118c7724c208f12083240cafccfd10b
SHA1 f89c676a215b869626737862a08c9eb07d440211
SHA256 63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc
SHA512 9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\finish-with-recommended-app\template.js

MD5 d1cb34b57cef7e28b9286454b197b712
SHA1 f3a964b319bab82d4eda07e126bbfd6dec35c349
SHA256 b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42
SHA512 3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\finish\finish-controller.js

MD5 138240ea22084428e9e25583e9156568
SHA1 e8bef7eab5b6e7040b996ec9504436e073444bd9
SHA256 4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec
SHA512 e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\finish\template.js

MD5 f092de7ea66d8e920b345f38537fa35d
SHA1 82d107a409f18878307ae0cefe24074db64937c4
SHA256 b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f
SHA512 14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\progress\progress-1-controller.js

MD5 82f0b997ed552c52a510a9f2ab29dc3a
SHA1 92aec3a656053c71eccdde610130f5d8008fa96f
SHA256 838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105
SHA512 ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\progress\template.js

MD5 92b145e6649ba0add3dee9a69d3fa91e
SHA1 4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d
SHA256 a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab
SHA512 747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\app.js

MD5 f718bd3f18dd499612623852cd2a2135
SHA1 9432b7898f655fbbd8132f4b3f8822959ae3ff97
SHA256 a14fcaf11a16ad7d904960538ca35d5b05e1c1b6a916f228db6b319c6195acbb
SHA512 90a697f93f239e8210ad47b6f012d3b40ea9c23a92ab909434d0e2d71bc3d9663d1aa73c64646e3dbf417f9636d1190b3d0cf20d349456dee6b6b8d5536d0338

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\privacy\privacy-controller.js

MD5 15bbec339f5046f525e3aa96d36c30ec
SHA1 f73d40bf06584737fe327f1eec6f4b0446545226
SHA256 14d9c60cd97f18e74fee2dd80b6a190eaccc526085991f356feb6b4d330a0fc3
SHA512 2b0edfd2d5efb3f739e56eb6f3bcfae4789af3e1639f5f8e5f7530f5af10eb1a61464d665c9d9b2f4eb3796f2445108599d8bea75f1709aa562feebee519da4e

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\privacy\template.js

MD5 cf8d2c26520d7c84e560dfa79e31dcd3
SHA1 716f2ec17480d5cc9c145bc147833fbfc39d36f0
SHA256 95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8
SHA512 d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\settings\settings-controller.js

MD5 378c18dd7d5cee6ca7c4ddd0396b535b
SHA1 d5f81d4fab29201fd1629dc4d8e6f918c0c30479
SHA256 b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35
SHA512 c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\settings\template.js

MD5 28513de0830383a516028e4a6e7585a0
SHA1 d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5
SHA256 8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f
SHA512 0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\welcome\template.js

MD5 17f54fca6723b983875d940d931e0afb
SHA1 01774cd5cea36bd74c80a708d6f77567e8091024
SHA256 42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb
SHA512 401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\welcome\welcome-controller.js

MD5 50f676754862a2ab47a582dd4d79ecf3
SHA1 1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158
SHA256 6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b
SHA512 ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\cri\cri-controller.js

MD5 4e4b4a9e2d86ae3c108105078db6d730
SHA1 826946be793c999316af6c1db10523950b18ea2c
SHA256 cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7
SHA512 1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\cri\template.js

MD5 76c1ef0cb437db144c2bed53a5a8a5d7
SHA1 aaab8fff649f8e46d1e9510018118ee9abe01498
SHA256 505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e
SHA512 822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\windows\modal\modal-controller.js

MD5 b04bdfd1c7d09bdbdb94a2455fdd677b
SHA1 f000ba4866ff16d75bfd6cf446763498e19b12b1
SHA256 4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1
SHA512 3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\models\notifications.js

MD5 85afdf9897bb1236eff3afa40d15ece6
SHA1 4362bdd139458eaf4a2dcb34294b43e2d53f4a26
SHA256 9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32
SHA512 4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\modal-events-delegate.js

MD5 117e4fdbdb0ecf211c8bd909efd337d1
SHA1 9f8684d856b7c95bdffb139217dfd89f41373187
SHA256 267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857
SHA512 f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\cookies.js

MD5 6c60e675f8c8c68c0174b644d3a63a2a
SHA1 3635a3fe07ccc4a6f33a986ddb690522d0611abb
SHA256 9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287
SHA512 1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\commands.js

MD5 65015f2e2e490f6786abc0560e33e1d0
SHA1 47b5c2b3b1f9381e4d2b9d1f3d82ba62828ce28e
SHA256 e874c959c7b8e4351d730d263231df7176b5062580a7d3e0a2684001b510f5d7
SHA512 a4ad579acfa6000fd8074893a6b45df74558c57afd5b957217491784fa25df370c59d9f92ff245abbdf3d26b42114cc22359ef95c4baa322e326c7e210f43edf

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\analytics.js

MD5 525281e9959af4c1c0d11b9243c798a1
SHA1 237a84c5b57bd132f48446d718b20640cb28c263
SHA256 c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d
SHA512 fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\utils.js

MD5 a0952ebeab701c05c75710c33d725e7e
SHA1 1da8a2e889f1213d481ae3cd5571670c01e64adc
SHA256 b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246
SHA512 5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\utils\strings-loader.js

MD5 9c94eb933d8a43dd3825e67a7e30c980
SHA1 7ec7b16af6f399219209ba5967d377040486a11b
SHA256 96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf
SHA512 a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\block_inputs.js

MD5 b5b52c92b90f4283a761cb8a40860c75
SHA1 7212e7e566795017e179e7b9c9bf223b0cdb9ec2
SHA256 f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
SHA512 16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\libs\cmp.bundle.js

MD5 1de143ca1babd3c02744f478c8c05c5f
SHA1 ac918b3d2d5f9cbd9e3b3f5e075ce3c96eec16b3
SHA256 7fbc3a088ec303143109e0c1b2c04f4c5a6e450a2d6f3071fefb66e92f643ea0
SHA512 6e419e11f35a3258124127970961907ed8fe0619f618a4c15542ee7f8a01a9f4a7af4d290b634444d21b823ca1afea65f97d5788fff6665d55c2231214edff24

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\js\libs\jquery-1.10.2.min.js

MD5 44e3f0db3e4ab6fedc5758c05cf27591
SHA1 2d408aa1d35661019c95adcc60b78c0727ed25b4
SHA256 bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144
SHA512 4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc

memory/1588-214-0x00000248F6DD0000-0x00000248F7576000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsc662D.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot

MD5 6cfad5881181ae658a6efdd68889a690
SHA1 5b54f6ccc20ed3a078fbdf94d7a68ac80002624d
SHA256 c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc
SHA512 ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\8bf27e4e-cd15-4699-a599-f6d472b38e1d

MD5 cc2fe54d490d683007bdb1f0996e19ad
SHA1 e931c80d9cf19fdbfb76363cae6b1c4ad3cc339b
SHA256 57852f06633782a4a8d98527a1dccf237ddc89abd95c70034b9ee40e0d24d28e
SHA512 6706eb7da8d7a915efc5c51513dfaf7e47527791a3ac13281aa796e5aa481b02f444a50c012773434ad4068d6c5ef630f133da2690a80bf81f845a7538fc2f1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\835f2a8e-d8f6-4044-9e78-36aaf60a8c1c

MD5 4f651bcf23462d09d63e563c6c738bcd
SHA1 7300d73b80a0036859c612d15f2b8d7a305daf38
SHA256 14a84ef21ccc6bd570e359b21d9f64ac27d72b88ebc069f37791bc8c6f13f70a
SHA512 705827a4f065b97e9fd9f3d5724b6c5157976b3f0940a50f2d50fa785a54bfefa2f9b61f1ea4b24186349e694013351ff23a2adf45aba3633259414897caeba2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

MD5 7a6c4292c9e684009999fe40abaed3cc
SHA1 cc4f834e931907ff8c20a1d3c08f3bc019e20682
SHA256 fffc0fb2ac31217fc4b6641da670be022f6c5b90dc709fbe74a10ced4dd51193
SHA512 65b4b8c95387d58c7e49bf55626c6ed2bf4c88d4cbf82cec5ad7e6f53e2ddf6c08b34e4b66458bf8be9e6e7aa09118157359f78aecbcb75c58cadeee9940c68f

memory/1588-291-0x00007FFD1CD30000-0x00007FFD1D71C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 a403e48f95e5fff607f4398713251c7b
SHA1 884480eef9db97b2338034b663fbe041705fed9d
SHA256 7fb17cdb9bae2ced66ebcd0b733bd4c8aa412c9eb8ceba27aa36db67dc3a39d5
SHA512 3d5eb003048b30bf786dd41e1a8acc5b7a4a9fbd9129e4ca0704cb7e3019d05a9664c7b51c7f074e410c2c3746ce5ea114dbf88401c68afec023e830f3736f7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 639685a52ba2554bb04d208d4385fbad
SHA1 5d37c76ec87e21c8ebf651d8e2d13959bf734cec
SHA256 73afa19b659a032b62bf62bdd48b5d2c3ef161d0a6bb41f6154c2d1115378feb
SHA512 0146751b13dc1fa3b66475875a9c71cbd46dcecca1c2cccc0e7125a220bdc1b610b658ad36b09904253dc14e6b71d879f2e97c36e144a67427cd8aa41c67da3b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 f53e9212d949ff1c7d4a0eccdb2f76e4
SHA1 5fdf7b47226b812a6532a18cfd3d899db951d097
SHA256 344a18556ad8c5896c4fbe49759cb14b459ab3ee044535dc8da32bacb82be3ea
SHA512 f975e213c563c2094cf03c93d8c6924506f8e6bb670f56e3c5f055c17295e264142b0a1a5c526fc51a0527517966aee5446cb427e28d63de6f678205b7dc1b52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 43c431d051c602ae68ed89547d8675fe
SHA1 c39b86197bf897bf22820dcd8443aa138d6ae4ba
SHA256 1def260adcac94bce9f5af9d571f4ac1a9f4398546aee7971c93579d59217d8e
SHA512 9526b836e62fb0634f4a250fc371d479a60151b5e59da093e270abc82202f39e480959a112c81a6a168a9949f875554fc166c804c5657cbfb25bf84d5cd7edc8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 110f03a239904adf797ebee44c694697
SHA1 ddb106931a423d4dce0701c4fe503eb8f068b3dd
SHA256 4ffb0b33d68adb6928b2c0b42d4f5d5c702477d87aac4550ce9bbbcd8acf0b4c
SHA512 8d41de24c0fa583b52e37907f44ab3682d154e2b6a898840f427bcf02e4fd392e3ec0bba15ba1d53714d5fd3aa0c55701efd0ce3c03ca2c81715e2792a92ef64

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\idb\2232182701SeesravbiacteaWDosrgk.sqlite

MD5 fb6fecadb04c5cdc9ccfca789b6e0a44
SHA1 e0f118efc1af5799ccfac3e01dbe799ae3106067
SHA256 0a439b8a109de3b143b33d85c946c01afbfc7059913d6df6ad6585ad18338cb6
SHA512 a7771ebb22e58ab11a5d4bc5ba60f9dd1c1e8915cb2ae9e79215b1bec0f725cda8641284791fa45ca53bf64f1a1f84d8319f9ad21377552a5d73cbc3ae3fb011

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\37\{98703d4e-9b13-4e09-ac0e-e8861b993625}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bd51226e69e8a2d9ffacbdc8c1aca5b9
SHA1 4aa407723b26f7ad01be593ccd7f08223275132e
SHA256 ec115dcfd33b052d48cb0cdb9387fe774b824d8aa1c668cd754d981b6a9aaa74
SHA512 5326034b6bd19870f74188462d936ddab7315d7e050885b964e9ea1717cb0965da901138752f3d4e1e82e80c424191d8f8a49fdff3efbce840109be91dfd5542

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\8394

MD5 68070d6b008059d8256feeef5cec260f
SHA1 5c803fdb00da8ced3c51804ad5b6480a6b689064
SHA256 5d1d6e6d55730f5a3ff388df3f601487f3f5eb79648e83655eeee09a8608a1c9
SHA512 ab3e1e25bdd6c7e6dbb7add25ef4e2dc69c939039a128c98878629eef1902463769f86eaa059269dec204ed47e8be0ce9bcb3d5b1216b61bb676df0093d1156b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\9078

MD5 097a53d4e48842280dd4018773d4d77a
SHA1 6544fee77111f8c59071fd6424fbd6acce5ae1da
SHA256 129dcf505a32e84fa0e3fb00b0ad04b8732f29d388fc681278534899e6e0cca0
SHA512 1c15b6cf7eb22a151a973623d005bcfdff2343e3c05e68a9f3f53db789d156f4de4960ef8f48d0f63fe8a4c433fc33c9ae61ee210fed24a916f142d3225821ab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ee6db88e68908ca663f4ac72e5f7fb92
SHA1 a1c4d7a938f3240f0ad995f34c2980b2d446fbc2
SHA256 3be903cc5f6e653759cfe2a0bb8fd7ab62bd5096f95402cfee87311f4fd1e64b
SHA512 7ab8260c608bed854e50c078fe19967361e3262cf59de2d67d9d7ef9b338d4c71ce4bdbe0240c3f1a49a3c5ae31d63d48aa0eea53bfe6b8f6e93207c3c627acf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{21b1f832-e694-41d8-b8b9-bb47a4a7bff5}.final

MD5 fbd22789de072ea78ade96d207db2363
SHA1 86b5c4d2835c1aa67e84793d7ab378d4294f8221
SHA256 20514655537458bb5b40f09c97ed8643d44b066eae423f050e5805742eceda7c
SHA512 7479a22ab87eba081f3085efedff571277f6918762dc27852f536ade5c53306e3916cfecf5179cc87ef17b649480c5947a8017987d4cf8ecb07c21f64b6ad709

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\226\{e16eeaca-651f-4e43-9e62-30b79baa15e2}.final

MD5 be203547ce77fa7a91259437b55c0d1f
SHA1 cff2ff2c9469ac96eff7baaa308cdc886fab804d
SHA256 e5f9c781a4756c64455652d9b4bd944aab9ecc1eef556814c00b1797209f4840
SHA512 adf00778a63ea8a143f8fbbf61188392a87a376234e17856339036854cff3a5247aed0b1c0b603332e244d348d58402ba58b32f6df6cc8e18f9d8242f6573f71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\63\{db7a0f85-d441-409d-87a3-c7094fc4ff3f}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\67\{05cd494a-89fd-4eb8-ac6b-9741a8109143}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\126\{ac97ba4d-0b3a-4059-9b89-f86ac923f87e}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\11F50A8EEC3EEAA349ED4266D483813BF69FCDB5

MD5 d77b50924908013a24b92541db58745a
SHA1 fd7fd494a881de0a8b34cc12b2517f13993d955b
SHA256 a9331246b0fe365393216e4acee3b15b88e8d62c840f81e3ae6879463f999504
SHA512 692c781d8fe3a15abf86bd228f3b1b730b4a95f1412736573923262ed5acb599d1026d20df6371e1f00934bc66d7234f7dae2ea194df08c206049cb2cb22997e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\20\{04ad1906-3c52-4bcd-9fe4-bd97f9d1d714}.final

MD5 b719a3c8378a40cb900349ad2a922921
SHA1 10a71eded94cf7fcf70bb4952a35434526264e88
SHA256 7d6082dff0e7a043a631ee1ac1c1e094458d7f7607d075db809ca60f531539ba
SHA512 5bbfe366cc072b80c4d35c45ec91c4ce60a6f5140e6ad7109554ca3dcecb765336ffe938bf490e99c8edddbc3571d41c8e2a34e1becdbd9adaf334b15207e167

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\95\{37cc969a-981c-4864-8600-023b03284c5f}.final

MD5 030dd07949fee4d5e67e6885b76ccedf
SHA1 a83002727b38d84882fdc444a3f5d7fd7963acae
SHA256 95c8349deca56128ead6daceb682594a737a5af8a03b70065e1f2c6c4fb84209
SHA512 f094815a8ed89bb7e6376238142cc13887694fb184d9ffffdac56b7fae2bde2ce7acf3d50c0431d14ca2e03620526cc21bfe1b6c44b467e079e30e9dc3a8e87b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\217\{248d54aa-a911-482e-a632-f9cec92facd9}.final

MD5 184e8de5f2d1b10b1cd688026dfec0ca
SHA1 dd632464c3ad026e57bac8efc3348eb7349dad84
SHA256 e3aaf869118c6db298d843c5308262f88ce5ba474d88e7043badfdea4471c93f
SHA512 e3495544032b7f6760967b0ccf57861ec5454bb32e8f5f7d2165fa63e6ab580e278275a1f719fa55fa17fc0a3aa9788e15ba60ff2ea0e25557f0160607066143

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\241\{2de458bc-c838-4219-b763-7c28a21be5f1}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\59\{b8e0d13e-c102-4ac8-89cb-472ce93dda3b}.final

MD5 41d7c0ee3ebd3ecf60e8f06238d8976a
SHA1 313d08e7b04eefdb0ec87504462f522d7cb94d4d
SHA256 7b48b7ea9af7535de272491304ba8988db28c4cdf0d50c800e7d461666e73efa
SHA512 9619b290dd7e07d7a4d9768ee35dd564e37f1b0f4357bd2cb8a39c1289772f275f23f260114fac395974f544ff70efc168285a34611f40950eded0735d2ca6ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\165\{72d5ba90-ef2c-4aef-959c-0870c2b101a5}.final

MD5 18ea68569ded72b5f8f681906febe6a4
SHA1 5797e923cf4e23b0c5b834923ed11b3fd101ebf4
SHA256 3f7e5effbbc5b1d293c34e82334eef3f6f20195436b46a97c9322a406af63cc6
SHA512 e32bfa8081fcb47042097617f10454358b0fa206db22cf3d4ceb09c7134ca97c4cc3d8d283e1dfe7b4db13c0254ca9aae2fc2dad38d50cff4375373d76d9e060

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\85\{f9f628bd-1ef4-446f-b90b-a111cc58e055}.final

MD5 a601665adcb4c6be23f3f43db3ecd713
SHA1 daf1dbb4c74201e6e986283fba3603b508d576d2
SHA256 38f281885066fb223a840e11199c5fe053ce470857cb8ffe5fdee25e226e2e7a
SHA512 b60b5afbcafcfb4d4751dda855ce4e40674ba635a28dee30b9ee8dae0cc1a751623ebcc3f1657aa1e847ba317dbb4bcdf44e73fd68b96ddb9ebc3d0a73bb5ae8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\17\{575f9674-cf12-4ea0-b5ce-ec8282a60c11}.final

MD5 31f682f3d011c942f1c41b7f915eec10
SHA1 0163e4cb475138b8f6ef221cf0bb15055f628f4c
SHA256 00392c87ab0206705a7f066ab9b2cad308eb3b2d0b538fa535d053b0c662c48a
SHA512 da32317bdc01471cf7fe107c80d3b69646aafbde3ba9ef7d4fc674c56034d78dfc08ef33d8c133cdf198e4ce265625c8411cd85b2cc6d57016af360129db733f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\141\{3e013cf2-aa6f-488b-a47e-fceaae0fff8d}.final

MD5 b0e3a03d13d45c1f130df30ee51eea72
SHA1 ed19adf38b3978300a958e5287546be08c8fb371
SHA256 ab156c3358cd6b946718508bda5099c8cba2e4583e3d03fbe0401c0e6f20e5e7
SHA512 3fa2fbaa7f78f69d0df8e3b8211ad56532cb0a68a9ac89c37fa5354fce51e114babd0673f2f44d109fe2e518ad7806b7ff3040a840e3099be4cc5f6dc07f8154

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\210\{d8d767ac-8781-408a-9591-185c324d2cd2}.final

MD5 0c93d244125f8056cc0a69a4ca53f049
SHA1 e35678e1a49498e40e1ed508b521e79779a6d25a
SHA256 f286ce18e4e82f60816536d23dd2b1708cc45a3d1850b132b282feb1d5aec4f9
SHA512 198952bcd97b9497f6cabd7c9dd6cf0b8e75416fe5a2eaea15ca1e30919b7219be5b28985752834f0b8d501b9d6f6b637ac799db078a16f1e7e95480dfedcf5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\105\{60df6f90-4d3a-4b20-89ef-b554135c9369}.final

MD5 93215d67966bcb26afdfaa76aa00aa91
SHA1 aa3252645abeae4e228d6595c93d829afad380a8
SHA256 aaf4281ab5534bf37010c4e3ed86dab18a9f4cf8185f85ba7b0e6ac59c844849
SHA512 52df1847b0b802417b245e1fd51197349639fb25ece34a48003120b2920255b52848b3318f0f9602f8d8bf22bc7e761082befcd21b9d06b6a1e882a23f8c9ba6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\14\{ea1bdc76-047b-4dfe-9863-7e865eabb10e}.final

MD5 8d9443186ccb116d608c8970023a6c4f
SHA1 c280277c0344161167dd348d9267548041e95124
SHA256 70feeade7e05a69d4604df99cf1ff6793f7aed0879ae06b50a69b86906a892bf
SHA512 66240fc8a36102b8d3cc7cf157dc80981bb05ff707efa775b82ad6219fcb72fca9a3c45f30aed6147b222356a06a9b4063c9967f41f1a246735d68bd502eca51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\137\{4e50b760-9a13-4448-ab22-f46eb0d15489}.final

MD5 9d8bbd70725c7ef1461172bcc4e85c13
SHA1 a4c4db2ae4f58c81ca1de7fced23b522d6bb8f73
SHA256 4fd302f56fcfae608964aad2038a1570e38e96b82d52d590387ac91915a8c8bd
SHA512 fc90e23b5e86c1d6aab537069159ce5eeee5068817b6923bcfa33d93e54358fc38c5dd8ec4638b9eb5349da1fed4679af0159ef958cf48227efb14dd67511811

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\15\{cd482e25-cc00-4183-93ad-e9040f0a960f}.final

MD5 c6993227cd75c082eb25aee8332d888e
SHA1 a2e27914baf9a1a4b8579506f419bc7167dff937
SHA256 75c2bda8599570de972a83352d94cebc61a2bf66c8470a0461f0803c59dd8223
SHA512 bc37854e6471273085bd3ee362ede016fea6eaccb11194f749c3a092bc803df07c7dfed2d0a3fa538cd447a21d4875f95ccac3ff4f278c96249e7110cb968b39

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\171\{fd89daf6-f2b9-4bbc-8414-442dddbfe3ab}.final

MD5 f5ec5b6fdcb0fe6f76aca19310305268
SHA1 46d30ca75e110987809f6cd78f52b5cb35302754
SHA256 c9f94f5a2384b5a253cbc563cae021fb1d15762412fabef25d90b4f0c60814d0
SHA512 d22ba260c9738129d976df698208c8cc7a9b70dd89c0f81f995f0105940a2956e3097adfd2c300c94387ebbff54af720429795ee1bf4d81f3a1b6a6cc666940e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\162\{b075ef35-b5aa-4e37-b1b8-4baf73a3cda2}.final

MD5 32355676adf4c64f1fe47b92f9500b6f
SHA1 cc2a0c3f0da02c1a1ac32a3a5ba417010f89f73f
SHA256 f4b28298d53a353c23a88b0c82002f1036c376d22154ed21630a8c1d04e2a841
SHA512 1945dfb8bf90df999cf7aaed9c881b2d10df4a3550f2bceaef655b2379e79d8128ebefdcd4f37705c7b42dcabbbc4c25dec1c1f9559f4e727c6df45f769a2f95

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\57\{15089b7b-701c-4496-9fa0-5f1bb2c89039}.final

MD5 c65b0ec9f20fa9e69df1fad2b2a28e33
SHA1 4449fe9d195163e22a0b205966b402058d9e8bd2
SHA256 0500a3b5295d9ecac1151418dd4279da2aeda76e2b9f05ac56967fcb882dab01
SHA512 19a870b77f57e555b2d67116dee5487e700bc64ccf689ef98fa0e54fac162351127c09523f8e8d9a3c3587ce089b84eb5e81076486dfbe93171843b6360f5516

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\44\{11451395-af76-4539-982c-f326516c072c}.final

MD5 004c0529776665be8335ef4beb8d0eb6
SHA1 8b1fb58622c92f0ce3e490bbf21b532818797f8c
SHA256 493593022b630c1c1bdfc20479ebd34465a1bc79e066b04f388c6572375b0005
SHA512 6ee9bb5cddee2ae52ad1d3f068d08011ca5696975783fcdc816c0e16dd27c87ec0957d6c4b63cdbd76664899fd8f8df087db375a5eaca8b9d494430a6ae09efd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\166\{9ff4b6b8-4a36-4972-a19c-d2aaa20402a6}.final

MD5 bc7d8425fe4aaf118642e9a60d1b764d
SHA1 7456f9cbd82c691a2832ca856873d8e00901fe1b
SHA256 0ef51d3deb46884c157b25b78667241a8809dee794e3402c07b3c5fe972c1d92
SHA512 0a2dd57fb2ea736faa79c3127af31ad0671a06653d5bd152597fff5275c38d816ad1633cfee6e870c2de82aaea14a976d627fac4458c688d3650ad8197173301

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\25\{5ace803f-210a-47f0-9ead-391f70697419}.final

MD5 b6c6d354eb2e7e52adb948c0366f0053
SHA1 d7f4586d41fcee9be681c70bf002d36f6d2ed624
SHA256 8383e636c9249a611493d7c83a9f02bbc0d9566d5d3389d8082ad6042271ef28
SHA512 9a08680e4aef9e54a24e7956858ffea9871f874966cb36fef70b5e49f6126b2662c443b4049a3c4d74fdcc00c83d3af12072fadb11a96ecddbb87280a0a2303f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\211\{a8abaab9-e596-4b9c-a5aa-7799fd8915d3}.final

MD5 253a9d7dbf4f2f8141599d38f58f86ea
SHA1 0766863065b6c57e98fb00fad0e6d8ca1c1f6aca
SHA256 fb659afa77a61d064962153784f63ba71e453e597d98b770c02aa31d1cdfa7d1
SHA512 379424e9196ca464ecff6e513cb32a296a63afa9fbb8d19561d0ce9cac304440896f4efb71956bc781cc51eedbda4f6d0e588e075ecba82e482ea2bf6aeb7371

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\207\{19f0f5f7-9841-4e37-8a17-14b13bd5c6cf}.final

MD5 7732897c3667adcbaeb632ed111b170e
SHA1 eee532cc36738b7e586c193db814a088896038ad
SHA256 ea06cf7afba50fefdb6b8ef1a084dab27ba0d9b578814b3b79eecf474b200b67
SHA512 08a7130e9b36e13b2cf41be54a7eef19d209c494d177dea1d11e2e224f17a611c649683fc5b49976e244dfc4d91944ef481fe1cbe08d130126817180b97a0717

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\74\{d1b5ec2d-c05e-4547-bff7-46d4985e6d4a}.final

MD5 50af989865f9dad63f573c5f2bb66321
SHA1 91c2c613fe2faf799d1916e3245c8f7672926d28
SHA256 d36552977b70782f63c9fd0ebbadce131eb78616c7c5f0e0274746cb0adcde8c
SHA512 074f69af44958bf010198bdd2a37272d30da53a22d58313606f5c1f19d67597b98c6cff376bfebf63e199f3965bee93a0588cca0ad70a8eb9e9de3ad9afe5d29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\236\{77a09bd2-8815-42ac-97dc-7baafbfad2ec}.final

MD5 830028a05fd627d68ab70e41825f7f63
SHA1 721199e2f117990f999b2a41d91536aa4790fc76
SHA256 d7f263bba51f160914640b1310d713268e564d9bb1bbb878e67d442589edfca7
SHA512 7af9479e45a89cb49053df5657133a83b86553cdbac5be5fa18ed069c111021ad7d82b02404bb3c35b9e8dc1ed66c3c05bd8a5e8afd4c0d66a598be3ba24641b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\110\{27a3d7da-be49-472f-8a20-17af13585c6e}.final

MD5 bca3032426d23daed1b2d997b7bd5fad
SHA1 76a4776fcca6e6add4773481b6b3a82a7c3f5a34
SHA256 41b63a851c63d3c6ba8bd92548013e1a472973011f0be1b95eb2e29697b32b34
SHA512 67b6c14e89be76624f964eca71653977f3e4c5d8364fa9e008a6810efa9d0ba359aafa79570278bd80e57b6e31820d27dda06a588873c181ee96d8c868c4b822

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\21\{75a03746-aecc-4c74-89af-0525ee241415}.final

MD5 df74de9b9890000872199833e120bb06
SHA1 9514f328171b10d04003469f6dc8a7a4f7daa741
SHA256 3756c1dee77d8250d1431077670e560f38dd9081ec36fa0b5f7f17ad58aa1f84
SHA512 73b313870183d2fa4ca5c38d2192b902c7a79796af1fdbe5e64d8b2d212d2ef85d0bb57f2ba486ff8610f22a9e952bb15947289107ac0d1d307c00015f4baed8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\177\{b6b58269-c8fb-4398-a54b-dfe31f5655b1}.final

MD5 b85f318ce844cd0ac2d4ccfbfde4d2bf
SHA1 f3eea534e7b991836ce9eef594480ddb1bda1987
SHA256 480677e695c4b197a66db44b3d42f937f304e44fc560c6690885827cc99f4a5b
SHA512 1f8ed38e5dcc51daab4e6bc8af64e6b1b8316436519ccf21b2a8414f493efd374bc541a4de3a00fca1b9f48d113b235b657a94d9bb8aba4eee58d0802c1e10b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\49\{86aade82-14c0-41cc-9726-baabf8ff2431}.final

MD5 2d5401040d875e10273c9d8ca9fc511e
SHA1 79ba0a97214692e52090f4d2063deb4f20ade88c
SHA256 31342b78121940f85212b9b664588235affa0cc7fa398e80d5f3914ea12efe88
SHA512 b82ca313bc8e3daa966316e10c8303d144aebce1c00761df10790b93113b6eac2ebca429f099d88750427dff8de2a7448fa470e5cc2eb000c7cf71ee73c3edc6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\215\{f364ad47-5667-4e38-ac27-5db586eec4d7}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\183\{0dfb372c-c0f6-4fa4-b20b-672ed87e71b7}.final

MD5 5a85b3ec969004ce7b23e6712c04860a
SHA1 dad284278108abf777290add4971eb92142d52aa
SHA256 bfa4bd5ff49d8418628f3a3c0da5b6d8a95d5436168b9482d6de954c0fea74b5
SHA512 37d836d572226967995b3f20557f98e4e55b89c08fdfbddd4dc45a6d4ee90a24e5dc8276d0e1971d7b366712bba3382086183e1498b006905169b758e44394a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\108\{3535fffd-8fae-4d2a-b315-6b78db5a986c}.final

MD5 3183686d3a59ab0d15fab2be7411e186
SHA1 22d29c6b9fcfa649773e12680f00d868e6714485
SHA256 2a1c50b6d5014af422db7ff5661a5a68cb0c27ee9cc4768c99502ada0eb63867
SHA512 eb7dcb18d20e28d283ea7d4cfdc08c0da81e0499089117ac068194b1ca2be661d380fe7d938d5828c42d711842bd3793b2dc2a3fe6285fab83b90be4fe3c7b16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\175\{f4614075-a36a-4445-bd3e-267a9c0576af}.final

MD5 a5b6e175f5a577af3302c7029593adfc
SHA1 7b21982420c602f2678b28d3eeb7172d5c491903
SHA256 02240202d841f7910cfc4d17aebdef67a1084e704359fdf544d80dec3809a8e1
SHA512 9e62f4350403815e642a70d746bac7c8862238a8f108491f6e33031db7ebef4ce91a9a97d83f9fe9c15dd70333bda1229dd7d1ee709f964dd8c65071833b6544

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\247\{3185e56d-db66-4d5c-a3d4-af62b45504f7}.final

MD5 440b8569f0166adb464f65b587fc1864
SHA1 bd9ec70774c72144b24d6b025169adcf97f4100f
SHA256 7679aaa38924228f58794ffd76387e65f03fb1a7ed42ba79a369069f2da4c13a
SHA512 2a4d57dabf61b213de49a46569ad00401afeee417d28936851c1ea346d65d5019be0b8092d1857b58ca0bd0f2a1407452920a2f3e0a69688d61bef25b419fcbe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\10\{24076644-c950-4f23-9dee-6cc7982c760a}.final

MD5 4a514bed69506c494569d2de079a4565
SHA1 cfbcb0c9ef303e49adb4f8c85191593dcbdd95f6
SHA256 9b16a083b682783c5014b9a1f4f6914ec9399100e86fd5e56a82fec41ea96a68
SHA512 c2d81af256d7d5e8bf9b4c2ca467a1972aa625511ad0d63c5da573d0916b85b1b09babf4a606d94f6b79f3db26bc00ff8c4b08db485224383d487749881b88fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\63\{7b335b0b-5850-4670-862d-a05512d5a43f}.final

MD5 5ecad04347c2a8c59c4b6a885e947fcc
SHA1 ddfcb94ac1af832b6a831dfabd66b47138534ee0
SHA256 9fb212fc86221efff20faff19c616c41932108a588078ed6a6377cde48e81d4d
SHA512 9a79703298ad64b902f6a0328f6c80031f540a7267ce4f4c96cc33b6b9ab2ba23f1b190f0ed1a51da1ed7306dab020ef30f87331da5cd77d01789c5e8887faf4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\208\{653e9caa-45a4-4b97-8814-ced9443b1ed0}.final

MD5 c4e0cb3d3de8b6bcac527d2f0e5ed241
SHA1 2425b0c4ddb89f31d101257662629cac0c3cf0af
SHA256 3135abfbd2020a12ee327fd81c3739da37a6fdfc11d2032634ce5d33e916505c
SHA512 29e026c7ece58ce6c56d64073f3b0f6a008286edfef920973b7e399ef57f042780f8cb5a940d8654c41abe2a6fc8f60e4427d70fc285fa7fee5fdf473ae66fee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\230\{8d03bc0b-b2ca-4810-8b90-76150d9c8ee6}.final

MD5 4281c6880b38580a12983db6afe98254
SHA1 052f3dbcc36e439f4f23b1e1b608d92ee8e72654
SHA256 98cdb9a3eef1764f2034497868bc60328364b1a414eba55860fc1756aa5f85b3
SHA512 6b92b3ccf7ab00db56c0cd6c7c180741e1a154be3cc04199b883e7c350a818a6b0357454116ddc86af433f3afd57cc8dd89efed7cd0dfda6c3d9bbb270dba533

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\37\{8e8f8c79-aed4-41f6-993f-b01886288b25}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\86\{5a0367cc-839a-4efa-838e-f841471d4056}.final

MD5 25bc26013ca16ec022cc26f5370c3769
SHA1 0b959045667e2ab2efb992cdfe8abf8d833ffa83
SHA256 8e291ff624d1139db9423256f8b7637e909580a54b8838c81119b12cc631b84b
SHA512 ed775d60df5dfa9d6fcabeab00e46d6ddd421f19c8de2ba3d1a78786cf70ddcd86e3dfce18519d916078a36a23f64e9db42149a4e3c26d58ffdd565f3dd9afdc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\0\{0c517f5b-0218-4202-a4b5-b24a86de6f00}.final

MD5 d53cdfdc78bbfa83f76b88fec1baf8d5
SHA1 44fdfb015f2e0ef773b74c91e7aa3084f86be4b4
SHA256 b60f85072330edde455cf9a62c94958d66793b18f461289da8a88b6bc0e29621
SHA512 07f7f09c3828e81d79f88d768dcee3d8f91aded0b408bde57daf82593eee49a1ef2dfde683b0aef1059031b5f9d701dd6a20673020578801a66555eef720f023

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\132\{ab5c8099-9c8b-49c1-88a7-d645dd859b84}.final

MD5 ff1714439da5865eda7a26d7366ecd42
SHA1 d05ac8350fa53bcb01c187b349b9c0b6cd990da7
SHA256 f2406a6799cc1538f17a8ae8eb0f6b053fc8f8cc37f77429de1fb638bbbebffe
SHA512 4d76e9d3676913d82fe7c85f4f481c2508eeb7bdc76f61507353e6af12c70dd2721d43d3405809d518f29b87c0cfdc1658ad688453e37aaceb4e6cb68669204e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\118\{c875ddce-d326-492b-9198-424903ec3a76}.final

MD5 1a840973aaba0bc8aa82cd789f229983
SHA1 dcdad762a070027acd4d167c919a8b12eb7cd4f2
SHA256 fbefd71795c1a773b199567dea99ea28a5bd85ed96abffee7e3f4c1cf6f57c6c
SHA512 871508335ab32879d045ed3309d52512edd03c69e3da9813de212b19ab3ef2e4939f7f108262f12bbcfb593cfff2f1b3774bf4a84076111569fba0f306dcb773

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\155\{8e858147-95e4-44c3-9f1a-f0e725c9459b}.final

MD5 61fe63358ed5c171881bfffc422a3d0e
SHA1 aa75bd2ab0c3337649e0c8b70bda7f026c873854
SHA256 b595399f19902bc6fd474a33408fa74f5f4f97308c2fc8f8e6226897241e5cb7
SHA512 8f8de25ad07e2b76f2e8366d6be5c636cd40e1ea3a36c82595abd42113816a0c7668d1aa6af84b23c57644710cb607d166324330e8e095613190de5159b3b3bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\25\{b38105c3-df47-4705-b1ef-a070959f7f19}.final

MD5 93fe42b9cacad9a58418d5702e29918d
SHA1 fc31ea0118b5b0999dc102efb09ed974b0a6ef9f
SHA256 10a26c50074171def0db39d8343ce1b08c398e77336f87dac2707492053f891a
SHA512 9248b47c5b621c6dcd9792b25c765c6bf7dbab2a03eca1f4507ea42c1aff3f08ca165f89c75f43c2bb1f35514845ea7ccea5199bbf57ddaaf631d0a4bb2ccd7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\9\{f2928f05-7627-4a1e-b274-9974d41f5709}.final

MD5 cedfd917c042bfd5faea22058d451ad1
SHA1 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f
SHA256 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2
SHA512 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\28\{c4278623-56c7-418d-a3a7-76060f68a31c}.final

MD5 103a3bb224f38cac909b8f5719ac61fd
SHA1 a2f0ca0141add7d8ccf18e2cfb38acfcee45a0fc
SHA256 63f1c1eb498439212024b5bcc18287e503b28cf7d84c3723d153a78f1cbde45d
SHA512 00c640a963ab78076b97323b51f2a3e8fbcfe288bf3cb52c97d4c3e5cb8e62e29affc9f616ed35d3ee978027ccc9d8d23dbc9d7e78f48abe8dc707fc6fb215c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\163\{767c4d39-a084-4ee4-874d-eb589828d4a3}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\222\{22162370-3dda-4462-b147-51b574114dde}.final

MD5 680103ce64ae5c8edff61a1e3240326c
SHA1 03038ee24f31ad0b8da727f0c3dc3b5879b26c8e
SHA256 3c24065c3b89ce87c07f724caf59d270c80b7a072d751bd51e2f0b27b594442c
SHA512 68c0beb28e4050858d9ed8f79e0bc4a24abc99b9776faa392aa7d412a83b8d7320645ed498b7de7f1d712ec13abb554862d6c2b01d7223a229a96f27c9e130a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\105\{fe4bd72d-c83e-4dba-9ecd-2e2f15418569}.final

MD5 a8ac2b1daf1197439e18577f9341b301
SHA1 7c6e18163d4915ae57f27df9cfe607834bb998c8
SHA256 de289ef6a8ba393577207b6a036d9bb0462b56479d9fceec6b4c094c8891a72a
SHA512 617ac8779a29725613666c729e3b0976f0bbfda6bfc358f7e606a552dd0ebf712de791d483965a72b225412fd7532764a2ccb2df1b3b91666ff25fb841cd3c93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\195\{9ff8c0e1-8ce0-42d3-9ca2-d40b826935c3}.final

MD5 be912f4bcd3b478ace5df6dc46d82aa8
SHA1 2485e534279a5fa834a6e099cccc92f20c91052f
SHA256 8a3103971412691de6ca0bf149f63e274d5347e8942210e0b14470bc2c74538a
SHA512 8d082b4bbdc165115c47454a3d641a6d6fc9ac732a6f2bc511802fae3ebdba8a84ecf64d1acfe1fc9c023cf40ae2520cd74d5cc428dc9eba7913a2323b27d59a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\250\{0779a03f-ef17-4574-8345-8d9f71e2b8fa}.final

MD5 a16ea228c26d9635887c0f16939633fd
SHA1 4296ff50e58e69f667e69a5eb0e4b33d5584c011
SHA256 1147a378214d10a08296484419be2cfe7e251bf90f5f0ea9897ec1b79e195664
SHA512 357c2daf556aa2471b6f0887d32000939044ce584534fa0fba618fbec99031d0569c5ce662a9f3c1235785ab3fc9116e095e99396a082cb60e1c763f9e561c74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\62\{28ef7ce0-fb4e-4631-9cd1-2cfa1cfeb63e}.final

MD5 3a412424ac9e9e38359ed78efdadc85c
SHA1 efed1bcfc57a1a6b9917cd3bc20d59f767adf5bc
SHA256 8cee6015ffd0f547e1bdfc958c906df98b64e24cb6dd5d89cc1aa3b38bd62bd4
SHA512 244689ba698e3c6323e8b72acc8ee5672bcdca4f859dc402e463d09b631861c996d90f8740b75d7e1668abc27ec447a1cdea1aaa30434ba56da1f7b06b84d57b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\179\{7ae80c0c-eb6d-4102-9503-a567ee3b9ab3}.final

MD5 fef2bec6aa54f4d3b01b7934b6145099
SHA1 d0ce8827eb647b40e587925bce6baa87a678294c
SHA256 22b096d01a69cd9c5d08d8e75cb3040c90647ef7ae42e5a7ae3fed4b95876c0e
SHA512 27e5af3594d7fde882c69a6341065a233cac8250c1c6a42146ccdbc5edf1895856becc62e899b04188a7f0b7cb05cadcca3d90172d67ee8c50ac65a77d6c0026

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\182\{39997b68-0db9-4a7f-a99c-4d5d48c0d2b6}.final

MD5 276cbe7276c7f3a0fc88eafb5ec6e68b
SHA1 de67587eaf19b38f2e9f02fa238219c2469605a1
SHA256 8f2a87983ce99d8418be2ccd1a0a69aaa0753c5086ba37d627a272b2b97e184c
SHA512 4f0d71b0dc2b94016e4983ef8e6288a57a2864f174b3be96809f0a6c4a755115cb198a22988f603e4dfe89f97616b39dae6c47662b2dbc359d40f184122611f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\235\{d8ff1116-161b-42d4-b04a-19dc4d8baceb}.final

MD5 023b2980a12b8a286407f04572020dc8
SHA1 76455972bd74dffc95577ba5e6688d831b47c614
SHA256 8c426c0eead731dd3474a18dbf5acef6a90549d9b2dcc691a569991034b5f23b
SHA512 b99b5a16df6b9627c33ae3e90c169ab93d18cc4748c3609963b56f4e5c0a154228d417cdaf6082b961dcbe480c6934d685c7a0a90a80b08f9e8b7ccc67d3aaba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\55\{5b78aeae-c29b-4f67-98e7-2a60f1f0bd37}.final

MD5 86594976122d89366b8176df017e3cc1
SHA1 22f5f42d9ee348aa4628fdbacfb1581de8261700
SHA256 302fe5310bd3b2995c6624bc1a7eaf2529bd6d0f2b351e10ef3d9e33c87fd9b8
SHA512 db9eb4602dc4451b8d5e5f6cebd18232e6b5046e2b5c0ca548db4fa0e6b603418140c833d79026514a80c79b3663570b9bb87123cdc07594c773ac0171465b61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\45\{4e0a6357-329a-4a09-9311-08a74dd49a2d}.final

MD5 9aaaac373e73c9d2059b9ab2b43dddf8
SHA1 7134c7ec09101b8b3a94c2a6a7acbaca698f449e
SHA256 26196c7ca915523f018d004c6f83295cb67e0c1ed511e56d2138daf19cb8b488
SHA512 d9b35001205de8e00819ef253a33e6bc46f50fec805e130cb14861663041a1302ed7ae25d0cd615c6e267f4519e07f70bc814b2e3888f419ad0138de96e27c51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\12\{9e7b918a-51f9-4e77-89c4-90736138960c}.final

MD5 914b9ca76eaa14332c4942d6c54e2407
SHA1 b4e99668f3c64231cbceffda752f7f4e44eb30c1
SHA256 5a4ade92be1975ccc46ebd2c27813e8657c743efca4ce9d2a0e0324835379a6a
SHA512 1876e62f49f481c30b28bb47a347c4e495e3e405be1fc767564780bab91d4b17764ea6e507360e3587dacfb74ba58bcf5a47e43d608da2b3b3d231f9c1322af7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\148\{8490c1b1-f035-4fec-ab09-901b035f8194}.final

MD5 7454bd7949ca6f818c9fa0981f0573bb
SHA1 af773127364e0e682b4577d01d91bc23d66bbd90
SHA256 4f388755d0e889df408524d81b7e72f59eaa63333d27506047365fdad0d3b0a7
SHA512 cf36700ad0791654a81e40ce63037c1cd7d17bbb601f578b62fab159ec9d9507101871fd08a91f29398dbca26fe184fb44ef5cd3cbbde9044026df3fd4747326

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\123\{ea3fcf34-2308-4320-ac45-1dfd9563d27b}.final

MD5 1871ad8227869c9065eebf84c80192e2
SHA1 25a40ac2cad47b0a0f073d969ed57ae10d977ac4
SHA256 fd92593246f461339368c1675ae6755dbd0c25075d87a858f6196f7bd6f1e54b
SHA512 5de97aa093110c6d92b692982e2a9ba7d9332b68c7834a6e27b35fa0c4b78162c51aa8bc610d69bd9921f8bfab20d6a271c671bf11a343672afdb6f027836ed1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\31\{acd4c232-5a9c-4a80-b7a2-51540ec94e1f}.final

MD5 fb3d6634360a9125ce7edd27c987c8c7
SHA1 d3b094de4065f9302bc48d57637bbe04cca19d0a
SHA256 e75d4b40320638f498c0e1b2daf9a4c9f2ef1f09010d48a88740c48b43d306c3
SHA512 c880e7c9a5174e0e31a733393744e19c82e6a7f424be9e35a6736cc1209d17552e0c5a6cdb8cd725a77a00f15d2e4065b21db78a99abb5f35758d32adb52a53a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\122\{e6dd75d3-39e4-45a4-8e28-e56706656b7a}.final

MD5 b3a912f7ad1772f6fe5812fb79fb8f4f
SHA1 00443a5067e504d2b102a4358ddb6f0484d464b0
SHA256 7663eca944129445deb2757f49ef731ac2a95ac01080067f5938dcc0904fcd7d
SHA512 58e365169f36ce049bdabe6c19ef7788684a68b2b38fc499f0cd7ea8232dccf0708d585ecd249d9a92b2023fed544145b967848e50ba44b0d2af5447abb0b761

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\172\{95bccad6-26f8-4503-afea-ed1f8d5d27ac}.final

MD5 34eabb6d7873666c4dcd0f6e2c379fde
SHA1 e6dceb2fcd82d2513d383afba73625a4822b44cf
SHA256 2f6cdfea39358c552286c9a055d5e364e27d8a1e6700de932fd8f406446d7048
SHA512 ddd2d6d1c98d67ce10e3c4085fcd33499767b0a158de2975cc6993f2cc06c8c09cb1daf1ff628e4cf9127c973e87a6f3559e3459de1ffe4c8685e40c1998ece9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\79\{ec982101-3977-4b98-8094-bb6f40e7514f}.final

MD5 887d18f5d2a951296bceeccc0a2908bc
SHA1 d9ea3e25c31f63fa2b5c234df3f4a22c87b7abdd
SHA256 47c2305553e87db8d59361705090fda372c32938564297a6db1dec0e5dcbcf20
SHA512 ce858e1c6730655d32e099d8c2804288a654bf2f7629c9bff0a28636473c1834fc9f8e437e04b0b985998ee7cc499abc3b474ab292f3d7180e5e6adbb4d07956

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\66\{02172765-4e1d-45d1-8c10-442eb2a14242}.final

MD5 a57c59c5082da22125cfc69197546e95
SHA1 ecbc238d1f440562832601a78bc3fdc052df1e0b
SHA256 aa70e89647f51593908420aa5856e5ae4f663065bf8a12cc4ee1aba1a0916a9b
SHA512 ca88eb897f8ef1fbc65b1e2e426a2e8274a7cf8c225e02e5406c39ef5d1bede11a732673162e21379773622207b28c9a45de83a64aed110ca82218e7097e7cd0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\122\{69c80f32-37e7-4e3c-baa2-b6b0931b2f7a}.final

MD5 abada082ffc6679a2067c452c7cf2afa
SHA1 99a4e6c70bfe85066f09c2ac1b2108d05f129c52
SHA256 fdd42399b41bbb74565be3da15f861b96f044ddee74f6f2ba29940a96b1f2031
SHA512 a4db103b9409b1a544ad9e449a3cd65db72937fa325f1d08419450997f0de9b1481fc7c31ec915b89dfaee13f42f4e50bed68155d2e39d42332c01f4f4e6fbfa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{5f7dd2f4-f181-40f7-a1c7-dec0f029fa80}.final

MD5 0ef1f531ef723ae794070d8fb9f22e7e
SHA1 359a185e7e59e52162aa084fab2f31d2131d2da1
SHA256 7b92f7b90080f024b9f265b888631c058878628e569fb1301c8dc93ecafc90b6
SHA512 876120bfdb112bdbbbeb2a87140af386ebf91d13b9bbc02cf7e96fa0f9f10d66c4a7265811b7ca79223a61fe141712ea64c5c2773aad6199648e3bcd496225eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\18\{ebce1642-e0b8-4160-9a1b-221ad2e78b12}.final

MD5 6593c3cd0cd304b103124a65062a274c
SHA1 aba82966f9eebb81bcb05ab9eadc5f9ec7087f38
SHA256 89e8c95a42b02e26e31e55e66381898d19e3ad9e6da3f27ad837c7470f9b9324
SHA512 ac4026f5fe5346f518171c3ce08c0ba5652382f1ef83b1358140e5696ae1721d980b925925ca24d2b84cc6a84b5fddc9433ac492c943d09ba2f8f2485e892768

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\230\{e511119d-43b7-4a32-bdea-b0821bc69fe6}.final

MD5 c39ad8422f2a033a19029e992171863c
SHA1 d4bc0db91f8b6a7e562632cdbc47238bf7074311
SHA256 d4b92610c82ebb2fa1beecdec652dd1b40731ced23e5281a1746739bb9636783
SHA512 abd2d36b411db7e869da2fa6434644768801ee8db91c4b06a15b8af4e3bcb8b58721d654a7208809eaacceb2d17a91bccf8d40aeb81c2ebb0817eeeb0a9c31b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\103\{cdf967c9-9f45-4e6a-8e6c-578e81885867}.final

MD5 3e7dc63be6da02f295c1b9a5c56dd322
SHA1 0aa6083dee17a265efa6814d10f0171753c5f042
SHA256 6ccac4a1dd37f1f6d1bc68aaa92f48f02d92d3a23be15dee4d83c0b892fd09d8
SHA512 3ee1d46e61646303fbe77cfae5231366edd2862e9c2bfa45529fd7e90d7bf8fb62969c95f4125a17760ba6f934e5d51dbb5ba42bb43e24af33b43ffc0faf53b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\201\{2ce70156-deaa-4888-ac37-5d1740a485c9}.final

MD5 ed6fd5e11dfc8e4cf53ea851ea9ede04
SHA1 fc392e8d4f64aec77d892182f63fedcd543977bf
SHA256 478c763f896d5b271626a85070b75e8d66dd1eed1dcd244d9d6874bb1c24e6b1
SHA512 5da78d681d8feed8958b8fc60c4bc7975e9a4cf3e94e884e2525005cc1852c5643cac43cfc0c387381ab6f8d97d90a1d22b31faa0a1ee3529117b471cf6ff21e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\134\{57724dda-455b-4dd6-bfac-23fccfa54c86}.final

MD5 6034306070954b482117c7883f153714
SHA1 dea03382c66843d3b2f548bcc628dbfbc3cab661
SHA256 dacb173c166fb4640953753914c783a1c8aecda2eac07dbc30ca70804bd8c029
SHA512 dc178d0f42734ca82160a12caabd406b1b16f414e09d67fee35092249aed61f570702bd1716a169c1e97e33fcdace6709e98044884e7459e453377f103946e62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\167\{e8ce7b31-cf0b-467a-b80c-e74bbb1b3aa7}.final

MD5 9aabec02bb846ee3fab89838fc80448d
SHA1 8b0f294de64204dbee03446885a8f31f03a22b17
SHA256 31afb122c87ea568cbf6b96fc5bb8ce12eaa379581d41c269ecc4674d452d72e
SHA512 198e2db29f6cd3807e92fdc6fb2fce689ead581fec734e414f953595d1d4dfd0de8a23a364d3665380b99e58c4146d4899ba0ba6e3e818dce29bdf809ca00b73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\101\{97215bd0-8634-467f-a038-e52805901065}.final

MD5 5dac736054f1bfd6efddc9f8941f6513
SHA1 8d333e22dc6fa20e26c4732d5ff91c954433185c
SHA256 e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175
SHA512 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\206\{276d3753-fcc5-4abd-a27c-7dcdf490e8ce}.final

MD5 7b4110fa3efde7eaa286ecb28002c24e
SHA1 ef18905bf90bcec8d651b137f902e2d70968b960
SHA256 3b339433141e9d91736ec678e692c2ec5890be7d216f4ba576461109835b802b
SHA512 bfa6025d1b2638ec2aa85188c52d1d15b9fe8c85f1e431da724f9a28bf6fbe78299539497a24fce08e48985430e713c5982aec2cc5b5c137f5b611be77767fac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\186\{c31f75a6-9ce7-42ae-8198-88b9a31564ba}.final

MD5 8074dc643bfb7d1c60ceaa4761009fb1
SHA1 5178bcc18bbe6907f7603a90c9ef1dcc2c3bd9ac
SHA256 df4188f88b0fcb6b315de652baafadc68de7649e7c3e16f83e162d7a8b5a2751
SHA512 3d58b3e2a7de3ce79cbb8c43471431f4ea6e7e19116057a655cd997c7ff9889f0352e69eda49009a2de52be254fa2cb125d3566d281bc567d4812c9b5bdba62f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\72\{3e85b975-8a28-44ea-a4f5-c85f42c61e48}.final

MD5 162f09323b6a93d1a573c6059f56748d
SHA1 01ad3259e6f31b5574868f7e71a180917e480328
SHA256 66a152f9fe8afb18db1fa201c5054750721af807e1dfafab9ba70bb17d131cf4
SHA512 0ecb45d87d32d12fd0ec446c3a9b8405162465d8b940eef6c86cb634962bc4e6c95e6ec18d6744e4e8ed730ee4417f10a7808b505aa1ccb78deb58ba0161a5e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\155\{b4b35722-4183-48d1-b542-3e5a7c1b769b}.final

MD5 c0540c18cbf85eba330f97b8fae2375a
SHA1 65f9ef9c5b0664ef9bc045344224a266d72c7861
SHA256 d540c5c26f2eab78ecf7fced4ac767f1af89e7c3eef303e4027d4fc77d6e74ca
SHA512 d6bbc155fccf19afd17cdaf3b9739e8bfa732c4c519aac5516447c23ac9e1d97f5a6a2e003cc7cd09e9e9de14f28c88de6bcae26628dfd0aeeb4ffa8f0d95a56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\244\{da927dbc-3bb0-438a-8586-2587da4cd2f4}.final

MD5 5409f7bf4f5bee52df75c2e72dcc9f36
SHA1 7d03d02ac3127b6d3bae88725b830f05e2c19b92
SHA256 1e026c82f67c10fc4746f558ac948fa6549402b7331d97fcf7b22690cb8a6696
SHA512 b3b6a124599c979b29f89ecb3d28f494e1d9046e373539f94acd3d89de284dcadf860c38067bb496e0d8a9d6f1a4e54e15a82d0dbabfcc6280543a25b7bb86f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\98\{14607225-7f02-458d-8a1e-0da56a76eb62}.final

MD5 982db069b2cb3f7b12df524ac058cb75
SHA1 b3c4cee2073c9b11afd4fd4cafa14506dc7c4c36
SHA256 77015506cc1b153afc0ed88730d3248b4a9616edd67cb03d7b671c7962dd74b1
SHA512 53d24e86229558747d0291ea42632fc1468c7f672b38493232a75bfa5da6e58312e64905b6291593adad411563968edf9c035ce95c48d60d7a7a0151f0c94692

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\209\{031bd26e-4bc8-4d63-827b-5dbf44f69bd1}.final

MD5 a975d247eb217c175e9104e649cfa5d0
SHA1 d85ba5f059f8b624aabbdcb974b16d05fad94b1a
SHA256 3165df152edec50d78e9a54edb28e74682976dd15e4bc1e7ae72a5838a8436b4
SHA512 cd11924a023f8c57315aca37f3b77a90b2ddc2db55417c4002e916c917fa7826c521240a646e24b94ce72192bfcc2739b1ec0edcb790ae33960a3329c2af22c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\190\{de8b197a-f653-4fef-891d-0c20d09f58be}.final

MD5 63c7f2fc0ff6a57ff3d98d003b00abc5
SHA1 7eff871879b328e59dc2a5e959c9efdb9e93c91e
SHA256 d750432333b0cf3e88461237110ce0718e2118f3f65d368e9e0d798b9986c440
SHA512 b3eb057cb9578836664bc1d73ff55a40e66eb48b8a210587dcb2adbad404c99a324e388b2d88a77e61f67bf25a3825a4768e7cf6f126008637feb3dd01255d63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\35\{6b1b74b6-f0d1-4db5-95ac-680d8cd9ef23}.final

MD5 3642d5820ca7ce4525164aa44f5d6beb
SHA1 b8d4c651b067c3bd08f2fefbc9cee8fda03c9354
SHA256 9624b4751a170b67e592dc6b20f93a13ad959ca57a74bdd0998871414f05e512
SHA512 3cd72c8df0f244da5aa0ae250bb9ced273a45c30374864ea662b4e518dd03c6b7ff8030bbe1ae5ffd078ccb8b8338d43b7ee61ef7545059e87616c56fd3a079a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\115\{2f6a9057-3d4f-4711-a656-ad0e6cbca073}.final

MD5 501e302df1cacf7ffe388900064433f7
SHA1 d044ddda684b1a7b8acb5d9a887f1b92f77f10de
SHA256 baad1d86dab561f7abf009b62005456a15797550fd0dd565328f8c1e7e7c23ca
SHA512 8a75f975a60c979627e4f325e7ca6b8af17df51e425b7df27ea45ccb45b0b37b8ff339a7cb1a22108f1085854c4bdfe8694a6009a41df07ffd93aa7c6766c80a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\124\{0367ec38-0c01-41e1-94cf-e3f40261287c}.final

MD5 590de80c94ccf9eadb9c7d51be8e796c
SHA1 e2c967e833e34a61c7bbb2cacabad6743f3d48c4
SHA256 75b7670458b285925b57d33949d24b515dd8fe50466ef7e4a4cbd9a402f168d0
SHA512 d06068e443b20e3778c98441fd8fab3bcda4fbba3daa683e3e7c18c0de280d59d4261de63ef47ce8fb9a819b3c7f8d612f7d6b7c6fed591be25c19421ebd7a91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\234\{5698e889-87fc-4c2d-a9a7-6ddceb021dea}.final

MD5 5525a3d889a5f2b22309572b81eb632f
SHA1 75570ecf4e74c8094526263c3f8fcaf09d4ea87b
SHA256 82b1f81789c3cf58f4985bcf3dd14d3606a9bda013bc08501e36bf46c4fd4e52
SHA512 d1e9153d5da3549d63b5833648191ec199a616e64c343b2985a11626465bcb728e39a3a04b906ea5bd42bff8b7376ef1a26e65c4e62b689af0cba19487fe982c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\226\{5467084e-6b62-4f96-86c7-6365bab243e2}.final

MD5 a5a12471c60b1660512fce9579675a2e
SHA1 d702b7183c27a6b08b626c9bba460ce0e20a7395
SHA256 2b8ad66d9eb14d6020cc86c9472a8d32859faec20e5bc971bbbe068753b378c0
SHA512 ec69cf09ef623b7971bf8a42267e23c4f5265127608a70d1ea8ee7a910982e075723a0dabd7053022905c9d0e44cbecb4fe2fb1005258fac9a0bd5a33f3b6014

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\65\{8c6c5340-b6a8-4d21-9406-ebfe6bdeb441}.final

MD5 fcaa7f35d0b6f5dcc3edf6ea35b7ef98
SHA1 37eab86381cd122095b712d205eefd4c15ff49c1
SHA256 67b688b893251d9e52650b3cb720b6f8be62c6e1afec8ea4b223a8e975d27b1f
SHA512 becd339b63fb55676cabeed67fbf4e28740feca0995b8734a430359c96e14b8591d4242a526d920ac8893d9d22ac125288e8ae8dbfb0a0fb484ed8544774958d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{fa7ff064-a78a-434d-9660-808b53bee2f5}.final

MD5 321ea72e49df8692233391c1f36451e6
SHA1 2f016758fc5830a806ed9891e574936db521c034
SHA256 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0
SHA512 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\193\{f96d500a-1ed8-4116-88a0-ae7acc6ac6c1}.final

MD5 3f7a4ebdd9e533cda0125618ad02dadd
SHA1 8f024e90ae75e5926e0f9d0847e2a1520b4f8eab
SHA256 3408ed8bd0781a9ee0576ff0ddf30150456e0fa59b40406b21248613602c1043
SHA512 6257799dd555ca13833a2320b10056a966f1f384d474cc66e6ead51a76b726e66ab64add92d9bf3a85456ec75b5b97404bf7574eab7d3e6090b8f60d2799c1ca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\84\{769337b0-6d4a-460e-b971-178da8945254}.final

MD5 fe5981f30c81e299a4b3cbb8d54c236d
SHA1 86d257366f84c5da701ce39084e8bd6b54a644c5
SHA256 d94c2ef736a7e46e3c6da5ce1b0f4ae07d1aedf5de035104fa48c3804f5cc86d
SHA512 51bc339682768b4ab038325bc12186aa16836e7179d36ecacdc8b4559b70e76e7868bfbd1ae19af5fc35ee36299060166d5c4da74f70c0816849510f93e2a403

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\96\{722f003f-109f-4f1a-86a6-ce30fdde0860}.final

MD5 ee0078268c18aacfbb32f121a2bc2902
SHA1 413487a0a575c27405b739fa8938a66b61a24149
SHA256 9718aa5eb454fe31d59fb6cb2d7bff3ba1f7e73b171c76390ed97b749493a85d
SHA512 2d776ef4276e4f8cbe7782e1aaa91d78f1154cafe818b8fb507e7e5f823c1ace750e8b2214a82448fe0d3be43fc25f1c15eb93d9198ca4c6b1962d19af45ccf2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\127\{be47afab-6390-4837-9560-b70202849d7f}.final

MD5 329d8ae08d8dc87f86a511b55ecfc6ee
SHA1 46a40fb3e9c046870707b0a98fff5a53cb4857f8
SHA256 a61773d79b8fc91cde32c678a7e7b10cd7ee94c0023a83cce29180c032f5472d
SHA512 6940b02abfbf4cda7439f2b0ddbfb7b63fcc451b12d2a3fd4dee2e0d1f2fa3c23af1b5177d7e6f68db6252d5aaaa702838bbdfac9cbbb12b6588e9db535324ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\233\{f2c64c87-c09a-4481-8477-12d7a8c74ee9}.final

MD5 ab0beabb0034744ba50d0125490b6563
SHA1 819052fd166eaf842cce978597e0822d28a066ed
SHA256 682910185c6177e5cccd258f0ee3d1572e97ef9cf2451d52f239dfdd0cfca502
SHA512 2251fefc65563f6dcd5a5e042e7e89210a2f7bc492a79af04b3ab1cff735df75bc2e1b9db95855cd9eb2a7ac9bd309bcca3a09fcb66d5db089455e605e1a99b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\idb\619946941LCo7g%sCD7a%t4a4b5abs.sqlite

MD5 6ff2ff79140b43ae322c2b6fc948c645
SHA1 ea95cec2eeb12c7c4b1a6936e2f90ced741d075b
SHA256 33884f9a5188a412374d24d4235ec9675961a9b07f300738cea317ce363bf3e8
SHA512 e67fa4052101749070439c972ebc7173c7eda318ad281ac2557266d5e713103c17c0a8f13fb59f72069461997d7f4b051ceb49c2789d2cf16cdc7c4d6326c0f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\143\{669d81bc-9651-43a1-a1df-d69deef3988f}.final

MD5 c29c5ff50aa0fd8a46cdfabb014ee3b8
SHA1 35548ec8c690c71d36129911d1fc067a9bb848e0
SHA256 4e4f53e7b016e60e9821928304849677ec0a48ec864b94941fbfedb16c73b44e
SHA512 27e6ba5bb678dff4f508e6142f0e6292571a038487881a4ac8a68d883c7a8514422f3a4fd38ba615817ed811599a359e0386d52bafd44714e6d4d49a37af9f48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\77\{20b6da09-1eb2-4fed-bfd7-b9ea5812e34d}.final

MD5 1a28edd17b38323e8406fe0dee0a7c3b
SHA1 86717a9231eb082507ab8d5a7d58b14a9b90fceb
SHA256 2af72d7f30b31451ceea679f2eca1efc33967fca267c79e8ccd3c18e325b7305
SHA512 ee92e26210569dc795f68a8cd15d333e6a0ece1b839b8e2a078c20beed93bd573f8aac6e7aa6a031f254c99490c489f184748b7f1a156a68a24b8f824e8fd2c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\243\{e5aa8aef-7367-4f18-a2ff-63cae31ce5f3}.final

MD5 36b3af163e76f8c0550efc7b62857c65
SHA1 adf7a970b74713ab804bed1a0ae35d51e72e5290
SHA256 a874bc8299c7dcdaf1a507d459eecb176e4b503956e46aecf11bffc36de87a91
SHA512 942d5afabdf48957e93680f8517a2648d9d697c2c3210503a89d7352aff41ca944435ed7f9ee2c4eee48b43ab303914f50804747b0a0501849ab97a5f4274145

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6F881B5F2C5AA994673B59D2213DE52530183A6C

MD5 4bef232347e2c024b32b789a91e92ea9
SHA1 aee8f47e5a14b8d81db247aec43abf3db66c6ad2
SHA256 2e63072f0d9f1c669399929ec8c5b73f5c2167231ce99fa89117c6cc23c7d3b8
SHA512 3c6a54a5657a251c72140a1dc1ec97d01e97da9b011387aa82d9f43e20af15ea5374a56ed636a16fa30aa81c69da82a8e872e40cfaa1265efb0b6eb8c2261efc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1163c8309cbe04fa06423b9f5d74ff94
SHA1 cb4d2245c71dbda7d235893a350ec4a4f0b63fe3
SHA256 402ee95f4d718859944d028944c84498c275d4d4121f5b873b3624374e722a77
SHA512 a43b5ee6ec73bba65b5a3b462a18bc4bf29fbe9d26ce73da0b6d9bda7743d1b284aad437d5d8be7cb09e3b9ae7849ba9fadc5c82df2a3d14768a641c0e4117e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\621

MD5 93d6e3582cb272e6ff575b30ba768818
SHA1 a305903044d99039925019c4a2a3173a74fc1120
SHA256 beda71ec65d3db8a50fc3d809e2197fc9e24b8a6f5f7ae384ec230df3d891521
SHA512 beae8fd9416e4a218607f94c8d4e6dbb7959f317e9483ef3533d88c4bcb87cf51bcb5d7f4b3471ae075c0b9eedd75387e2dbc1d3b5a744e1ced44bb3cf3a2e77

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\5185

MD5 6ac81a920e44e3292753942ff9eb4b72
SHA1 fb7abec2d25cd3e199c5f97c8f926e863240533d
SHA256 65cb83906594b0d89e1237ab2e58e38bfde4f4c63b8917266b0f858cfd8bd2bc
SHA512 484157e4280102d38a6c77cd8db8e2408bff5e12502c163610790701d651162d4fde21625aed648c3b52a776c2c820594c7ddbdba3c5f9d98434616fa40f2ad9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\242\{e04f646f-0d3f-45ce-843b-ea55bcd6bcf2}.final

MD5 e6439fdf901953e5ab6e693a280ca6e0
SHA1 2b3f3ef8262539b3a2e8befa8149c46208423450
SHA256 4bb28ff82407d52939a492d933275faeb56001360202de40c1886630f31159d2
SHA512 aeecb7477ad84f2d1b1eecbfad426b37d2a056b0d5eca5c74b553090defa408082b8877889f6bfc7bec4b62b515cfe45037398a5db13172970d5c080741e18c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\27742

MD5 e04501a157ee66a5c8df282590be713c
SHA1 eaac1defe5a6e295f843ef7976f24ba14033c5f4
SHA256 4b605a810faa6acaf446dd0484277a3c1c19cf2b9dc964728ee676a0985462e9
SHA512 dae8451fe69b90ed80c10ff0516a47e64656075b2f263e0cd45f71d35e8761895c0d31200a7b874f3120d7927acd5c27058e92d9747d2f6fa19bc3e249f459e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\30706

MD5 c92430940158f5b91e2ff6293628e2b9
SHA1 9fd7a0e52cf664c97fea22cc3cd87932a966ff38
SHA256 ea454f968d6eb316418edfc5d1fa8002ee20c1cbe4673278bd978f5eea4d423b
SHA512 36900323bbce7496ab48732a851825e9578a63c1fad904c06d8dffbf8e7c43475e7111cccc3a5a06f20471a411fd79af8ac4b592aeb4999eda24b7985366b036

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\20909

MD5 5673f92c1cbabe9f2e01fc20649583f3
SHA1 15aa2878cd2b26b4bfd5e2ed0635cc40138e8b0b
SHA256 d5558c11f34b0cbf3b1071ac19ad728d6233599b17813e6c7faadb5f2dc514cf
SHA512 eb85dfca1b5bb6237501607ebdc9eba35d22b192a9c3a295e87c79360ab741cca508c6159601aaf64b475cf91bb1dbdf411af9d996109384706f7515e2e5afa6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\17644

MD5 11ca2120d7f4c2fdc5b3f3593c1e27dd
SHA1 85f2967ef18557fc62ae4bd1da43cef5c2fedf40
SHA256 e09c4235bf2beaba09ae8d9f96e20fbacb845d7adb5ac9a54b44ccc857e59022
SHA512 8609e66a24056fa77725d7455c7fccb08ef54d96f10ff4adcd387a912568442e5f06546d96a8934671617930cd30b55dbc5d866988a49f4a544c8a5cef69e4e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 11e69a76d4256e849634bc2a46953bf0
SHA1 0bcde58a83ee46ce4eecaa4c3b1e7c3019d09f02
SHA256 18310584f7ace428a80b1df2a70abdaa4f5adeabf1c9011cf386b8f3f5382985
SHA512 b9a6c5ef51e5a25ddc2a8bb8ed32773c11777ed58ddebc1265cb2daeeceb0297039abe739dce3ac43c9a053505cf07aa36c03737174b0ce267c4c7b5311a6e35

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\9228

MD5 00956a0858b440f76b5efd8849bdf9ee
SHA1 17a4c1e55eeaa4710dac531256604b3df47fe8eb
SHA256 ac0d3808bf56bb00a053e7abaeb918802fd89f17e699ba271c01e93a71818919
SHA512 5de1bef2b9227d8bb4515ebd627b88fd98357f75f1f4801af20ab5cece030b63fa1549c0c28871bc555529e0e5ca18229efc73f8d7654cc51067e51db3f87ff6

C:\Users\Admin\Downloads\Monoxide.6P5xhjX2.zip.part

MD5 0e352bd195cd56a89310dd32c039cd17
SHA1 00a5c20dd0496a11243843bb85e871f6f21dc052
SHA256 4f8a9bb01f5d9a3c18772a433078486916cac7250a1a967139c03d15f2b9d50e
SHA512 335c4d3917e78b753492125ca9a76b800146a6b38ddde70372fc55d090715ec223d6a9ce99527275fb0b51baf0b01fdddc6945ebc5cc4fa544618e075f535e94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\26812

MD5 8384cb53782930522191506be7d0a5d4
SHA1 73e5e053657fa009bdaaea58dc83a8b327e4666c
SHA256 5b40c70046bb7bbb742f72fe8930a2240a0a8cd1c70dfc3058d8bc9849c725d3
SHA512 0414acd975b959d288036a574f4a88d3ce35eef6b3ff9e73dcd9be0c7a45ba36712e952982f117725bb531e36426faaff400d15b06dc678418554dc3aa35ca35

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\8\{725356e5-45b0-4bdb-ab9d-8a6cb5274c08}.final

MD5 0552a7950745b6a5bff8a69688fc1ac4
SHA1 f3eac7e3b002f65c8d526faa32c51390abca3b8f
SHA256 a0f7756592a37918d717fb8336c99059d6c544a29644e510fcfd97a481f966b8
SHA512 03ff26369ff92d25753a1fa9b6508d53184cd7dea326814e0b98ac021e8a1b4ce90bba8cbc5b6b8a25dcc3049992f337fe66b0af383521ca4db01bdc84fcca18

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.youtube.com\cache\morgue\145\{b18458d5-a874-4043-9d69-5c90cd377891}.final

MD5 c5b76c5098a2ae6cadf330df8d8a920f
SHA1 63f7cf062a248301062e9a6add9abad1ce758998
SHA256 495fd4027b52b4ba5595df1387fcf3145d878cd332bb207b5d9fc66160eae162
SHA512 07d96d1341ef61f7b2419b867c9ac0e4b18567745518274ea83d00e7180bf8246a444dfbe12cdde05e9becdc3fd867b0b7a3c94fd8339b807420ff5f506d2798

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2b6225ee6069a9eaf7dac169dc45ae3e
SHA1 c37f16a34eb1daf47ea6363f9fd5afb05fbe4a45
SHA256 15c99bb065152e1e982ecdea993486cf8f1f70ed71e3a1be6f7aa5ebe40c71ea
SHA512 0e0f858ab5282722a1f2ac48cb746caa4a8f3519870d54352ece043866b5ba32258f25858c4d19baf5270a375b7d062c90098dd33cdda4b154164371b44060b1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 9a6c4119bbe0ca551ca7620bbb2973a1
SHA1 f85f20082f5f62bfb81dce0f5e3322b10cc3c4eb
SHA256 1db5e0ac7738feac489e12012ba0fc5e09d6703b61bc63d816dbe16982308e03
SHA512 7c6bd6944b1d1390a6858f314ade5c5ff398dd356c6dfe8a4f97623e21a8371ae618a1ba41144d3cbb2123119e5519c103a9f182d957651435a1f583730220c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\5285

MD5 b50ca0371088601bee1ed9d6d6d211e4
SHA1 d2324d4946edab1dce055cc6c95bfa21a0fb1392
SHA256 b60336223fc38874e593c01d253a39ac187a555f228ca3d7d7c93531c31c0b91
SHA512 a0c4650c8d6bd598c4712bb45ea2a881c8c54a866bf892f2df0f82271c9555b73c2fe58e02151a6be2067b61e7d8bc2e9fb24cf3673bc1564677fc4834f4658d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\16264

MD5 073186d0391b30d45f3308f3106426c2
SHA1 b7a95d167675a7573726c64f0d6896a32f88933b
SHA256 d3d118de48249c7f267bb4fdedadd740f7f1cd698f8e532295b40955e0f6421e
SHA512 fe98830f198cac7de1be65c7634621cc476d41017328dd6f79341ad7ac1194c582cac5b35a58c873ab5a04cc47bb2fbce76a8709ec78e85070f5131e968420d4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\BA822DE6BF3F3F67B4097D2431A0A995A9F7CB63

MD5 688ad3eaa5cc79dfb8bf4a959fdc5e56
SHA1 4b949f6353001b3b1d60f63748f5280d41a97795
SHA256 5a9507768af538eb07380c598b5d000223ddb221612623364a43c34cd6aafa77
SHA512 9fdb1251bb247f445102589a9d6f7bbc4ec621c57feca68d08f3090eef7a109e80fd02bf7c6818dad8b24fbea11b30ae16caf07cc158ac019fbf75ab0b9b23ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\25411

MD5 b80ee322074a0350b33dd853c503d687
SHA1 3c9f5a95b6fd44f17d7772320fabb6734a750c7e
SHA256 045104d77706d28e0ead5aa2e4e756e0f7733848281854b3f90c2c78d0d07a61
SHA512 8ddf7d0c295c35a342853353c60b6b5f40aceb21253ecd05cf5af717b1aa2d3d77e57c7b660395084e8287dfd9c60823f31b8e24d767ca8dade03d56b3f19076

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ebc0a73cb6ced38a910063802c0ec31e
SHA1 810142023ccd11ffe04bf296e451994fb895c968
SHA256 357f7f643b60d90a88ea82536715a53952f64156c7cd6a61bd41b1e8840035cf
SHA512 9e9b42399da4a388822cc75aa2cef46c75826cd1e77f24eb8ed547eecd3a6c94724c7d0a961a7a887c808da5487dcdf8f046a707fc8e86470c8230427d845885

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\25077

MD5 fedd0ea71ce7ee3c14c47ef357077107
SHA1 40e0c401e9b945d8f39c33be12e514bf3481b585
SHA256 950029f00e73ae41a048c017b3c43605c2f6fcc2402402db99a318fb03615718
SHA512 552a102c34545dc30bb568b6e5b6621b74adbc3a7c82ef3b30dc916e9004215d235442d9eb6c82105d35e95ea2e2d1a54a5fd9ab64e8273a77cfd6844b40c200

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0b94ce5f8d562b6a4456023855167618
SHA1 c8a7e50d9f5bfc1a3b0bd59e200257714575c73c
SHA256 becd9ff3edad260fc79867f9586491989bd6caf5a3fbcf7bd70aaf8a5820ab85
SHA512 b51f5898ba6ccedd619db79876084e64acd6c7a8a4bdf5c739a04240a2777b8b4995301cd951e82ebfe1013dc3aa04d4cdd59945fbf2740c5786500f1dedb97f

C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.exe

MD5 692361071bbbb3e9243d09dc190fedea
SHA1 04894c41500859ea3617b0780f1cc2ba82a40daf
SHA256 ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe
SHA512 cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

C:\Users\Admin\AppData\Local\Temp\歎掏楪錰懤鬖骥鿽婤瓶焹紭崥愼髝褔.txt

MD5 99ddf1968498523f11dbbf2d5efacc84
SHA1 d8a3101e780759f630c4f8b8734aaf6e956729cc
SHA256 59c17fb48660961ba17547f4691c74267fead60deaa63ca40e7e3b374a1b172a
SHA512 40800f9c4198b0421b7fac52b3ef089d0f40b75e65560b44cc81832a3f480a70bb83d67e495b99ddef6d83685e39ac8cf028fa4b4bb4823936f32a9b247a591b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

MD5 5997aeac3b387149daead1102dd631d2
SHA1 669633135f380f3d85f3b8f1243582f00f36012b
SHA256 12561ff48e89110fa778a2ddc44e2f4ebe1e90a21028590c3426b9425a1bd0a0
SHA512 6ba888b4f85c5bbb7c447cee6de215fad16651d8e6f70e08d458decab7a1a265e80d93da57e59182ac05a681ccf46ccb95b911595e97d801d82919cdd2afdf2b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 5e4fdd558ab257d6938d530e38ede05a
SHA1 5905d43c55c27699ba7cba3a2f4238ba302aee71
SHA256 15ee97a45f52b423ad5a46adece05fb5b2810e2fa470358a4e0a165bee12dc24
SHA512 8e532997ebe935c179b1a08d53a5e621d65eb3b725e23d44258bf55ac8470b4e899ff34be26fb8f587f0b5941d1ca8706a3e208ba0e8a5a4c020450c2dc423a5

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4027a719253929461f5e5316680d0387
SHA1 459a96766162bfc356ce881a9a7bc452a115b273
SHA256 0c24dec0466eaed91ef85cdaf8e3e5878e27bee09c906310477ff179130b30f8
SHA512 c9988cb4d19fbf6b97efd67bd0b0b94fb233fc8625aabd74c8cc9b177b7c6535ce08f936722ee56732bdb4da5570e96e9eb4e363cb88fab1df8a3de886fd774f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 58062f69cc24e01b6bc14ac7379aa7e0
SHA1 be8cd9a7a190cfefa5019a1a88226e93cd89e530
SHA256 b2485e613ad024531c59100bed1d760359079dd1513b058cc3bc18590343a672
SHA512 15fa390cf2c51d631f233b28c95b7982a44ec9e6db0ddca6864291054b584d6e006eaa0c9fada41d07c4a163e0a517bf68d78035f678986b0d99d809c281344a

memory/4784-3129-0x0000016561E20000-0x0000016561E30000-memory.dmp

memory/4784-3113-0x0000016561D20000-0x0000016561D30000-memory.dmp

memory/4784-3148-0x000001655F3F0000-0x000001655F3F2000-memory.dmp

memory/5748-3164-0x000001FD84900000-0x000001FD84A00000-memory.dmp

memory/6352-3173-0x00000231C6010000-0x00000231C6110000-memory.dmp

memory/6352-3175-0x00000231C5980000-0x00000231C5982000-memory.dmp

memory/6352-3182-0x00000231C59F0000-0x00000231C59F2000-memory.dmp

memory/6352-3180-0x00000231C59D0000-0x00000231C59D2000-memory.dmp

memory/6352-3178-0x00000231C59B0000-0x00000231C59B2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d0342c50b4099e5eb0521acc252dbe6e
SHA1 58d3c69c4a34fe4ea2801e631c3161ef793e12b4
SHA256 14f94a8bab12ae627a7c9d595906d2b542536e0c13ecd33fe83903839f697de5
SHA512 065d5d07b1a6463a9d985c508b78ea4eff359b29fcb07d4688d4e482dbfefa044889d288f59c2cc733ed4892e9fd142c8403ec2654d88ca9752804ab46fb2e1e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\Windows\3720402701\1568373884.pri

MD5 13e8857c11c103c86af5a010ba171f66
SHA1 dd8f6ee3cd8b1ac01c480e0843c323805c3cf2ae
SHA256 8b69fd5d6b540b3080b438f3cf0d42f3266654e786ce7dc5e85855d309e962ac
SHA512 8454d4a02c15e12428628aaf9df2f5ec48d261e692a8b4f2e7e81d83c3acd6921bfb2d3ebc76f78f124fd0065852af348bec56a91e7ba9c54525615d6b7804b0

memory/1268-3198-0x00000237FA100000-0x00000237FA200000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 be77882acf4348ccbde3d38ee4ee08c9
SHA1 7f6259361514f20b01f774665fee509945787b5f
SHA256 6ec6aaaaa32c3591362d141a191e0563d66e21808442ff88b84af73315dcbfc1
SHA512 684b4396be33161e8042ebf1bfae2de7d346af158995b429fca59f3086434c5f0703166a9de1ed572e824dfd3b1dfa4cb6dd2ed067352a4e934bf7b1e5f5f40a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P1Z2RULQ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/6748-3282-0x0000027E6CB00000-0x0000027E6CC00000-memory.dmp

memory/6748-3314-0x0000027E7E120000-0x0000027E7E122000-memory.dmp

memory/6748-3334-0x0000027E7E180000-0x0000027E7E182000-memory.dmp

memory/6748-3324-0x0000027E7E150000-0x0000027E7E152000-memory.dmp

memory/6748-3312-0x0000027E7E110000-0x0000027E7E112000-memory.dmp

memory/6748-3310-0x0000027E7E0F0000-0x0000027E7E0F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\07W2M6B6\favicon[1].ico

MD5 9c9964c95355aab3c179df77b9b9e558
SHA1 50e995f391853ed2b651a0c0ff5a2ee6a2421a21
SHA256 8f80f6042654d323d0b9012e5a66e6824c277cd9ba49a2bd997333e186aa2ac4
SHA512 db7c9ff754284dbfb6e90d0c666eddf41454373659c95551bec84fb8bae092585e113685770f4c61a88743ede45a6e05dde65a95a06f9fcd160ed0cf210e99a6

memory/4784-3350-0x00000165685B0000-0x00000165685B1000-memory.dmp

memory/4784-3349-0x00000165685A0000-0x00000165685A1000-memory.dmp

memory/6748-3449-0x0000027E7D3E0000-0x0000027E7D400000-memory.dmp

memory/7876-3539-0x000001D47D0A0000-0x000001D47D0C0000-memory.dmp

memory/7876-3534-0x000001D47CF80000-0x000001D47CFA0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R1JVE73O\warmup[1].gif

MD5 325472601571f31e1bf00674c368d335
SHA1 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256 b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 f8d15bb44365a589f52d11f2436b4b4a
SHA1 e6860fcf11199991c5abb0fdd82d7865b1ba1583
SHA256 cd2d1a73b38e1d28a69b8c97cc3de325bf06771284a404103ef1c5805305f9ce
SHA512 3f43afaa6c25b9650833687a853b6c6631d2cb96d9e5a02723a5e897db92e331b6d70458d94df6dfa14d1ec06df55576c87b606a08162ede37aeb27da99fa25c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 d9ac49f35c43826cd5e021add44c32f4
SHA1 a8b0f5a503e297f021054af317840cb6e1872cd1
SHA256 9efc5fbc3d1b95503070022c21996306bd6973f52d562eac2d7079da5ebcce15
SHA512 f1f0d44fb4fb8fb73b72e14e0fa295046840e01586f59410e7f06f5089eb433ba5ec98f2f95f3835cbbb44942b0d4856bef2a4a6492decc0b29f0b8f7fd9a48a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DomainSuggestions\en-US.1

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

1798s

Max time network

1687s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596846597571324" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1296 wrote to memory of 3016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 3016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 2008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd42d39758,0x7ffd42d39768,0x7ffd42d39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 --field-trial-handle=1760,i,13648404179616256306,6717637145039728364,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 content.overwolf.com udp
GB 18.245.218.13:443 content.overwolf.com tcp
GB 18.245.218.13:443 content.overwolf.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 131.109.69.13.in-addr.arpa udp

Files

\??\pipe\crashpad_1296_KFQIXPFWURCJCIPW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1040a3d412e3eb42b7fc05bf06b486c5
SHA1 83e1a6e56895d53069d4837841aa8575be2fa924
SHA256 8a35307ca2017b7986d12cde0db565facfda730753dbc13b7c946c1a165e2649
SHA512 30fc3932838dfbb107d864a7beb54b8fd8567d3770180769e5d65500282b3199306a27f2b6cc9bac74f479b38590061057d4018aaf5c53bc1869a2ceeacb0768

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b9649b3e324db8a74fab0939a575df5
SHA1 ade391d2b5bf0f62a8fdf5105324f94768dd9325
SHA256 46afa6597c10780b2cd08fbc80cf77e2cdf90e1ee3c925eab1984800356b4aff
SHA512 9b7da5d610512c6abc7083c589b2c7d2db01efe51cd9b44469a851e3755e665b4ab6fc1c861dfc1c3250d297b451187db5a3bdf8e27bb2c130b2e71edea1271c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae92eb228b8c50ea1dc7db4e77249f46
SHA1 9a402a75cdfaa72c16c6824925deb25b6eb560d2
SHA256 c4a47502d45e9191246fd79d11b920e531a593e8b223c5b066d256d9aaa0ec41
SHA512 ca9517573a56adf70a4244ca711732077badaeff059e564eb6efdb9cfa93e821593eb490a746424375e80cc0092de964be2544dfe80e8e96726824610205a89b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e07a9ba9c8dc4abd1a7d3fce6abd7001
SHA1 68c3b898bf4babc559036e0765fcd8010afba574
SHA256 5b12c512a8928328fb25a983e96b04becddbdc3dabebf1b3d9d1e7b344ce48f3
SHA512 8acc745390e2ba749a6fa6c2ade4757186ebbfb47be0c711d97cee6746c099d95973bcdb7ce187f5e877eb783d32f3b152e566f5c390dbe2ca9921b1deea7186

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3591490cddb7ca80d4f1b073bdcd2422
SHA1 82980892b13b0e3ce91bc247e4471ffe9216287e
SHA256 47825cb51eddd8e6150d40bcaccdc4edde293bc20c565a3eeda58aa9e20fe126
SHA512 c37595dd5ea689be340509686b3f705bfc0b43e248f7077cc17b2578e22321e7603b37138179f9e7f5a7f3588be9c42e7259761367c0d2e0bc5ebab463a87d34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 04d13452024bcf1ca82d27a973656899
SHA1 3541135755febd5d8a20d6f0438c488f57c55baa
SHA256 0f238702df465c283d289ce647318dd40c3caf3862ebcb19131b235a5d627611
SHA512 f2202d3def080bfc2bea9c663e9ba5da1e03d67bedf4425ea8bc5f1c4bd326964936126957b4da29df03ea8dab72ff7944e8f232678fc8b0c4e2e33886d90152

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:01

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1592s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\analytics.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1590s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\commands.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:12

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1596s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish\template.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish\template.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 108.116.69.13.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:26

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\settings\template.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\settings\template.js

Network

Country Destination Domain Proto
IE 52.111.236.23:443 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:01

Platform

win10-20240404-en

Max time kernel

1798s

Max time network

1749s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\2717123927\1590785016.pri C:\Windows\explorer.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File created C:\Windows\rescache\_merged\4032412167\4002656488.pri C:\Windows\explorer.exe N/A
File created C:\Windows\rescache\_merged\4032412167\4002656488.pri C:\Windows\explorer.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\2717123927\1590785016.pri C:\Windows\explorer.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\ImmutableMuiCache C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 14000000070000000100010006000000140000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcc000000000000002000000e80705004100720067006a006200650078002000200033000a005600610067007200650061007200670020006e007000700072006600660000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074ae2078e323294282c1e41cb67d5b9c0000000000000000000000003a24054aa3a1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000002000000e80705004600630072006e0078007200650066003a002000360037002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000073ae2078e323294282c1e41cb67d5b9c0000000000000000000000006fcae449a3a1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b0031004e005000310034005200370037002d0030003200520037002d0034005200350051002d004f003700340034002d00320052004f0031004e00520035003100390038004f0037007d005c0047006e00660078007a00740065002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e807050050004300480020003100350025000d000a005a0072007a00620065006c0020003600390025000d000a0051007600660078002000320025000d000a004100720067006a00620065007800200030002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000bb79804ca3a1da0100000000000000000000000047006e006600780020005a006e0061006e0074007200650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b00360051003800300039003300370037002d0036004e00530030002d003400340034004f002d0038003900350037002d004e00330037003700330053003000320032003000300052007d005c004a0076006100710062006a0066002000510072007300720061007100720065005c005a0046004e00460050006800760059002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000000000000e80704004e0070006700760062006100660020006100720072007100720071002e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fffffffff9a6406d323dcb4f8a86be992e03dc760000000000000000000000006772bf1b8a86da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a0066000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\ImmutableMuiCache\Strings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Cortana_cw5n1h2txyewy\WasEverActivated = "1" \??\c:\windows\system32\sihost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\WasEverActivated = "1" \??\c:\windows\system32\sihost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133567065551368052" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133567065551368052" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 14000000070000000100010006000000140000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcc000000000000002000000e80705004100720067006a006200650078002000200033000a005600610067007200650061007200670020006e007000700072006600660000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074ae2078e323294282c1e41cb67d5b9c000000000000000000000000fb67ab51a3a1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000002000000e80705004600630072006e0078007200650066003a002000360037002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000073ae2078e323294282c1e41cb67d5b9c000000000000000000000000e1ab7151a3a1da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b0031004e005000310034005200370037002d0030003200520037002d0034005200350051002d004f003700340034002d00320052004f0031004e00520035003100390038004f0037007d005c0047006e00660078007a00740065002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e807050050004300480020003400360025000d000a005a0072007a00620065006c0020003700300025000d000a0051007600660078002000310025000d000a004100720067006a00620065007800200030002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000a29e4f54a3a1da0100000000000000000000000047006e006600780020005a006e0061006e0074007200650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b00360051003800300039003300370037002d0036004e00530030002d003400340034004f002d0038003900350037002d004e00330037003700330053003000320032003000300052007d005c004a0076006100710062006a0066002000510072007300720061007100720065005c005a0046004e00460050006800760059002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000000000000e80704004e0070006700760062006100660020006100720072007100720071002e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fffffffff9a6406d323dcb4f8a86be992e03dc760000000000000000000000006772bf1b8a86da0100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a0066000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\0gktrk2121.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4356 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 4236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 4236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2328 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4356 wrote to memory of 2876 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\modal-events-delegate.js

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.0.458377291\982225481" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e745df-728c-437e-b4da-a7bbb924b7e4} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 1780 21f3b5d6d58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.1.1952419156\4417958" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43f5e12d-cff3-494b-b2a3-48b941b3e60b} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 2132 21f3b2f9e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.2.1253959038\307460483" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2896 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae3f44ea-7fbd-411c-ac62-aa55a08a94f4} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 2872 21f3f598758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.3.469032881\1785591027" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3408 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94632932-0947-46e5-909e-1683888cdee5} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 3428 21f28f62b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.4.1236218330\1893310547" -childID 3 -isForBrowser -prefsHandle 4356 -prefMapHandle 4348 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b49f0cc-cd73-4b07-b6b5-310af89cb9a8} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 4368 21f410a9258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.5.1718797952\1514798706" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c94f8b84-357a-48dd-bc33-87a8e39f5a0a} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 4880 21f41677e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.6.924085201\972246467" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80225f1b-0f5f-4016-8d00-bf79b7c1b369} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5100 21f41d4b258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.7.532460341\1156663133" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef2d60ac-b92f-4112-8a3a-94f39fcfbb10} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5208 21f41d48858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.8.1705511308\1259242508" -childID 7 -isForBrowser -prefsHandle 3840 -prefMapHandle 2592 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eefc6d08-0413-422d-99ad-a8ac155c9e0d} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5520 21f42aec958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.9.1428476092\1708015815" -childID 8 -isForBrowser -prefsHandle 5872 -prefMapHandle 5868 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb9d2c2b-18a0-4bc2-9da0-8741afba1ed7} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5880 21f43228358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.10.1153788310\422221396" -parentBuildID 20221007134813 -prefsHandle 3912 -prefMapHandle 6128 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c82338b4-f2c0-4d34-946e-bb26cb4b026f} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6100 21f43280958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.11.1032511920\689244890" -childID 9 -isForBrowser -prefsHandle 5348 -prefMapHandle 5364 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e545319-2e8c-42b5-8718-76c3edc15f22} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5336 21f42a5e658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.12.1870314092\1339357622" -childID 10 -isForBrowser -prefsHandle 6268 -prefMapHandle 6264 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {137371b0-7f1c-40ed-9295-6b98733d542f} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6276 21f43771858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.13.299635797\950566886" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6240 -prefMapHandle 6244 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64cc921d-13a6-492c-b986-90911fed9848} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6532 21f43965b58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.14.1861724641\576469849" -childID 11 -isForBrowser -prefsHandle 6876 -prefMapHandle 6872 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e05e50b2-1c78-421f-ab80-055d73bce117} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6884 21f43a59d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.15.110793640\1168130426" -childID 12 -isForBrowser -prefsHandle 5688 -prefMapHandle 5844 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46ddd345-6040-43bd-8a37-13dc48f9ef61} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6816 21f42b8be58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.16.797033447\152126643" -childID 13 -isForBrowser -prefsHandle 520 -prefMapHandle 6168 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {387c8c98-f6e7-4c88-b084-b1b23d8d0024} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 4368 21f43226558 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3f8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.17.832467401\1966232919" -childID 14 -isForBrowser -prefsHandle 6440 -prefMapHandle 6256 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5e0c658-484e-4921-845a-097e6235344f} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 520 21f42646a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.18.1547927059\983554285" -childID 15 -isForBrowser -prefsHandle 4684 -prefMapHandle 4356 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c7f22fb-7f8d-473e-acd2-f87cd24df82c} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 6848 21f42754d58 tab

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

\??\c:\windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s IKEEXT

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s WpnService

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

C:\Windows\System32\rundll32.exe

"C:\Windows\System32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.19.1829647289\777491294" -childID 16 -isForBrowser -prefsHandle 5148 -prefMapHandle 5144 -prefsLen 27960 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a7b0539-1c86-4cf4-a204-a203416d3ef3} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 4900 21f42b8df58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.20.468371757\838502806" -childID 17 -isForBrowser -prefsHandle 10956 -prefMapHandle 10960 -prefsLen 27960 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {655061ae-afd2-4762-9dc0-82fbd5cba8cf} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 10948 21f438ea458 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x408

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4356.21.1188077682\1926174881" -childID 18 -isForBrowser -prefsHandle 2564 -prefMapHandle 5288 -prefsLen 27960 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dfc21ef-4a50-4fb9-a9b7-e80ba7573425} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" 5376 21f4419f158 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:49779 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.164.250.149:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 149.250.164.35.in-addr.arpa udp
N/A 127.0.0.1:49786 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr1---sn-aigl6nek.googlevideo.com udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 173.194.183.102:443 rr1---sn-aigl6nek.googlevideo.com tcp
GB 173.194.183.102:443 rr1---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-aigl6nek.googlevideo.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 173.194.183.102:443 rr1.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 54.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 102.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.167:443 rr2---sn-aigl6nzl.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.167:443 rr2.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 i1.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.46:443 i1.ytimg.com tcp
US 8.8.8.8:53 i1.ytimg.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.46:443 i1.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 i1.ytimg.com udp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 167.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr3---sn-q4fl6ns6.googlevideo.com udp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4fl6ns6.googlevideo.com udp
US 74.125.1.104:443 rr3.sn-q4fl6ns6.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-q4fl6ns6.googlevideo.com udp
US 8.8.8.8:53 rr3---sn-q4fl6ns6.googlevideo.com udp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.178.1:443 photos-ugc.l.googleusercontent.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.178.1:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 216.58.204.78:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 216.58.204.78:443 youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 74.125.1.104:443 rr3---sn-q4fl6ns6.googlevideo.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
GB 142.250.187.206:443 youtube-ui.l.google.com tcp
GB 142.250.187.206:443 youtube-ui.l.google.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 173.194.183.102:443 rr1.sn-aigl6nek.googlevideo.com udp
GB 74.125.168.167:443 rr2.sn-aigl6nzl.googlevideo.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr5---sn-q4flrnel.googlevideo.com udp
US 209.85.165.234:443 rr5---sn-q4flrnel.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-q4flrnel.googlevideo.com udp
US 209.85.165.234:443 rr5.sn-q4flrnel.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-q4flrnel.googlevideo.com udp
US 8.8.8.8:53 234.165.85.209.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-q4flrnel.googlevideo.com udp
US 209.85.165.234:443 rr5---sn-q4flrnel.googlevideo.com tcp
US 209.85.165.234:443 rr5---sn-q4flrnel.googlevideo.com tcp
US 209.85.165.234:443 rr5---sn-q4flrnel.googlevideo.com tcp
US 209.85.165.234:443 rr5---sn-q4flrnel.googlevideo.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 142.250.179.230:443 static.doubleclick.net udp
GB 142.250.178.1:443 photos-ugc.l.googleusercontent.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 rr3---sn-aigl6nz7.googlevideo.com udp
GB 74.125.168.104:443 rr3---sn-aigl6nz7.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-aigl6nz7.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-aigl6nz7.googlevideo.com udp
GB 74.125.168.104:443 rr3.sn-aigl6nz7.googlevideo.com udp
US 8.8.8.8:53 104.168.125.74.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 172.217.169.54:443 i.ytimg.com tcp
GB 172.217.169.54:443 i.ytimg.com udp
US 8.8.8.8:53 rr1---sn-aigl6nzs.googlevideo.com udp
GB 74.125.175.70:443 rr1---sn-aigl6nzs.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-aigl6nzs.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-aigl6nzs.googlevideo.com udp
GB 74.125.175.70:443 rr1.sn-aigl6nzs.googlevideo.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 rr1---sn-aigl6nzr.googlevideo.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 rr1.sn-aigl6nzr.googlevideo.com udp
GB 74.125.175.134:443 rr1.sn-aigl6nzr.googlevideo.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 rr1.sn-aigl6nzr.googlevideo.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 74.125.175.134:443 rr1.sn-aigl6nzr.googlevideo.com udp
US 8.8.8.8:53 70.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.175.125.74.in-addr.arpa udp
GB 142.250.178.1:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.178.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.178.2:443 ade.googlesyndication.com udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-aigl6ns6.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-aigl6ns6.googlevideo.com udp
GB 74.125.105.9:443 rr4.sn-aigl6ns6.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-aigl6ns6.googlevideo.com udp
GB 74.125.105.9:443 rr4.sn-aigl6ns6.googlevideo.com udp
US 8.8.8.8:53 9.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 172.217.169.54:443 i.ytimg.com udp
GB 74.125.175.70:443 rr1.sn-aigl6nzs.googlevideo.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 34.117.188.166:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 35.244.181.201:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 2.18.121.73:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 216.58.201.110:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 216.58.201.110:443 udp
US 8.8.8.8:53 udp
GB 173.194.183.166:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 173.194.183.166:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.78:443 youtube.com udp
GB 216.58.204.78:443 youtube.com tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.242.34.204:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.178.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 173.194.183.102:443 rr1.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 74.125.168.167:443 rr2.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr1---sn-5hne6n6e.googlevideo.com udp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-5hne6n6e.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-5hne6n6e.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-5hne6n6e.googlevideo.com udp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
US 8.8.8.8:53 i1.ytimg.com udp
US 8.8.8.8:53 i1.ytimg.com udp
GB 142.250.200.46:443 i1.ytimg.com udp
US 8.8.8.8:53 i1.ytimg.com udp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.230:443 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 rr3---sn-aigl6nzs.googlevideo.com udp
GB 74.125.175.72:443 rr3---sn-aigl6nzs.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-aigl6nzs.googlevideo.com udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 rr3.sn-aigl6nzs.googlevideo.com udp
GB 74.125.175.72:443 rr3.sn-aigl6nzs.googlevideo.com udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.187.225:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.187.225:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.187.225:443 yt3.googleusercontent.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.1:443 photos-ugc.l.googleusercontent.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 142.250.200.33:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.114.21:443 glb-db52c2cf8be544.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\9088875c-ca46-4c34-a01f-6b2d69a93757

MD5 2dd4c1462646b6d8c69eb4e20dad6937
SHA1 67f94bf1226b23be3805b8aaf5810a4fcc004439
SHA256 36e73a01d3a8fa6a84df76811b3c6b46f9b9d3cee87b8377d1346836e9b29b15
SHA512 a797f962dc42ce2c8331193a02b66e63914cc0d7fa6dfa3e3226e04817b9d6358eb412572438ba25a6bb72a57399ae251d0688256e8a90a065505353acdeca3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\f0d4c397-7f37-415d-a573-4fa9226efc4b

MD5 3b290baf8193d9cb43f165b68f2bedbd
SHA1 6641bfb01a76a4bcc84110987153aee85560a2dd
SHA256 9546f14aa785a952cafe48d8359526ef6beeeb1ca16cc76303940cace922b3d0
SHA512 c94acda5edbf4fd7def0b30e036079977c0970f8374672e33e9540f731e434c0c6e71e8b562bc24153c2cacc22f6a585b6254728112e8f71ddf28da6ec8377a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 68b27c20ce268b68271363a95bfc33fb
SHA1 2da540077307a110b4f1a99839757aa30982509b
SHA256 00f49b49b9f92883abdc4a001728e9239ee708fe6dd9cc5e86cdb99b6f432a75
SHA512 e41563bcb9d0a0a78d2049224f9ef6eaac625f1e49b71071a51e71c53d9de857cc3b04f11889e3351f07a9ecef0b8b426a59fab17b1f2934729a04307a9f23fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 c4f99645b66c26f2267ce1e3306a6f35
SHA1 d617de8854d7461b437f96d4e34bb5146cb8b209
SHA256 0ecb6f15e9a847fb6384adeb1d18dd127262b70c070e1b731b2a5dfd434d2b68
SHA512 010e45ba614d8603980d4688eccddb073dabaa30b0ce30527900770b9615945c96ce20efe0b287f303bbe56a23f0ed4d875a0b34a680b9dc19f0ad22f6431e88

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 90ab70ed3b3b15c3ce6420ed8706934a
SHA1 5eab130856c9b8c94bae04308f1fbfe951d875b3
SHA256 6a9a5cc2161750c8f9ca8341798195d431623850928a6ccbee40f2529187ea38
SHA512 d4e1e33662ffb8b376ae2dce713170c116d47e9e22c623efdd48cb1f01dffa1ec32ddfdc1ea0256181962b3cfecf4db559659c7da9a23c3a64b809be9df227e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 673df62ba09610bf8926357cd45c2b2f
SHA1 0fff2ed2353fdd338b1bff99fce7eb957eb7012d
SHA256 d98d71d7bfea253e663ba929b37bc6acf7d066bc9d1c46220b543d5948d252d7
SHA512 4f4f842a6c51015148f4afe18b5d56c544c28e7649e886bbbbfe02b5d48e197fa46912c90724d4da127e4b91b0c20340e9555d85dff152b3693f6307f82852d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 03742ee3622290535b7d8d7434c89d22
SHA1 270955e9ccd5f9d5a0d75f8f598971765e8e1d23
SHA256 f0a4996b0be9ac422e0de23b79bbbe6f725af7bc1ea8c8a2dde4278e3f24e295
SHA512 008e9804677d951bbc1aff1b4abf8ec9af0e6586adba78a1c634a107326f662587eaf9cbb3b3cdf7518e2715bf84e075444fb16c4967f95673f8c27e4db284f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\idb\1241031584LCo7g%sCD7a%tcaab5a9s.sqlite

MD5 ce61ecd743b386d489e7ddc60593f243
SHA1 ad27e13f480091a14c233b284e782f579a46fc5b
SHA256 2ad7b37e05d5f9ed0d3e9cc12e1adce07b842b8260f87253bd54f17d8b88beb7
SHA512 94cb8699354a34c84b25644ecfae66b2238c6deb62eae04f006071850c7c679f77bee19e6d853b9e5f3b4a6ec4a8860adf5490487898d33785d88f0a1015b1f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\119\{7ec7bf13-1dd8-4ed6-861c-74b438e11d77}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b81d475fafe9d9bf8822680495466170
SHA1 625b5449e20581bf2037add4ab25c80a302bb611
SHA256 689fa2817d218401f630360f8eb0702c56622968d8dd7b1c108553fa995915d4
SHA512 d12435222a0f9a859f6d0711cccb8b9deca7fb849faa4b6673a3752fa90d108025487b634de8d12e5f783bbd8897328c4217a3fef231867714f758bf82c35679

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\15444

MD5 197ae020168a4c35a9c6bcd3e720e68f
SHA1 4539354ec00637c43f8dcf787f8b35220a28c701
SHA256 8b83931f0feb4149b9d43aab0b789d8dbc20d6e4ff9104f7100a0c77637628e7
SHA512 77a8101f9e2997a7cb88ef18e484c3d731b4d20fca96deccf629305cda1e91ccc05a2ce3dde2d000b6ab292edbc8e0fc6509a1f1979356eeb46a27256c0c1298

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\22814

MD5 e86eb795f3ee32899b783024ce00c950
SHA1 3b398d8b70a4f411cbe7602cd9cb592b6be0b884
SHA256 db9d54a15165c098293edaf08573ed1a717bcef2ec2e9bcfaf8570deaaf4eb54
SHA512 50cdcde963d2a773e61e1a272ad93f26921bd7f9092ad55485836abe22124ec9349c9ccc02fb96e7dded72a8ce8cbee2d69d907c5e801f7a6c37ca69615a2412

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\1933

MD5 69b4187f22fcae2e723a739f189d393d
SHA1 decb4945d3fa3b339e0c1f3bdaea07c74bc3c8df
SHA256 dc66bcfc69731c960ffb5108fe2f0378d58787a8559e9c00c476f4d77966e32e
SHA512 82f3a63a25cd406c58521c3f3d2950cb57dee1383b466ff1a8ba473ab8539e1d52747a6ab946a69fac2c74ae7c2c0bfdcc8f2e944b3fa6690353aaadbffd763a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\5\{2dd723e6-0010-401b-95e4-3085559ba205}.final

MD5 be203547ce77fa7a91259437b55c0d1f
SHA1 cff2ff2c9469ac96eff7baaa308cdc886fab804d
SHA256 e5f9c781a4756c64455652d9b4bd944aab9ecc1eef556814c00b1797209f4840
SHA512 adf00778a63ea8a143f8fbbf61188392a87a376234e17856339036854cff3a5247aed0b1c0b603332e244d348d58402ba58b32f6df6cc8e18f9d8242f6573f71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\164\{6b9472a8-b5d6-4aea-862a-cf1b1586b6a4}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\155\{3692fa82-4af3-4251-af8f-123156cb929b}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\97\{b49fa4d1-31aa-42c5-a9b2-1d4686f4ba61}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\82\{ce8710f5-c79f-49e2-8e97-979de5d5f752}.final

MD5 dc9a7fbc5e4c905d180f1e4af881e592
SHA1 10fd3d3c3c0a7fbb4246bddec89405790d5ac88c
SHA256 dc5e1c62c3c105bdbd2643cc83cff3593ae9c24531c161d45c459e24679326cf
SHA512 d348838561513841cd6d3886811888622ffe7c7963c3a0a521dd80ffdae18d21ab044da2772fd5684014293872d172e6aac71493d048cf6731cfb1b37fbf9121

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\59\{f6ffd2d5-6bfe-43da-a6ad-023ec01a583b}.final

MD5 184e8de5f2d1b10b1cd688026dfec0ca
SHA1 dd632464c3ad026e57bac8efc3348eb7349dad84
SHA256 e3aaf869118c6db298d843c5308262f88ce5ba474d88e7043badfdea4471c93f
SHA512 e3495544032b7f6760967b0ccf57861ec5454bb32e8f5f7d2165fa63e6ab580e278275a1f719fa55fa17fc0a3aa9788e15ba60ff2ea0e25557f0160607066143

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\67\{1a3e2d69-9b52-4e46-903f-c2749d402a43}.final

MD5 440b8569f0166adb464f65b587fc1864
SHA1 bd9ec70774c72144b24d6b025169adcf97f4100f
SHA256 7679aaa38924228f58794ffd76387e65f03fb1a7ed42ba79a369069f2da4c13a
SHA512 2a4d57dabf61b213de49a46569ad00401afeee417d28936851c1ea346d65d5019be0b8092d1857b58ca0bd0f2a1407452920a2f3e0a69688d61bef25b419fcbe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\198\{5fa25cf9-b184-4fe3-97a7-16b0fa88b6c6}.final

MD5 4281c6880b38580a12983db6afe98254
SHA1 052f3dbcc36e439f4f23b1e1b608d92ee8e72654
SHA256 98cdb9a3eef1764f2034497868bc60328364b1a414eba55860fc1756aa5f85b3
SHA512 6b92b3ccf7ab00db56c0cd6c7c180741e1a154be3cc04199b883e7c350a818a6b0357454116ddc86af433f3afd57cc8dd89efed7cd0dfda6c3d9bbb270dba533

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\190\{6306b9a5-9756-4da2-b670-fc24158a2fbe}.final

MD5 590de80c94ccf9eadb9c7d51be8e796c
SHA1 e2c967e833e34a61c7bbb2cacabad6743f3d48c4
SHA256 75b7670458b285925b57d33949d24b515dd8fe50466ef7e4a4cbd9a402f168d0
SHA512 d06068e443b20e3778c98441fd8fab3bcda4fbba3daa683e3e7c18c0de280d59d4261de63ef47ce8fb9a819b3c7f8d612f7d6b7c6fed591be25c19421ebd7a91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\2\{95aaf1b9-b964-42a0-9cc5-b26bb6839e02}.final

MD5 5525a3d889a5f2b22309572b81eb632f
SHA1 75570ecf4e74c8094526263c3f8fcaf09d4ea87b
SHA256 82b1f81789c3cf58f4985bcf3dd14d3606a9bda013bc08501e36bf46c4fd4e52
SHA512 d1e9153d5da3549d63b5833648191ec199a616e64c343b2985a11626465bcb728e39a3a04b906ea5bd42bff8b7376ef1a26e65c4e62b689af0cba19487fe982c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\19\{33bdcbb5-502e-4a27-8320-1d4020518413}.final

MD5 a5a12471c60b1660512fce9579675a2e
SHA1 d702b7183c27a6b08b626c9bba460ce0e20a7395
SHA256 2b8ad66d9eb14d6020cc86c9472a8d32859faec20e5bc971bbbe068753b378c0
SHA512 ec69cf09ef623b7971bf8a42267e23c4f5265127608a70d1ea8ee7a910982e075723a0dabd7053022905c9d0e44cbecb4fe2fb1005258fac9a0bd5a33f3b6014

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\16\{ac7874e1-f781-4bf0-88c3-137c6b541510}.final

MD5 fcaa7f35d0b6f5dcc3edf6ea35b7ef98
SHA1 37eab86381cd122095b712d205eefd4c15ff49c1
SHA256 67b688b893251d9e52650b3cb720b6f8be62c6e1afec8ea4b223a8e975d27b1f
SHA512 becd339b63fb55676cabeed67fbf4e28740feca0995b8734a430359c96e14b8591d4242a526d920ac8893d9d22ac125288e8ae8dbfb0a0fb484ed8544774958d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\246\{82178e61-98c9-44d1-9062-748ae16e0af6}.final

MD5 a5b6e175f5a577af3302c7029593adfc
SHA1 7b21982420c602f2678b28d3eeb7172d5c491903
SHA256 02240202d841f7910cfc4d17aebdef67a1084e704359fdf544d80dec3809a8e1
SHA512 9e62f4350403815e642a70d746bac7c8862238a8f108491f6e33031db7ebef4ce91a9a97d83f9fe9c15dd70333bda1229dd7d1ee709f964dd8c65071833b6544

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\141\{02aff09e-203a-4893-815a-6cf83308998d}.final

MD5 3f7a4ebdd9e533cda0125618ad02dadd
SHA1 8f024e90ae75e5926e0f9d0847e2a1520b4f8eab
SHA256 3408ed8bd0781a9ee0576ff0ddf30150456e0fa59b40406b21248613602c1043
SHA512 6257799dd555ca13833a2320b10056a966f1f384d474cc66e6ead51a76b726e66ab64add92d9bf3a85456ec75b5b97404bf7574eab7d3e6090b8f60d2799c1ca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\161\{24a1470b-e0f8-4b75-8f81-24e816616ca1}.final

MD5 321ea72e49df8692233391c1f36451e6
SHA1 2f016758fc5830a806ed9891e574936db521c034
SHA256 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0
SHA512 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{2a61617f-7ceb-4a22-86cf-7fce1a5e90f5}.final

MD5 fe5981f30c81e299a4b3cbb8d54c236d
SHA1 86d257366f84c5da701ce39084e8bd6b54a644c5
SHA256 d94c2ef736a7e46e3c6da5ce1b0f4ae07d1aedf5de035104fa48c3804f5cc86d
SHA512 51bc339682768b4ab038325bc12186aa16836e7179d36ecacdc8b4559b70e76e7868bfbd1ae19af5fc35ee36299060166d5c4da74f70c0816849510f93e2a403

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\6\{c4b364e5-0882-489c-92bb-8eee50243606}.final

MD5 ee0078268c18aacfbb32f121a2bc2902
SHA1 413487a0a575c27405b739fa8938a66b61a24149
SHA256 9718aa5eb454fe31d59fb6cb2d7bff3ba1f7e73b171c76390ed97b749493a85d
SHA512 2d776ef4276e4f8cbe7782e1aaa91d78f1154cafe818b8fb507e7e5f823c1ace750e8b2214a82448fe0d3be43fc25f1c15eb93d9198ca4c6b1962d19af45ccf2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\2\{b8764f5c-4060-4cea-ab2c-f8455cfa9002}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\181\{f0f84fb3-e8c4-4a27-a478-2c23018f72b5}.final

MD5 41d7c0ee3ebd3ecf60e8f06238d8976a
SHA1 313d08e7b04eefdb0ec87504462f522d7cb94d4d
SHA256 7b48b7ea9af7535de272491304ba8988db28c4cdf0d50c800e7d461666e73efa
SHA512 9619b290dd7e07d7a4d9768ee35dd564e37f1b0f4357bd2cb8a39c1289772f275f23f260114fac395974f544ff70efc168285a34611f40950eded0735d2ca6ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\100\{54c5fe8b-d204-4df5-b5f6-baaefe935164}.final

MD5 18ea68569ded72b5f8f681906febe6a4
SHA1 5797e923cf4e23b0c5b834923ed11b3fd101ebf4
SHA256 3f7e5effbbc5b1d293c34e82334eef3f6f20195436b46a97c9322a406af63cc6
SHA512 e32bfa8081fcb47042097617f10454358b0fa206db22cf3d4ceb09c7134ca97c4cc3d8d283e1dfe7b4db13c0254ca9aae2fc2dad38d50cff4375373d76d9e060

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\55\{a9470083-bb5c-4c46-92da-f09b0a1fae37}.final

MD5 a601665adcb4c6be23f3f43db3ecd713
SHA1 daf1dbb4c74201e6e986283fba3603b508d576d2
SHA256 38f281885066fb223a840e11199c5fe053ce470857cb8ffe5fdee25e226e2e7a
SHA512 b60b5afbcafcfb4d4751dda855ce4e40674ba635a28dee30b9ee8dae0cc1a751623ebcc3f1657aa1e847ba317dbb4bcdf44e73fd68b96ddb9ebc3d0a73bb5ae8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\76\{36a0bce5-efbd-49f4-8e4a-0b486c26ef4c}.final

MD5 31f682f3d011c942f1c41b7f915eec10
SHA1 0163e4cb475138b8f6ef221cf0bb15055f628f4c
SHA256 00392c87ab0206705a7f066ab9b2cad308eb3b2d0b538fa535d053b0c662c48a
SHA512 da32317bdc01471cf7fe107c80d3b69646aafbde3ba9ef7d4fc674c56034d78dfc08ef33d8c133cdf198e4ce265625c8411cd85b2cc6d57016af360129db733f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\197\{1b44d773-79b6-4f82-9f29-c054819b5ec5}.final

MD5 25bc26013ca16ec022cc26f5370c3769
SHA1 0b959045667e2ab2efb992cdfe8abf8d833ffa83
SHA256 8e291ff624d1139db9423256f8b7637e909580a54b8838c81119b12cc631b84b
SHA512 ed775d60df5dfa9d6fcabeab00e46d6ddd421f19c8de2ba3d1a78786cf70ddcd86e3dfce18519d916078a36a23f64e9db42149a4e3c26d58ffdd565f3dd9afdc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\194\{a12650e6-67b1-4e6b-aaca-5cc1bae63cc2}.final

MD5 5dac736054f1bfd6efddc9f8941f6513
SHA1 8d333e22dc6fa20e26c4732d5ff91c954433185c
SHA256 e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175
SHA512 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\73\{e2106920-5b80-493f-a6fb-6ac7a48ad349}.final

MD5 3a412424ac9e9e38359ed78efdadc85c
SHA1 efed1bcfc57a1a6b9917cd3bc20d59f767adf5bc
SHA256 8cee6015ffd0f547e1bdfc958c906df98b64e24cb6dd5d89cc1aa3b38bd62bd4
SHA512 244689ba698e3c6323e8b72acc8ee5672bcdca4f859dc402e463d09b631861c996d90f8740b75d7e1668abc27ec447a1cdea1aaa30434ba56da1f7b06b84d57b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\143\{13f3dd23-fe26-48f5-a176-23255b791c8f}.final

MD5 b3a912f7ad1772f6fe5812fb79fb8f4f
SHA1 00443a5067e504d2b102a4358ddb6f0484d464b0
SHA256 7663eca944129445deb2757f49ef731ac2a95ac01080067f5938dcc0904fcd7d
SHA512 58e365169f36ce049bdabe6c19ef7788684a68b2b38fc499f0cd7ea8232dccf0708d585ecd249d9a92b2023fed544145b967848e50ba44b0d2af5447abb0b761

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\252\{1a6eb76a-ddb1-48c6-b571-d280988c71fc}.final

MD5 34eabb6d7873666c4dcd0f6e2c379fde
SHA1 e6dceb2fcd82d2513d383afba73625a4822b44cf
SHA256 2f6cdfea39358c552286c9a055d5e364e27d8a1e6700de932fd8f406446d7048
SHA512 ddd2d6d1c98d67ce10e3c4085fcd33499767b0a158de2975cc6993f2cc06c8c09cb1daf1ff628e4cf9127c973e87a6f3559e3459de1ffe4c8685e40c1998ece9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\39\{0764df43-3137-4bc8-847c-60136ad9bb27}.final

MD5 887d18f5d2a951296bceeccc0a2908bc
SHA1 d9ea3e25c31f63fa2b5c234df3f4a22c87b7abdd
SHA256 47c2305553e87db8d59361705090fda372c32938564297a6db1dec0e5dcbcf20
SHA512 ce858e1c6730655d32e099d8c2804288a654bf2f7629c9bff0a28636473c1834fc9f8e437e04b0b985998ee7cc499abc3b474ab292f3d7180e5e6adbb4d07956

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\6\{e2a15c99-3339-480e-949b-6ecee6878c06}.final

MD5 a57c59c5082da22125cfc69197546e95
SHA1 ecbc238d1f440562832601a78bc3fdc052df1e0b
SHA256 aa70e89647f51593908420aa5856e5ae4f663065bf8a12cc4ee1aba1a0916a9b
SHA512 ca88eb897f8ef1fbc65b1e2e426a2e8274a7cf8c225e02e5406c39ef5d1bede11a732673162e21379773622207b28c9a45de83a64aed110ca82218e7097e7cd0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\145\{7e20fc52-1e99-46aa-ac58-d399b3e4b791}.final

MD5 abada082ffc6679a2067c452c7cf2afa
SHA1 99a4e6c70bfe85066f09c2ac1b2108d05f129c52
SHA256 fdd42399b41bbb74565be3da15f861b96f044ddee74f6f2ba29940a96b1f2031
SHA512 a4db103b9409b1a544ad9e449a3cd65db72937fa325f1d08419450997f0de9b1481fc7c31ec915b89dfaee13f42f4e50bed68155d2e39d42332c01f4f4e6fbfa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\227\{aabc36f7-e1e3-4e81-b4ab-c726be4860e3}.final

MD5 0ef1f531ef723ae794070d8fb9f22e7e
SHA1 359a185e7e59e52162aa084fab2f31d2131d2da1
SHA256 7b92f7b90080f024b9f265b888631c058878628e569fb1301c8dc93ecafc90b6
SHA512 876120bfdb112bdbbbeb2a87140af386ebf91d13b9bbc02cf7e96fa0f9f10d66c4a7265811b7ca79223a61fe141712ea64c5c2773aad6199648e3bcd496225eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\223\{3d2c990b-60d6-4a51-babc-4db21a74d2df}.final

MD5 6593c3cd0cd304b103124a65062a274c
SHA1 aba82966f9eebb81bcb05ab9eadc5f9ec7087f38
SHA256 89e8c95a42b02e26e31e55e66381898d19e3ad9e6da3f27ad837c7470f9b9324
SHA512 ac4026f5fe5346f518171c3ce08c0ba5652382f1ef83b1358140e5696ae1721d980b925925ca24d2b84cc6a84b5fddc9433ac492c943d09ba2f8f2485e892768

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\108\{94d58a78-0626-4d01-9aa5-7237d505ac6c}.final

MD5 a16ea228c26d9635887c0f16939633fd
SHA1 4296ff50e58e69f667e69a5eb0e4b33d5584c011
SHA256 1147a378214d10a08296484419be2cfe7e251bf90f5f0ea9897ec1b79e195664
SHA512 357c2daf556aa2471b6f0887d32000939044ce584534fa0fba618fbec99031d0569c5ce662a9f3c1235785ab3fc9116e095e99396a082cb60e1c763f9e561c74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\85\{f6b91a70-ae36-4e35-88cd-81d633ab3055}.final

MD5 c39ad8422f2a033a19029e992171863c
SHA1 d4bc0db91f8b6a7e562632cdbc47238bf7074311
SHA256 d4b92610c82ebb2fa1beecdec652dd1b40731ced23e5281a1746739bb9636783
SHA512 abd2d36b411db7e869da2fa6434644768801ee8db91c4b06a15b8af4e3bcb8b58721d654a7208809eaacceb2d17a91bccf8d40aeb81c2ebb0817eeeb0a9c31b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\37\{0848080c-c116-43d5-8d89-0b5ede4bc925}.final

MD5 3e7dc63be6da02f295c1b9a5c56dd322
SHA1 0aa6083dee17a265efa6814d10f0171753c5f042
SHA256 6ccac4a1dd37f1f6d1bc68aaa92f48f02d92d3a23be15dee4d83c0b892fd09d8
SHA512 3ee1d46e61646303fbe77cfae5231366edd2862e9c2bfa45529fd7e90d7bf8fb62969c95f4125a17760ba6f934e5d51dbb5ba42bb43e24af33b43ffc0faf53b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\191\{78df9aa5-6952-4e85-80d9-22fd2832efbf}.final

MD5 be912f4bcd3b478ace5df6dc46d82aa8
SHA1 2485e534279a5fa834a6e099cccc92f20c91052f
SHA256 8a3103971412691de6ca0bf149f63e274d5347e8942210e0b14470bc2c74538a
SHA512 8d082b4bbdc165115c47454a3d641a6d6fc9ac732a6f2bc511802fae3ebdba8a84ecf64d1acfe1fc9c023cf40ae2520cd74d5cc428dc9eba7913a2323b27d59a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\117\{2c2060ba-2581-4cce-88f9-cfb46ec3b075}.final

MD5 ed6fd5e11dfc8e4cf53ea851ea9ede04
SHA1 fc392e8d4f64aec77d892182f63fedcd543977bf
SHA256 478c763f896d5b271626a85070b75e8d66dd1eed1dcd244d9d6874bb1c24e6b1
SHA512 5da78d681d8feed8958b8fc60c4bc7975e9a4cf3e94e884e2525005cc1852c5643cac43cfc0c387381ab6f8d97d90a1d22b31faa0a1ee3529117b471cf6ff21e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\253\{3da669ad-23d6-45a1-a0cf-6e108fe640fd}.final

MD5 a8ac2b1daf1197439e18577f9341b301
SHA1 7c6e18163d4915ae57f27df9cfe607834bb998c8
SHA256 de289ef6a8ba393577207b6a036d9bb0462b56479d9fceec6b4c094c8891a72a
SHA512 617ac8779a29725613666c729e3b0976f0bbfda6bfc358f7e606a552dd0ebf712de791d483965a72b225412fd7532764a2ccb2df1b3b91666ff25fb841cd3c93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\61\{e156e296-1fd8-401f-9abd-ab22d5416d3d}.final

MD5 6034306070954b482117c7883f153714
SHA1 dea03382c66843d3b2f548bcc628dbfbc3cab661
SHA256 dacb173c166fb4640953753914c783a1c8aecda2eac07dbc30ca70804bd8c029
SHA512 dc178d0f42734ca82160a12caabd406b1b16f414e09d67fee35092249aed61f570702bd1716a169c1e97e33fcdace6709e98044884e7459e453377f103946e62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\119\{4d83b4b2-187c-4464-b1cd-8ae258e81577}.final

MD5 9aabec02bb846ee3fab89838fc80448d
SHA1 8b0f294de64204dbee03446885a8f31f03a22b17
SHA256 31afb122c87ea568cbf6b96fc5bb8ce12eaa379581d41c269ecc4674d452d72e
SHA512 198e2db29f6cd3807e92fdc6fb2fce689ead581fec734e414f953595d1d4dfd0de8a23a364d3665380b99e58c4146d4899ba0ba6e3e818dce29bdf809ca00b73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\202\{7b3369d8-a861-4dfe-9d87-e9489252e8ca}.final

MD5 7b4110fa3efde7eaa286ecb28002c24e
SHA1 ef18905bf90bcec8d651b137f902e2d70968b960
SHA256 3b339433141e9d91736ec678e692c2ec5890be7d216f4ba576461109835b802b
SHA512 bfa6025d1b2638ec2aa85188c52d1d15b9fe8c85f1e431da724f9a28bf6fbe78299539497a24fce08e48985430e713c5982aec2cc5b5c137f5b611be77767fac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\149\{99f81555-f75c-47dc-850c-8b14cd65a495}.final

MD5 8074dc643bfb7d1c60ceaa4761009fb1
SHA1 5178bcc18bbe6907f7603a90c9ef1dcc2c3bd9ac
SHA256 df4188f88b0fcb6b315de652baafadc68de7649e7c3e16f83e162d7a8b5a2751
SHA512 3d58b3e2a7de3ce79cbb8c43471431f4ea6e7e19116057a655cd997c7ff9889f0352e69eda49009a2de52be254fa2cb125d3566d281bc567d4812c9b5bdba62f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\125\{1a43980c-1bdf-48cc-92d8-fb20f3f1aa7d}.final

MD5 162f09323b6a93d1a573c6059f56748d
SHA1 01ad3259e6f31b5574868f7e71a180917e480328
SHA256 66a152f9fe8afb18db1fa201c5054750721af807e1dfafab9ba70bb17d131cf4
SHA512 0ecb45d87d32d12fd0ec446c3a9b8405162465d8b940eef6c86cb634962bc4e6c95e6ec18d6744e4e8ed730ee4417f10a7808b505aa1ccb78deb58ba0161a5e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\133\{c7811f0c-e73c-45b8-ba3c-b67747ebd685}.final

MD5 c0540c18cbf85eba330f97b8fae2375a
SHA1 65f9ef9c5b0664ef9bc045344224a266d72c7861
SHA256 d540c5c26f2eab78ecf7fced4ac767f1af89e7c3eef303e4027d4fc77d6e74ca
SHA512 d6bbc155fccf19afd17cdaf3b9739e8bfa732c4c519aac5516447c23ac9e1d97f5a6a2e003cc7cd09e9e9de14f28c88de6bcae26628dfd0aeeb4ffa8f0d95a56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\228\{855bd000-8bdb-4274-bf33-56869db9f3e4}.final

MD5 5409f7bf4f5bee52df75c2e72dcc9f36
SHA1 7d03d02ac3127b6d3bae88725b830f05e2c19b92
SHA256 1e026c82f67c10fc4746f558ac948fa6549402b7331d97fcf7b22690cb8a6696
SHA512 b3b6a124599c979b29f89ecb3d28f494e1d9046e373539f94acd3d89de284dcadf860c38067bb496e0d8a9d6f1a4e54e15a82d0dbabfcc6280543a25b7bb86f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\209\{e1282fa5-b346-43fc-aad1-baf3659d9cd1}.final

MD5 982db069b2cb3f7b12df524ac058cb75
SHA1 b3c4cee2073c9b11afd4fd4cafa14506dc7c4c36
SHA256 77015506cc1b153afc0ed88730d3248b4a9616edd67cb03d7b671c7962dd74b1
SHA512 53d24e86229558747d0291ea42632fc1468c7f672b38493232a75bfa5da6e58312e64905b6291593adad411563968edf9c035ce95c48d60d7a7a0151f0c94692

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\209\{7df28d44-78e4-4d98-85b1-d89a71daaed1}.final

MD5 a975d247eb217c175e9104e649cfa5d0
SHA1 d85ba5f059f8b624aabbdcb974b16d05fad94b1a
SHA256 3165df152edec50d78e9a54edb28e74682976dd15e4bc1e7ae72a5838a8436b4
SHA512 cd11924a023f8c57315aca37f3b77a90b2ddc2db55417c4002e916c917fa7826c521240a646e24b94ce72192bfcc2739b1ec0edcb790ae33960a3329c2af22c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\55\{8e4ffa5b-2159-4c42-9050-0f4faef7cb37}.final

MD5 680103ce64ae5c8edff61a1e3240326c
SHA1 03038ee24f31ad0b8da727f0c3dc3b5879b26c8e
SHA256 3c24065c3b89ce87c07f724caf59d270c80b7a072d751bd51e2f0b27b594442c
SHA512 68c0beb28e4050858d9ed8f79e0bc4a24abc99b9776faa392aa7d412a83b8d7320645ed498b7de7f1d712ec13abb554862d6c2b01d7223a229a96f27c9e130a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\204\{76b9d880-4d57-4f6e-9620-82b77aa580cc}.final

MD5 63c7f2fc0ff6a57ff3d98d003b00abc5
SHA1 7eff871879b328e59dc2a5e959c9efdb9e93c91e
SHA256 d750432333b0cf3e88461237110ce0718e2118f3f65d368e9e0d798b9986c440
SHA512 b3eb057cb9578836664bc1d73ff55a40e66eb48b8a210587dcb2adbad404c99a324e388b2d88a77e61f67bf25a3825a4768e7cf6f126008637feb3dd01255d63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\76\{fb2f1a68-7ddc-410b-b142-d2fb1c78eb4c}.final

MD5 61fe63358ed5c171881bfffc422a3d0e
SHA1 aa75bd2ab0c3337649e0c8b70bda7f026c873854
SHA256 b595399f19902bc6fd474a33408fa74f5f4f97308c2fc8f8e6226897241e5cb7
SHA512 8f8de25ad07e2b76f2e8366d6be5c636cd40e1ea3a36c82595abd42113816a0c7668d1aa6af84b23c57644710cb607d166324330e8e095613190de5159b3b3bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\42\{afadac48-41a9-46a0-84d6-e611f0e6a62a}.final

MD5 93fe42b9cacad9a58418d5702e29918d
SHA1 fc31ea0118b5b0999dc102efb09ed974b0a6ef9f
SHA256 10a26c50074171def0db39d8343ce1b08c398e77336f87dac2707492053f891a
SHA512 9248b47c5b621c6dcd9792b25c765c6bf7dbab2a03eca1f4507ea42c1aff3f08ca165f89c75f43c2bb1f35514845ea7ccea5199bbf57ddaaf631d0a4bb2ccd7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\226\{18680b25-53fe-4c99-8bb4-7ce56d20f6e2}.final

MD5 cedfd917c042bfd5faea22058d451ad1
SHA1 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f
SHA256 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2
SHA512 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\199\{6a806932-8723-46f3-9ec9-f0ca03c5c5c7}.final

MD5 103a3bb224f38cac909b8f5719ac61fd
SHA1 a2f0ca0141add7d8ccf18e2cfb38acfcee45a0fc
SHA256 63f1c1eb498439212024b5bcc18287e503b28cf7d84c3723d153a78f1cbde45d
SHA512 00c640a963ab78076b97323b51f2a3e8fbcfe288bf3cb52c97d4c3e5cb8e62e29affc9f616ed35d3ee978027ccc9d8d23dbc9d7e78f48abe8dc707fc6fb215c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\129\{8db37232-e8d6-4ce7-8cd8-59dead2f2881}.final

MD5 7981f433590b9d8b8a3ddcbd9d4a83ed
SHA1 58944a6101a8cd3e37574d26f2d03638c0fe2b2b
SHA256 097ca92e3fe122231764cb6d23deca18894c83cbd4128b39e925c88c061096b1
SHA512 67e541767b07de4f4a1b88b13c5ae2f0b0df41c09b22648d8681cd7e7cb2cc7d0c15f685f8d6165317fa5956687f46731867892d3e811b78a9b6df2eb3565d4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\89\{9b18fd59-73b0-4dae-b08c-4f10deaaa259}.final

MD5 1a840973aaba0bc8aa82cd789f229983
SHA1 dcdad762a070027acd4d167c919a8b12eb7cd4f2
SHA256 fbefd71795c1a773b199567dea99ea28a5bd85ed96abffee7e3f4c1cf6f57c6c
SHA512 871508335ab32879d045ed3309d52512edd03c69e3da9813de212b19ab3ef2e4939f7f108262f12bbcfb593cfff2f1b3774bf4a84076111569fba0f306dcb773

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\150\{eda38cda-43cc-458d-90a6-2e7e68fbcf96}.final

MD5 3642d5820ca7ce4525164aa44f5d6beb
SHA1 b8d4c651b067c3bd08f2fefbc9cee8fda03c9354
SHA256 9624b4751a170b67e592dc6b20f93a13ad959ca57a74bdd0998871414f05e512
SHA512 3cd72c8df0f244da5aa0ae250bb9ced273a45c30374864ea662b4e518dd03c6b7ff8030bbe1ae5ffd078ccb8b8338d43b7ee61ef7545059e87616c56fd3a079a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\212\{9724f3b7-c99a-4023-881d-b03e2e7ce7d4}.final

MD5 501e302df1cacf7ffe388900064433f7
SHA1 d044ddda684b1a7b8acb5d9a887f1b92f77f10de
SHA256 baad1d86dab561f7abf009b62005456a15797550fd0dd565328f8c1e7e7c23ca
SHA512 8a75f975a60c979627e4f325e7ca6b8af17df51e425b7df27ea45ccb45b0b37b8ff339a7cb1a22108f1085854c4bdfe8694a6009a41df07ffd93aa7c6766c80a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\90\{f6734980-9335-48f9-9496-8825031a475a}.final

MD5 ff1714439da5865eda7a26d7366ecd42
SHA1 d05ac8350fa53bcb01c187b349b9c0b6cd990da7
SHA256 f2406a6799cc1538f17a8ae8eb0f6b053fc8f8cc37f77429de1fb638bbbebffe
SHA512 4d76e9d3676913d82fe7c85f4f481c2508eeb7bdc76f61507353e6af12c70dd2721d43d3405809d518f29b87c0cfdc1658ad688453e37aaceb4e6cb68669204e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\181\{9b0fde1a-be92-4442-820e-879cf46250b5}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\66\{3e84b7e4-12d1-406d-b453-ba3ce3ef9a42}.final

MD5 d53cdfdc78bbfa83f76b88fec1baf8d5
SHA1 44fdfb015f2e0ef773b74c91e7aa3084f86be4b4
SHA256 b60f85072330edde455cf9a62c94958d66793b18f461289da8a88b6bc0e29621
SHA512 07f7f09c3828e81d79f88d768dcee3d8f91aded0b408bde57daf82593eee49a1ef2dfde683b0aef1059031b5f9d701dd6a20673020578801a66555eef720f023

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\167\{1ddcc686-e4a7-4a4e-932f-4bc80edb2ba7}.final

MD5 4a514bed69506c494569d2de079a4565
SHA1 cfbcb0c9ef303e49adb4f8c85191593dcbdd95f6
SHA256 9b16a083b682783c5014b9a1f4f6914ec9399100e86fd5e56a82fec41ea96a68
SHA512 c2d81af256d7d5e8bf9b4c2ca467a1972aa625511ad0d63c5da573d0916b85b1b09babf4a606d94f6b79f3db26bc00ff8c4b08db485224383d487749881b88fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\244\{a3be2514-fa90-495d-b1d6-0bc62cd958f4}.final

MD5 5ecad04347c2a8c59c4b6a885e947fcc
SHA1 ddfcb94ac1af832b6a831dfabd66b47138534ee0
SHA256 9fb212fc86221efff20faff19c616c41932108a588078ed6a6377cde48e81d4d
SHA512 9a79703298ad64b902f6a0328f6c80031f540a7267ce4f4c96cc33b6b9ab2ba23f1b190f0ed1a51da1ed7306dab020ef30f87331da5cd77d01789c5e8887faf4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\194\{4f5de06a-782b-4c3d-ade5-40c8eb4e53c2}.final

MD5 c4e0cb3d3de8b6bcac527d2f0e5ed241
SHA1 2425b0c4ddb89f31d101257662629cac0c3cf0af
SHA256 3135abfbd2020a12ee327fd81c3739da37a6fdfc11d2032634ce5d33e916505c
SHA512 29e026c7ece58ce6c56d64073f3b0f6a008286edfef920973b7e399ef57f042780f8cb5a940d8654c41abe2a6fc8f60e4427d70fc285fa7fee5fdf473ae66fee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\56\{63ff0eb7-affd-4d01-8609-835444aa8c38}.final

MD5 b0e3a03d13d45c1f130df30ee51eea72
SHA1 ed19adf38b3978300a958e5287546be08c8fb371
SHA256 ab156c3358cd6b946718508bda5099c8cba2e4583e3d03fbe0401c0e6f20e5e7
SHA512 3fa2fbaa7f78f69d0df8e3b8211ad56532cb0a68a9ac89c37fa5354fce51e114babd0673f2f44d109fe2e518ad7806b7ff3040a840e3099be4cc5f6dc07f8154

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\6\{6cd59dac-5704-4ab2-9fc3-9ab5dff1e006}.final

MD5 0c93d244125f8056cc0a69a4ca53f049
SHA1 e35678e1a49498e40e1ed508b521e79779a6d25a
SHA256 f286ce18e4e82f60816536d23dd2b1708cc45a3d1850b132b282feb1d5aec4f9
SHA512 198952bcd97b9497f6cabd7c9dd6cf0b8e75416fe5a2eaea15ca1e30919b7219be5b28985752834f0b8d501b9d6f6b637ac799db078a16f1e7e95480dfedcf5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\48\{62c597c0-da46-41e2-88b8-96b1d1d51a30}.final

MD5 93215d67966bcb26afdfaa76aa00aa91
SHA1 aa3252645abeae4e228d6595c93d829afad380a8
SHA256 aaf4281ab5534bf37010c4e3ed86dab18a9f4cf8185f85ba7b0e6ac59c844849
SHA512 52df1847b0b802417b245e1fd51197349639fb25ece34a48003120b2920255b52848b3318f0f9602f8d8bf22bc7e761082befcd21b9d06b6a1e882a23f8c9ba6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\221\{374ced01-da05-41f6-8e4a-de89eadf9cdd}.final

MD5 8d9443186ccb116d608c8970023a6c4f
SHA1 c280277c0344161167dd348d9267548041e95124
SHA256 70feeade7e05a69d4604df99cf1ff6793f7aed0879ae06b50a69b86906a892bf
SHA512 66240fc8a36102b8d3cc7cf157dc80981bb05ff707efa775b82ad6219fcb72fca9a3c45f30aed6147b222356a06a9b4063c9967f41f1a246735d68bd502eca51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\162\{37ad2f60-179d-49ea-b600-e58589de99a2}.final

MD5 9d8bbd70725c7ef1461172bcc4e85c13
SHA1 a4c4db2ae4f58c81ca1de7fced23b522d6bb8f73
SHA256 4fd302f56fcfae608964aad2038a1570e38e96b82d52d590387ac91915a8c8bd
SHA512 fc90e23b5e86c1d6aab537069159ce5eeee5068817b6923bcfa33d93e54358fc38c5dd8ec4638b9eb5349da1fed4679af0159ef958cf48227efb14dd67511811

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\150\{4c3bd208-ff32-45f2-9393-a51e211a7796}.final

MD5 c6993227cd75c082eb25aee8332d888e
SHA1 a2e27914baf9a1a4b8579506f419bc7167dff937
SHA256 75c2bda8599570de972a83352d94cebc61a2bf66c8470a0461f0803c59dd8223
SHA512 bc37854e6471273085bd3ee362ede016fea6eaccb11194f749c3a092bc803df07c7dfed2d0a3fa538cd447a21d4875f95ccac3ff4f278c96249e7110cb968b39

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\225\{2d4a5162-d429-4405-b070-ea5788ab53e1}.final

MD5 f5ec5b6fdcb0fe6f76aca19310305268
SHA1 46d30ca75e110987809f6cd78f52b5cb35302754
SHA256 c9f94f5a2384b5a253cbc563cae021fb1d15762412fabef25d90b4f0c60814d0
SHA512 d22ba260c9738129d976df698208c8cc7a9b70dd89c0f81f995f0105940a2956e3097adfd2c300c94387ebbff54af720429795ee1bf4d81f3a1b6a6cc666940e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\192\{737a1a05-5609-4307-8ffa-000e05ec0fc0}.final

MD5 c65b0ec9f20fa9e69df1fad2b2a28e33
SHA1 4449fe9d195163e22a0b205966b402058d9e8bd2
SHA256 0500a3b5295d9ecac1151418dd4279da2aeda76e2b9f05ac56967fcb882dab01
SHA512 19a870b77f57e555b2d67116dee5487e700bc64ccf689ef98fa0e54fac162351127c09523f8e8d9a3c3587ce089b84eb5e81076486dfbe93171843b6360f5516

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\118\{ee9d795c-9901-4abe-93d4-b2d0f59ed976}.final

MD5 32355676adf4c64f1fe47b92f9500b6f
SHA1 cc2a0c3f0da02c1a1ac32a3a5ba417010f89f73f
SHA256 f4b28298d53a353c23a88b0c82002f1036c376d22154ed21630a8c1d04e2a841
SHA512 1945dfb8bf90df999cf7aaed9c881b2d10df4a3550f2bceaef655b2379e79d8128ebefdcd4f37705c7b42dcabbbc4c25dec1c1f9559f4e727c6df45f769a2f95

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\50\{76882167-eb86-442f-903e-f50f0eece632}.final

MD5 004c0529776665be8335ef4beb8d0eb6
SHA1 8b1fb58622c92f0ce3e490bbf21b532818797f8c
SHA256 493593022b630c1c1bdfc20479ebd34465a1bc79e066b04f388c6572375b0005
SHA512 6ee9bb5cddee2ae52ad1d3f068d08011ca5696975783fcdc816c0e16dd27c87ec0957d6c4b63cdbd76664899fd8f8df087db375a5eaca8b9d494430a6ae09efd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\161\{0ba97783-c9e0-43e7-8255-51549ddf26a1}.final

MD5 bc7d8425fe4aaf118642e9a60d1b764d
SHA1 7456f9cbd82c691a2832ca856873d8e00901fe1b
SHA256 0ef51d3deb46884c157b25b78667241a8809dee794e3402c07b3c5fe972c1d92
SHA512 0a2dd57fb2ea736faa79c3127af31ad0671a06653d5bd152597fff5275c38d816ad1633cfee6e870c2de82aaea14a976d627fac4458c688d3650ad8197173301

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\40\{257aa140-3ede-49fe-8113-c98398f5e628}.final

MD5 b6c6d354eb2e7e52adb948c0366f0053
SHA1 d7f4586d41fcee9be681c70bf002d36f6d2ed624
SHA256 8383e636c9249a611493d7c83a9f02bbc0d9566d5d3389d8082ad6042271ef28
SHA512 9a08680e4aef9e54a24e7956858ffea9871f874966cb36fef70b5e49f6126b2662c443b4049a3c4d74fdcc00c83d3af12072fadb11a96ecddbb87280a0a2303f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\50\{2b86543f-1a4c-431d-ab76-c6a2186faf32}.final

MD5 253a9d7dbf4f2f8141599d38f58f86ea
SHA1 0766863065b6c57e98fb00fad0e6d8ca1c1f6aca
SHA256 fb659afa77a61d064962153784f63ba71e453e597d98b770c02aa31d1cdfa7d1
SHA512 379424e9196ca464ecff6e513cb32a296a63afa9fbb8d19561d0ce9cac304440896f4efb71956bc781cc51eedbda4f6d0e588e075ecba82e482ea2bf6aeb7371

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\206\{7ee17999-0cc7-41b0-a91d-bed011f6e3ce}.final

MD5 7732897c3667adcbaeb632ed111b170e
SHA1 eee532cc36738b7e586c193db814a088896038ad
SHA256 ea06cf7afba50fefdb6b8ef1a084dab27ba0d9b578814b3b79eecf474b200b67
SHA512 08a7130e9b36e13b2cf41be54a7eef19d209c494d177dea1d11e2e224f17a611c649683fc5b49976e244dfc4d91944ef481fe1cbe08d130126817180b97a0717

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\159\{f4153115-e713-40b5-8a77-337c87e8cc9f}.final

MD5 50af989865f9dad63f573c5f2bb66321
SHA1 91c2c613fe2faf799d1916e3245c8f7672926d28
SHA256 d36552977b70782f63c9fd0ebbadce131eb78616c7c5f0e0274746cb0adcde8c
SHA512 074f69af44958bf010198bdd2a37272d30da53a22d58313606f5c1f19d67597b98c6cff376bfebf63e199f3965bee93a0588cca0ad70a8eb9e9de3ad9afe5d29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\58\{0c5879c2-abe6-472b-b0b1-a8360f97503a}.final

MD5 830028a05fd627d68ab70e41825f7f63
SHA1 721199e2f117990f999b2a41d91536aa4790fc76
SHA256 d7f263bba51f160914640b1310d713268e564d9bb1bbb878e67d442589edfca7
SHA512 7af9479e45a89cb49053df5657133a83b86553cdbac5be5fa18ed069c111021ad7d82b02404bb3c35b9e8dc1ed66c3c05bd8a5e8afd4c0d66a598be3ba24641b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\49\{20d013b3-501b-4334-afbb-21a5f6b8a631}.final

MD5 bca3032426d23daed1b2d997b7bd5fad
SHA1 76a4776fcca6e6add4773481b6b3a82a7c3f5a34
SHA256 41b63a851c63d3c6ba8bd92548013e1a472973011f0be1b95eb2e29697b32b34
SHA512 67b6c14e89be76624f964eca71653977f3e4c5d8364fa9e008a6810efa9d0ba359aafa79570278bd80e57b6e31820d27dda06a588873c181ee96d8c868c4b822

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\42\{9d1af2d0-c1f6-4bbd-bc2a-7be642460f2a}.final

MD5 df74de9b9890000872199833e120bb06
SHA1 9514f328171b10d04003469f6dc8a7a4f7daa741
SHA256 3756c1dee77d8250d1431077670e560f38dd9081ec36fa0b5f7f17ad58aa1f84
SHA512 73b313870183d2fa4ca5c38d2192b902c7a79796af1fdbe5e64d8b2d212d2ef85d0bb57f2ba486ff8610f22a9e952bb15947289107ac0d1d307c00015f4baed8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\20\{6a5a6ace-3d2b-4db7-b530-8783ee73ff14}.final

MD5 b85f318ce844cd0ac2d4ccfbfde4d2bf
SHA1 f3eea534e7b991836ce9eef594480ddb1bda1987
SHA256 480677e695c4b197a66db44b3d42f937f304e44fc560c6690885827cc99f4a5b
SHA512 1f8ed38e5dcc51daab4e6bc8af64e6b1b8316436519ccf21b2a8414f493efd374bc541a4de3a00fca1b9f48d113b235b657a94d9bb8aba4eee58d0802c1e10b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\178\{f8bbc8d2-37e4-4038-8a4f-9ba75b4a18b2}.final

MD5 2d5401040d875e10273c9d8ca9fc511e
SHA1 79ba0a97214692e52090f4d2063deb4f20ade88c
SHA256 31342b78121940f85212b9b664588235affa0cc7fa398e80d5f3914ea12efe88
SHA512 b82ca313bc8e3daa966316e10c8303d144aebce1c00761df10790b93113b6eac2ebca429f099d88750427dff8de2a7448fa470e5cc2eb000c7cf71ee73c3edc6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\1\{a848ae52-40a6-46c4-a1d6-e3ecba01d701}.final

MD5 b719a3c8378a40cb900349ad2a922921
SHA1 10a71eded94cf7fcf70bb4952a35434526264e88
SHA256 7d6082dff0e7a043a631ee1ac1c1e094458d7f7607d075db809ca60f531539ba
SHA512 5bbfe366cc072b80c4d35c45ec91c4ce60a6f5140e6ad7109554ca3dcecb765336ffe938bf490e99c8edddbc3571d41c8e2a34e1becdbd9adaf334b15207e167

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\175\{de5c6ee6-b97a-49db-b04b-6e04bd18cfaf}.final

MD5 030dd07949fee4d5e67e6885b76ccedf
SHA1 a83002727b38d84882fdc444a3f5d7fd7963acae
SHA256 95c8349deca56128ead6daceb682594a737a5af8a03b70065e1f2c6c4fb84209
SHA512 f094815a8ed89bb7e6376238142cc13887694fb184d9ffffdac56b7fae2bde2ce7acf3d50c0431d14ca2e03620526cc21bfe1b6c44b467e079e30e9dc3a8e87b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\105\{cc8102b2-afad-4265-b004-b54b59bd7f69}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\128\{c8a33df0-87dd-4779-a1ff-a0e1bcfbfe80}.final

MD5 5a85b3ec969004ce7b23e6712c04860a
SHA1 dad284278108abf777290add4971eb92142d52aa
SHA256 bfa4bd5ff49d8418628f3a3c0da5b6d8a95d5436168b9482d6de954c0fea74b5
SHA512 37d836d572226967995b3f20557f98e4e55b89c08fdfbddd4dc45a6d4ee90a24e5dc8276d0e1971d7b366712bba3382086183e1498b006905169b758e44394a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\172\{a6785dd4-5f2a-47ba-8a0a-698d33d073ac}.final

MD5 3183686d3a59ab0d15fab2be7411e186
SHA1 22d29c6b9fcfa649773e12680f00d868e6714485
SHA256 2a1c50b6d5014af422db7ff5661a5a68cb0c27ee9cc4768c99502ada0eb63867
SHA512 eb7dcb18d20e28d283ea7d4cfdc08c0da81e0499089117ac068194b1ca2be661d380fe7d938d5828c42d711842bd3793b2dc2a3fe6285fab83b90be4fe3c7b16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\237\{7fa1a5de-6143-4dd8-b814-214c3945aded}.final

MD5 fb3d6634360a9125ce7edd27c987c8c7
SHA1 d3b094de4065f9302bc48d57637bbe04cca19d0a
SHA256 e75d4b40320638f498c0e1b2daf9a4c9f2ef1f09010d48a88740c48b43d306c3
SHA512 c880e7c9a5174e0e31a733393744e19c82e6a7f424be9e35a6736cc1209d17552e0c5a6cdb8cd725a77a00f15d2e4065b21db78a99abb5f35758d32adb52a53a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\226\{42a1365b-923c-4fc1-87d3-6d59727ea2e2}.final

MD5 329d8ae08d8dc87f86a511b55ecfc6ee
SHA1 46a40fb3e9c046870707b0a98fff5a53cb4857f8
SHA256 a61773d79b8fc91cde32c678a7e7b10cd7ee94c0023a83cce29180c032f5472d
SHA512 6940b02abfbf4cda7439f2b0ddbfb7b63fcc451b12d2a3fd4dee2e0d1f2fa3c23af1b5177d7e6f68db6252d5aaaa702838bbdfac9cbbb12b6588e9db535324ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\43\{12cd1d5b-c4ad-4cf4-95b5-0ea105545d2b}.final

MD5 ab0beabb0034744ba50d0125490b6563
SHA1 819052fd166eaf842cce978597e0822d28a066ed
SHA256 682910185c6177e5cccd258f0ee3d1572e97ef9cf2451d52f239dfdd0cfca502
SHA512 2251fefc65563f6dcd5a5e042e7e89210a2f7bc492a79af04b3ab1cff735df75bc2e1b9db95855cd9eb2a7ac9bd309bcca3a09fcb66d5db089455e605e1a99b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\141\{a7403759-b725-48a7-bc17-4ea23b8cf68d}.final

MD5 fef2bec6aa54f4d3b01b7934b6145099
SHA1 d0ce8827eb647b40e587925bce6baa87a678294c
SHA256 22b096d01a69cd9c5d08d8e75cb3040c90647ef7ae42e5a7ae3fed4b95876c0e
SHA512 27e5af3594d7fde882c69a6341065a233cac8250c1c6a42146ccdbc5edf1895856becc62e899b04188a7f0b7cb05cadcca3d90172d67ee8c50ac65a77d6c0026

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\98\{b5aa459b-24e9-4100-93e8-78e7c266da62}.final

MD5 276cbe7276c7f3a0fc88eafb5ec6e68b
SHA1 de67587eaf19b38f2e9f02fa238219c2469605a1
SHA256 8f2a87983ce99d8418be2ccd1a0a69aaa0753c5086ba37d627a272b2b97e184c
SHA512 4f0d71b0dc2b94016e4983ef8e6288a57a2864f174b3be96809f0a6c4a755115cb198a22988f603e4dfe89f97616b39dae6c47662b2dbc359d40f184122611f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\143\{6878cc77-f16f-4292-9314-fc0e95e5f38f}.final

MD5 023b2980a12b8a286407f04572020dc8
SHA1 76455972bd74dffc95577ba5e6688d831b47c614
SHA256 8c426c0eead731dd3474a18dbf5acef6a90549d9b2dcc691a569991034b5f23b
SHA512 b99b5a16df6b9627c33ae3e90c169ab93d18cc4748c3609963b56f4e5c0a154228d417cdaf6082b961dcbe480c6934d685c7a0a90a80b08f9e8b7ccc67d3aaba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\147\{66c67cc8-066a-4343-a875-128ca06e4493}.final

MD5 86594976122d89366b8176df017e3cc1
SHA1 22f5f42d9ee348aa4628fdbacfb1581de8261700
SHA256 302fe5310bd3b2995c6624bc1a7eaf2529bd6d0f2b351e10ef3d9e33c87fd9b8
SHA512 db9eb4602dc4451b8d5e5f6cebd18232e6b5046e2b5c0ca548db4fa0e6b603418140c833d79026514a80c79b3663570b9bb87123cdc07594c773ac0171465b61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\210\{b84b6747-a1bb-4e2e-9216-9fb8a90affd2}.final

MD5 9aaaac373e73c9d2059b9ab2b43dddf8
SHA1 7134c7ec09101b8b3a94c2a6a7acbaca698f449e
SHA256 26196c7ca915523f018d004c6f83295cb67e0c1ed511e56d2138daf19cb8b488
SHA512 d9b35001205de8e00819ef253a33e6bc46f50fec805e130cb14861663041a1302ed7ae25d0cd615c6e267f4519e07f70bc814b2e3888f419ad0138de96e27c51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\114\{30ede496-fbec-471b-acf9-8e51b1663f72}.final

MD5 914b9ca76eaa14332c4942d6c54e2407
SHA1 b4e99668f3c64231cbceffda752f7f4e44eb30c1
SHA256 5a4ade92be1975ccc46ebd2c27813e8657c743efca4ce9d2a0e0324835379a6a
SHA512 1876e62f49f481c30b28bb47a347c4e495e3e405be1fc767564780bab91d4b17764ea6e507360e3587dacfb74ba58bcf5a47e43d608da2b3b3d231f9c1322af7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\25\{011f3249-7629-4825-8283-7ff5747daa19}.final

MD5 7454bd7949ca6f818c9fa0981f0573bb
SHA1 af773127364e0e682b4577d01d91bc23d66bbd90
SHA256 4f388755d0e889df408524d81b7e72f59eaa63333d27506047365fdad0d3b0a7
SHA512 cf36700ad0791654a81e40ce63037c1cd7d17bbb601f578b62fab159ec9d9507101871fd08a91f29398dbca26fe184fb44ef5cd3cbbde9044026df3fd4747326

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\154\{0b0f750a-0e35-4581-9136-18ea8b46d39a}.final

MD5 1871ad8227869c9065eebf84c80192e2
SHA1 25a40ac2cad47b0a0f073d969ed57ae10d977ac4
SHA256 fd92593246f461339368c1675ae6755dbd0c25075d87a858f6196f7bd6f1e54b
SHA512 5de97aa093110c6d92b692982e2a9ba7d9332b68c7834a6e27b35fa0c4b78162c51aa8bc610d69bd9921f8bfab20d6a271c671bf11a343672afdb6f027836ed1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 476077ab137710fdd3f4197e7e23ecfb
SHA1 8dc580d629e1b5edc3febd36996a7fe3b26f0558
SHA256 62beff21d79ff98f54bb5b3b8194ae243264e1d4019f705a5c157ef9ef4c4ab4
SHA512 d0bff8b4911d09b7d7cbf96aafe4e40cde1964a160e0e0cf103ecc31e13339105547b4de3e0af4af7cd3ea687ffccf6e6df28f6c6fb4f00c8b4847552ed7df25

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b848321f5179dc0b08229a0790355683
SHA1 15bb3c5139ea05822005f1e5f93777b892e977b4
SHA256 d7cf61248e3255548b4b616dd042b7db5f5d81e8e7d05c7a6b3f7553eacf1784
SHA512 3985f9546f86e2ac10bacf67641265031d1751244bd802abec5bc4c95dd010adbb106b9417d9d1f004dd22d4aada2be790bc8d14f36d09c85e35f419d46bfe77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 39629833c7ec865cdb5dd281a6028e43
SHA1 802314613c3ec6b00c8513636ab8913140032a32
SHA256 44eb82ba3aba13ff425278e872178265f2cead8a52907a3f78ef5c5712702397
SHA512 c63c097bd7e5ab3666d8541841857e89604ced8cb3e04e21ed0e60b2968438812449f63efc9a8f75893b8ab713c2c5902d64d5dc4657a56f02c138bb036dd33c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 22058c97dd3d59803fefc7e355487c02
SHA1 5de5e2fbfe464b3a37fd2b37774dae9470e22124
SHA256 a8e12120b1ee2e5e56d906169362c3d3ac8f2bbf50d7732c105b43e75c4032da
SHA512 f050eea5ab8b4b7315a09044e70f5b62a90674ba5c8c4c065768693ac5e9e74997cbdb013dc9d39ca03f52659af21368a161be3e92c196a0eed8161006ecc954

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\30487

MD5 11582fe88b72e4a6ac88f8dc2906ad89
SHA1 c9e1dd7e1f4eb73d25b51bc9660a7bc17ed120ab
SHA256 ce027d4370e791691cfd7c50444c19d8168c11b7b5a3ea0f5cb562dbc06d5272
SHA512 273df0cfd38eca97db611c65694cfaca63ef6e2b92902fd2b071045cab28abc9edb544e9f9cafc57805d22c1435738ee3579a79e1bbab19ef64461689ace1ec2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\19922

MD5 6d9d69fbf7b35d0f34dc37a0bbeaa746
SHA1 50b036521d69fcd09c814d564874ac62b0cc7d6f
SHA256 57e35a142cc118756efa520672f7b2fee05d34f1c5e2aa272f80d14ffca2d4b0
SHA512 d41e165e63e6d2548e6e363d85496b34195dc0be6f68484441503742456a2c5e77f5460f9dad711616f90662690c90e629f4431d47c4ca91884eac20a1dd8243

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\3465

MD5 ac230761afe81b00078eb7ab9e555231
SHA1 f4649a513a47b80b62f3bdd79de889632e9fe796
SHA256 ac00b8e3d0898fe731be85c06e982adb32381091212bb371f29c55a57615f2b4
SHA512 444b2774edaf99c78f3cb52e304ebadfa83796a4fc63e971dc0be91beffda711c43098b22e29bfa0e6f8a1e62ea4f66d1bebfe1bafc8d1b7d8ffcb6305c3e645

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{e403298d-5260-411d-bad0-4b9cd50d52f5}.final

MD5 e6439fdf901953e5ab6e693a280ca6e0
SHA1 2b3f3ef8262539b3a2e8befa8149c46208423450
SHA256 4bb28ff82407d52939a492d933275faeb56001360202de40c1886630f31159d2
SHA512 aeecb7477ad84f2d1b1eecbfad426b37d2a056b0d5eca5c74b553090defa408082b8877889f6bfc7bec4b62b515cfe45037398a5db13172970d5c080741e18c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\30522

MD5 d3e8a9538a73d7691ce1dd6668e6784e
SHA1 b4c62322c58a8efbb87192e9fa7898a0dc6fba83
SHA256 95c26ea4e1372bcbe8b34b47d66839a342b987b848683c8c0045ac7e2a51d421
SHA512 235ebf93acdc39a72f7e1633e12431fb3330fdc77bd2e5a815f0c72167e223e104fbb0264c7186b6b405b52ac710e0647a71120eec6efbcee9c84181b7bab5c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\15722

MD5 32bf738be3759c00d80fdeaf3e090826
SHA1 ecb517cde4302a945b839825d176272a4aec2f83
SHA256 bb9b330955d05cf55c760b245a4aedc99179c47c49d5189fc58e6fc2c3594170
SHA512 7076a13ea43d84eec8b87acad4fda114dcfbc8cdfe805b8145c6c9cbbf1a6affea38e15a42c4804a4798b60773b44515be0a5a8f70731ae7ad8feb8795dab6cb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13512

MD5 ee12582fc184dda80a53088f7ab5f627
SHA1 272cfed65aec1b5fd3ee7839ae128f457eb38ade
SHA256 b7b23d38df7411ab7d3a3d4f112cbc36707a40eb07343b0eaaa393af43f8ad4a
SHA512 c3857f0ec16040e941e6d82f936d0a16af660a72025604033969f6839c4409ac45e906bbb37c072ef78aa9af76f5cdd75ad7f4bf02261d85d6f7d15e757f3eb8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\11F50A8EEC3EEAA349ED4266D483813BF69FCDB5

MD5 1ee7c33a957a275ad12c6293af4af38c
SHA1 8b03d979dd44313713fb31e94bcb0f24385d28ed
SHA256 5ddbda1f37534bd48cd9fcae3edfe89d87c928e6b7d5e38370cb90597c05edf5
SHA512 fece1a4d80bdfaea1660dd5f1cf8b26186216cd1a14acbffe6a2ab6569b98e600875e8dd1e60da809476a380b2d17bb1f81ab2f9a054ea16ffd6d1c6f8a895db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\220\{6d73ff2f-3bc0-4eec-98b8-dbcfea05abdc}.final

MD5 c29c5ff50aa0fd8a46cdfabb014ee3b8
SHA1 35548ec8c690c71d36129911d1fc067a9bb848e0
SHA256 4e4f53e7b016e60e9821928304849677ec0a48ec864b94941fbfedb16c73b44e
SHA512 27e6ba5bb678dff4f508e6142f0e6292571a038487881a4ac8a68d883c7a8514422f3a4fd38ba615817ed811599a359e0386d52bafd44714e6d4d49a37af9f48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\241\{ac0e86e0-29b7-4412-9b64-99b3bea65bf1}.final

MD5 1a28edd17b38323e8406fe0dee0a7c3b
SHA1 86717a9231eb082507ab8d5a7d58b14a9b90fceb
SHA256 2af72d7f30b31451ceea679f2eca1efc33967fca267c79e8ccd3c18e325b7305
SHA512 ee92e26210569dc795f68a8cd15d333e6a0ece1b839b8e2a078c20beed93bd573f8aac6e7aa6a031f254c99490c489f184748b7f1a156a68a24b8f824e8fd2c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\121\{89b1b7c1-381d-4c21-9e00-ed878964a279}.final

MD5 36b3af163e76f8c0550efc7b62857c65
SHA1 adf7a970b74713ab804bed1a0ae35d51e72e5290
SHA256 a874bc8299c7dcdaf1a507d459eecb176e4b503956e46aecf11bffc36de87a91
SHA512 942d5afabdf48957e93680f8517a2648d9d697c2c3210503a89d7352aff41ca944435ed7f9ee2c4eee48b43ab303914f50804747b0a0501849ab97a5f4274145

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fe36f4b2690fa4965a53499c62415a18
SHA1 3d203bf451db8c09ee3b5c160de28e8c070ef784
SHA256 2b7a30b6944924068d0807ae607ab986aa041f482c1bba6fd1058fb1d1782a1e
SHA512 4d910f6329f38acc20039e1a74c22c62fd203b3fdd7f2ad9964b5fef0bcbcdc41747e8eeb13cf42a0ac56b9f09da381fad6b5db0358f899eb9312f7371e79e1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\135\{1f258e67-912d-420a-8318-2d8baf74d487}.final

MD5 0552a7950745b6a5bff8a69688fc1ac4
SHA1 f3eac7e3b002f65c8d526faa32c51390abca3b8f
SHA256 a0f7756592a37918d717fb8336c99059d6c544a29644e510fcfd97a481f966b8
SHA512 03ff26369ff92d25753a1fa9b6508d53184cd7dea326814e0b98ac021e8a1b4ce90bba8cbc5b6b8a25dcc3049992f337fe66b0af383521ca4db01bdc84fcca18

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\cache\morgue\249\{3e2a68c9-6987-4de7-bc35-c328b6a9fef9}.final

MD5 c5b76c5098a2ae6cadf330df8d8a920f
SHA1 63f7cf062a248301062e9a6add9abad1ce758998
SHA256 495fd4027b52b4ba5595df1387fcf3145d878cd332bb207b5d9fc66160eae162
SHA512 07d96d1341ef61f7b2419b867c9ac0e4b18567745518274ea83d00e7180bf8246a444dfbe12cdde05e9becdc3fd867b0b7a3c94fd8339b807420ff5f506d2798

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b83933139318ae9fe7a8a64335f5403
SHA1 161779fd78fa6c81594d7a3ca2994845cf90d430
SHA256 dab4d2ee12d35bc8f89733e64fdf639afc3ebf70e13ddae28d98dc7065e244a1
SHA512 9900bd86d5587d984a13325158941933e48c2342ceb54dc828df0a7cf11561c7db6ba57e562ee0082461c9f5a2a5c4e18b2bd991e4a3bbb598e7f84675e5b255

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 407dd5b0a74e308f875346448b52ba56
SHA1 ec27e563d356d79a12082107268966048e149a35
SHA256 50cccf616b2ad365395a92646dc2d55680fd61a8f2d9b8800ca1bd01b846821a
SHA512 d021181a3bcd4ed733c4b4999cecbfce03707a8d783a2013bab8bfeeaa3d690fade91e65cf04e829d805c3d5b9687e44c8478ce8ad5859edaf72414c121f2c84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2ab6d311c1f0e41e02e90e6f351bb284
SHA1 c82cd80481c936b38625d0dfff3f0f9527863af8
SHA256 afc76fe3bd9499a556b3f767f4bf8d53c84ce29c80b6e2cc557623109348ed5d
SHA512 14e6eb58e958c222a6d081ffef0ca24492361c5a5d841283b31b1a05deb13cfddc12365ea1dd137ce74f600737a0f62cf9b2727d30e550fa798b6efa14e76c4f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DA917C75619ED601F0FC9D17F6B3E20522076C5D

MD5 6c50ee41a2b57742465352395e0705bb
SHA1 459c2e5a2db68fa7f89e7e82e125e1edb10ceabe
SHA256 4c4d04cd11e10594ab2fd9a752452632b4970c0b4b0eed9e169b221379ee9002
SHA512 0b01d5073d04e88eb5234e64d813e7d424acd9e7f63856c2f1d8232610bcb14238f1b14848926b22ad4fc776b4b50339150542f12bbafa7bdeaa2c66549dc9c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B3316860430DA0966649580110E85D2FFB7B5A61

MD5 991fa3d7a0bf854bac0c555d64d495f6
SHA1 dde0c7ff649812a538c662429e71677ffcbdbcdf
SHA256 a3f77fecbd778ef0d7363a8e30624913d6540280701c243a26aaefe0e95ee11b
SHA512 de73c43db8fbb1ddc03c3e3de82bcd70f633f2df4e14b49fe35a5d758b5ef3a74232533c6b13707efcbd3865303a69e131e52e510955fcbc9f8b3df4c7df80ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6f7b9860528956d11319f8dd7ecba20a
SHA1 dfad931a0cb963e1b9cbb6bd9d40f9fee3a04316
SHA256 78c89628137433503b8fcb20144f9bc74c51e57cf71a9cad1154dcd6abd2beaa
SHA512 bcc8f61f0b819ba125ececc590ccc12f3a0c0ea03cbcf312d5a53f21a69417893ee00dc1489a25305903ea23f254217f5f345c594932ce64d15d790a8e88b570

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9f42d8ef8364685b280cbd2af836abfc
SHA1 840ad3f0e241790cf839d0ad8cedae9ef63c31be
SHA256 427813f1287465129ea05a03ffcf120b3b91da046aaabd469cc9a51f1fa37c6a
SHA512 67694c0e0a07fba3c83c11ab4c98bf5b04f685ca9ab0bf93e22f81c87cc7e0ee13d7f0e2ccce4276e062dc37385e0e383285f08e399a977c35c158922360ab41

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 3af5295e4a6ee629fc84ba4adabf790c
SHA1 2d51746c95c395f25d9b4a2a70f9eaea191a02b9
SHA256 e3bfe9923752d8c142efac4b83a4696cb336f49e77e49d6d2ba9049ee86913ad
SHA512 02da0eef855c1a76665ce7244502a9efc01535392d97310ddc409fc38f50f8b8b228a47223989f557cc436b30284be1b95960227110a7d5e5513fdfdc97da909

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\21700

MD5 357ae5e4f156c41731aeabbf9bc9785d
SHA1 6e1574fb5f5e7a2b4fd71a039d4e0a075996ee15
SHA256 ee5bf5ee7881bbdc8bcb923d085e12a32535859a146ba264f1542a15d258e674
SHA512 62ef3b60ba73e2ba19856b6f9b9fed4e82451a9b6466a1898f000514c0ca5c10825cc69f6f983aa0d951a55ed02a5d677e8640a8c092a2de6db7c7ba59d2c03f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6c471e73ccd98ca76991cc1acfd0ee84
SHA1 82d57644bef3948f51f775068f2c0b0985ef5055
SHA256 a3fdec9c0341a1c13deacc87c0c12765c763d7a3c3fff4f31cd05c98f237f794
SHA512 9d2e9a4b56dfffea7562435447020997dd3facf8fba6a01c19ca1f63eff31eb6c26139e8d8a6cf8bd97c718a434660becd1e151071d2435b26347f1d67689945

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 b9122666ebe3fd3f0df5e7b91abfbc02
SHA1 32906b0392ca971cfae5ef7253772585dec13487
SHA256 e0cc826451978531bf174ab0bd4169d984d47fa281029bb2191717f5caae1dc1
SHA512 ebac9dc5349047cf74787e2aa44b2c607c682ddc5f67dacf2bc895a27626bf31251156ace9ad794bccd7937a847ac54d1111f06187bf4178427e49988f940537

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 af1872eeff0ab127ae1340344681c5be
SHA1 0e316aac930a999f6e10dc72880b88ec2afd8825
SHA256 965aa1c500412cacbef1d32cf8815c69cfda2cd2792339e37e4d9cada16941eb
SHA512 8987b192bb4b9fff4564764ae211bbe0ec15f4066d29160f8f322c6035204677c1cf7f6d5d8d8a74dda084ad3312924136eb3c7cdb4634b8d0dc17943b51e98b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b00c1e7ac7a32e37ebf23b500a092b50
SHA1 0ebe4eef07d58793d10cd04a6da2c5c3209a5c60
SHA256 42fc88088367a683f12d0dcfad90d31178d9327d6a942450e10cc748cf87c35f
SHA512 4ec90fb594e92c79dc2b5facbd0801f4a6edadead8eaa594eb178a04e5ef79cf2d6b66ced4dcd8ad38fbf3a3375c130bc076cc7e59e8621fd68dc8d082ac0cbc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\255d9015-2914-4d01-93b8-b40e2540a20d

MD5 f517fea4ae00e1c144344308999d6208
SHA1 f4c53678539fac0e4ffb6b20cb5db85ffd5e825b
SHA256 ff8368c6708be9a6caef38f4f6ea522a3e8d97f20a908153c9bc37d24a3057b7
SHA512 db692befd058baa65eaaae0762330d1056783fc3337339a12cc3ecfad9ccdc20211dee5300a20baa1afb9db4be6738a1f631934a2dbbad9db5f0f9a2010eed08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\37ece8e4-ef86-4259-9680-eea792151850

MD5 dbdaeb8d02c3290ddf3c7c548c7a8c1c
SHA1 1709e5fe91661884c657f640834252a0e494698b
SHA256 966ffda30f87c8ba43106306c4c82410cbc9d5c60ec7287ec83feff7ee81fca0
SHA512 f34fc748614ae5effe49ac04fc8fae3461f98cc0398ac15af83fee53409557c699713d341e7d7465d31f933e23e4e30d19c5a1a253914f7dbbc395f8ed63129f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 edbdf862de10551daff2eb4d85f42809
SHA1 f5d1feb50c0e4735b22c59b9e1a327384c528a1a
SHA256 4fb89de8cf6b4c807594310108bb947ff5c09148efa3fc9edbaa29fdc899d01b
SHA512 771c55c93677d2f878213c9f073222deddc87bfe3702c5aec9afc59279ee4b91225a120613cdcb51537e02ef8340212a8360829f3036feff05abc7e834c50a05

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 562a5d5a67054275ea067ff657026c07
SHA1 553e5f97d3e6d6ae0d84d2e27606b712710c3469
SHA256 09ca96668d180118b7e5e850100badb0cb63dc03412c48c8c376ca9cb5892653
SHA512 20dfa58e606a58e7dbd5ad53635fb0091373d6a062db842ae627d271accde017837bf987a17b2dd8862d8e2a3eca285246eb6159f1a12a1c722040c9649bfac7

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 9f3bfdd03335e5e7f837e61ac7fe6f7b
SHA1 af4890a0421330599f3ee85da955e628ba0269e4
SHA256 64fec566afe527937832b3af75de5159e8f27426ecf06df6a93d66909dec66e4
SHA512 206e07981bec5e23ae36dc9173ba4da8d05a8bcc9765036cb9b550b365e62469fdcc886963e81b2233b0a81132ddd3cb46ad5fc7ab2e44d98f226f202f8d7fba

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c4ffcc801d25fec320a54f0bf657ee21
SHA1 c7e98a1c1f4048c7df078c9a3a072534a5ea44f2
SHA256 7ec4e38e50fab5ec96f57df9d1b4f9a00d88581be8bdfc20d3eb6ad0d7052b87
SHA512 6a2e84de57ed3fbfb6f37b705d8c79c5fbc98728d04db0b84ae7372d4bd6e4aa9ab6e55b38a48044ffd749b354276da33b4deb16135ed22bddd7fab31a914757

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.youtube.com\ls\usage

MD5 1207f00a5343454e3bb7ba3592df898e
SHA1 3a06594fa54eaf6de38d3fc0a2711b5995c06659
SHA256 3ae9d654ceabcfce836b6a916e659ceef5b17d4622cb0fe92697fcedab6d8e9b
SHA512 a1496ebf81c6dde0b91e273cbefbf0e56fbbeb6d75b1836fc0be925e92ec0935a93b5652436efc783c0ae5304e78b052dc81a42a7ff3e28fb6e3c9c9faa5b6df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c1f655fae772f00af81e7259fedc7c54
SHA1 25be53d1ab4f520ab6ff5769df64b7fe59a3ce4b
SHA256 a8371a2dadda02d7d3a2f5f2204db5c5d26cff7eeb586fdb28d0b6c903148d12
SHA512 5a9d1681eef1d2df98f8642660469bec563d3fc145f9e7bb2a654c6cebcf28cfa82d188ac50c40636c2123acadffd9dcd07c698739f7701f12440f152e8f420f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\43C85D8BB481B4E8B77E9F87A648730E521BEFD4

MD5 c3de4fed9a166deb85dd2659cccb8d45
SHA1 4de082018165fb27b133ad1daa3294438326ae95
SHA256 1be2c1cfe11978122e9b38a0a1aaa57b2a623a777c6139ddf77972d164a5ce90
SHA512 a6e1ba263f3c86b056cf592332c5a8b1c3aa4b606680ec944b76e8927e13885db7606ff8060454cb867d4303de62376f93f9d470bbd377628330f46ba71f41f2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\8E0A4603C1C815FDBBA6B131DE29B98D96AB57CF

MD5 d42f8362aedde5bd991d0f92a75fcbba
SHA1 6c5bed550454276571a3a9d3a93be68d35366486
SHA256 b4ef9a86eb3ede33a5a7c099245a6e21f65d7f902b44043834ebefa16a9d33cd
SHA512 18bffbb8ba9b0b695cde92dba7e40e588daacaaff882bf92b19e2f0c80a94d91d372611e98459f25ffd41d20f3291ead537532231a83396ca79147167d96c972

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9D3F5498990E93A22236A0A517D2EB12EBD0B9AC

MD5 6a67fddf3618bb76ca94cf073acdfdfd
SHA1 96929b3eedc5e606db9a78b440d5caaec4baf93c
SHA256 65ba02bf52c857278c860d7c1637497907007ac73d80b9b5dedb2c6785f5462d
SHA512 6b31fcb64ac6373dc1dde65107472c12d6da5b78b6e938e0a7e7a124782fa0fb07ffc19638d9e5f327a57f4727458e24f0ebffccab551245e6edd82e3913d2f0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\98435D18FB033ADA01F4B4C27ACAB5C5B08DFFAF

MD5 4cbdbd26b5469797ed9479550ee7101a
SHA1 fed60fd6b9ab07814052366c09cde390c01e6e7f
SHA256 bf89e86e18fe5bd034dd9b48862ed3618fd0a0a4e5015313f9b845eb3265c2bb
SHA512 9e98d97092fe5dfc3f2358a35ebe0b0588f413798750df7ef5d772dc5a92ce9bb24ee961c0941653997b06189e36d63e6e5a316524bd7776d4bab238fda38e08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DDCA4D8394BE14D644795FBC0B7BD4BEEE482714

MD5 aa04305d5d06631a9784964f5d1f6ec2
SHA1 69550a3da6291b50a20e949ab543ddc82ee00864
SHA256 d16dd772b90dfc497704c6b25980c3b48d7266976f7673d1348448ea6fdbf7b7
SHA512 78dac549a836916e37b5c89e82dd1950bd41ab2479056508ca089d3877d8d09f57c82c7df5d90b21373fb1c7ac73ee6e76f9f2a3c1a518bbf7bff49f64baeb65

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B6F5261F797EEA2A5B8E2888C872E346BDCB0923

MD5 c328c8918f01e7efd9de06ad3a4e72a2
SHA1 2c2b3bd2b89c822da272d80aa5945d741da118e6
SHA256 92cac20f752cce3de19090c4d3f4652b001e3aeec7228aad43e6b947f17ff212
SHA512 c092fd3eab083564cd0a862621df14bde5d443f18b1d100667394d14359ce34341a2ba207936cd798f2b087becc1174f200ef84d037f664491a46589e67df1eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A43157105A8C95622FD541E1865BC1496CE3BF6E

MD5 97eeff8f636eb2b9defa6822897c5925
SHA1 38647bc42bc3ee009ce4862efa0b5f0881ee995c
SHA256 ca313f9bc9f06293e76c208f7c611a61d8047570952e78a3494cfd5d0e786596
SHA512 650ffd2dbd193de0bffcf1c6e5a19c8d0d6817d2d0d160c2150f4aa3fdd60ccbfa71d9b2e8f5e1a736383c1e1988274347583658802964b55e38b6aeb23d2a8a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\0262126691EA9DE90661D439265A08ACD297D74F

MD5 7dbe021300101d343f98b9802f35daa5
SHA1 ed3ec2b778e0b701c4effd1a5200c1b2e67146fc
SHA256 2cf4a5bb98526b510e3391cb01b7e23255de1425a5d3875f02f69bc924e6235a
SHA512 b4824d45110b165e13fd46745141a52d9ad0dc63bb1e4b5983449957019a2ceeeba3cec2b0a977f348ac0591f7f158314f7f00c7bdc17d694e57031bea197bfe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\09984D9AF8B8290FD38961BD7994B095A2D23A73

MD5 3a2e213e1da260be7c8f94aa8e10aa58
SHA1 c765a5050a4c16cd236a44160b11f26ef896e062
SHA256 39dddf43c42c6c336dc16673b083d502f73ceb7280ac6c33b282bf4d2353baa0
SHA512 804cbdeddcfc9e81fbdca3bea780a465f3cf041e1156507fd7f6b8a9b173e947f46f75fd7339dc71a736f159994a2f3e4de8e63256d1cac67931bdced1fba23a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\F4861270581D9505A9273300124157CC01255E29

MD5 de340155105c0560f269b23dad94fbbc
SHA1 7b5c97d0581e2ac57c68a5ad4b79771f22bd7789
SHA256 c5474fdcc6903aa9cbf4f1390a0fbc3d8a26a87555e94bbfbf04f496f1505e75
SHA512 7e64ba42aa84d4116b3338147d8f62e52420ff6a31b660fff58d20c33649ed9a14b16869b1ad92e66427c8956478d6c7c049c9df50cc76ed01134dcdcaab5762

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\30B7284BDBB908C7C68F776FFB95B529DB9ED70E

MD5 c17cbd8b42cba36385cd7407474a113e
SHA1 7cd44b8a458b75607c19d8c86c6575c673eaa1d7
SHA256 8bedd97436fc537751b4f1202f1e712e9307a015036217d8ab4370553ef96ea9
SHA512 2e13de8297e79a449f237fab213dee8ebe340fb2a8f435c5c78f595bb4ceacd89f78566d4ac8a17acf16369d8fa310320ee9783bff1a537f8597661eda5cc776

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\691B1EFB75AA8B413DE53C01CDCD9343303F641F

MD5 c11ff1ebd569b93a3124e13fdb9043aa
SHA1 6a8e3154e982f12f0c7fa543fce0d6a8de683268
SHA256 948ea2ab2889500bab659aa00449baa020d93439caa9d0105ac8c71e9c53c16e
SHA512 336e64b57c94a3263600e169ebadc33db9a7770b24e471c8258f16abd245010e3308ee4005f4917ad6df019797c602f6243536cf5e20b32cbb12877c6f57af55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 c5e8f2c6ac01fa30dac7107f1c1efb11
SHA1 dd3b57778f5663f7e2efa77b3f8d2885c5eb27e0
SHA256 6d55998fc155578370356ba9600f7d8eec2fe9054dd48b0dc74669ad47fb829c
SHA512 f7d2cacb201f55b99de1e06f44e8d7e79ef721092428122e855fdb27327563657355bdb2a3908fd6a71e859704e43a57aed152c67a2471b8d1885968d4f2af5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1ef62d517441cb3c3e2d3a4ba4605a29
SHA1 fc931b20414953872598f137e3a448ba98c22feb
SHA256 e3111b9fcc561a9135ec1dd57e00fd2eed9492e671d8a7a97adb55e5611cbb91
SHA512 dcc936ea0ce608bb19f6b0444d3b5e2d5d24aa5e1dac82e5ec94d412709147d98aeff25cdc38f3679eda03c962712ee8bb510033dd35b52a43dcf7b054fbfcec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 42bd20f84bcd5e4930e6c99a2883c127
SHA1 0b9a8eacc6185a831a925094b3f8b596add9377d
SHA256 77d03a194c6ad41a4d66ea9e1adca1ecaf3586a1bebaee995a44bc972dfaff99
SHA512 0450a4cb656c54ebb0f2e966289928a6ce6609f4b05a2d114849691f60eed0fc24acef68bc19f03d51dcde163cfbf8d778981fff52e48f812aa6864fda1c13a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri

MD5 b8da5aac926bbaec818b15f56bb5d7f6
SHA1 2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5
SHA256 5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086
SHA512 c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri

MD5 30ec43ce86e297c1ee42df6209f5b18f
SHA1 fe0a5ea6566502081cb23b2f0e91a3ab166aeed6
SHA256 8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4
SHA512 19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae

memory/8004-3561-0x000001D58D530000-0x000001D58D630000-memory.dmp

memory/8004-3562-0x000001D58D530000-0x000001D58D630000-memory.dmp

memory/8004-3560-0x000001D58D530000-0x000001D58D630000-memory.dmp

memory/8004-3565-0x000001D58DE40000-0x000001D58DE60000-memory.dmp

memory/8004-3586-0x000001D58DFC0000-0x000001D58DFE0000-memory.dmp

memory/3828-3641-0x0000000002080000-0x0000000002081000-memory.dmp

memory/5676-3644-0x0000019A09500000-0x0000019A09600000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.windows.cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GO5H5QJ1\microsoft.windows[1].xml

MD5 02e0be48c21ff925b5f6aefc7461fac7
SHA1 10a13ff97554874a087ab0dcb84a9fcf46afb6e4
SHA256 a99f3e7a18e8044b5c97975449a9b95e186c4f1d2862308460bd7dcad0379902
SHA512 a7664817e1148693f31a73edc6131003c43026dee871adbb52525bdf3bf8c02751a1cbf35e6e4d5f80b5229957d0f20bc221774033dab5195123c7f627bb01e3

memory/5676-3670-0x0000019A0A060000-0x0000019A0A080000-memory.dmp

memory/6248-3712-0x0000000002C20000-0x0000000002C21000-memory.dmp

memory/6680-3715-0x0000016F52510000-0x0000016F52610000-memory.dmp

memory/6680-3714-0x0000016F52510000-0x0000016F52610000-memory.dmp

memory/6680-3741-0x00000177554C0000-0x00000177554E0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7d5bf40e153cf73c91e1be34968ecdb6
SHA1 6762a86f50913bbe0dd4dd1f163c0f1d5b2502ae
SHA256 d47dbe46cad8d217766375ecea876ac5959984b7c2c268486831ce6a2b79e018
SHA512 c9901a71433fe188b1dce8b1cbca67ba59d5203048e7d4fb93463c66a71d5225d854a15757efb0c361b8c06bcbe65835494e24cd2a8467dcd8f9c03ee4e14362

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 17bb6c491dd5d71fa011c5fac94c9cdf
SHA1 bfd3f9eb201808d332f4f266dd08ac0b73c430b7
SHA256 596b16c6723637580e4912a423cf27db3d39b258281fa88fa76a9f2aa9ff2ec6
SHA512 d76069eceb7e2695f200e6fc795b30f5ee1cb0c4908fd3c0542b0a095c88f21481cff4618bc675ab348ef1bc3b7847333de9c8a8eaef421e9b3dae22c6d210de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6F881B5F2C5AA994673B59D2213DE52530183A6C

MD5 1a8c78b859efaf6af63ae021a3bcc44b
SHA1 e31425aba57ca54f9a9af5147c3178b9b2c21129
SHA256 2602ce2334dc0e61bd1364a92b0d79af22fc8d62e3c3ee60e0300b4093a18759
SHA512 d26734c9ea9ce8ef75fe7b183a7cd3ea5cb891328400d38ac6c22d7483478c6466c760e3f72f8bf7590190db90f6f444f41db2fe9c13bf9f16b81410b2c703e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\27067

MD5 82eac8ef2c65f4b2d8d128b51506d01e
SHA1 4709f3d405a837a4e72a46b8e144e356610c044e
SHA256 45b2cdac1d2674c9e550a63a82d61c87d52fdc9e34094a0604e8e18c78ee84b7
SHA512 c948e69533170dd5b4626a5eb9031a1e8e4a7d59d153eb1c206f9ca74eb6eb638b398d936556e820ccedd4899491b7907639aefe5c35087da48480da25e1c21a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\16720

MD5 075f19b9700c90225282a3fc4cc384ba
SHA1 3fd45560095dffb36cf23a275b472f0a3983a8be
SHA256 b75003bd31091d59420242e1c374d6e4f99772b433dc09ff81eaecbb749232fd
SHA512 c02639291800766f58b83cf7b60d7233c5aecd29b7622e0d5f2bbfd5cb64b3d231a8d9c4f7dfd57719457f1f31b8c0dcac015001ef364a47a1ed1311288bad65

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13343

MD5 0ebf0975cdc6ec5f62b1ee9636f5a7e7
SHA1 52fd9f33daf0de409d95ff74211d8cb28c7314c9
SHA256 7f15c84bf0906fd312c5ff30d74c1ef8fe17d9fdf11901d63fb3b8cfd8861da4
SHA512 4e7f67c57cad8b628d966a71a0b827e657c81d720cdb3edbe84ba7e4b9ff26f69534e8537e2792e1ee9fe03c979fbf437199ac8a9b162b9a74cc1dde95c4b1d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13455

MD5 22d40ed97084e7077b8744dfd2e7ca2c
SHA1 a8d42014f3d6af212e4507f753f4648cf9a1ef47
SHA256 57e2a83100cbff29c0b4c7f465ee097623b9f8faaa7566e99b62daf60b428ed3
SHA512 921564e17d1162e22cec6523d122b048630653edafa1f9ca2f6bf94f0510c197bc0b1c90f8d101f6521dac6c49bffa81a6b39dda5fb97984a79f6d83c4945ab1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B43CD2EAA4AD095BBDCADD86AB8AB1E68B390D9A

MD5 2c14471afc04946e9f1351b3dac44a92
SHA1 af322bae8ac246cc0921ece634bbb9250829f80a
SHA256 c2a60986ecff363dd463d554a6922d85a19b3d64caef9f293eea2b07e5b113e1
SHA512 a7db6ce56c636b98539da55c973f6fc8ac927a7ee6301c1f2eb17dad9c8334e9d568a9f1e64a9e505c003a120333498d6dc5306c3e270d44179cb473bff07350

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\40B9416F0E473BCF2A7415B52D1715E2A820A8A3

MD5 f13527cbd0c04a3e129415e665f9740f
SHA1 bc6e74be9ccf6faee33bd956731d5346a751994f
SHA256 1592845a89790108f48d4234c5e226cde6c7be482eb03c31bea41534ece5c25d
SHA512 ca78ec6303c5d62031764504a3155f3336d05342a0aa2a6c1e8d091765da9c79ae7464ce41cf1d89e6e88a9ca18a22340b9fc6025541fa0934f1b51e745cc4e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9B06C9250DE4D8C98D0203224240EBC286A37A34

MD5 ceb3ace113bd97b484ab8a37d234f634
SHA1 72700b8357f8a00ba245d28bbb391d2c2b50dc9a
SHA256 6bbf7a97f47451388b73fd1d56c8034512b0ce9d6914249070d710dd2d406073
SHA512 c447043cc207e56522b91063c57f021266c5c11411f72a69c8c18d6d71db55cef04d0f6607f4724d4ed2cc30526bd17f8d6b6eebde23dbb53bbf046e307a0a2b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\BA822DE6BF3F3F67B4097D2431A0A995A9F7CB63

MD5 191f77f6d3ad11efeedff2f109f6561f
SHA1 4a7dcb0cd2c471a91acb5ed874bd24bd1c0f87ad
SHA256 a04a33ee61bf6ddb9239f954798d130a726f0d87b000e20c549c65af48171182
SHA512 1d7737fb811b7ba95e6e140162ad11a410064a72c59830ce1022a928d285e37e2b6f2001632afe77fbb46505d889d8024efde8e3ce4d80a1bf922a7c9f0e97f2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\27449

MD5 b45a1457a6979867cda13dc8a9437417
SHA1 3fdb259f753e8bf00a1b521a14f6af833ebf6c28
SHA256 5f9a03687be7dc9ece6687405a0c809e0a34956bba7d92ecfda23699288ec7fb
SHA512 78345973ec8f0903698cd7c05fe19f572996f524ba81366b5ad75cdf46eb16bfceb0a630ba84655c8cd3e8d08740dca3a7032aecf624c7693ae08b2a8747c1ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\3ADEBC46DAEA2D77E1DF4B4AB6C524084F97786F

MD5 101f947422cee3d34111274c5900a35d
SHA1 616d0417ebc0e5c55174d4d5f2ef2f820dfcca64
SHA256 5162d64f92fc948cbc083f577605a3faa09b453eb410019a7519441798a540ad
SHA512 a68d033289c65b714d9836efdf1a92ffc2bc9e4f5f1dcd53a2668c20810ab4f051474a005ce8deb84f3b088116c7b4cd2e45c6b589a125fe3569726be6efdc67

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\3D2EE65213655611AE063776EA786EF2A8F7901B

MD5 8ed169c2822a88c454a5d96c2778c0b9
SHA1 4dc88761dd65567e744c646896c8a6a82fa0af82
SHA256 d46d85edb006d3b93ab784dca650078c4095f1598f6a6812785774433ebb761f
SHA512 3140871c591e9b38bdce463dff7df0d6fb21834d152a3394c1acb7189dd676c43308f522c3e78eec14f42b903ff6fb9863a7f7025ee1853de32dd6cee6e35c62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\40EE86962A167F85FF635E63C180D94A8BE50B96

MD5 2d8b6d643418e38d82a1c8e76986c718
SHA1 88b9b61d386dfbd0722db45704193633b9ec2753
SHA256 3dd1a23b0da9fcdfeec3da7986f03c54f4f6c5d94a5843152e73d0f884ef2991
SHA512 f4cebd499adee6c8db3c873ed239efe410a4d72f0a0e0b6472ce0d4cbb26345d60e76bf5c82608344b799bf56fccf2b7e3c0bca22190a1eba71462095ba5bcdb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\14FF324BEE8F75081FE9C38BDD3C16ACD05B921B

MD5 a02a3c380e98c827ed5db92efa744e26
SHA1 3d2d9867f5cb4f930622c4627198bee0f7793d65
SHA256 018490cf7091f490fb4dd3049dd3b55a3a9339d1b928e3d14c7b6eba159bb7de
SHA512 ff40259d218dd98063ec6d3b9a0e2c9da5074dded4e44dcea498501be070d4485b56874db9ddfcc2390f3f6b1d6736733b86fbe46e4cd0fc5b71691d181a28a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\9F2F682CA19694135208D60A7695B6933D763620

MD5 7ebb3585c3c4274d9d85378d0f724141
SHA1 f063888cca082599ac03981019be4e7809a44d27
SHA256 50fa801bf2f042858bfe2b64e8956de16c2cd8f5357851bc8b23aef42da46eb9
SHA512 c8755ac6debc5a1c84f95d176e5b72644e45e1a81cb637aacda6d4c499ccd4597a15e943e06bd7221eb5341aff4dbbd8ed4fab3cc1d5a2ae147b6f49efd504d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\F014401240913F9C8DA59BDD862C5F0805A92286

MD5 6abdc3a42aac9d9867b25b071047bec5
SHA1 2f9e88010740bb222f21c990f14a8a9523eb5e4d
SHA256 257924ee10d34276e106587b308637698e62f3e799417cf3d54dd4bd3dc724a9
SHA512 c528aea22cca28534fac6561a44a5303f3326d4d5a78476d92ac429661e7e8ed6cf6a72e2837b92a381037ec77f9f688bd8da68ef1d65fc85a296f935ea0b4bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\73F858C8767183112D8183021CA08AEB773A4120

MD5 e706dcc9e264182b4e253ac3fa567e40
SHA1 08b1c1b7bd6b52f7a71420a24402eadbe0eefd07
SHA256 72d4e54903a2b81bb355259c4dce97445fcd4e872a1a7c14e20587a67a02f37a
SHA512 e256757fa5c1a64f35b7336215ef29a7f87f35e9cd7244891ca11ab021b3d39fb43a82dd8d29dca3bdcb69f169a82ecc21505d229c78c89cf15a1fde00c85247

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\25151

MD5 09fcfd6a99a1c25f78a50b2f934be46f
SHA1 e272b7a801259037e6fa082bfbea7fc984d25574
SHA256 e0933fed760883e65520a36f810ba946af28c55b5c0235d0b7a0b151ec92e116
SHA512 8727ababbeaa5f06d80bb5887fb23df0e5b2a4f2a0b7d826f30f36a9611530f35d37b36f3430f7f35924185c9a90e5b02f6d16739a54eceb745bdda5eae4a3ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 63a245ae03b768b3195e8a6e8fbf55a4
SHA1 16e1f8c01d66faab9b58c28a19a73b831a2f4abd
SHA256 4d4ebaae83085875277425d2614aed4213b7c948bf3f5768075bbbffec04124e
SHA512 c3afb82c95f572c8d3b5f7520c09f0e8f035e1148a0515280e024b2c16db8ceed4040684e6809ade88984ff06f1d3d478722c44fd20e47373a59d70dcaf147e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DCDCCD97B615F85660C06CBDC3964009DD7EF67F

MD5 c5a5c3a50299b062f6bf2bc67211f51b
SHA1 b0707799e8553db0e7f8a3910e9972dfbad3f0c1
SHA256 d681fcdf8ac20a51f3f27abd01af1f942206bcc972c1cd76b4efd237cff697b8
SHA512 a455be68245a911f7d7dac165b417d66cbbcba79334bd8f69d008ac024223ff419345cc8aa4361a2925b1724072a1cd8dac59046213404bfb113d9f166610f21

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\C1FDD8335B710C52C105645A49A66B4E7F3A4EDB

MD5 823774c68da9bc59badaaba1c74f207f
SHA1 2ac9e2ca1f2dd8cb60cf88bbe5a47c3e7caeec39
SHA256 9af08a36ee2af7a265f4235c70aea230bbd1998b0f225fcfc365ee066b2d950c
SHA512 6fa4a1a84660fd52138b2e4e9c2b547a5f5c8980bccc00e506438bacf0d02767a17f594643aa573bca037c45ee2100f692451ea4918f072275278107c84726ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\551188A5BBB9C014D214C9829437470D277ADFD1

MD5 99ad84c28b63a9a7d993cab5880e8ac1
SHA1 369bc47ab1c6cc538e476069e7214a2c0f6b6db9
SHA256 7a699f9b4b6eaa16b91d81e10f7eda477df8af489022b90b30cfd46df1ab79f2
SHA512 efb7ecfd3250e791d3cf4ea83cf1238464b9a8b63ced2382a497fd2f6afdd533c9a75543089213dcff98ac780642e2bbefdc5571f810f37f209224caf4f6ecf6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\B20635A9E3239966DF1AF8702BD403FE7FB90005

MD5 964cc9a59b307971f200254b1291860e
SHA1 4d13ea3911595914848cefe8e225a32d98e4d93a
SHA256 f7de21b8ccb5c0ffa5128c87e55e389a88f58ae4c0ff06cfd786383f12f8ee93
SHA512 f9ed9f86009ce98e483c66eb7d621edceef7ba1ce36cbb8cbd290e016895d2054c96c51be0923d2197a1588bd4c998a2ad0963cd327c3e0def242050996d7b36

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e7b62cc3a83e1636ba8a13ae822475ac
SHA1 db393422b75493cb4a6373cc6544093a601fd855
SHA256 432c548b130bccc8cef5bd9ae0019c32bba369ed5682a5d88ab7686ca7ce1b19
SHA512 d79e51c6c4472fae7f9b97a01896e0f1850f9669e24f3b0829bbaa168a7f9a29877ae5fe9cc20a1f1a62c7eb7d8837e3963c31c25069ed9825d8ed8becedfd43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\22635

MD5 4ca32597c5071a328653d4ec2382c4da
SHA1 0d93c2230e6438910ae4ea2fdedde15cd3b2e688
SHA256 c7f7622eca915e1e78893d979c45d3e17c708ebbb3176dc2a101249b5eefe7c2
SHA512 d846c438a82d9f909c8591bb62355122ff2bd1215e3c57289e77f4e3541d106f4cd4603fac107af1e05ecfa0ee019ac23de4a6dccf5129760e3556af135b3039

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 089b12553e9177c344ac9f5311ed7d18
SHA1 c0797a04f70d2b05fd853f552e71cac6ec7fc73f
SHA256 b041c68b369b7dccc67b9a1908ecdbda0c9046ba0bd945a4b867f7c83d2790a8
SHA512 bb888422693fd531f1d691c586dd74bee32d3a8f283416ca3160bfe111bb9eda949d932d1ef224d26c83968b346885b38b297fa44009306265c7aa926ffbde53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 41e5d1b872d9af991fbf12ed25e92d4f
SHA1 5da5110bc0dbb405ee4a15c4bf0ec1a55c05e0e8
SHA256 98ed15146a375c6135d04981dcd1bfc8da2714cbf00670cfd7aba2cac03de748
SHA512 85b90ff6fb52cfec26b12ff17d22be2bc6626d19690facc3e3f6dbbf17de1b8f127b58308fca1a60d1e5a6080e7fd00b22c72dc43e672186868dd0fae93865fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\21445

MD5 919922b572f3c49569a968dadd957fac
SHA1 44f89c07592ce291d349a1787bc040ba580dc67e
SHA256 e9b2ea9ee4c42acdc31058cda3d10c9148d15331e2cbbb314fa3f43a634a9dde
SHA512 d533fb88f29e07c3d832ae98757d6010f9b33a11a06aae1fb26ec05c0ea8c43fa06cc19d8ce83ffd0e2fb27d2c0ec0927b5286877c687bcf999a07b5d1282ff5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2e37dbe38450df5b25007bbe7fd81306
SHA1 f332cf686779d9782b3a4e6bd47868bae7c8e6e0
SHA256 c138a207cf012d8212c798bb55acbf41502459d23f7bfcba41d860403bbf2c62
SHA512 3618e5663b5881da948567e2368386db23ceb7eb927694ed329f4297446e4cbe8c863d80f6b0bfff1f9a85e809cf80b60b3f22408e681c4c23dc9ba22f688be7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fcff6428db20e03dba6aad5f1285ebdd
SHA1 84c857d6da6ac788bbd315afd7c488ff5046f890
SHA256 782ac650df6e076198b8ff56f92db0ba3a043c475a231fbdcbd52ebc766e0795
SHA512 c67601c7d02db0a73ac3478a778ecddb1efedbff6e06e42bf8567eac3ffef0378d6b1493595d5e781933848d95b01f995de61be90c93d93e18cad334525f3548

C:\Users\Admin\Downloads\HVA2aHlq.zip.part

MD5 0fb4c5f7aa6e752cfc00e163dd922a34
SHA1 d37bb8aa6630f71eb631ac669203b1a3065d4af3
SHA256 64bb156bbd9c1cd1403c1f40b22f1039ce64216c4ec6e25d4222f1cb9f8195fe
SHA512 f7a6d08ebd27ae8f95984866f6540f26c1cbdc6ab639ecdbf060f5a4e2ace1cf7879eddb8fa0bf3de832362c99b9d05e6ab5c21ca165a1fd9cdfded3a6326e73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3402302088352148aacdb5f74556c22c
SHA1 b142bb2bc72e53e669e87d665611ff9af09552e8
SHA256 d11dfd349dfff9a2586b9d7c251273bfd689a9a0cce711b5efbdba0477916741
SHA512 dd3bd11fbefe7e8ee920623333bcb0becae325db985e14fc35df2fb4ac81700cdbce82119805a8401ec2d63836feb92a4083e66171467b081db926928109c989

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 2f318b52a9b74defdd7cdaccf6881357
SHA1 183b14773d90ab1072ef5240df36800fb0c07789
SHA256 5153144bb6ce509007c31766b4593f4f7c1e069c15241e8a55330402b793c51f
SHA512 617e3ad1da28050b08dbee7a9e89d66e40e013174541d457dbf5b7f649c54b66fc22ae9208b6b4cae6a6317c1952422ba71131d6dec172d33c82508b8eaaf031

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\favicons.sqlite-wal

MD5 62f742f3815ec17be2fe9e90d9f74383
SHA1 365ac96ea69e13e6aff62fff83abf00d28643d2f
SHA256 0729c23aa09f513ee5f11c49e7a8742d787cd0683d6c9c554cd903e05b013400
SHA512 270b313ab49564c6b8ab12daff5caec7c382c992136245ee67524567796bb6af1e5179f2e5b616c0d180fffe863755a3aca5294c5cde7d9aaf30bd426a1b2fd4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\places.sqlite

MD5 60c69383593de11026ec8846bd4887c1
SHA1 5e8c87206c09992cff30d185be8fcf247df47aaa
SHA256 a6e6e9c1983326ce9897a80c4f67c5c0646eadda08cc6ead9a6e8e04102790b2
SHA512 82a43521c5f464ae872514a5ff211d84ce0ccec9174ed131ecb1d7a18c38f76befe9df47301bf7346ff166fa658727f61e07fdf10d9d1a208fc2a7ac3a4f1056

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

MD5 e1033b501a61f4795c89e17ce529f031
SHA1 67d775f69ea54c08cb23f13396e715e219c16d74
SHA256 879fd6ee0db18187e853e9b0d732276cb1d16d143dfcb5e9fc6bbff07da53f64
SHA512 0c51a65af0c05115f90a33592bdb39eb0a34fc15bcc026240ea739d16a2f0748e7c364e1bce7803a95a3de2dea1ed12564f08f46bed7a81bde68ae068d8e8666

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1612s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\utils.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:26

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\welcome\welcome-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\welcome\welcome-controller.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1600s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\libs\cmp.bundle.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

616s

Max time network

1587s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 107.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:15

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1593s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\main\template.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\main\template.js

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1604s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\block_inputs.js

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

615s

Max time network

1590s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\models\notifications.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

496s

Max time network

1589s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\template.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:16

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1597s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\modal\modal-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\modal\modal-controller.js

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:18

Platform

win10-20240404-en

Max time kernel

347s

Max time network

1589s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\progress\progress-1-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\progress\progress-1-controller.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:21

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1601s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\settings\settings-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\settings\settings-controller.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:26

Platform

win10-20240404-en

Max time kernel

865s

Max time network

1589s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\welcome\template.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\welcome\template.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

1797s

Max time network

1688s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596846596546729" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5008 wrote to memory of 4808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 4808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3276 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd6dba9758,0x7ffd6dba9768,0x7ffd6dba9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=304 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=940 --field-trial-handle=1756,i,10001521170494875978,5392518389610863445,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 content.overwolf.com udp
GB 18.245.218.13:443 content.overwolf.com tcp
GB 18.245.218.13:443 content.overwolf.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp

Files

\??\pipe\crashpad_5008_DQBFAJHUPTSXZBAN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cf788c1f-0fdf-49bb-addb-78e7fc13b12e.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c7dd78ddee2b7d4858d7e7bd8f05a7b
SHA1 520297da701d8e74004a0522298c7b7561d33381
SHA256 74760c1a94fe7be0d968b2d8e9a73f38bb42738bb5cdac3cf2a02327ee2f60b0
SHA512 207149c000df39c41d85d9c46022547e00b80becc5bd081cf13d15c875f815a6a3ac07967b30d1b0431826571166ac9bcba04200ca58164060d85f52c430026a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 82b5a540b31b7c3121b6d4786fe2ad21
SHA1 db8b90e6ff93fc2145d6b5c3988c7f6ad3f8425d
SHA256 7d75d9114ccddff24225d082fe79bb244ed09b81815cc3c9fde51b083c5c093b
SHA512 87c6771a6148ef728ac3eb713146e0c57453cdd330ea7a1d3a2d480f2d06dc9c7ef31a40607883ef87f26349f216d8e6e7053cae62a38da0afc01624f097592e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b0ea8df788ac68e2438d9176976c309d
SHA1 5a43524da25d2e96da9595ebeccc9d40dd1149ea
SHA256 d8d5c905da238431139acc2da4cb58e22cf74da6b0074f203b15ef7f9661b1f8
SHA512 33f2c40055b0d484f59cb91d358b8b239f8dd3f570ddc47f6b33e7069d315504a4735175bb6ee4095f341215186de7092b0348e0b8a6e30421957615b9cbae6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2de026f9f9893beb4d9227ee91347b54
SHA1 129132628fed7fcdfc224e740dd9666d4c012fd0
SHA256 2178835305aea31ec7250ba3399860c3f8bd2ac2967bee9b77603aa21858b35f
SHA512 cc21951d64971c9477eba4fbebbd34801933f2789c711e8d3635f4b8997ca5364bcc77a098a849f2ead670f53a301a79c9d5c9c1534f57fb8fa9150b416c6616

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7d5390105de211a46f21d05c896735c7
SHA1 32febaeeaab523bb5acfba506c55a0790330d168
SHA256 24b99700160b7534e3545c0ebda17801c97927ebdf68899c42dc514106bed74d
SHA512 9216c4b5dbee11a5528e61a7c3869e21705c4929a5ed68a89126f50c1093a2ce19e95ad3d00b8fc8994e9d947d25497d44b6cc858beadf71f47ddab641d727a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f6048316da52de552477aff06981f60c
SHA1 4a7d582e8f6d861d2285e9dc8673c39b422a1a90
SHA256 b027aa51a0f4c9e43dcc1ceb3ffb000e0cd90236e65925195dcde7d5bdf213f7
SHA512 0c42ce21afafd7899102b04e98d864ec89c3a5c674daadd58bbfaaa0a67b2f5bd1564a2048a7a3386e1ce9a472e08710ecebcc69e553a659e2ad7a795f901da1

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:00

Platform

win10-20240404-en

Max time kernel

615s

Max time network

1592s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\utils\strings-loader.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:01

Platform

win10-20240404-en

Max time kernel

403s

Max time network

1613s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\cri\cri-controller.js

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:09

Platform

win10-20240404-en

Max time kernel

315s

Max time network

1602s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish\finish-controller.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\finish\finish-controller.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:30

Platform

win10-20240404-en

Max time kernel

1799s

Max time network

1684s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\progress.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596864195927652" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4404 wrote to memory of 2772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2532 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4404 wrote to memory of 4968 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\progress.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc2aca9758,0x7ffc2aca9768,0x7ffc2aca9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=876 --field-trial-handle=1656,i,7874724523988026942,2692628358576779633,131072 /prefetch:2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 219.183.117.104.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp

Files

\??\pipe\crashpad_4404_QZRNDPHXRVIXPHZA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 01b5b2d6457066d6b4bf2f4bdeb242b0
SHA1 79b9563c1eedceaaa9e64d76d70b971a3b07c118
SHA256 9fd5c610442b899acf0ff6bf823f27dea91cb03b1434609509f9a355b81df1d5
SHA512 6f12009781d1ded7b6b90aeea1ece6e2d32a57d946837f7e0e9a48f091f348c51455f28b474501984422bd338de0fc29f3281f8884898fa87448db4f82f31dc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 813293dd3433171a5af913b97eb75638
SHA1 1d5f5a7d9e9f8ce32f3e57900c146e023b40173b
SHA256 a933cdbf2da3a47f121f566649153ea718c278ec33db0b4d8ca6dc03546e5171
SHA512 c36960a40201205f7c2ca57dc28865e19c60d3787778a4eedce9957527f73023340d99ecf341de7ca45fae7dfab1c2a2e8d23850a67ead9d7fce5c20e940f493

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df0192c5ea883554830f764c25c536c1
SHA1 7b6bd83e0ebbbd93380961a72540c2b1578fd195
SHA256 e6b96584fc17044f325ca545ca454378a664485f52c8310154e3c025a9f4a49a
SHA512 4f9685ba71cf5e75bcb0d90bb09f473389f923c26100262311d80e8ea60e5c52587b8ea8cdd343b313813fe5c0e9c4fb21fc0a49550a7cf3b146ed62aec8d6bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 907d444fae5264f87d6085e8e3187e37
SHA1 d944bf1590133edc4bc2dab38337f9f5c37d2086
SHA256 df658d37f1ba838ad891769d1caac437e1f0a742d7948c4b74a2ab8566032e47
SHA512 d47346532bce91bbc79a080b4e2b2ccbe2bffe47c5fbb1b64f3156a2ee3cbaa1aa3afdaf4dc48acaaddd55363fdb0c6a92583d1281f19f75f17392a2da3f589d

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-08 23:30

Reported

2024-05-09 00:17

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1608s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\privacy\template.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\js\windows\privacy\template.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A