Malware Analysis Report

2025-01-19 00:04

Sample ID 241102-xhc3gasjav
Target 3119e27ef4665f22b41643a24f89fd6f.mp4
SHA256 9f098d5c54a0f9c475338c3d5df4ecd2e027dbef2c54ed14df912fceb46ee6ee
Tags
steam discovery phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

9f098d5c54a0f9c475338c3d5df4ecd2e027dbef2c54ed14df912fceb46ee6ee

Threat Level: Shows suspicious behavior

The file 3119e27ef4665f22b41643a24f89fd6f.mp4 was found to be: Shows suspicious behavior.

Malicious Activity Summary

steam discovery phishing

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Detected potential entity reuse from brand STEAM.

Drops file in Windows directory

Program crash

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Gathers network information

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-02 18:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-02 18:50

Reported

2024-11-02 19:03

Platform

win7-20241010-en

Max time kernel

422s

Max time network

438s

Command Line

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\3119e27ef4665f22b41643a24f89fd6f.mp4"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5311E11-994C-11EF-BA45-72BC2935A1B8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 288 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 288 wrote to memory of 2308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\3119e27ef4665f22b41643a24f89fd6f.mp4"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2ec

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7389758,0x7fef7389768,0x7fef7389778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3232 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3092 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3780 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2612 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3384 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3708 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2360 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3604 --field-trial-handle=1356,i,4618948317493998755,4855373404315175221,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.0.1492977166\1462030330" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bc666b2-a605-47c3-ae96-f5cddcebfe97} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1296 41d7658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.1.1981036998\171525016" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fac02a6-b9e9-4258-958d-a547b984bdd6} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1500 e71e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.2.1572377968\948152349" -childID 1 -isForBrowser -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f366feb-a363-484a-b028-54d88df8125a} 824 "\\.\pipe\gecko-crash-server-pipe.824" 2108 415ad58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.3.1710228544\38346808" -childID 2 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd7cad46-afdd-4c61-8ed3-8e48ce726c4e} 824 "\\.\pipe\gecko-crash-server-pipe.824" 2664 e61558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.4.1097385530\1343032594" -childID 3 -isForBrowser -prefsHandle 2928 -prefMapHandle 2920 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7075fe8-2b95-4d6f-b549-2c824b3a3a76} 824 "\\.\pipe\gecko-crash-server-pipe.824" 2948 1be7d458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.5.1688916043\72715766" -childID 4 -isForBrowser -prefsHandle 3780 -prefMapHandle 3680 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c95c5fad-4bcc-407d-9ca5-6d6699e9d65d} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3788 1e5bbe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.6.44978561\362382808" -childID 5 -isForBrowser -prefsHandle 3900 -prefMapHandle 3904 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b75bd96e-9190-4502-aaaa-c3166164afc2} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3892 1f283258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.7.177325746\1111918852" -childID 6 -isForBrowser -prefsHandle 4076 -prefMapHandle 4080 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3cf2e1f-0528-4083-9bf9-f052b08461c9} 824 "\\.\pipe\gecko-crash-server-pipe.824" 4068 1f285c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.8.515366737\571183107" -parentBuildID 20221007134813 -prefsHandle 3724 -prefMapHandle 1700 -prefsLen 26356 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d2b483e-98a1-4b34-8686-d4456e73f4e4} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1788 1cb6ab58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.9.1843094209\1264412656" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4436 -prefMapHandle 4448 -prefsLen 26356 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {537fff29-80bd-4719-8f7d-c1c3f127e81f} 824 "\\.\pipe\gecko-crash-server-pipe.824" 4456 1cb69c58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.10.1043806411\1525137115" -childID 7 -isForBrowser -prefsHandle 2628 -prefMapHandle 1924 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8048f2be-339f-4e9b-8aad-e28a0a57de35} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3460 1fcb3258 tab

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.0.706925464\288396480" -parentBuildID 20221007134813 -prefsHandle 1144 -prefMapHandle 1136 -prefsLen 21236 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c51aad8c-941b-41dd-884b-be4fc923d3e6} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 1208 f4fb358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.1.370508713\632206487" -parentBuildID 20221007134813 -prefsHandle 1364 -prefMapHandle 1360 -prefsLen 21281 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {365ff1b4-6779-45f5-98a6-181d7d090f10} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 1376 3d33558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.2.1897156774\373614523" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 21742 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64293369-cd20-4a88-8a91-83eba0251412} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 2088 1a146d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.3.1927870419\479883584" -childID 2 -isForBrowser -prefsHandle 2352 -prefMapHandle 2392 -prefsLen 26927 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7b9786c-eb11-410a-b85f-2c5bcc5bb5f7} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 2416 1adc7858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.4.422017827\612319915" -childID 3 -isForBrowser -prefsHandle 2392 -prefMapHandle 2420 -prefsLen 26927 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04a5a689-7ec6-4cc6-9cf6-2a93b98f5717} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 2748 1bb92258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.5.203590731\772297303" -childID 4 -isForBrowser -prefsHandle 3456 -prefMapHandle 3468 -prefsLen 26927 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce0abd0a-9c96-44a6-9a2b-96b891e68276} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 3500 13da1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.6.537038673\997227598" -parentBuildID 20221007134813 -prefsHandle 3640 -prefMapHandle 3476 -prefsLen 26927 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58014ec2-3371-4b69-87f8-8d03e06ead65} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 3696 1e8c5c58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.7.1447999084\124415049" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3832 -prefMapHandle 3868 -prefsLen 26927 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3084236-09d5-4d58-843d-349ba3ecb4c8} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 3880 1e6e3758 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.8.1182237507\1495633326" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4008 -prefsLen 26927 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {baec87a8-e4a0-4111-a8c0-485baaf71ece} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 3900 1e8c6558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.9.637226862\2129981" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 26927 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ca356d8-1881-4ecb-97fd-360a14366295} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4112 1e9e0658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.10.1949390958\618292601" -childID 7 -isForBrowser -prefsHandle 4296 -prefMapHandle 4300 -prefsLen 26927 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c1e709d-0b2d-4095-8ce2-3890eabeda31} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4228 1eab9658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.11.509239960\1306044574" -childID 8 -isForBrowser -prefsHandle 4008 -prefMapHandle 4020 -prefsLen 26927 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c5a761f-e376-4bf8-a0d9-8a84975bd200} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4468 1e6a8a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.12.1104832629\972337966" -childID 9 -isForBrowser -prefsHandle 4796 -prefMapHandle 4792 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d4899b7-7589-4425-993d-f9dee6ffa254} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4808 207a8558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.13.1570577975\1333245181" -childID 10 -isForBrowser -prefsHandle 2376 -prefMapHandle 4136 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9581ed4-d42e-4300-9da4-fdf0ec0ff405} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4212 10d22b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.14.108840610\2100670774" -childID 11 -isForBrowser -prefsHandle 8448 -prefMapHandle 8452 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5a10ce4-9ab0-423b-8bf9-87992593a169} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 8436 1f7bba58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.15.1727271820\717775704" -childID 12 -isForBrowser -prefsHandle 4284 -prefMapHandle 4280 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cbd8d17-f3ea-4d86-9deb-edae114061d7} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4536 10db1b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.16.414628182\371304173" -childID 13 -isForBrowser -prefsHandle 8296 -prefMapHandle 8420 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dccac0e5-c5bb-4846-b6ce-7db360ca5ae1} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 8284 18660158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.17.899993184\1134903262" -childID 14 -isForBrowser -prefsHandle 8120 -prefMapHandle 8116 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50e79650-39db-483b-9b59-e4672d0dfe0e} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 8132 18660758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.18.1072328040\1759683043" -childID 15 -isForBrowser -prefsHandle 7924 -prefMapHandle 8148 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30219b8e-d10e-4dfe-92fd-1f100dc47a0e} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 8212 f62e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.19.1213866577\1024651971" -childID 16 -isForBrowser -prefsHandle 8328 -prefMapHandle 4544 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5984ba1-5125-4d26-9717-a183a687d5a7} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 8340 10db1258 tab

C:\Windows\system32\control.exe

"C:\Windows\system32\control.exe" panel

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004EC" "00000000000003DC"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.187.202:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 youareanidiot.cc udp
US 172.67.143.125:80 youareanidiot.cc tcp
US 172.67.143.125:80 youareanidiot.cc tcp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 youareanidiot.cc udp
US 104.21.95.69:443 youareanidiot.cc tcp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 youareanidiot.cc udp
N/A 127.0.0.1:49544 tcp
N/A 127.0.0.1:49552 tcp
US 8.8.8.8:53 api.bing.com udp
N/A 127.0.0.1:49842 tcp
N/A 127.0.0.1:49851 tcp
US 8.8.8.8:53 youareanidiot.cc udp
US 104.21.95.69:443 youareanidiot.cc tcp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 id.google.com udp
FR 142.251.37.163:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
FR 142.251.37.163:443 id.google.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.213.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 142.250.200.46:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 bonzi.link udp
FR 151.106.4.82:443 bonzi.link tcp
US 8.8.8.8:53 bonzi.link udp
US 8.8.8.8:53 bonzi.link udp
FR 151.106.4.82:443 bonzi.link tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.kinitopet.com udp
US 8.8.8.8:53 ghs.googlehosted.com udp
GB 142.250.200.19:443 ghs.googlehosted.com tcp
US 8.8.8.8:53 ghs.googlehosted.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 216.58.213.1:443 lh6.googleusercontent.com tcp
GB 216.58.213.1:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 216.58.213.1:443 lh4.googleusercontent.com tcp
GB 216.58.213.1:443 lh4.googleusercontent.com tcp
GB 216.58.213.1:443 lh4.googleusercontent.com tcp
GB 216.58.213.1:443 lh4.googleusercontent.com tcp
GB 216.58.213.1:443 lh4.googleusercontent.com tcp
GB 216.58.213.1:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
GB 216.58.213.1:443 lh4.googleusercontent.com udp
GB 216.58.201.110:443 plus.l.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.206:443 drive.google.com tcp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.206:443 drive.google.com udp
US 8.8.8.8:53 1526906943-atari-embeds.googleusercontent.com udp
GB 216.58.213.1:443 1526906943-atari-embeds.googleusercontent.com tcp
GB 216.58.213.1:443 1526906943-atari-embeds.googleusercontent.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 151.101.67.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 8.8.8.8:53 clan.fastly.steamstatic.com udp
US 8.8.8.8:53 t.sni.global.fastly.net udp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.67.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 t.sni.global.fastly.net udp
US 8.8.8.8:53 t.sni.global.fastly.net udp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 t.sni.global.fastly.net udp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 8.8.8.8:53 cdn.cloudflare.steamstatic.com udp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 151.101.3.52:443 cdn.fastly.steamstatic.com tcp
US 172.64.145.151:443 cdn.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 video.fastly.steamstatic.com udp
US 151.101.67.52:443 video.fastly.steamstatic.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.143.155:443 api.steampowered.com tcp
US 8.8.8.8:53 api.steampowered.com udp
N/A 127.0.0.1:27060 tcp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 api.steampowered.com udp

Files

memory/652-13-0x000007FEFB9E0000-0x000007FEFBA14000-memory.dmp

memory/652-12-0x000000013F360000-0x000000013F458000-memory.dmp

memory/652-14-0x000007FEF7DC0000-0x000007FEF8076000-memory.dmp

memory/652-15-0x000007FEF5E10000-0x000007FEF6EC0000-memory.dmp

\??\pipe\crashpad_288_VDOAMXTEGCCUFFKL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 10db38b64b61095ab58d5df95a459293
SHA1 6c0ff3959ea4c357a4571aa213469a7018d1e29f
SHA256 d1acceb79ce6a98a93b709431e112b87ce3c759227196055af3360f3078cb921
SHA512 53e15ed0f8a2617c3f0d804242dcf1134910f1df992d8ad7b63b1751e4ed7ea9c3775e3b4d8efe344156ca732fe46787dbae3c7bfc97261510e087cfcefebc33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 907d725bca6c97eaa79b9a37b3d4d55b
SHA1 d283c5b8f7ce54efcd703ce66adc0a11afab2bab
SHA256 f34eb3eb8f7b0024c58f213e4750fd7e4c4eec5ec41a063fe2cc817bd3ab4f22
SHA512 4d99102a3f2ee5d21aa90959ed518f7c09c02ad9880e6b860d9bb497af1ffbcc801d82a2174d3bdfee40161854694b9fc6f448e039b070df73c5837d9a83acc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cfd52296a96ba2e90c75d8acd1509ade
SHA1 2b34c2c74d5106a496944f4cdb2e73bc5c31be0d
SHA256 b8fa8139968420df6e3cfd708a297a560b99f8732939a8c307546685d7a07099
SHA512 cfd0364262cb3b0a1decd202777924169e0d85befe4226a078e24c8eb930b1d9e4f8ed907c91765bc14c4a33fc1e4d718dfa57834f2f27b54646c7b2bbea7821

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40fd300b339f61a2098fb8362f6368bd
SHA1 55c0b8abace354194b1b4ac51765127efee166f2
SHA256 764465b2228169b1d4733ef98f88d7767264468c25353957a8212ca1f16da824
SHA512 bcfd99ed9aa0bc4fc28b2684f623e95b342c07fd8fe9fcd92ffb59ce5df4c0e4654d4b6835279505d241d98b508f6ac3abe082d1b9d1f009482de7c7f8389809

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 87ce06b0193281897023c4cfb922319c
SHA1 47924a8db27de5596d5bb2a44b6dc7ff1fae4aa3
SHA256 aba7184daa9d015330dff75d247b2a356832332c7a5b09b418dba612dfa2068f
SHA512 5a3106153704f900b36452be483fc45501db471cc05a4eaec269310e3fb1999594b3ff83414ba30cc2f204f7520165f54c675c279147cf2994ab5a616436427d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48b03e6e15bbf3fc8202ad26bb70d238
SHA1 5c57c0cb836877c7682c595df36d89ce73d10ef9
SHA256 a9e0d7630f610a555eadb3bd2ff31de0cf53ba01d532bfabf0427a32e8c99cc6
SHA512 bd517dff3f40d24719c5a506c196599639d5896f286587489e2af38c565e1443e74670e098d696d93522f619d3c28969127399ab9b0abbb5614d15d69c5cc12d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d12d6771-26f1-4bcb-899b-72bd38245435.tmp

MD5 f4e2c252d5974d48ad5face5a5513f09
SHA1 ca624010528de5db7f30b161d45155da8169a265
SHA256 f1fccc998689e5a0f97f4126df4b33649b8a8b04af62c26162737432067d698f
SHA512 b9c5518e1dae8cb3519fd9d48e4af10c57d1434d3e78a8c0edaebc8cc0ca1ad727ccf7b30826b3b9ffef440641a6bec0e58ec6da73dfe067b38392da372b4523

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\5da40a12-7ab3-4fa1-b565-4c9d54b60382

MD5 738f4803ce6a9e462e2711ec2c2c1b75
SHA1 9e43ef0a784ca43990def88846c6b3104b0428b4
SHA256 9bd4555046795eb7d69f93b1d12d742f94fa9251f37c520d9d693a7f618aa0d8
SHA512 76e4beba2b68dc4feaf0cc390dddd16273ebd99be7afc64239bef17a07d8498496484468e33bd122accd8ab2fc76fa1021bdd054ae92c9a6879c62b213e60bcd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\337988ec-0aee-4ffe-a34f-20550386f758

MD5 7fbe3e813019ac61c16e50d5ed6b6248
SHA1 bf2d12a8888526d853e135c2a247025133ea606d
SHA256 b5489259e77c64d2bdefacf6d08596fd204fb45893b6d2146db3e8b2c5821121
SHA512 ca513d44d14bbbf659da340a1e93ad426334d333fe115212efe55b851be574e6c58fdb41ea70fb79959537d8846f5c86601a0601bfe4597a7eb4137e97523398

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\db\data.safe.bin

MD5 14c58f3a095036c7ef887a4c27fcccea
SHA1 4583e7588ac17e4713746fe6e6fce067eed3603d
SHA256 3338b7901fcff7005ddb84527c3cfa85fd0d555d7bc75fbaca54063ed78d294b
SHA512 31849510d91d7cb86e21cc4b5c7f24cefe73f7e3e0d9e396b0e25f919fdd5aa0a2c080b3feed6d84592ba7b50859d67a5574931b0c1d98c80b4767397d6e747b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\activity-stream.discovery_stream.json.tmp

MD5 3a3383142bc8819394b54a667715aceb
SHA1 670484078d7add0fd7d76ccdd978ddfb5fc26e9e
SHA256 467fc3d30070414d3acfa3083d7618fef601f265d3147a6a29339ac8c6f50c2a
SHA512 c3a4aa87c8f922b577f3d29b29d62d7e95e69682b071567c19e0fc466e1979a0618f6cad05f19ad3a82e17c339f98bbd1558ef4e64e5ef29acf94b13bc49ea1e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 f99b4984bd93547ff4ab09d35b9ed6d5
SHA1 73bf4d313cb094bb6ead04460da9547106794007
SHA256 402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069
SHA512 cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

MD5 68220437406142c8c81af08d31e64dcb
SHA1 8944777245fe87a2eb674cfbf2f1e97dff78ff85
SHA256 7e86fe2987ba23491b0f48bb5bc23834914697bc48414fd87ee78f8be1cc1358
SHA512 45649f753693917296e3446fe4937dbf2695dc499d44a376ed94a21d24553e35cf4942d2c59262926a7b25df45cf182b82ad889bf4433cd5b4bbc1c9793eeff0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 05cbab869afdefc0607d4c78d91ab5c6
SHA1 f06e7713f932b86ae534979b83d2e223fbd87cbe
SHA256 b0bd8f4d3b845119920bdd594bd8d217207c1af5c61cd747d624351a67bda0d2
SHA512 ee27f5c5168db045f7a478cfdadd121c6b1675495c5a85280520e4c771da973f690e47ddf60f47aa4fdfa802330521b5a7f17245e315737d917c73c38fb9c67d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

MD5 e9a1ac0057f534ce2a63adb103b0533d
SHA1 6dc310dc702a677a5d0784dce138076a5101a3ce
SHA256 ee9c162435491ab1c7f9287544b560232d51e00bffadaa7c94622a5629c246b9
SHA512 239a45bef3dc2be3ad302c5759d1169ab19ee53c71ab6147a2a7dc4f2985b9c5248d2c31c841768829dbed9afcbf1ac71673a4d500e148a1455d84efef71c8fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f97c4673b0010ab9451c7f6c2323b29e
SHA1 0dd04126e13def96d83fc47eb33598f1bbe148c1
SHA256 d84e9c83edbf11a6e6f82c4731e6f4b2135cf464d86f062f4064362c1843baeb
SHA512 2096a5bef4982bef537e406025e602518a2b8f5919cdd05d0dc558435c9aaf999aa4b643ce13de904735ad9c403459574872011d6099e6b05187a7d9ed5c171f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore.jsonlz4

MD5 7e3a22e4a1f5403cc74ca792254c6ee6
SHA1 7c82ddecb49545a4b85a045e3b5e3e8a448ed373
SHA256 fa00b772a601b2b849fb979970de9d82aaf433238b24749ec99c0772008b9a5d
SHA512 b0bc2caa7d8f1f855ab2c7a3cda3f5f8a10c81460d1d92b7bdb71b5b1a6832de6fbfe556f34460598d698c63449c69c90b20b07841aef705744904cf082ae692

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs.js

MD5 6c5830380d5cf4745670d26ae5a3f23b
SHA1 fe0ef4b693a0256109a633009a9c11a8c8b09dd5
SHA256 2041c6a26d753ba3a93393495c84bb9113cadd424424e66773d83244753c63ae
SHA512 358dd81f8fae8a37a81a705803e7b64e08feef07698fc745e1c4836446b46ddb9f1eac0150bc57f66b56afb1749722f82d32a1bc2ea021fe4ef1134ea15f1750

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\startupCache\urlCache.bin

MD5 f88312ae8c2070454080fea6289c6bf2
SHA1 385488ca57fb118e961e096e569ff0038d13f6a9
SHA256 cd99da437391d6feec0289b5733aaf5c9e22aaac7437d73700d243cd54dd4259
SHA512 01ea763c9d590ae6d6455f27f04b38d163d7770002ba3fd2dee44add90ba421a9591ebd9a047362a16763ed75ff0077d6ec7bb826969fb5ca2339736efff6c97

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\xulstore.json

MD5 c64c353599fd3ad2e43607fcb5b4ebf8
SHA1 d47b687df6f60fab3f0b32dd20d54258b2b645d9
SHA256 c92da016f56b7aa125d9735490a7421c525e839d1e34c130d4f73915b08c8b44
SHA512 c5e25b4206a027d28ac6aae3fd31b9dc020febe33b7036885fb94d39b7378f3bf1d7f6df9902c372de1ea9505e7f4032ffbbf394bafc1cb87ed3b20fabae7b23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\permissions.sqlite

MD5 5d46917ad7eaa6da6d78d82d7df589f9
SHA1 8e40dcd0c307c5a43b87655ec19bfa1bef684d18
SHA256 9e648e4c8b03306aacfa86ce64e5ccf17ad0e15c07b5583e9ad3d78a2eedd90c
SHA512 4bcf9f26f4fd974c36f4efaf35eefd6ad7f6deaa37594d608b97c5b89fdd71336dbab12c4b539d1aeafa096514342cc0047264a2d1fb1d05a5f3a280044f4712

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json

MD5 362985746d24dbb2b166089f30cd1bb7
SHA1 6520fc33381879a120165ede6a0f8aadf9013d3b
SHA256 b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA512 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage.sqlite

MD5 211bfb719c89ce3c50462d94b41df70a
SHA1 8e6977982358d7835141bd159035dc418457a7bd
SHA256 4b1bf413d3ccd5063ef460424a9a84f7e7cf01d624be5e2c29496330e556d1ab
SHA512 7b99d60f7b38bdf8bcb6b2a98541e0fcf0d2e45e1aa0941244cf2e8ef7106a392fee3b7ba01eb0c26303c85d3f21d75bafb09234d59cafe80b8ee73a95694cb4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cert9.db

MD5 d6da269205b226445e521654fd9db29b
SHA1 fefe2e2bacb66ecfc7e09fe0cdede175ac24ec26
SHA256 7be5859292293c103c655a1c2e47cd15491ec2b88f518328f0d02960c76da850
SHA512 57625ffd68bae3b9491b3181a3f449b80847ac72e682bd10ffadf5a2618186c8ad83876f8d10609873822b480abc7830c93b184d6b775192869d1d03c9ad5eed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\SiteSecurityServiceState.txt

MD5 df20424725859e168646d31be8557389
SHA1 ade699aa0e195897f35328d859a47f86b50d8b04
SHA256 3ba590f2a980022ef4ecb79b9a6f038552ecb971feb611091beb3491e13d4244
SHA512 5e4ada7eaba191d34a87553eb39256a0744d6d572948acedc50ae18ce8b9ed3caffc3cf9d7075f2efce6a341d1a89e14b1f2cc5bfd01421a50f62e7dee27ca26

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 5e28fdf29190221fa23448a4ff4faefe
SHA1 2195e327e3e6dd9157b79f2b2cd40f9b029e5392
SHA256 123246ba4f7c7283881732c8b31c172219a690ab2c5e95b549292ca9047c9626
SHA512 19eac3477b682e9baf87f76b20fb15593e384124ced2918e67d2543b61a0406bd8c1f3750b4caa4a359e7ad1f34b6e3c26c125dacd0fcad101e5294a2296be10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\AlternateServices.txt

MD5 dc2ba93d2ff5c68f068d3312c18826c9
SHA1 544f1d01a3e6fee3428e46a7a05d78f59a40d833
SHA256 0b1322a6d69a4947280b6509c3444a000c182f92e83894fbdef52a505932c9f6
SHA512 0209e8f800447116f643b1dd95359a9cdee85c0d93d6cbcb8e7b0315ceeecca71fe7a8f49cff58fb470d8126a00bdbc561ed33a0191b28e576148a0209f1fb59

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 44844a71c665b9c1f7cc15e1a3e3b51e
SHA1 fba849526088225a77389c9ae41a9d160568794e
SHA256 d3654314b303180f02acc225a47dc64e8ff8f2f800537ed80fde4af0fc480759
SHA512 78844c9c38a974ee61d04faabf4e29374e936540bc165456b988eedf949b336a7e760251b9030cd63b5a7d0f1956372db763d8aa4e42527bbd00b5d729e6b00f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\favicons.sqlite

MD5 d4529790492f210e19958618e2d4d6e2
SHA1 b966ec7b12c0963eef2d8e9786f82034a543f40c
SHA256 06a25c924f213cc3dfd9a1b87b8efd6a603cea036028b70ef8bef0aefac6a43a
SHA512 2f9baacebc265f98594e14e8143ad515ce77df5768c0322be323df5ee906ee7d0cc0946aa2614dc8342df4274605b1da95bab4fce8566292811517ab16329b09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\places.sqlite

MD5 9406e94dfda365598f2d3bc9b4f3a53d
SHA1 70d8a9d2c3f606b01e0ad656d291b451d452129e
SHA256 7a078faabe39cfe5b937008980cb8bde5ef7c469de8b9b8b2038ff84b28ed4f9
SHA512 54aba0314454abc889ba00abcc3d3f0e1eaad8b763fa6dee55f637c59a56e9d6e923f759827963911ed84c2af9a3f694587b373c55880a14db885f9e83d1a1fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\protections.sqlite

MD5 deeced8825e857ead7ba3784966be7be
SHA1 e72a09807d97d0aeb8baedd537f2489306e25490
SHA256 b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54
SHA512 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\91e1065d-8db0-457b-9363-f4cee6df7b3b

MD5 e799bd4d8a96877a5dad8c6fc558c4c8
SHA1 e6dbebf2630c14496293bc98853ec5af26b95898
SHA256 f7f32f4dc4ac465690c802f13a87e53d7e3aee5478a64355d88f9ed099d52476
SHA512 2bbd67db5edd602570b260e73e33be810a989dc7e732eb1377f045dc03cf88707c14f35c8b4c6d55e7d7921cbd9d87eab8eaa44030b5acd9f762b47ce1deda88

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\55e24044-6eb5-4415-95a6-38654b867d16

MD5 2e5c3b13584d8161a96a26c9cef2f9d2
SHA1 557ae5937181dcd7365af30e1d42ca0e90d064da
SHA256 ffacd0d75e23b30eee01e93e31358acea1bcd566a705d4c6ec9cb62cdf458987
SHA512 6270064d25cb2db5cf6419891c975c3beb9e7441f78859850778294c92d32d80dc6d55c705f9fc3e75d2fa75280251a391617a222b93a6c9ed5432ddd3c1f341

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\db\data.safe.bin

MD5 a7b26017a602b0b162ebf965849bafa6
SHA1 202aa5a8284cbdcb7f1728e4dd1a3be64ea782da
SHA256 691326456c9493ccad6e83dc6abb9e164532352cd518cdaf1e2473ed8f0aa1ea
SHA512 f74587edfe9eadb78b61601827258946ce2e309faef3f2bb6f536a1abe3ca7cc670c799510444562d777aebe298a984f8f8e8a89073fe73931dbe983adbfd1da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\events\events

MD5 70884dd1559fd1771c5ac2fb304bd20a
SHA1 778c17f360d68c2858c89e6c6ef73c76604a1822
SHA256 7f218c0b3fa7f0ae89d6343538f6bd256a21d1e997bcf23ce8ef18f61ffaa431
SHA512 edde0940c25f514633c744718f4071b38938eee2f8cafba6c2b92a4f9318e1c2bd841108954689d7e244722f8b044ae7c0d3527eccca3ad705cd344cf8fda935

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bbdafdc20ef0efabcb763f450fae962a
SHA1 26cc87e40f06f992be1cdf9c51d16a9b4e1d072e
SHA256 9a812ca01a1fbc729f4976ebace03998f2e12617dca43782f79d50d280d00555
SHA512 3192fee729930ae4ab2abaaea3d309e58f959946051b6069df9d4d44f1dc04df881e888065da1adfa1a19af713052ce1ce327dce40a1b6ae34c6ed774431d136

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs-1.js

MD5 203a94a2bdc250d8ef7f12757b7e6758
SHA1 fb97f98dea5de992bd1db4516529bd6ccf04d7d0
SHA256 06e6f51484b8022c762894c125adbe800953eed1aa4e97a21b707a230df6188a
SHA512 5c2b6a885f65eae989cec43ce85c549e865347485914d8e7b6c523229b6a9ff9bb6cd9d374a52ee88cf08df0dbbaff756bf20c31292931fb30c96d67eee450ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5f8b60d2787f928268b3db76b863e30d
SHA1 80153bc3541efbd51caf575a6eb9837e25169bb0
SHA256 b9d129b23ee77ab449ab285c557fb730946e25d89cae2a0747c81345b5170bc5
SHA512 5e7a11a03e1b35d9ee52c7b1b29dc58959a877541cad36e6ed882ddc2dd0603bf0f9280b2421632205457afc17d83732f00064d1efe1b0881d21ae8ee8c92d6f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\doomed\28571

MD5 e5cb4b30d0580753f49eda249db97b07
SHA1 1db3097469ed92e895751e29a67a4d8bd55dd082
SHA256 3a2ca146addc9709b7e6702de8d1edf4b9a8509536e32b69088d8a0955358c03
SHA512 c2425cd55aacdd5d44b5928a62be94c367567edab53a5fbf0e9c466670a1592a9901c9bf6b0da865856948c26ebc079d126be99c7b56edb06ecfd85ed913c8c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9b9536bf0ab44c7ff65c03b5fc600aae
SHA1 1d21c71e25f857f3f0cf7aec888c58c1fc971dc3
SHA256 7e43e0dad714531a8c6e223f707e5fc5d642ecd4249f15ab2f19fc9816b869dd
SHA512 2938c7f0fa9485049e90c6bbb16d535a1fa6e6f670bc0ad8f1267f3e641dbc8b0addfc6f7d2680c2a1dc2ba76d6b9deef1f269923738b43dc0465789e27debac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\AB7AA06B28DAB5B8EA806B72062B8D9A2E6B2CD8

MD5 1fd05044ef924cc78605c95ebdc0e6b7
SHA1 4bbccef4b1aa1dadbdfce770fd7c89a47e11ca92
SHA256 88b1673d70db57b0a0919543b89ba77b0e75f6df6225fead38ea1e1ba3d8f5c5
SHA512 178931648d9e78f2d08b933134e55847f54b6a993f196ad255c671791dc313195e597e97025f0b87a79ce62037ddee83006a0d33fecc23b606aa7ad7a0d637c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\90C75488977C1BCA1B0123151009F7D3E32F1369

MD5 48b2b1adb53b1081a091d146bb2db824
SHA1 853ccd047a1305f10952eb298d13a2ee0f57896f
SHA256 6af83f3b877d4b3e4f811c70ad70b16d778126f181efe1342d87aef2d3cba759
SHA512 fe37633251254d4fb9d9e28189883e3696e21d0fa3e3aec67f456087ad2fdfea969d5ba637b7cbe1b3b79dff5a3e8cc77ba46bf2be9bbf46b19eddf7679ebf3f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\85BBEEDFE8AB142FF1E746506597CB3E6D2530F3

MD5 49067e7f352bdc52256fbaa798b60b85
SHA1 2691316583c3d7cf37ab2970eba093dc680c34db
SHA256 40212b1e8aa9e0e82fc6b1679c9b3f9dfc70b0b0a4f0678e58221d9abc80cc6f
SHA512 597a695d7ed4895da96a8ce57f4ac511c5da64755b924e65085b3f7a80026c5685f55cd9ddd355cafcf47ec23478c6427c26dfb11185172a41c6cf360c216a9b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\77B2B1CC1921D4D8B230ECE2E2C427EB5E5C7235

MD5 44badfd72c8291c4b08c1e078fa398b7
SHA1 ae1143d678a65161b54725050461f0df39be512e
SHA256 3f0fad7f8ff0b9136c2e6abf200598b1cde3ade856cd10053bce29538d0463e3
SHA512 c811a4eb728ac15d3abbfc56db1de3d37a3a51ad6c461bd8575bb6e3cfa09c9b767f7ab8c5f95e1131e33947bfcfc9fb105704aa52065e21ccb0346424be7119

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\74B59C6A1551D74BB99E6CB6A45B631D2D390D50

MD5 90c9950c2d287809a684a460d353994b
SHA1 e314bedcb7b04d8c47df5cd2b8205252ddab9f49
SHA256 26cb07e16c45f547d10c56662e1d90a8dea12cdf9b7f0a5b1275e425cb30832c
SHA512 bb77c15af1aca8f5a0af8caff9c0163264d2e5d676c089cc4b7869842bc2649740d7321adbb48e85e98b947122e773f7c7fb982d209d764552c05a634721e551

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\69DE0BDFC02DF25DFB739343DE3E0D62E1A2CD81

MD5 285033fb544a197079f46def09beb2db
SHA1 4494fa66d15e7fb4a7d157294d786b1d544c7feb
SHA256 d31019e9d5c431fb1c5ca1e66af0b554c4eeeaed4a9abcc26b44c33ecbe9e065
SHA512 9c10ca7e0839b923d1cf8795ee47ff0baf7f658b33f9ac6633dc5666e0cf13006070d0744f7c90f3b5c580cfc0ea98630d4d803a7fa3ecbd99850061ea2dc603

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\64AD75C6CBA4C0539DF8C1BD85E390A8DF756E41

MD5 7e4f06e67c36ff0ad833688962a68619
SHA1 ade183e720b984030f74752003f35267a6179fe2
SHA256 4037f282ceb7081bd201bb3e8d608566c2766205b45753bac8121ef34e96821e
SHA512 2de7287fdb7479edc403f42f2c3520aecfaeda810e555c35c5a7953f6dfbd10a62bc04ad2cf7ea90a913ef86b5ac1863754ab56fab3e503135d2c52cfa4dcb6b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\4BCD1FF38DD0735D7A5F6CA2F9F96D9D2FBAB743

MD5 a455a09d5a0a5b82d48701fa9ca0c4c7
SHA1 e62947fb55521eae0233d81a973a3d1209a8f5b7
SHA256 2e41d2970cda4eee7dcb75c8adaee3cbe751a6daee0330864beea897e924e62f
SHA512 0de7d8027dac7cc9229f2de4eaab9419218a126ee6f319fb779f4ba8ea5306039c94c3fe62826b32c10a588c598bed38ba493638bd15a9f5edcbadf3b0aab23e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\26D7EB16C54E879FF95BE94A78B7295AC84E1074

MD5 df11cc8e3155b23f9d44ce8cd53467d1
SHA1 283f298d573275078eb8eeaea440f356dba8aa90
SHA256 a30be90b5f4558e6a97e97195423ad56a246b1850b78dd5a20e9fb275100a865
SHA512 5ca89008a4910dd5e397a423e49cdaa2fe7232601981794dac653674aed33d4f037b062fbf499f77cebacb988272dca9cf2d1725df3a78b607a45f0bb7b50b19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\25ABFFBD3350464574206F51A623A118CF97575F

MD5 719b4d06a2537290ac1d63037d5ae81d
SHA1 7e9f6066d120b6e6d16eba6715ba506228e7779c
SHA256 f9042ce68f10dd70b5350b2d5b783c812e583b19cecf0ed7ab2a368027876110
SHA512 e5a4e37632fff585252f54a1e7e64a568ada4e21b8ecc886354f95e0346ed5665097272873ccc86b00ece7da59de3255d617f7ce873ca5955a4156d37f613ef8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 44573d4605ec5dbdf50c66fa21c29e50
SHA1 d570b4b308d112bddfb6218f20ea6020bdd4e452
SHA256 3f61bc33392fa824241dee1924d3c8e974fef6bb2abe8eefa7ec07dca9c1c950
SHA512 b3c3eb6c9b13e4ef0ad2c8c102440166d3e1c5d32aed53cb8bd56966b649d9b62f2dce872473821ded14fdec5886840fdee0846a786d13efd5b8bf64a54f723e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\205F688E3FEAEF1526A8C2C915F58188E0D6A2B9

MD5 3134f7474386fdd564b1975cd647eb2d
SHA1 573780f8f1c602e9ee7420331410dd01b58efb75
SHA256 6f7f14149327c9de0105a90ed08fc2c31146030e34fba09cace3465db69e54de
SHA512 b8c49e8a80cf4d267683d5fc63da778769784581374237923767b5f801af4b9df1b31b17798f33307432e8b3ee5aa4b351ef06d93c0c17bed99016c2830bbe55

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\144AA4E7443BE36B6D16B94B788EE3638474D819

MD5 00aca9be733724cca06b78fa232902b7
SHA1 02c04357806496f7f0b45a4ff2d0f79f4aba6d7f
SHA256 4e387e8f9a320adfeabaae64e16439b96e48096ca371c1aae818484de524167d
SHA512 a100e86203dd79a48aca21a44f92a9ffc62f7064cf79bc03f329efac9798febcaa33d46eb18adf18d5a331fb0d0c06a0d0a7897ad8a904dce55043a6ca0a5951

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\12D5C757950BF3C621F77F59BAF77E1BE177354A

MD5 1a11066e219702f8fca9886d93dcc55c
SHA1 7799ba32b41e57bd99a112a3fb0540621cdeb52e
SHA256 cbfe97005275d45e7b4b5bf068519eb846dcfc22cc0d053be3e2bce1a6a313f2
SHA512 335452d9942631e1be7b2925751cb619667e8070fcdf36b56f96f72a129f9583e8130239f0e472dd9a4ebdb579aa06c44cccf6a927583ee5dc0d9a33c5be5f3a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\118A383CCC984B3062ACAD0BFE4DD879FC13A7BA

MD5 7a3ad07baac86877ae7e4da3ee05b768
SHA1 3593c6ad3b18497367fcc6b81fb63e4906b9423b
SHA256 19a899db78399042b546db917d8409a8215b7b3a7345e874087b50b1ec3a38d1
SHA512 f6f3a3a124649a3a865874c1db4d0004d6d869b37391e3c2115f6071cee3716d361e2dd573f6c0264cd14b1b77804b20164bde4a109b000861a145d9c221573f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2

MD5 0a7547759769fc6e93c310af9be8dfc6
SHA1 5b5c1b4e24c165ce0618b12eca7df731f361cd00
SHA256 4109415c4ef286e2ff02d1c05d56e02baa47e36a16764420f13a848839ffa82c
SHA512 812ac4e6db030d5dbd9ec6beadf77131f4986317f522b192e83218e49e9c4603d0921b7bbf74c27f515497152e27d3b7fd2baec17aedbfff7f86e96e216efe83

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 41f429bd6e33a2db67e8637de3776617
SHA1 2c163ef65bbb9a7dfb0faf3f4fc3d116a883fad7
SHA256 90c3faa962f8d2ff65ce205f7dfb44d7a4409340f86eef8a418f48bf07f36b7d
SHA512 663bf91c68a516f92f33d70aa724bf78da718bf8fb75c06fbab7ec594e5b13a9ae35a9004e780675b30b9fb102a2f27c76d9b03a2baeb32aa0a7a62ca9f7d67d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\9E72CBAC390EAF4B4F9C98B9462CA016F0C0FC33

MD5 a79526099929acf96af77a2853087d0c
SHA1 d3ec84597d2b64cc5f684afd3126ce055af8d536
SHA256 27a66f888f8198b9f5e0c1bf35a88708433e9a6559a4a73863021b45ba2a5efe
SHA512 540fffe97e41e6f02ee84451984d9ea0432a96cacdcc7f959e29313b547e88900ad20085848f3f1293f8742c2000c68a47978d7da4c9e1df0ae230020f8fcb34

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

MD5 4553274f3c9319485bc42bf04f0ae064
SHA1 03fedfa319900981a300d272ca8b91b4b6d117ce
SHA256 b9aea536c351f04aa79046ebe03b556dad8832d989d337b00342ee796b83c033
SHA512 6d361b1f9a687287d8cfe4c8c12651199c5544f2754dd5dd9e3de8638511e0b883e408361c92f66f8f72da7bd4131c0bb1cd45f1090b3e5a97382ebe270d2a5e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\66E1831339AD550690BE0D9FC4CC4AD90DC1347B

MD5 c692029492d94ff1d8d62ecee58a64a6
SHA1 77d663b27fcba7e268b5e4963af9d7a9740d8bd2
SHA256 bb2f1d7a172b50a88d4e64ffcfbacaf7549db56ff4471868cfa9128bdf6e4013
SHA512 2a71983f25d7a839090ab13ec00c75f4d3875d12540f3cecf690f927c88dff66e4bde81928d6d2a1999c88b1a98ff8d1012974502a1a608d9aea6e7293ef20ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\2C2ACB9B33B92A6F526C54EEB9D89FE0E250D51F

MD5 c772e78056daf4972c57b63ead6a9a7a
SHA1 51bd30c249609676b9e0365a22c0d6a2e101281e
SHA256 326151cb80d4668e6b5ea5a41ff3427f2711173a3c3a7ee2a85cf3efe0238da9
SHA512 856bf68aa1ee76da234d5d81f5844224f2caf45de80d8753aba8734522c160f6a851405ef220a944d4e1bd7e25d23d1ddb17e574e6a15084cf96b3c925ae11a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 230f8f1da5d7ed80e6efb41c21486555
SHA1 edf9adda9063cb5a4de0be97dafe9e5a71179561
SHA256 18df3b3116362f47aaac1852e327e0122ebe89b6cf953e9aa8595284f2a0e635
SHA512 ceca650633418cd208238008ad8d8a78045d70be97b80155c3fa12e5a4ffebfb785104da712969025df84e29c1a6412adc78fea4f531d3fc6010a3b84f2155d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

MD5 9311fc2b1cf0c7944eb79b9161c283c8
SHA1 803f04e318a578762ea578062410136d28e07633
SHA256 cd30033a05999dbdf6cac5c946edb0e175ff4370cda8bec512bbb507d5b34a2e
SHA512 1e7d7e27c66e15d0a3a5f5bc4ef94aff19776393fbb45188039e4e76aad141b52f979a1bca8fe7842c7bbec097bdbca73abba6dceb9dd0a7ffbbf473eeb13533

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\doomed\8204

MD5 c6655525afa2bd09309caca504e14b80
SHA1 5a9c71f0403316f1b78abebf8e358a7dd5ad6ae6
SHA256 5cce1c13e07867511ae2df948db323177c259978d94f359b7575f5ab2f65f541
SHA512 286946a8a3184f668a08fa32b5fe6ae194456570003a9fa1682aecfe9c934c83540a069e140e696fe1ca33ecbd7616cc47e7694fda9f9a9ed8e66f77f58304e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2fe20b0772662acedf150bb53613a902
SHA1 ea11721699c4e0b58eaacdb3b7a86bacdf5797ff
SHA256 532f289969e0f3cee93a8385ec6fb1a31ad8a29ecdc6eb423b3f539979aa9ad2
SHA512 a72abc34a042d7994bed68619c75fa857c482d80d10255226d44d27c7ac6c4e867b688a80af1d014101898ae55454d21442cd922efefd044054578d313fe1c85

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\cache2\entries\57104CAB94B61778EE5B44E9AE76AA236C3459DF

MD5 2086238486e4c4bf9d9513ff113cf88e
SHA1 001aa1d0175dd1a09138f6bfb6975cb454f090c7
SHA256 6ab3e71e08a745459073388800d6756147b1a456ee168ec1ef648550db913a09
SHA512 f779ef06f91ff073c4384d63bf1ead2663f474e5d968623181915e71b52d8cd2ecbe2741f87a6b6b50ba580efd320b1e59d12787b51b82633acaa5c33ffb4164

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore.jsonlz4

MD5 5f0c80c0af2237dcc2e7c7aa8ec03e4d
SHA1 87d55d72c104d18fa3d6e00eec5f7eebd2822182
SHA256 9e78e9786a98103b0d2fdf9adfbed50507e4bd8b38edaf4a555c186ea00e3c20
SHA512 a3176985dd43f0a72e9b1bc33427d071da99593c69b64187c7c49be1c1ea594a03f5162b81b227236d48e3d6d89ec02f7b4ac78ffb5f9f0e82a93628a8ab9b66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\places.sqlite

MD5 8db86111cc6276e5d80afd36c6a66058
SHA1 3a572770678c5e783c92d4046e7178d431088ef5
SHA256 78bd10d205459d16a16af615e299549f5610aa03cb92ac7ec2568a41dfe27751
SHA512 4193408ac1b696aae1103e3185e706632f752b723f4661dec655ccc9eba6c1342b86e665d36a197febfcbe645eab767afb559f31a860bd61ab7296016d42d875

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-02 18:50

Reported

2024-11-02 19:27

Platform

win10v2004-20241007-en

Max time kernel

1834s

Max time network

1387s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\3119e27ef4665f22b41643a24f89fd6f.mp4"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\unregmp2.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\perfmon.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\System32\perfmon.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133750480827878898" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Windows\System32\perfmon.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0400000002000000030000000100000000000000ffffffff C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\FFlags = "1092616257" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Windows\System32\perfmon.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg C:\Windows\System32\perfmon.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000056d03b709918db01e1ca8f029e18db016815d3975a2ddb0114000000 C:\Windows\system32\taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" C:\Windows\System32\perfmon.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a00000002e37a3569cced2119f0e006097c686f60700000028000000e0859ff2f94f6810ab9108002b27b3d902000000a00000002e37a3569cced2119f0e006097c686f602000000780000002e37a3569cced2119f0e006097c686f60400000088000000 C:\Windows\System32\perfmon.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Windows\system32\taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupView = "0" C:\Windows\System32\perfmon.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{D50F7D90-FB7A-4C62-A4A2-3A8D3CED7407} C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\system32\taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\System32\perfmon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\System32\perfmon.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\system32\taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\IconSize = "16" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\4 C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByDirection = "1" C:\Windows\System32\perfmon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\taskmgr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Windows\System32\perfmon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 02000000030000000100000000000000ffffffff C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\System32\perfmon.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\System32\perfmon.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "4" C:\Windows\System32\perfmon.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\System32\perfmon.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\perfmon.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\perfmon.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\perfmon.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\perfmon.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1532 wrote to memory of 4968 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 1532 wrote to memory of 4968 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 1532 wrote to memory of 4968 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4968 wrote to memory of 1784 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 4968 wrote to memory of 1784 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 408 wrote to memory of 4492 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 4428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 4428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4492 wrote to memory of 4428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\3119e27ef4665f22b41643a24f89fd6f.mp4"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x33c

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1532 -ip 1532

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 2348

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c83be35e-53a0-420a-821d-e56becf4c07c} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed494d0a-330d-4495-bbff-8e9ab5912388} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2896 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6615d26f-334d-4672-98f0-c81b8bd97cce} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3996 -childID 2 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aac1f7b-8e88-44e5-b70d-7700306d2b83} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4780 -prefMapHandle 4820 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5f3f363-a191-415a-b969-4537823cd0cb} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 4804 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a49e2c13-310c-44d8-bc52-67c32502771c} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 4 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60700fbb-67fa-4f12-89dd-80b0b7f9b2a2} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 5 -isForBrowser -prefsHandle 5632 -prefMapHandle 5640 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5384ea9f-5bd3-411f-80a9-a2accbc7d1ad} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4520 -childID 6 -isForBrowser -prefsHandle 4516 -prefMapHandle 4512 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3813b485-f4ba-4470-be86-a0e830679261} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2820 -childID 7 -isForBrowser -prefsHandle 6320 -prefMapHandle 5840 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b87553-34c6-48e5-bd45-ac8d81de0087} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6276 -childID 8 -isForBrowser -prefsHandle 6588 -prefMapHandle 6584 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7b8f0d7-e91b-48cc-a99e-79b39b24f299} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6748 -childID 9 -isForBrowser -prefsHandle 6704 -prefMapHandle 6708 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc8e1b6a-77e3-43ef-934e-c8fa548a7fc0} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6932 -childID 10 -isForBrowser -prefsHandle 6784 -prefMapHandle 6780 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9611b34-db05-4f97-a782-cfaae1e80e9e} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 11 -isForBrowser -prefsHandle 436 -prefMapHandle 5168 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bdcbc11-e805-42a7-a997-ea7e384c5203} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 12 -isForBrowser -prefsHandle 5392 -prefMapHandle 5368 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecb46044-0018-441a-afdf-6003e7abbdc0} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6700 -childID 13 -isForBrowser -prefsHandle 7064 -prefMapHandle 7124 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf1e5bb-95f0-400e-82a9-8f1b370d9d12} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -parentBuildID 20240401114208 -prefsHandle 5944 -prefMapHandle 5940 -prefsLen 30573 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b8eb524-3b4b-433e-be2e-e5e4b6fc5d1f} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5552 -prefMapHandle 5564 -prefsLen 30573 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cf8a2a8-024c-4155-ae7e-f7491817fe58} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7592 -childID 14 -isForBrowser -prefsHandle 7568 -prefMapHandle 7572 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d239e93-fc87-4fa7-8eeb-ebaece9983d0} 4492 "\\.\pipe\gecko-crash-server-pipe.4492" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 24572 -prefMapSize 245037 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b370227a-d45e-49e3-aed4-8e85bb0220bc} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24608 -prefMapSize 245037 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b33ed42-ecf1-4444-a5a9-92c8d2085576} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1744 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2976 -prefsLen 24749 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7fb6857-8ba7-43de-aedb-261db79c5e71} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 2 -isForBrowser -prefsHandle 4040 -prefMapHandle 4036 -prefsLen 29982 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcf0ec15-5206-4f86-954b-6226df6d6785} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4644 -childID 3 -isForBrowser -prefsHandle 4636 -prefMapHandle 4632 -prefsLen 27444 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9861c4c3-7ce4-4e51-a7d6-853390c3ebad} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4852 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4796 -prefMapHandle 3668 -prefsLen 30036 -prefMapSize 245037 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64513121-c0e3-4f77-ba47-e5b46704f420} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 4 -isForBrowser -prefsHandle 5444 -prefMapHandle 5464 -prefsLen 27551 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {594a1fa3-c200-4eda-949b-610d9c63f6c4} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5672 -prefsLen 27551 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a729b78-0f47-4f53-8da1-4b7748a703d8} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 6 -isForBrowser -prefsHandle 4804 -prefMapHandle 5044 -prefsLen 27551 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a3a727f-5a9f-4dd6-8dd7-6e3ab728f9a9} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5872 -childID 7 -isForBrowser -prefsHandle 5560 -prefMapHandle 5576 -prefsLen 27551 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {785042ab-8ba1-4934-b461-5258d893ef19} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 8 -isForBrowser -prefsHandle 5944 -prefMapHandle 5940 -prefsLen 27551 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd03ad94-1864-46cf-b9f2-6a3f25e3588e} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 9 -isForBrowser -prefsHandle 5940 -prefMapHandle 5520 -prefsLen 27551 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0dd57f2-637c-4181-901c-55351879012b} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 10 -isForBrowser -prefsHandle 4644 -prefMapHandle 5688 -prefsLen 27551 -prefMapSize 245037 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc0b2c4a-fce2-4b31-987a-74f345002593} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffec73bcc40,0x7ffec73bcc4c,0x7ffec73bcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2436,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2432 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2536 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2068,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3344,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5044,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4732,i,11753803746921099072,2630757834123309558,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 24572 -prefMapSize 245037 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b92061ca-4645-4525-8d92-ef8aee6b6c8c} 3796 "\\.\pipe\gecko-crash-server-pipe.3796" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2388 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 24608 -prefMapSize 245037 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55967d02-289e-45cb-bfc5-d87a6e5b94df} 3796 "\\.\pipe\gecko-crash-server-pipe.3796" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2928 -prefsLen 24749 -prefMapSize 245037 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cabe2d5-ff54-4cce-8f93-ee0153559653} 3796 "\\.\pipe\gecko-crash-server-pipe.3796" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3996 -childID 2 -isForBrowser -prefsHandle 2552 -prefMapHandle 2576 -prefsLen 29982 -prefMapSize 245037 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcda3c22-748b-45af-82eb-ea8345e371f4} 3796 "\\.\pipe\gecko-crash-server-pipe.3796" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4776 -prefMapHandle 4672 -prefsLen 30036 -prefMapSize 245037 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8352ec0a-9a24-499c-b729-ead62efeafe2} 3796 "\\.\pipe\gecko-crash-server-pipe.3796" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4928 -childID 3 -isForBrowser -prefsHandle 4756 -prefMapHandle 4888 -prefsLen 27498 -prefMapSize 245037 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42dd4eb8-8b90-430f-a866-543b7c61dde7} 3796 "\\.\pipe\gecko-crash-server-pipe.3796" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5056 -childID 4 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 27498 -prefMapSize 245037 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {790b35a8-9f25-4155-acc7-5cdd1498368c} 3796 "\\.\pipe\gecko-crash-server-pipe.3796" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 5 -isForBrowser -prefsHandle 5460 -prefMapHandle 5372 -prefsLen 27498 -prefMapSize 245037 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eb64ce9-0653-4c97-ab6f-73ed7996e490} 3796 "\\.\pipe\gecko-crash-server-pipe.3796" tab

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /1

C:\Windows\system32\resmon.exe

"C:\Windows\system32\resmon.exe"

C:\Windows\System32\perfmon.exe

"C:\Windows\System32\perfmon.exe" /res

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\help.exe

help

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffed81746f8,0x7ffed8174708,0x7ffed8174718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Windows\system32\ipconfig.exe

ipconfig ?sd

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4296 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3422673353621973886,4441801386291190313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
N/A 127.0.0.1:51566 tcp
N/A 127.0.0.1:51577 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 1.97.149.34.in-addr.arpa udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 113.212.160.35.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 23.55.161.185:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 185.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r3---sn-5go7yner.gvt1.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com tcp
SE 74.125.110.168:443 r3---sn-5go7yner.gvt1.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 r3.sn-5go7yner.gvt1.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 r3.sn-5go7yner.gvt1.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.3:443 id.google.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
SE 74.125.110.168:443 r3.sn-5go7yner.gvt1.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 168.110.125.74.in-addr.arpa udp
US 8.8.8.8:53 81.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn3.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 itch.io udp
US 45.79.115.66:443 itch.io tcp
US 8.8.8.8:53 itch.io udp
US 45.79.115.66:443 itch.io tcp
US 8.8.8.8:53 66.115.79.45.in-addr.arpa udp
US 8.8.8.8:53 itch.io udp
US 8.8.8.8:53 static.itch.io udp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 8.8.8.8:53 static.itch.io udp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 8.8.8.8:53 static.itch.io udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 8.8.8.8:53 99.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
GB 146.75.72.157:443 platform.twitter.com tcp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 storiescover.com udp
FI 65.109.110.88:443 storiescover.com tcp
US 8.8.8.8:53 storiescover.com udp
FI 65.109.110.88:443 storiescover.com tcp
US 8.8.8.8:53 storiescover.com udp
US 8.8.8.8:53 88.110.109.65.in-addr.arpa udp
US 8.8.8.8:53 assets.pubpub.org udp
US 172.67.75.127:443 assets.pubpub.org tcp
US 8.8.8.8:53 assets.pubpub.org udp
US 8.8.8.8:53 assets.pubpub.org udp
US 8.8.8.8:53 127.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 browser.sentry-cdn.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 d266key948fg17.cloudfront.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d17iy0164v753e.cloudfront.net udp
US 8.8.8.8:53 browser.sentry-cdn.com udp
US 8.8.8.8:53 use.fontawesome.com.cdn.cloudflare.net udp
US 151.101.194.217:443 browser.sentry-cdn.com tcp
US 172.67.142.245:443 use.fontawesome.com.cdn.cloudflare.net tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 18.239.102.90:443 d266key948fg17.cloudfront.net tcp
NL 18.239.102.90:443 d266key948fg17.cloudfront.net tcp
NL 18.239.102.90:443 d266key948fg17.cloudfront.net tcp
US 8.8.8.8:53 d266key948fg17.cloudfront.net udp
NL 18.239.47.193:443 d17iy0164v753e.cloudfront.net tcp
US 8.8.8.8:53 d17iy0164v753e.cloudfront.net udp
US 8.8.8.8:53 browser.sentry-cdn.com udp
US 8.8.8.8:53 use.fontawesome.com.cdn.cloudflare.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d266key948fg17.cloudfront.net udp
US 8.8.8.8:53 d17iy0164v753e.cloudfront.net udp
US 8.8.8.8:53 217.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 90.102.239.18.in-addr.arpa udp
US 8.8.8.8:53 193.47.239.18.in-addr.arpa udp
GB 142.250.180.10:443 ajax.googleapis.com udp
US 8.8.8.8:53 d1myn4ixnn41tz.cloudfront.net udp
NL 18.239.63.35:443 d1myn4ixnn41tz.cloudfront.net tcp
US 8.8.8.8:53 d1myn4ixnn41tz.cloudfront.net udp
NL 18.239.63.35:443 d1myn4ixnn41tz.cloudfront.net tcp
US 8.8.8.8:53 d1myn4ixnn41tz.cloudfront.net udp
US 172.67.142.245:443 use.fontawesome.com.cdn.cloudflare.net udp
US 8.8.8.8:53 35.63.239.18.in-addr.arpa udp
US 172.67.142.245:443 use.fontawesome.com.cdn.cloudflare.net tcp
NL 18.239.102.90:443 d266key948fg17.cloudfront.net tcp
NL 18.239.63.35:443 d1myn4ixnn41tz.cloudfront.net tcp
US 8.8.8.8:53 duh0b8nl8uhfn.cloudfront.net udp
NL 18.239.102.138:443 duh0b8nl8uhfn.cloudfront.net tcp
NL 18.239.102.138:443 duh0b8nl8uhfn.cloudfront.net tcp
US 8.8.8.8:53 duh0b8nl8uhfn.cloudfront.net udp
US 8.8.8.8:53 duh0b8nl8uhfn.cloudfront.net udp
US 8.8.8.8:53 138.102.239.18.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 chromewebstore.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.14:443 chromewebstore.google.com tcp
US 8.8.8.8:53 chromewebstore.google.com udp
US 8.8.8.8:53 chromewebstore.google.com udp
GB 142.250.180.14:443 chromewebstore.google.com tcp
GB 142.250.180.14:443 chromewebstore.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com tcp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com tcp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com tcp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.213.1:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 scone-pa.clients6.google.com udp
GB 142.250.187.234:443 scone-pa.clients6.google.com tcp
US 8.8.8.8:53 scone-pa.clients6.google.com udp
US 8.8.8.8:53 scone-pa.clients6.google.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 142.250.187.234:443 scone-pa.clients6.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
GB 216.58.201.118:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 84.15.177.108.in-addr.arpa udp
BE 108.177.15.84:443 accounts.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-aigl6nsd.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-aigl6nsd.googlevideo.com udp
GB 74.125.105.38:443 rr1.sn-aigl6nsd.googlevideo.com tcp
US 8.8.8.8:53 rr1---sn-aigl6nsd.googlevideo.com udp
US 8.8.8.8:53 rr1.sn-aigl6nsd.googlevideo.com udp
GB 74.125.105.38:443 rr1---sn-aigl6nsd.googlevideo.com tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 38.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.179.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 74.125.105.38:443 rr1---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.38:443 rr1---sn-aigl6nsd.googlevideo.com tcp
GB 142.250.179.238:443 youtube.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 74.125.105.38:443 rr1---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.38:443 rr1---sn-aigl6nsd.googlevideo.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.206:443 suggestqueries-clients6.youtube.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
GB 142.250.179.230:443 static.doubleclick.net udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.187.225:443 photos-ugc.l.googleusercontent.com tcp
GB 142.250.187.225:443 photos-ugc.l.googleusercontent.com tcp
GB 142.250.187.225:443 photos-ugc.l.googleusercontent.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 142.250.187.225:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-5go7ynld.googlevideo.com udp
SE 74.125.111.73:443 rr4---sn-5go7ynld.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-5go7ynld.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-5go7ynld.googlevideo.com udp
SE 74.125.111.73:443 rr4.sn-5go7ynld.googlevideo.com udp
US 8.8.8.8:53 play.google.com udp
N/A 127.0.0.1:53732 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 172.67.75.127:443 assets.pubpub.org tcp
N/A 127.0.0.1:53758 tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.204.81:443 csp.withgoogle.com tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com udp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.200.46:443 youtube-ui.l.google.com tcp
GB 142.250.200.46:443 youtube-ui.l.google.com tcp
GB 142.250.200.46:443 youtube-ui.l.google.com tcp
GB 142.250.200.46:443 youtube-ui.l.google.com udp
GB 142.250.200.46:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 www.sansebastianfestival.com udp
US 172.67.71.177:443 www.sansebastianfestival.com tcp
US 8.8.8.8:53 www.sansebastianfestival.com udp
US 8.8.8.8:53 www.sansebastianfestival.com udp
US 172.67.71.177:443 www.sansebastianfestival.com tcp
US 8.8.8.8:53 177.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 malfirob.xyz udp
US 104.21.86.191:443 malfirob.xyz tcp
US 8.8.8.8:53 malfirob.xyz udp
US 8.8.8.8:53 malfirob.xyz udp
US 8.8.8.8:53 191.86.21.104.in-addr.arpa udp
US 8.8.8.8:53 mimeprague.cz udp
CZ 185.66.36.69:443 mimeprague.cz tcp
US 8.8.8.8:53 mimeprague.cz udp
US 8.8.8.8:53 mimeprague.cz udp
US 8.8.8.8:53 69.36.66.185.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
N/A 127.0.0.1:54701 tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:54709 tcp
US 8.8.8.8:53 1.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 252.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 16.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 252.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 251.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 255.255.127.10.in-addr.arpa udp
US 95.100.195.151:443 www.bing.com tcp
US 8.8.8.8:53 151.195.100.95.in-addr.arpa udp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 8.8.8.8:53 177.195.100.95.in-addr.arpa udp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.151:443 www.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.73:443 login.microsoftonline.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 95.100.195.177:443 r.bing.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 200.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 252.0.0.224.in-addr.arpa udp
US 95.100.195.175:443 www.bing.com tcp
US 95.100.195.175:443 www.bing.com tcp
US 8.8.8.8:53 175.195.100.95.in-addr.arpa udp
US 95.100.195.175:443 www.bing.com tcp
US 95.100.195.175:443 www.bing.com tcp
US 95.100.195.175:443 www.bing.com tcp
US 95.100.195.175:443 www.bing.com tcp
US 95.100.195.175:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 95.100.195.135:443 th.bing.com tcp
US 8.8.8.8:53 135.195.100.95.in-addr.arpa udp
US 95.100.195.175:443 www.bing.com tcp
US 95.100.195.175:443 www.bing.com tcp
US 95.100.195.175:443 www.bing.com tcp
US 95.100.195.175:443 www.bing.com tcp
US 8.8.8.8:53 support.microsoft.com udp
US 8.8.8.8:53 65.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 support.content.office.net udp
US 23.192.22.93:443 www.microsoft.com tcp
US 23.192.22.93:443 www.microsoft.com tcp
FR 23.54.142.31:443 support.content.office.net tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 23.192.26.94:443 c.s-microsoft.com tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 20.189.173.16:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 93.22.192.23.in-addr.arpa udp
US 8.8.8.8:53 31.142.54.23.in-addr.arpa udp
US 8.8.8.8:53 32.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 94.26.192.23.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
FR 23.54.142.31:443 support.content.office.net tcp
FR 23.54.142.31:443 support.content.office.net tcp
FR 23.54.142.31:443 support.content.office.net tcp
FR 23.54.142.31:443 support.content.office.net tcp
FR 23.54.142.31:443 support.content.office.net tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 20.189.173.16:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.22.144.11:443 aefd.nelreports.net tcp
US 8.8.8.8:53 11.144.22.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

MD5 90be2701c8112bebc6bd58a7de19846e
SHA1 a95be407036982392e2e684fb9ff6602ecad6f1e
SHA256 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf
SHA512 d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 987a07b978cfe12e4ce45e513ef86619
SHA1 22eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256 f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA512 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 34a3be0aa9920bae322a5161d3d9d4d8
SHA1 01857e2129cff31543700272615930415916e111
SHA256 df11480210ecf06604d47cb46d21ba3e5eeeaf6daf65079741d9adce73ce176e
SHA512 b8b43be55084d4c1712a7920e6291ab5ef60b1b6657797aa40b203d8cbbff36d018e4ba004b1d3e0a19ecf0ece7341ece61599ec6c0ac3cb2d6b4012335c9bf1

memory/1532-35-0x0000000004450000-0x0000000004460000-memory.dmp

memory/1532-36-0x0000000004450000-0x0000000004460000-memory.dmp

memory/1532-34-0x0000000004450000-0x0000000004460000-memory.dmp

memory/1532-33-0x0000000004450000-0x0000000004460000-memory.dmp

memory/1532-37-0x0000000006E60000-0x0000000006E70000-memory.dmp

memory/1532-38-0x0000000006E80000-0x0000000006E90000-memory.dmp

memory/1532-39-0x0000000006E80000-0x0000000006E90000-memory.dmp

memory/1532-41-0x0000000004450000-0x0000000004460000-memory.dmp

memory/1532-40-0x0000000004450000-0x0000000004460000-memory.dmp

memory/1532-42-0x0000000006E80000-0x0000000006E90000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 40cafa4504ec25a5b18d5cd5648055d5
SHA1 2c0c92364d3ef1dc42e555d7d6e7229b73fffce0
SHA256 47c6c306e5057f15ddb49c878733606163e3c7d159bbe86ade5176a84a4d935c
SHA512 fe3c5dd62e12b1002fd02a806084ee7327f59b0463c8b9d6c56de1f179437d8fe15114b452311e2e780193144719c5bd360b78279327c2817557a16019960e9e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

MD5 145bc60ba19133911edd9bb8b89749df
SHA1 453a071402d9299461785ba627bf26d326cd6041
SHA256 8383ee7ff428e55445bf7bcf4aba8fb845f473285774f312341ed6bea54db8f4
SHA512 902639b5340358f70dc0d044484962c823567bda1243f95558639d0a8ee727daa6e7791549c53983cfafb212c72aad82f419a4a22b1882944465a69e4e9b76cc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms~RFe5816fe.TMP

MD5 9fbaa632249155139a52363e218783e1
SHA1 f1272099171cb88b0377765dd345fd063ce0418f
SHA256 540be59dc0b1661dda1213c063395cf1c1da199817e1c691a7726484f5f6771f
SHA512 aae68e20dc45e00e53c772f08c83cad9a07f98bd3fa9a8d077bd82d320329eece04b9bf6cf5f0783a56bb6b89d5c7983b4c5ba8a9760fc201f860d320396238b

memory/1532-55-0x0000000004450000-0x0000000004460000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\e6398f99-69fe-477e-8f17-6cc775ab7bd1

MD5 3b6ba0b38d73ebe870fe71f62bed2c1f
SHA1 7c8d5ca46675045b840ba5a2002c1ed1f6904346
SHA256 df20fe48a4b9cc8cc44b91062cd9907cd14b99f20bc8799cf875048027a201c4
SHA512 37062d2a71725893ca899fce28d1d2cb8fb52058b4ecb645149bba4daf3f6179e9644bce6d139d7a18272f76f84b554ba9ad5db0dec1903c1b2ac1fe32bf6c62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\72d20ba5-a838-47da-bb79-ebb6096be3d8

MD5 c49edcf5459c604610980a5ab8f7265c
SHA1 ac2a4fc4807306319a710298e0ac191bfda2418a
SHA256 0ec0feeb29edaad67d3732732bcbe5fa3801ee63607a1a443a3b68384bc258bd
SHA512 a8674a005300994e7e300b29f0ef41d39f7f244f4e52c7da1a5d0daab912867b5224a456f80ca7545c2f2272530eb84efc854419b91116757ace4be4d091aa06

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\6d89c6a3-89e2-4d47-bf9d-f39360014bf6

MD5 b271b140dc468038baf260dc8067ec3c
SHA1 3c5e3127c98b5704585a667418c26e1dca3d3c4d
SHA256 88b94695b77a8e5a6bcdd4dabb328d8b8f6e419e69c7e18dc73f5b10bb3591ca
SHA512 01df6e20e7f91932c9c3eb6eec76fd88fa9a18b8d3cb92091df41dfd361f2681443a359eda870cc46c6818fe5d04ce287938fb1a881eb2b1ec635027d9d84122

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 b847b8171fe17e0299ab35c500c91b52
SHA1 e04a83e9dceb486e101d53e73d5ba92860e95e67
SHA256 16ea969218289d13bc46bd422ec4c4b93ae003ae061fcdd210d0cbe43c1df877
SHA512 44f67c6d504f4d63a176aa604ed8869f5ea176076cee8bb08ffd77ce81bba80609bf4f6109836ba714ea8371671c22430819bc555aaaf4475127804a6e791deb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

MD5 0fc24a79e6cac1fb250d898aa31e340b
SHA1 b03f6867f4f82f65fb21b878be45b0cdf12feb1b
SHA256 226ca9b088ac096117ee17ecf1421768475869831672a7d083b76a7c54124fc8
SHA512 51ff8c8d25e2dd5a78e5b928969e8271adae6ce4f7fefe82523d102fdc707cb3ce4132380f7a05afc9744b1d60ddc1b4c4edc9b129652d0ac0b6bdee4bfe4909

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

MD5 8af3897621fc433e2b7027cd6fe957d4
SHA1 eb8be7247202dfe86de46392904784c6f96ec021
SHA256 cc35b611e218697179a8ca08e7d1ba9cb51f522f63021866212c7eb158d28a9a
SHA512 f13b7f6dc16b5f9192e6d57186c6faf4a02eb4a73b0969fa0a4dd338ffd501e443d559a0db0f81a02a361d073f27e0efa711bf1ab8f68b0387182d7e0658263d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\activity-stream.discovery_stream.json

MD5 d07705b1097a0c490cd59842be63703f
SHA1 0e23536a41030e3dc0e9705bcf1b6ee203dc6cda
SHA256 39bb94cbe58806d2846272b231df80013afb54d8f27003d7970d8e917135b718
SHA512 f559d517cca471f6ff59cc34d0ff784670f09865b2dfc933f9224d23d25b5faa45e9d8226cb5ffbdf7599e88fcbb37461d46164743bfebc926426da718a20b97

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

MD5 7708663e8b92f597100f7bf574a931c0
SHA1 491471353f813045521e5a9cd913ccf8d5aae7b3
SHA256 b7ec8c08ced85d371160b470d278bc070bd2a79a50bdb42c54c4e9e83a6cd96a
SHA512 99f5e85aea4771a31da9918bdee4aed6cebcac530c8935c44143de350c970f480a2559a23b74b62c6c88a27e3b30a4214cce093e9d37702b73280c9be7901081

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 5eba0f283e6f9eb5a2fd1bb9a51a5429
SHA1 5f4cfa4a55918c7fd1ba79574e9e6522780058fb
SHA256 a6931b42de5751418fefec74f26f86dcd6a4403b46b964392e48d396c2402525
SHA512 3673a3a48fc7a2c594c13f31084db9323b41b0f6e6f23d8c37e5ef03ed4a0f9681619582f3ca98eef092ce09a11f427c800e00b39eb421f5feda9939e58e9ca0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

MD5 3ee44af41c5418ad351c55fbb57a8588
SHA1 cf206c9d9be6e6816ce5e5674fcf77e03f94f495
SHA256 6e8a83eedf379dd07927aee094faf4e9af09ebff1874dfc3435753d0954552a9
SHA512 ae7ee34dc297518d1031b61a624b260d7812968ab4d411e0faddd61696ece7d59c393ec45762f90315e900422dc732675c9035dcdd3704cd8134a6d130a36837

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

MD5 ef284cb67d63be88d88a88410f283f4e
SHA1 22e8e57feb31b36103b1bc2307d080ff7453e959
SHA256 66ffe86149854f7bc8aaa8ed3e3b0dcfe0e3c39db07ac81c10e8839255e9e9f2
SHA512 07f12d6a329ddf4b8881aeba252f860d263d604d30d438495bcc87e8ea556405a4342c4c5689d799992a12b6ea2d7dcdfbda558b6d514d8703dcd52e96851c87

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 f7d7618136567359da4715afb65479e9
SHA1 e0a971becfd2aea0ed2c294b3f4b619a1e8d1346
SHA256 26ee0f232269e33e7ec18715fbdb1177ae141773600c0f0f677b21dc53650d46
SHA512 91ba3b0e80f8568b6bacbdbff457cec40073276a70b4e71c6098425f221aeac625043d02e2cc91076d75169271c1edef4801abe3df2386daa86811f3161b9e14

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

MD5 5755b104dfee3a1d3dbf829a72cd0c56
SHA1 1a9425c60af9f9a1f2eda9c130eabc544ade58cd
SHA256 4c193d7bfc249f2567d17b59a4dc79b580c8446749ef43584b02ad55c3e46888
SHA512 cf396070eb544b70f07c23e6d6a12cd60fb249874202a1f6b714f092a93269d00d88cb54ccca5371dfcccb171f7fcbbc2a0bf8a8914188c792ede4806f404f21

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 65ea82b81ccd177bf63e24f9519ecb31
SHA1 415f233968ab70adacdb44f143f596a733b3c1b1
SHA256 ab262bbcf973efe530dcf8a6251fc26879aefa8bc44d8ced9cff2d48c8e1e44f
SHA512 ae6596a7fc6d5efe791db1f6181177d96c5d2c67441a284a8e30bad5db1f83587bd59825ecb0e3b4ab05e3554817221e43032c09fc72b381a45283ce6c317bcf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 4601dcd57dfe2be6bda8901142e14cd5
SHA1 44339c3d1fb912ae8ab481ee549a211c9b46e1bc
SHA256 979001205b0d5e632b8aa7201970f45454b63df32268a9ca9a12cdc5720fef21
SHA512 14ad6c121d871d7a8ef3618e6d829e111fc8325db532a51a9aa8b3bc22584023070d69b4a0ec733520d55404809164f434ce736b1241ea57584cf0d38eb26ca6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 96e293005a980eaf405325bec313e7d5
SHA1 e5637a570dd6187e4b2f60f3074a6282ca6254a1
SHA256 e5c23f9d4e58c0db27890c62a223935d2e7ac190718d92f55a4724f6c7bb0674
SHA512 8cdb8f0951be096f02ae27e92c102ebc2a2398faeafd875381bbf7fe0d49c84f88c59e6e28ab6400f01e019c887a358b6c035d7180b5841ac58071d02ae30dc2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 3c5af270df4d859f75b4b88855397da3
SHA1 6309691edea5759fd20161201bf00b64b3b6a61d
SHA256 6afc5f5c03f7e1d21ab34a8ce0a756b02394f31b761ade21c42d9f202fd80c77
SHA512 757712f7a99d66c18e0838e3123b5c7f2edae270e222a3738048afe8fee6dafe9ff188a6c5550c0216737e903c822b344a051b1729a14906d2dc8b5328e53f31

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 e335dfa2fc78c3db0e1cb3afb7f94063
SHA1 2d26112d38a7676e625fe97e46f9e3d9d270bab6
SHA256 efe48ab04f1f47ed3738dd5ee3ba591ad470211781055e655733122595c8efe9
SHA512 97c5946e0f618f74c4e3384ad46899573f2d52e5788c41f01ca0c768f902927138a35432f8d6674e5d7074e2e80b1e017f0adc7a2e8d0f9d1ff31d6be9f8a0b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\8AD6F5CF0FEC728921A5A08D73A7BA92616EE430

MD5 c63f72f66b158f92347320e1c88dd507
SHA1 9254365791781ccb266a6a170cdb6493566787e6
SHA256 0e83f142e6e2f8504419f1450a35ea6d05cfb93ca7961bcbacdb1042bca12992
SHA512 8e37c9171de8e322325ee52bd43d855fc76b0e8b53a518258f221ac74c6bfbe97c62312afb319252c6b41e229b344f5c7bbad30825bf273bbffd741a03898599

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\4E338D758B49175D54D95CF0771E1C7706613A67

MD5 ec8a9c6c6feca22c64976d8244b8f57f
SHA1 6ba717d8729a5c6bb8301d7f3c4439823af61612
SHA256 c4bb231fd4e8777f2f0555ab3eca4c5c9b4f3856a2fdd02c8bf775336c3b8750
SHA512 e9b76b2187aafbabf8b102e88062df4a82159e8f0c97c59673bf2b35d6d8dc750d040a7b93a5cb6274be49ab46e6e65f5d5429363c4d481b9a8dbc9c49a073fc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\7C6317FBD87AEC8B1254D548D6DFE6CA848CF50A

MD5 ebe58011cb7105e8e402587f5931e4ca
SHA1 28d91284bc7ae7fa20cd004561e1d5320293df51
SHA256 c7d0441ce917aee4aec4d2f433d34f90bf10b40018c6b73dd456e5d5a0d2835e
SHA512 5ebb1e043a947b338b65c0ed6335b3810486391b02d2f297dca80f4b52d1b468e1f820595c516e6158a04c6ee81f22cd59d0c75270b9645e388a2a520e2af37c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 3fb9f901b5bf054b619a65d767b8fcab
SHA1 fb4eab98f3dabcbec26a733273111fd67295d108
SHA256 94a23fd5690eda4baed2c58b843a1a5f0bdb10eab8b66b6e014471e9d5825d53
SHA512 fd4f09dbef0cf184b6adb73e7c24726226720483edfb97a388c944938df6e2787578600971d6b4418ffaa02e1560b4f788a90b759b69a2c96b0dd5be22fa79e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 9b10c3aefa01c1a01de1c27621773aeb
SHA1 b13b2a200bbe915067210b8a4a0eea8a8982336f
SHA256 447f7aee89c515cbbeb421feeeef5b16bdef9ed636e307635c2721bda2e7f000
SHA512 ce046ac3fee3221f84aadbf227e3b85013ec4d53562e3b00e257c1eada736f5aa6c322c83314ba2e23e02e09c3c7ff9c76c172cd15e2b0de55fcb1d108bfa0cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 741ecca69fb83df954535c62fad8be9b
SHA1 02d8ecc7b26dcc322b3ddabfa9f6296eec98a6b5
SHA256 0b04a0bd8887a0bf9330841578ec7024a52e80fa6a60cde6136270a83210607b
SHA512 2c5a994b68ab5164dbc854f0ab3b1bbd80b94b65dce5b96187efcf68e2d77cb58ab31424192e84e41016f63a1d3dc4a2ed780c21087ee995b2cc14b92ad97d7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\c9a22fdb-bad9-406d-9b0f-811e7404b998

MD5 db9e472b88b377782e870531175c950c
SHA1 3a7ce0fd799ce005070011ccdd19bb27fb28e897
SHA256 dde408e7c04f7aa504d895b1b287f24837d796e82193f0408e67e9ac1170bb05
SHA512 c32ea9eae8e1ebb1488a2e4a5336f1e2474c4649c056a2618580a48b9ff9753d8425678243f550d51f13e01bcf92190d1d0f6a0bd6cc0bbbffc644507b16104f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\7e60feac-46f4-4635-adf6-efb8a165dd18

MD5 dee83a80cc16a366b3ecd4f2ccbc66c7
SHA1 c649c5e3e206b7171f2bcf1dd4f0a8b5834ec04c
SHA256 2cc266ec874c5d0a23e979597091334fe4215e6a0c3e1fc4ca8ca4a6bcfa39d9
SHA512 0fe7cdcceb1500c502268a16b0d6788b75f599129f5f3f9e6765fd436ef0fa10b44f4e94af0cf0db7dd872ab7c616c90954fe274b929e6036cb5696b0b8229d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 90526c248bad963e63701921ac42ffa0
SHA1 9afa75a65d28df6edea459ad49b1649b1698cb7f
SHA256 26f088f25df240d16de53594bb6cdcdf79d7042faf3950eea7c2177bdd6f23e8
SHA512 1162d40df07c3b7dcef0a3090b62555d24c9ef7aad7c723ab94859e4428719769111777fe1bbaf8d2b4c96869333933ef3afeba6f922c7ab76456250daa3abf8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\idb\3060432757yCt7-%iCt7-%r2edscpao.sqlite

MD5 a2930cc720c78d4df136f0f02809a568
SHA1 8462a22f30a7363f92b9b432ec70c933cc264477
SHA256 2d867b1d1f809a6a4f62e96d1a67251ef7dfe91c3e26d70aac019588c135af57
SHA512 a239d41b29fcbf40e8311389f301141c27a3b05e968664e557ae0285f73ae6a7c2079649d91a7e26cbe2e9f17a468e5179b1f5014169ae3ef43d1d969c89b067

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\cache\morgue\45\{49106e25-f349-42fc-935f-cf6f7344272d}.final

MD5 c82c72ad53e139df6641cdec50178da0
SHA1 bab628aa38a5c915797e4cc59e908f30279665a7
SHA256 9afb3c84580a4aa1add6c7b2f18da11798aefc9f0ee91e31a57dec08f42c106f
SHA512 3b9efe9103a0428690253ddf50b65d11bae0eb4e62f8d3bb69d13c57463ed9c1200defe21761d76c2d8b05d7fb6d9cf293ecf9398bf9563a1d72a7a45eff58d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 fc58947b563cd0d2dddf7cc7fefb0fc2
SHA1 00d477316ee381985a9e736457d72433fdb546a0
SHA256 868780e6a5adc53875dc4ba45a53e244709ff261f9aba1c47ad1626106f02a32
SHA512 fe28ec41e8329fb35222a45e628c346704247b575e6b4fc8bb1276cd9297aaed4cdfae8c5518e5ff7b125b1c3c87af1d9f47122b6a4463695ef123cfe7dc6e2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 97b22c0d4717271d9d6eb4727209b189
SHA1 fd7bcbf996af6716b4b64a860aa89aff109ef3f0
SHA256 f80c487cce243e1b1d23a8cae673ea2e06905f8f178b884072dd36066edab104
SHA512 c47f31f711f872a014283f434c6d890ffbe30e3f960b145db4a42e8ec75e78238fc5c3a0d3d0b923962ce02fd5e45e857750fa1a6c4b40e3dcb82d8c7a92b0fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 a3b831bbbec0e36d3a973ad4a8f478d4
SHA1 8b4ab3ff942cd39c24c1e3f43cac950cb547a8d2
SHA256 3a8c42df8c716dc1dc6fa23e9c46f684673dda2ecbf90c936784db642397cbed
SHA512 0d0f79b056913659bc14cd93b5b019e6438d24ad247e581778379769ea2e29611585465ab39c68340cf215dd191ee34ce1fcf56da72727adc6996c8fb98b3622

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\cache\morgue\175\{2baa34e8-f8c1-49a8-a11f-a1bb042312af}.final

MD5 7a7dd221ff78889b7017387bdb433ec1
SHA1 f22cc2e0eea16a6dfda390554403e44fb060ccce
SHA256 14c1f968945350312d91937ccd56459426379c98606189a0b091aa95faccf919
SHA512 a6f14ee7e123dbbd0367191b0d8befa0eacbae6f61dd753cebb36af05d761b9b2b8aeec487cd93aa7fea2081719250f5d1d83604eb256acc016be957b0cd82dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\cache\morgue\179\{d14d77d5-ca95-49b1-b441-aa2a1f15f8b3}.final

MD5 49eb048dedb8a619476b0fd5aae077e5
SHA1 d64eada3de96fac11291c9ec8e53b7dd61a441c6
SHA256 b2e1d5e16e2b58d707f32132a4bb2b981a7df6984c2c5a8f4a3645bf8adea153
SHA512 98ae34ceb254b4af1dfc5d7c2c57407ec06d3007392a5fd35b8bc9331b05eb55d6775aadb0ec0f3d4cd837ab93448d35a54dff2051fbce17830a26f5e690942c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 f6eb357c98df3ce3d2fd68b71f8df9bf
SHA1 5ce3d2c5df2d6c011b613f388af1ff0cd1069c40
SHA256 dcba0018de6fb17eff6d8d8645af8c2649c7b0c4431b80c697c12f7a8ffc0bb3
SHA512 91c65079bd686a3900ad3240ca5428c037e1455a69a3520c1e419a12e604936677be3bab8386e89b13808b63bf98f7b7854cad28a887b107489b6c088e7746e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\0d1f5fbc-97d7-465c-87e7-2e86ad8f6874

MD5 3c599b3ae9ec294938640ee264031f2d
SHA1 7bd9acfc3d50b30e802dc8cbb5e9622efe37bdcb
SHA256 16f4cf652d366503a366b6ed208fe7dc55a5557ae5e7be0050c5b2efef913f5e
SHA512 4a17553769da3cdec8bc06f6afd45699fe57bc3f2987f64ce6c82d5b92097c2bb15691f663327f51fdd0b48252df0e9f83a7c313eec45e1daedee0bd5eb867fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

MD5 63cc1f384c2b9b9e0c97764b87789cf2
SHA1 1d357ccf305f76e48a0e9322ba474e5fcbc068b0
SHA256 06179f566f864cfc8e58f91e6b6c172cb1d7da1859e1ba7c0fafc7fa88a42e29
SHA512 7fd9fbbf650d70eb8676cbd8c6ca5b398c7486f67315b93fa54f2d7bdbc24a8cb1d969354fbf3a76fb59f56dfad43b7b5b2be01ebfc5db326df034571eec304a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\startupCache\scriptCache.bin

MD5 42ef850edbc139a84e7e3b20653f072a
SHA1 8f4865cac36ba29890d1d0bbec93d36393d545c4
SHA256 4770d7a9a2fb83641bca7ba915eadd15fd6349d4a0fe3e37627550453feb08e5
SHA512 aceaca216366d624744005c55acc2c11c065bdf54c309358973d9cec1fca7f9cd9b12573c2be7487dba3e5147ef8b01ccf9237492bf8086deb3799eceab217f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\addonStartup.json.lz4

MD5 e0573c5353827e3636ad1ecc967688fe
SHA1 516468aac41d97bed72ed2113b4314c8749a389c
SHA256 480b99af5bc1c56109d54dcdbfff1bcda29852a454150b6cf09af4fd8adcb331
SHA512 d2469436afcdb4f295d5a461f1a34162f795c81b9bb75cbfa33e5eb55c384bcb36914518ced53d8c2c97735bff61191e649c5ce212562273f028998531ae1b9e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\startupCache\urlCache.bin

MD5 e5adb214357fea83184be43ff7991b6b
SHA1 41fa14cf2d47472225836c460a432ee296aea531
SHA256 77f9747a19b43ee413ccee5520b33271cb534afc6321ea70ed4c63855b7774cc
SHA512 8f9de887003d77f968f3864e9896cc04e3c3d3e9a315f66860c6b6576b53cc8cfcb686fba9111d45a1de563e27b727bac66c3e63279a4bd4d82344c07f7221dd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\index

MD5 dc793b9999c3d83872760c1f28e86c1d
SHA1 c19f07098b889f8554c70e38b37399260c959d46
SHA256 2abb5e87327eb7d08e8efc5945969cd7344bf93d75ad26dddbf45e3c95f0161e
SHA512 d7507a0f4f0d57f61c4d34683ed3a79d297674308796e8d0ebaeacb4b7bf38aad78ac12c70e2e2513e7245a9ed7ba6703682d1ef76c5b6e0283e2fc48a823536

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\serviceworker.txt

MD5 dd920dfabee1de3bd26c0a00a1b112f8
SHA1 48e589560137a487d0957e474895ce256c17393e
SHA256 2e20900ee7f02c60659a6a441967dafb656e1fc337c3c297408533719cca47ed
SHA512 8d71036ae23fc8240aa225ede8e098c16ff183560f5d6deda078ddc604888aebae0894c7da131fcc84ef2a3cb2c76a52c591a7f964f1b9bdb832c20ad4971518

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\index.log

MD5 fc8936bf89f036856ce6a9d041d2df17
SHA1 efe8d6a677027f383fef3359866593d4ed7bbbf3
SHA256 2ee335ac109d7a315c8bafdb7ad5fb4ecdbf0569952a9729fbe68f0e369fffe2
SHA512 05b328df9c97df9b5c2c325ef8b934d006707127dd3ab610b0eb644e90462b6ef7886891b5a7a6792a661a9675164bbe8483ef0b5d53ad3f1e43497efe7379dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\startupCache\webext.sc.lz4

MD5 126798c0032616f45514340eaa10b994
SHA1 28ca874474684703dbb643a444d7417c9f80de8f
SHA256 1dad14abc4eeedec39933cd0b58782f4963d8490f3447dfc2c1ba9bfab765fe9
SHA512 a8c7eebbf3d1aa828475b5d4ce37de8abe257d5195f9f043ea82e24f957f9d3d74649377c35cb11b1f5a9f2b23fb66bd864e3fce627a8c8aaae62b2a1d426712

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cookies.sqlite-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cookies.sqlite

MD5 04f2a3602884e73801c1eb997a1e9a48
SHA1 b7e7c2ac1213722a4e7e945abe0853400ebf2b61
SHA256 ec17349d0bfc61eea5cd888ae89cfacc2388c1502a955afb80bd27b6a0daa798
SHA512 f5e2fcfc2a3097a4d6aefae954bb4afaa237011be365947558f62ba64f061ce3e411ea0bdc89f666135db4c2fd6210da0e012e82cbc89f01b59785976139b69c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore.jsonlz4

MD5 b0a109adac722a08296d59ca108a76e6
SHA1 2f1c2ce737452453a92a3587e4b7c9629d88089d
SHA256 df3c2aeb07fa1b58cdf6b551ba16ae7fe6ba873f9d419682469bfa7deb8c8543
SHA512 de4b1df1b6876f947c91c9e61b662848b8f0fad43bd01f5006ad148a5c198d7ba2756a4c8418dbc6408343907be0facf11d1405167be2a315b65937ee341226c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

MD5 0f1848678165f820d6abc75f70abb739
SHA1 48ed6055776adb17378d31e95b96a45a5d9eaa55
SHA256 f810c45bcd9068d9b8e0c23ccbe5ceee6ee89dac2cc46f8c935dcd3f4ce69385
SHA512 5331bfbd45a01d5edd3f4cb1aee375dcadf3f77adc10dc05b019c68d34263a62511d02291e18bc8ff12d518cf2c6313452e46ca3a5dbfc972b0b2d74e943c85c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\permissions.sqlite

MD5 e36d98b7a50346cfeee7efbefcd06015
SHA1 c8cbf23be40652784c57a4d1cce93561e446a3e5
SHA256 4806ab1dc7044359ca4ffe5782ee8b476aee06e33a87ae6ccc3ef712ec79fbfa
SHA512 311aa3d8c61a2361b7d47ca65a99473acb3bcbaeb3f302480a6e15904583f3e821e597fcdd767b01f0c508bd94905b1643cb1dd13e00e63b38c98cd2a478a25a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3934e4d5b46fc874193ebf55fdd9597f
SHA1 1bd8224b6ed0498a4efae9206202b85292c95e8b
SHA256 0abad8789a503f3a3a214a1f2dab2d68e7071c8eae753182c3aa12ee0164364e
SHA512 bc0762fd621ed7296a364a5b523763d261255cda574ff716829b83a72330e8f7b5df1f6fa493d7b6b251a6899c27d36df307f83f2fee310e3c3ae1ac5757da0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage.sqlite

MD5 e9bcb3353e6c9e89d9c99344b715cd34
SHA1 8f1064a6959c664bf05706ec787be38859223e41
SHA256 ea5f3010a8cd94ae5fd94652f311e2edb8d9f048ddc94b6b8e7e239d6b0ceb65
SHA512 f9502570d9b9ce63a1ae814e210e501e10741d7728a9329bc9fbf57d8d010d6cd894d58a6836ed9c9e671b2bbf93f912ebfb7f85df27f9c278e28bba21a5e84d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\extensions.json

MD5 c173020bda817a45f64c5fda72db5eb5
SHA1 ac783e559c844ec5f4d5bd2fda77885468ff09e3
SHA256 a58a854794b075765417498a01ebea449e55b0f25dd7662888aab27d5817e28b
SHA512 bb9079de6b3c32ffc8504ae1dd6881f9966b53586212049d5bf27f4e2d6471c4269c36644af928fb7131a20acb33c3c8a5f9d902861bb496e47294fd84829953

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\SiteSecurityServiceState.bin

MD5 071f0ef1584286dde8619661b06dd6bb
SHA1 0fa4acb1deabe659ea7a8929a9cfcdd8220f464d
SHA256 1f08a77a636c4faed9877ea24d914179f4f24dbc5f3c5f3be43bc8e371b7d7d5
SHA512 f2139b666858a36efde00bd37cefa953eac015b95a43cab86076734f05862d6a7582b50a3f77f02af36343acdb3355303bfa13eef2a7ff455e7d94c99569238f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cert9.db

MD5 fab552211d5c1fe37e6375c45037cd2e
SHA1 ac4743f1a4b3c12caf6c36884b769ed115cbcae9
SHA256 db9fd83f8c964a6251923aa6a9552a8c4ae26069c0fe19dac34aa9e2a3a73cb4
SHA512 2ed2c21fe136f3b87f7bf6d2c0e42e7547d80b725e97f0ec1d07ed9636dd2116b6b2c4fa23f521c59bf0e49d454edc683d831fd21abc0144edc7f1fee34d817e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 eb0f822e683a34080a93ce4c023c6bbc
SHA1 bdcad0754b981138b75f303d0537996f5b6adb60
SHA256 e8501bdc5fa1b55830a9a0767c84358500261cdacc98c6b9cc449dc01b563ec3
SHA512 3cc6ce28cb700741ed63c3897aed41566abf0ad5a3476c4216e2eb1aeaca512cdf7681c5b38e81f36f9c2a3e1b5d043c641690b1336397e2bc15a2658d46449b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\places.sqlite

MD5 9c5407806dc1044524218d107c89ba4d
SHA1 930ec57c0481d1ebe146beb9b83ac6a26b02b148
SHA256 c0b274a4cfc657390bcafc2a686af6c3f8a4f49b505266547ada6bde0a42e064
SHA512 98ca25170841664efe57ad61d84afcbd82141bde66e030cd2f38b4fc5010376f0d8fb440bdfca3684595f37dc5338c694139b8f00b11d391c50c80ce66ee89e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\content-prefs.sqlite

MD5 b41ed219e2c8dac47f2701562d092621
SHA1 90d507eae3ec943a121dbe5a080412e40470b54f
SHA256 cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f
SHA512 5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\favicons.sqlite

MD5 60e5865b07e77ff6f835d8a07b54feae
SHA1 cfc2a6032b9ae55e7c789b73036216b2e2367561
SHA256 559ce6859bb94af71d105563afd4cbfd5247c086e173cbb9add2ec4ea383a3e4
SHA512 9b92d4a5e6ccd995359921ddbf0fffe9479d87e4c42fccddb4ce8580daba3299aa8d42bf2cdc9609c0b2b8ccc745e39fdc101039d3c168facaa361fc52c8aa0e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

MD5 4b54bf4129a2dc3977c5d13dda9086d6
SHA1 cc10a947943529963463b1462b96240dbcf969c7
SHA256 0821e86591696ad4dc802383275fdacab1c8435278050ccf92b67f72d1dfcc56
SHA512 dd865bd1a7896a29959a04545e895aa11015bb5730908f35fd03a697a489949b492670f9f97626f03d0265a5c2c91da2787c1796670f987e95ca74aab0f0476c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 16f8df1b218a937e27984535dd03ce53
SHA1 a0c5c98622c5306c7176a111eb3465534ee53712
SHA256 2ab3084d9741311bd22ae8ecf49c9ad36da66e0adc44db8928507c818e965c94
SHA512 8b88b71188b8962a4828854c66abcd1a052bced6cf6639b9ac0494dc10a13e8f02cce530928684d846883c3edca96e058fbdfb139a3c2f22587a10e864ab2276

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\3fdcd969-285c-4bd9-951e-9d4db2e21698

MD5 b38e57bc6a5ae4a1995bb95bdea8f235
SHA1 1f2b3eeae063fe1e07f9d61713ed43f063dbfbdf
SHA256 6b09ee92ad5268260563f850f7f355f041740624b4f8f6804b0a2d27571fc7e9
SHA512 75d68962794a8486a05ddac39ba63f33e397b785d4aad7e8302b820308163f16bf4eb0a5175c966396a9f2f611b96f8f8aa8fa6369868020585527476f8d37ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\protections.sqlite

MD5 8f6eb3beb9074c28997f53c350ec5a6a
SHA1 dbabf06889815b867d5beda3780b89a95d02a3f5
SHA256 473b468c54d32d2dde09ffdf0b621efe319155314339879163aa02e2c19b7b89
SHA512 e410fbe24af2ba7ecf8ecd0746029b1231b708e352c0a5c654e4adf8766222d85861561f0e4958ff7f1e1a158550035660d9a251e03c4c9633a17b3d991e4f57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\5a0d60e3-81bb-4925-a5e3-d8d81d9b1cc3

MD5 324676acdde58e098dbf601a5afe6a31
SHA1 a32bc34d74d0d9ca7c7eafa1dcd06caceba0f8dc
SHA256 184fdbf9fcc5aa8ca8f1d95d6d46beabba1e92fc80992c6dd4f83abdeff2b70e
SHA512 ec8150cc9a04aded8a81b5bbd75293bf93661ad80fd37c16291876dd86401afeee83ad624db279c21f807671c68d51bc669796290003f389e777db510a4cab82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\53d029f5-50fb-4d48-a9c6-072aa4e685a9

MD5 6900d9dd7309e88eab29546c235d6621
SHA1 6ffa82f1ba8a116c3ac1153814189976ee6f4214
SHA256 74972915ad3fddf2c2f73e9c87a267ac09818066f40c49f7b66bad180e571a44
SHA512 abd168ce63b2640eba5fd401ca88dfbd6f55d98e03a82e9111330472a8d2f1094f3ff11a4fcfc0148452c3fda69f43034cab297d624b7422da194ff0e3ac5be6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 ba80b07669cf6be1445ba0933b4bdde3
SHA1 a19cd728469ba164c7a00e278bc6092a71fffa9c
SHA256 c015dde58b4aa9e2532dc98caee56bfc4d75d99c6991269006270c1e076e7c3c
SHA512 17a343a7fb348d646d45d3d944032eb8441821b3a11b5a3e20a56822fa13d8ef1cabadf9d8fcdd86f21ed3b3bd5b54dfb36b6d854c9136aa488607b36b101fba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 0e78d2a4709c2ce7dba3f27bb1d1fb41
SHA1 12f41e2bfd9fbf974543a30bd273e6eb2f51de97
SHA256 6b15c89e9cea042eaa69f7fb0ce694af74eca745ddb76c1108dc1147d50781f8
SHA512 c909ab299f654bf711e98bd20385f27fd5341b940bb9abd09b58412529e5bdc37aa405bb5605215a8dcaa82316cd006c6d4548ec1a4099f2699112b9ca7b9d02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 f99b4984bd93547ff4ab09d35b9ed6d5
SHA1 73bf4d313cb094bb6ead04460da9547106794007
SHA256 402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069
SHA512 cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 02d5ab5e17163b2fc343ced311801325
SHA1 f1d7892d05a9fcce89159c492e7865550e7671c9
SHA256 68249880a93bc0947013af3b060d5fa59029ea9dab49d6dfed639d12160eeb0f
SHA512 3b4ac2ce05dd1760fcb42df589aca05f2b67ccb767bc2f19ed88e66f813f1201f376d4ccf44589a6e653295f909abe800c90059f299faded7a667232a9c92bba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\events\pageload

MD5 5d73d8d5d0ff59cc128f61b444f5954f
SHA1 9290a4041f9c257b809dbd592b82753bf967cd79
SHA256 7b705cf1ffcd1079856f7c1bc669fd4f230427107d19d444e85e6a81cb8e1039
SHA512 1c229257c754c02e4cf329002f8075d9466da1faec4780ec3507c229d84e2d579acaa608bc105db0d1182cbb8f794439c632938b12af1849b48cf820e425b4c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\events\events

MD5 4d4fb92dd5b1eb991fc3a2b1ef6ddc06
SHA1 d386844f734ce126aee64397d4102333a0e98932
SHA256 d2e29f329645ae4aa3cac8347aac49cf342d079ab34c81ce755160bb9d3663f7
SHA512 7b92e24bb6b5444c8976259b8bbdd649d7a32d4bddce8bbc909c2cec7ae0c4508832835d08c5d8f7cd3c8e610708956e2cc65dc3f17f08bc95c8d14d8fa561bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 a2727af7ed432b5ff4223cdacd10a686
SHA1 447cfe6385336468992c0c8d1c9d2368a8b7e01b
SHA256 a937df3c217ce3d9478ced8ff13edaf2569469927fe0ad5cb1e31c612810d934
SHA512 35ef2847d4a0614a60d9d35dde97c8d1c08e05883e6570db0bb48ecaa29fbfac06fc37d524d83af1c523e4befb7af63d31567cacd74e25e33afc65c5b1439140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.bin

MD5 c049db1167d7ff7c5b687209d4e8f2bc
SHA1 b2ad6bca25e6605ad293eff46722b84bf2e7a5d9
SHA256 f869fe753281f1037e8780d9809cdfc8deaca23c29604a1fafaa332bf744b2e3
SHA512 b73fbe869dbe9376085ad7a8ec7e9664ca87fd6cac0aa2d40c3bede71b31fdeb8755bd387aeabfd5f0c2310c371e22a7c3ca7130ea8e8fb48ba9239d06a54ddd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

MD5 b11b4a2515f05dbda84ff8dab8636877
SHA1 6206f4ed99ff0c5587bc5d28142f0b32e3ea841d
SHA256 d140aa2178c02a38721303e8863e2971e1de26c6d2cbaaeee06b073953d9d825
SHA512 00aa87b9b455c715554519898d39ed0aa2a76aadaac6bff25a85e1109cbc5f9bf33f798f25d6c3e5b5059db31623b9457a681f5123e3229b9b92fc97ca1e0711

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\ls\usage

MD5 f07abffc9d37ebb70de25eebf6d1864a
SHA1 4945c402fbe451e55476ef51378484dfcc79e12a
SHA256 dcd87254894b4203e9f6f3fa13265517f92d1e80b0c63f78b4ce6a6ef56d4a0f
SHA512 3f8869cc3a049e7cd65da440362eba1486f995a026f2e553a8d5e9e619b6fcea795d316262a5c403feed29259557fa23b29c8c010c7bd2806e2ceda1618e9818

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\cache\caches.sqlite

MD5 853eca66dda0905ee0dde5706d18ac6a
SHA1 937eaa923da89b8bb62b18663ccf5bb4dd7ed8fe
SHA256 6912a703d87f34c3430456eddccde424c37e5182749d3c542a1b16b422447757
SHA512 c5922801d1eda12e25d72d767dc88b5f298138e0599cf69068d22f7217777536e59c96e45f8f21c26208535bd184c7ede5ae533df415caf8dbb958e258d24e4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\cache\.padding

MD5 7dea362b3fac8e00956a4952a3d4f474
SHA1 05fe405753166f125559e7c9ac558654f107c7e9
SHA256 af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc
SHA512 1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.youtube.com\.metadata-v2

MD5 17fc76faaf5a9886e2b51b1fe5411770
SHA1 7e232faf2f416f0d1f9b855c7c43fffde15a2a62
SHA256 ce9e6440a9a9aa37fb2ba9baa07305953253f312e229cb62e1f1d469800914df
SHA512 9543cfa45fe4c7de61e4096d66fe2c02b59d70ed0e78eabd249244db5e6de2ab96651ac46dae5f9ae6126f3ff431c41c5eadcf1972587e320e4142050f621a8e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.google.com\ls\usage

MD5 5ff71dad7c5e744dfa947877af782afb
SHA1 9aa480b4bee69816300bf5a411f8ab485b7d2cbc
SHA256 9db30533fb7a6d3f7b8934d527139451eefc93b3740d81fc9d547a67e2bcc7b3
SHA512 867c2c7e3b33b3d5fc714ae97e393e73249f5ad63579a0fafc2bfb7952aa436a808501d4022ae4e06d9634169b4100c7d6ca503964f22e7117ee829c46bceba6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.google.com\.metadata-v2

MD5 42c078fe1a1afba25eb98c5d3047bdff
SHA1 6f80b6ed99a775e2fad8c4d971dab7a4eb1ad7c4
SHA256 b9872a0f71509ac56b529ed5153d8b1125256e91ad1dfe2eeb7110830f81b7ee
SHA512 072cb5240af9a66b2542f354e902a02b423a5ecd7b88ada4f40d7497b0cf54d326673a89ef2eb582a8d59d90fb521c7e3a539cfbab22de32c15085924eb2f455

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs.js

MD5 064d83719783438bb7ef0998df8afae1
SHA1 5f917f37d3b302d189cd78aec0488880df25ce68
SHA256 6ab3cedcc2999e0180613ec71539cad2fc62a6752106f13295feffce1985b58e
SHA512 f47d385ab21077b4a25c02ea0011925d5535435ca9166b1177e5a98796afbfd85fbac816c248e7677bbf015d87b6587721780c64f4fdbdc313ce8da556901087

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\formhistory.sqlite

MD5 4dd725caed7d67f1338903236b25f9c0
SHA1 e86dacf5a89121097e69ebcc1924f549806330ff
SHA256 59be910aa3ead56f3daad6e54773e5a432bb980c2caa218c3fa881674b102091
SHA512 55047a66760d592c1486e6d71bd55651daffd1e9dd670281bdf95f45fd13fd009a678a9c269515d576d48c36fa24f6ba27caa03bf4121bb84b4d9df6727d0e9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

MD5 c13cf68658866f54147db72c9f612051
SHA1 906e84fc06fe8de3a0b1f9c49ef2a9ee8d935801
SHA256 16644118455f3647deb9e6aa6105ddcdec34538c1bc37b8ab5f8697ee4c7b74e
SHA512 902ed7af7dc286354ab2d59771ceeca3688fc491038b1ceeec9e0a4872b0bc354df600954809f79d2ecd958a55008e7abe179b9204e102ed9e5a2025548a6b5f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\AlternateServices.bin

MD5 5e4f3ab6416a0ccfb3367d21f0afb99e
SHA1 bab187d7bd8fe86c8c64b1637cd6822bfcb82583
SHA256 23f13b6ff89d6fce3920669d233b751432aacee11981f712f5df96249883b0bc
SHA512 fe60d68c4617431485007eded23a6f8fe9a39198b8f0614589b1de28dc5a5950d273ba8131ece6ccdef97c243328fcf38dcc595b420e028b6475549f1f206cc0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

MD5 5ac489203c6df1661d9aa195161767fb
SHA1 b6f701068deda295924350ac085a7cfc3f2c5230
SHA256 5ab42ddbf1b5c8f0e6b9ffa804a36ac143d0a399f770804cfb1ff9d20af15634
SHA512 279e9b8c76c6323028d20dd992ccf2fe6e1e3ce500d650ca0eb9db91369b4a53052232f0e62ddf7e115a7ec073db29cb47d3d0f34e4a83cc12966956a4bcd153

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\2B16ACC15AA680352D12943E950AB926A085A466

MD5 61a450c275e3c923adc470d43b2a0352
SHA1 55fb282ea2b0bfb84be8ba364c1573ee141d3697
SHA256 8cd43c9c1764807fcd07edf3b56b3686ca4b1bc2368e9a6654f415f98d7b0b69
SHA512 7a3722360e3597df7ee50abd0a7c2ddd5894b429f88ac99d08d282be07ce06ef04f70ecacd1b78bc76b3a4c903856e3d302e7589ced694bda5b78a54da687d1c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

MD5 5cb1e60095d44d82f58715fc753dbe4b
SHA1 3b0ee5b483d32cc757c6dca20824db501a2c236c
SHA256 8bb286b9f1e511798c95da441cddce6d9b1525ab6cab877d3915e91c08726504
SHA512 db4e13ef891fc480da4b123c68c7436a494a3029c9dd9feeac18290498155c7ba5a6bd767809429ac5a52af1120b18addcbad45e1371ba3dbaafcf69fd004042

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\storage\default\https+++www.google.com\ls\data.sqlite

MD5 061c8827cd7bcfb54fdc2af5afac651f
SHA1 e70ec90a8216ff647f08dd19f299d286fac3960e
SHA256 8c3c03c432d88253ba6c8ec4ca9c97d5871923344c896205c02d9d7d9e310413
SHA512 15d43ce3bbcf191dfb327e3c43efaf008c40bd0be7ceb6874ef00b8ea0d3b125ba69ec25cd7fdc1b24c61ffb2f9704469bc8057677e83d63ff8282990017e118

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\AE6C91A7A94F8219B78F6FB4AEBCFA5DD3A78D91

MD5 6d90f19c32f458272070f71bc04ffe66
SHA1 79108b4e1b83437b6d1485861f6b43f35cd3782f
SHA256 918cc26c62835a43149684ce6095ba896efd678c0e8601f3042cdbacac304932
SHA512 58977fb6970990ab121bb0e2f81ba75782e0bdd1c3763f9eadc89be375f9e77eef83ce7d5c15c01bf0eefc8715284b660e5cae41e057ba64aba104a3ee0e188b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\6EC2AE770EFC3451D85A600B7DBCCE4A25142850

MD5 e2096c9194de1e50b21c46c05d4bb4ff
SHA1 4ac37e9154d1b0907119c0bec3ecd4d883739e8d
SHA256 8e87c43785b282876117756e2220bce368433794359dffff8dda316381c7dec0
SHA512 3a8d075a948827df9e1013ea484e20a9c5ec78653c9a4016fa43e574ab4a67cc94a5ac83a8bab35cb2b19c571710bc70dbb537a9ccb4c78185f83c0000d79935

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

MD5 d633f8edfb27d3f3a0dc3dce8af00b6f
SHA1 1df00cc097b7b48476ed52ff9260431d204b0318
SHA256 26f3bae1abad1f2e57ff4ffe76384be235e99a6545564c249188f9e37151c5a8
SHA512 fa7b53b36869382e652ab6d2c4b78c091fedf1aeb9146ec1e25d2c05e1284b59ee1cded4b385a131f3aa0c681ddd860dac53ff422dc892685d3ef2280159de80

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

MD5 6ebaadb3e7b0d96df2a1034b408af404
SHA1 c2f0263d938ce73efa732b5c7174c483d2ee02c4
SHA256 fd36656b8f13aa1d5bafacf68d60f70b043bf1d1acbeafd93e216f9debdb9c53
SHA512 3cb6573ae37501277b0aa22c506811ee8490a7708d0195a118666459c85669a40a3c27beff2544e2628804f822c45a68ce5bac68d28c30266851095ef7fadc37

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\F0170AF0AA6273CDA9D105CE8905143FE8159A19

MD5 cae4c7484bed0665e9e8fe5fb0d907c2
SHA1 c0a981dc364d30dc159fa96c363ad9c19245cebc
SHA256 14f466447c0271aa1a88f7878cf7f67cc76bcecad9639d36c0497d5993a0d19b
SHA512 83f412251cc0eadfbc5cd76b48f1aeb0bc8979ba9b20ca4be6682b4c00ea4d1fa40f56c7ce6cc71f3ebd0e7af9ec8e5f14f3505ebabe7786b00ec242ab8d140b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 ade1573e45033b11775a9cb97758938e
SHA1 73ec85178f9707c01dfeaf2ddfe252af30b52759
SHA256 dba97e891410cfb5efe51a11021fb41194c3d3493fd31e2fd3809eed266fe0bc
SHA512 13ec4f593b2e2d90a0f927f6415fed1faccb8c637602c77e2b211d4e361d0643822cfee044705280c40f6785c93c22a18c7975a0c9a8f01618573a9b85816782

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\99559A4941891CD5905E3EF1D64FEC2824C6BDAA

MD5 08668952b32d584e2492ebbfa8c868ff
SHA1 4d5ab86e5f9cd6b1724b87f002a650690d5ace75
SHA256 c983a3373f4476394ab83e3463a9dbb2ed331f6e36cd3dbd867619216960394e
SHA512 0874ae767a33481258e84bf6e4a2fa0c141570dec267cfc95d2494bb0e2f5b92602bd4977e2f2f84951df72a43df38ac503cbb0d78a4f224b1d9726aa65445c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 2f3fc17d269993a026adfb831d666033
SHA1 6c7a7e58c2e5cd9eef4a414c82c3f66605b56498
SHA256 c813b71827a0dd6d47097fd2219bf628d0e2fb4c2e0e4e440c352aa8c4f901a9
SHA512 74241ad6f05f18899f3e777c86002d7ac4f1359acbe46ff6754e749f5e1781fdfe1fef00c3bc8816e71afa83f60776cb2963d0a7d8b90b0b875c9aee548ca5e0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\BDD93674D7318CC496CC9B4D8B39A21D7E69E89A

MD5 f80284db30922395c1b6172869c6992b
SHA1 ab1f81d6197c974f178d8dcd4ced137d078c75fb
SHA256 e278de20ef02ea7b2444071cfca93bee0f47cec064e9e789b72f9e5634ba95e4
SHA512 efa3e86821f3ff62c5911d09c8461df1923dcbb6f8482b4700a767f8f6ea7940db6f0419488cbf65279a231f8043e1beefca5037eb69b7db5867ed75c8ca8ddc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\3DAB4AD5F65DDEDA8310F2811C11A30D50EBA59C

MD5 d699a055d98a63779eb773c4d934fb13
SHA1 8a1632611f3c5636045d02557c2cac23ede3efba
SHA256 daf6be002ff8dc4f780bb5ce0f1ca20842b0d196c4ac2ba320c6bf654cdfcb0d
SHA512 bd522da01ffd42c578d01c42002a66d06ba2f81b27a4c2bc4c95c4530c7c90d52988d1a5edc83ae4c9903981ab1204e1f0f8f151c58ba779adb412eb1b3f5ad2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\5627EC047E3A09F66AB68C7E4DBFC195FD847D9B

MD5 2cc112eae284419f25b2c5becd97897b
SHA1 351a79ece694ce1acee86a0b35425f876661e390
SHA256 94ffbac6c1bed35f72d23be0345da5c091accb3b5392289a78416d352a317399
SHA512 c5e945240f8a5273e73d5bbf8042492255af3fd56cdfef3b289e8268388e478cc776f1f96de48839c0596cbe2575b50c42a8e50b49245b97ea8e15a5de356231

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\9C9625E3FC34CF0A876025E227D060AAB0C60500

MD5 1574ac8daad420911cff6e90341d26d8
SHA1 04324eb56dfe44cbc530aa6888e0aee824db4fe9
SHA256 ec07a6fb3bc22813d953e9c6593c9b8afe9153dd670424393411cfd54515d5a9
SHA512 a182ce77f89eb07defbb8dd506d45c440ffd746b1737e7134550bea3c9089a7dbfefd4e221949a1e3c5af35b22f77512eb28f19af1e57ba516fe700f07a15547

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\crashes\store.json.mozlz4

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 1ae3dba051e20d1edb8f3600dae51b5e
SHA1 c6a7e35a103454790c4230edcc72ca866cff8fd2
SHA256 b8bfa88369223aa21655198add8ef90243db731b4d94d67b9c22a3a182e892a6
SHA512 8870df61a3524136515db93f57a74a4b7fe5245371e1970088862b73241f0282f82a357e57db723ae1ea528d834fc4fa6ce3bf92a1f2c43da0895e439b164974

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\520B737D2FC42970EA3ED9A6778612D870C30295

MD5 169e1eed5de435cf4e54f806a8400349
SHA1 244999cb2e963fcddbcaeac1d12163be860b138f
SHA256 b932d6e48412360e98355c4fe83e5a7d1cb1f2abbe60bf5c992b6ea2aed214ec
SHA512 94fb93605f09536ed6ac09709164b1d0a95ed7b10b01b883562dcb7d239160709d631c75b9de7d2e7654d6e7cf2cef6b45ab3d548f907021773cb3bfdabaa8c8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6ir3v68x.default-release\cache2\entries\6EA1267BC1D99F39E596EDAEBC55E4A75E383819

MD5 e2ce96b8fe939e2cf883568d29885e60
SHA1 fd2d34cae9b4e5ebcdb07eb237f29a6ee47feaff
SHA256 0811396ca700c856653440f0ae44719ccb412510c28c89b46dd3feba2cd6215a
SHA512 b110834e6594e70daf8bd99bf6cb2401ae8d409e7f59c9d0a4eb1b2a09e274102cc4a3d6af49866cad8340734ad4e6770506bc84ad1091e20401f0200f8b5ba7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionstore-backups\recovery.baklz4

MD5 71e452dd76d4ef385c9d29b971b13ec0
SHA1 19a272f0fe4aede30272fc20404a30cd6cad04a6
SHA256 39c4d3658f74dd7409e56756493308f92df53ccb5fb5ad36bf5b50bc27818bc5
SHA512 0305a89be672b17f4ea0525a9f6ead1e37ecdcbb28a494d0ed8d7158f8446f6febca2de9d9f20192ba5d732a1e1e8b57d44b6905ae9f91f94a34ff1c5656c262

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\a48b6b38-5bba-45fa-9d70-d565bd39d662

MD5 ede94d7f26d2e8253b4637d1b9560ee1
SHA1 323104ed2052cb4d497a870437763ac82c2ecb9d
SHA256 5ec99a0be4a7847132d65d1697c87cd930452bf9a875d1b2bd2649b040f68465
SHA512 f259a753d4f4e72044f151ea474ada55caa3cd85c4fc8fd30db4c339c7961bb872d8ab82c551fbac7eac9f7b1c9fee190a7e6ccdabae4eb41a0f45a885425d04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 211566f4b56c18a75dc9069ebf1c50e1
SHA1 e27d547ca682bd3a0f529306f4b9c32eeb240cde
SHA256 849aeaedb06b8e066fee01ec9d474d450cde22ad2aa9c18e4db87b4892ffd997
SHA512 747c4d8b77867306a70b77cfd91457f4bfbd2f6e84a9c96465e584e7dffb62c903a74001804f92c3e2db881abe16d62e64637f437974d01873e675798d526193

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\places.sqlite

MD5 9add0fdd2fc75a53ad3fccc373d69e82
SHA1 8bf0f6b5c07f83e42dc00258fd2a2a1ae0a7e397
SHA256 5ebebfe43da08f8de4a06a3971db5bf728eafa6dbc3036179b92e3f1b5175cd6
SHA512 9f4e6ca2427b44149384f51a2b8160351a6e73563178db1aaf6a58070869c7f4b234ce5119db10d1a25b806217d6b7d9bf65b26126420a3e81799fb36c6270db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 af5cfc0e11f42535ed8a1b77c0ae3acc
SHA1 1a4fba026f8c03ec91b23c7270930e557b219efb
SHA256 19c0cbed349dfe762953277005c672bc92746afb9f07f97a38da735d43bf0d7e
SHA512 ca10f95333adff5dc6b0673c97ba7ccf0a9cec02b4117b9dc2ddb2e0249c622f8c58c70714707248cdd83ee5569954fe926935f6bdc8feda3d6eaa7684bd3851

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 82674e3b7a790be585175b5d8fe40a5a
SHA1 11cfe9093c880646cad30f843c0c6c25fb35c85d
SHA256 a2306cdf39f790bc4fcfb2096857a252730c1f024104cd7f386e32ad6c4e22a6
SHA512 4dd100fefb4d417721aa43aa930ca9054d5f7ce3dc7a072524c2e7e6157dbf50a37b91b8f7398c3428dbcfae33bc88f9996c59c534d3e50256a585bc91a9e2d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44d217bcfca26dfbbb3d2d0604dd1ecc
SHA1 7b65443615f72f6c362e067b72b69871ff63a1c9
SHA256 d415964d80508b1304f8aa4126e5ecac9ba7d824d57806d99dbd40c5777bb376
SHA512 760f0c0d95dd1bce1d44a59ad4cb6f9b4b0e644c96e56eeba8ada530e697a8e1c351cae54547c58a12e041a1b0bac9e2125a3cce86fff25cacc174f9e380201c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4710100a1bfd4837c1eacd758b486279
SHA1 22df05f6f196fcc0c361c43568b97baff02a0eb6
SHA256 6fb3225fad1ff13f7ed765bf8928d0641b5c65f3a3fd7d4a7f171b5bc44e8fe5
SHA512 e9eeaf2a82727544ba7af3a478c1ad41e8b09b44c97d8c3e849508b5ca27564241866ed042717dba5f153647cddd004da87b56b1fe23c5ec1781febb44d57557

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ed0d563d205297dc2beb16c4f8da403b
SHA1 305b5a359e33d2695e187a3966e8bd63b9730e32
SHA256 a7cf5eb7d2796a27d0f930cb289b94d71098bf4bb37d712a4fc0e2f64a98d85f
SHA512 b55d92de155aaa7e9ca7c28ec4af50e90a376701ce1dd2dc69132bfb000debdded91d567e6c84312b1f1babf40273a08b33e80d3b45b878b766a7d200afbc582

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9b4c4a2295aa4c6d90567ca76bbb15e9
SHA1 6016170af6721949caa170793f42ef95452e18a0
SHA256 75b27bb5189103db1966262311ee008cd35d1890fa45719f3f39b8f8f0254ffb
SHA512 eda5a8cc1713bc7483e5e1eff48a0d9e5d6c132ef4f03e86fdadd430378055f1ab12bdd3061dac5e05caa286336d81807492154c1bbb56d135f1a862b46fc9b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1c7a333204f64430ea817655033ff794
SHA1 921c1bbd553b1c17d474849369cdc1d3f81914ae
SHA256 e2484b3bb3e0730ad7d95ef98b476a150b067e1b6ce6d3d310fbbd964972e409
SHA512 a745c547443ecc9df0830526f43482c7b4b3f11937b7c4aec3bd2b5238c7c6c4788f3f6ddda0c1c19768bc9f48c6efde27a20fd6c5d84ae064d24ea245cbf06a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a0f703dc575ccb627359000770132ed8
SHA1 fb66c512ac541dae2b12f0c74fb695e891d6a078
SHA256 e87a236c07d26f73e404593f90d2e8250783b61eff59d777401ae64625bfc11e
SHA512 4862693cb759c764696e34fb77043cebb19187123257d4c383cf3ee7645c001bca4f3b1e06aa6ece7eb0aa5c0666449e9d2dbb28baddbade40ab54874a10140c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 35a25ae4c8c38403cd869832a45b1069
SHA1 711b74a9e667a200d09dde2ba4986b6440e8ba59
SHA256 b1a1958ee6bfd218bc121f358e33e6dc2b2b67873a44bf21647203fa43652860
SHA512 05c5c563eab2d4239d88dbd6204c43b3532de47768202baec9e381d1cfc24bdea9eea779bd9e963b017c87a7a3ac0c246e108fb8894c113b93bddd097d30b3ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6ccc16cdc6734a50379fb7ead1186613
SHA1 a71fa2dcecd9304db64c142e129136ebbc383c6b
SHA256 086b50bd331c857b3ff04e7b8e2b3a34b310f31d6d7994919b0da62683a6b622
SHA512 d45049a491c281201134264d45205399ed356c26697f72b153f57eb9f8196322278c553eeb83eced16d693ff3e56d3dc5405d3e4c50d360cdc76156c4ad2e78f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 468b8f7af8042850578ebedc52eceeab
SHA1 6b446156732689887e1ce1f8e0619c49bc31388f
SHA256 5cad6df116394474195b92ce7f374c9533f4dbd6bd81de2ac9bec00fbd1906db
SHA512 d182306d498d99daeac5272339db2ae1ef4eb54cc43bac28b3b4778df994c14128913cf2066a9889d62b2fcde7853cf32470196f9630d69e43bc91dd02352c33

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\f596f651-8835-48d4-b3f0-5f3119e2e2ba

MD5 5e1b001aee4d20eb4f43a0454c653c47
SHA1 d919dfb6946baf4ee28cd70f749bc4153de148fc
SHA256 d51660e1f826848fafd2f472218f3eec8ea22e71e9dfb3b1cab833971a73a025
SHA512 907f93248cd116025f868958f0cea416e843ae425f57b65e3071a51becd1e9737693acd53b555aca0ac94438064118f461c83c4c43cf01768cb1974740539d1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 f50233ada79acdbd134c0cc664c37b17
SHA1 7f1456bed0f04cc35b0e874443c4e61a5bdb3139
SHA256 3733a4b96d6f4522a6fd8813826bcd871308f5ad9538bb06d77e8f9c1df52bfd
SHA512 10817ef56911db148aeffb9228b18021c8fcd5d0a0defbf451098a2b380068910234dad83e077aa3141c095233ccca877a8cb8276db397280629fd14b9cce8e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 4a859047a7a8f97ff00736b4f6354a7b
SHA1 12b106b29fe6bac21a27315602aa994614ce1c67
SHA256 98830fa030e03baedd9bf94cc799b2301345a3ec4c881f445ccf8caa22014066
SHA512 731a2704bb277f0d34baa1865812803646e324e60231ecd564ae6ee1d870fb9824090d1eb1cb05cfdeab3e9f476f5e79b17d64625b6a7e96bbc8de739b4aaf8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\6766ce01-12f5-4056-88af-62cf233ed0a8

MD5 8139cfd3b54261a0e2a852ff49b39507
SHA1 7eaf816006a3971c22c929300112b2f2f531453a
SHA256 3558c831410cb08365f87105b1c6bd3e4da8465c003ca94293011aa64f34b965
SHA512 18789907198dfc36b33059c0192ea221224f4853c9a055f7b8697f24805bcc4f4042ea147a3ad47844379641045ef6b670b59fd7e6748fffc13d86555d4036ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\pending_pings\3e79ab5a-307c-4125-8f4f-81065afbe7d5

MD5 8c91eba2786a415cbccbe925253250b5
SHA1 80a3649b177d5851dd0e16c3b9cd97ae1e77616b
SHA256 1af3272789d9f8120b962e0a78b6a7417bd5637018a2faa5e7bcc3ad8f2f0700
SHA512 21d6023f5416c5e4a793b13b5f54fbd9ad5f0898d8d863b96065177e735a2f1d6ab583fbc9a4c1cbb323f05640f76c85987df6f9d0d09bd0c6a1611ce2e06974

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 f6ff7e5ec90c95d0c7bd6314acdd06af
SHA1 5c6611f5839bebbaf848bb43c2e523cabfc3ef91
SHA256 e37423d3d483817909153a1e7b0aa57aa1525f5301c29cc85da37fb5a25878f0
SHA512 d4d2e2aaa81f945faff5fa7779a9c6dc36a8d6438f05b08218aa2a4191337ab0c8f7d88c630f12f9f35bcd7d7eaa342ee9e0562b62a18c74a1e15c32a4a90d13

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\prefs-1.js

MD5 180bca52f92f87528c1fd03ca0ab93ac
SHA1 414d609aed0ec92d3633b76d06e8eb9a9f6476de
SHA256 56e3fc7a81b0f76c842d62dfd8bf19397a74d7d18805b360856682e1563f01fc
SHA512 80b01b69d55631fbeabc34e18018f76ba76592d5af653fc92dbd4bf39eb38f74c9caf3adf1c05098f74d2bf0471807757e8628f50613758d887ffd7c4e2cfe67

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\datareporting\glean\db\data.safe.tmp

MD5 001bd25068384e478c38a773289ad32f
SHA1 10d7d9f5ff61bc4691abffc760e8d94413c4f0bf
SHA256 b62d2d213bdb48e46faaa640220332ca069518f2b17aab9629781ad46d45ce75
SHA512 023ee2f13ee1baf953cdcd0100e0e86ade39235ff11a22024cea234132e4b832f9e8a5880758c9c6b8c58531d54472c1a1a79d318caf4428a24e5eaa3f539b16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ir3v68x.default-release\sessionCheckpoints.json.tmp

MD5 362985746d24dbb2b166089f30cd1bb7
SHA1 6520fc33381879a120165ede6a0f8aadf9013d3b
SHA256 b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA512 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

memory/1704-3378-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3377-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3376-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3388-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3387-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3386-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3385-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3383-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3384-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1704-3382-0x00000279734A0000-0x00000279734A1000-memory.dmp

memory/1104-3389-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

memory/1104-3391-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

memory/1104-3390-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

memory/1104-3398-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

memory/1104-3397-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

memory/1104-3396-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

memory/1104-3395-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

memory/1104-3394-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

memory/1104-3393-0x000001F6B6130000-0x000001F6B6131000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d362870cd467a9d5e1071f86d961de3e
SHA1 363f049922ab19a46348428ce4af6a0bdbf3c605
SHA256 73b7e09d6bd2bbefd2296b68ea41703722b59762b53976734d654b7db29c7e24
SHA512 2c95352d8a27c0753aa69a6048492eb6b125bbc55a6ae57b69e14c4b38b6e55cbe34bcbc1e2be4c72a413f86402928dc8853c38f9c8f3c1bc1e6e27e4b4d9cda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

MD5 0e2a09c8b94747fa78ec836b5711c0c0
SHA1 92495421ad887f27f53784c470884802797025ad
SHA256 0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36
SHA512 61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer

MD5 ab0262f72142aab53d5402e6d0cb5d24
SHA1 eaf95bb31ae1d4c0010f50e789bdc8b8e3116116
SHA256 20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb
SHA512 bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3b02378fde790d04fc2becefa41ebd3
SHA1 0888c533ab182695425057e6d61cc7cb3e711c77
SHA256 0e4c1547980a6c294a6fcb95a3a386336eb228835d36474a474b1a87ff1f7f06
SHA512 d540634eb86d8366ef78baa5d53a7e761c5c90abdabe1b8fd6a86bbfe357c71ba7e4853270c1636fd8fed6f8124617f03f063c407222b724bb5d5ecb3a4079f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a7b7b6925b98197fb0824151cddcd0a7
SHA1 92e1b2e90c39f80f32e5fee09b6b74d5062cd707
SHA256 5166e80c62e9fd3dcbe761f10f4ed15f37e1a5ec2d16cd94954251a2e35a07ef
SHA512 425b76a7395c96f7933803a85be4e05ba1e89106a566d2d0facf24d2d697f937cc41d2ce05dc93bfc6d3b82a0ad2b4dee8d7909fff3e52b19b7faf17dfd05ae1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133750483171142433.txt

MD5 3ddb1242ccbb1b5134fb439372e88d4a
SHA1 a6e041b164d04e30a59417cdcaee75f4e37c1509
SHA256 37f2a5018101cff2909ac334e8516e1baf94bf7f18d573c21b87c188ed2c05f0
SHA512 88d57cdd0dd1c271f6d8eadca311d81a6954dada42a5ad29867839ac8b38e644550d4ec26b9e364877ba2d75b7bea71c4ecd035e2e1dac0ff6a71a1e0e15790a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a975eccbcff4c5ff9eb85d7d056da65
SHA1 41888ce398fb8b8b4e03abbf4a05b9a7226313e8
SHA256 81a6b086fd6c3cc436ed6631c5a9a1dbbaf0e9c4864d4367e0c6f90d706f2e48
SHA512 198ee283ed7c0b3336457d3334a1fb87ad2a5c1983e125cb5c83e381aeb9bc13e35069f5181b9b67227ab660c3611845b3c7fc6c006c7a75d0dcf6572fc96d65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3822cdd0d20913ab5c34e4f269b1c5e7
SHA1 d955cf8728442b16acc23de3faab16f28a9bf2fb
SHA256 5948e1e2bbadfb96751fb3c474efed799552bf2a51543795df3e01e1a7b65695
SHA512 694f25cb6bf6c59f50aba27a2cd445044f93c80b4731d64bad0621ac2348c674fcd01236523b724897023115d413136235c1ddaa3665cb250f38f07de3ab238b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5c5ce50d4eadcd1bac1ad859bcc468bb
SHA1 e62859652082fa150a883ed1a6c95186a84e441a
SHA256 975e7a1de6d34372bfc4d2d2c27b50fecfd83e28af6da6e46eaa5abd972b62e4
SHA512 c0279dbcfe997a23e0ff327ef91b6838b920b0d948147483b5e4beb47c58ea79671c552821a921fed4b76c4aa7eb11bb70e036a9261ec802eff5e7a9b2f38d59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 10531da4132184fec4b130d84af0a0bb
SHA1 c4b27e9dcdb67a6abad625ee098e1a6c876d8813
SHA256 58d742acc084e34f092ee187d44d3d34b81eb19877ed5eb547f44884596a4ff7
SHA512 7f1e4e189145f90689dbf6dcc776d0d067401ee6e59d875063aef82de40b30e0f50218cba25b26564bbcbeeea30c7d45df0131fab50b16c9946f58f52b4ca65e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 eea36bd0498a9c3aff910502315e222b
SHA1 1d9504cdf8819bc34d32f35b98dcb019322d665b
SHA256 7147553f8186aa1a0e9a15633624cf6275c01dba4846bf05a9b9e461960bd9f8
SHA512 4be10476d7ed7a5032ca3431c93612243144f32e229116b2ed8e6462a30d07821cc3c5f42852f9fde61e5aa5e8769ed5ecfeea7ceb17a36062405caf77e6d240

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 631ba9b3b548ea6e279d067d3ba46f6a
SHA1 5555d061bff35126a6b4474fdc7076dd5b64d88a
SHA256 fdb404a8ae3dd1988a5d50872519563c2831bb2765ba01fb146146316d6cdb84
SHA512 f908e073480b73dfef2286cd7f6fbe9b90406ca7af9645efd6c10f86001088e6dab9cef112860aa34a31fbadfd3f229d166c7732127ddf3fb3ad394c8f3d3c49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0b6c950307d941293b98c201fef32d22
SHA1 25cdfb2fea7a271ccda88caf43df295360fc64ae
SHA256 bbc06ef58ec4c2a9f638c692141033d9df53840576365b963adc51e30da5fbfe
SHA512 c6c8b8955287c005316befc3427be462bbea393faa1aa921fddfa7fe4795a450bc5a6b070e2f2dff3bec392a40a8683f0cac830519bedb9d48e307655d24d87e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad780ead6687eff3ac8cebf3bc24708a
SHA1 6822eb601cdabf80335c5a901f9c75f334aa9c65
SHA256 18ec0391814d0c677b3d48b891f59fd90be7722e9a323ef8855fe22ca1c6c723
SHA512 0a80a0d5faf87152aac3abf8b8bccaf5f5f08435016a24f2f1c86f4ea87df0e54c8bd9873643820e8e9f81621a7d78fd9fbd6a45f247574ee3c92d209a864ab0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe682d66.TMP

MD5 304191202bc4585c2085a3b2833e091c
SHA1 5578e1e2d7e25a7575e5ffbd56676220285a76d8
SHA256 175c417527af8e84449c642ee9d8172acdc913cc3fd7202654ffe69bb3f6aa05
SHA512 e1148e2ae06c12400a3c1bcff3dfd97dc71a335d2cc6a593b09629188b298203ccf0ddf6dea9537478b9ba7d2be1530cb81bae42e3fbf624f27b9c6292cf1f4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dba95f812f8c4303f2e45acbb211153a
SHA1 fccfb7fb94e6fcbe148d83b2d7a7d5ffe92bb663
SHA256 730e13cbdc9cb9f0b474afed44d78794dd3d7b900e8715aeac32b1f656b65aee
SHA512 d9b46c7e68ce571d96c6d9dda871b0be4b0797f615a1f14dad1273adec0c4bf3f2d6b3f19893766d3ecb34c2bfecae3cf47dc24ea53fefff52c4b2f2c13f2d30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\91f111c0-0ddf-404f-ba67-c44ff36f8489.tmp

MD5 095c9b3cc9ec86eb5fa44cbf52b33924
SHA1 844e2cd5a67275aec0a8632ae2be1e567bb106b1
SHA256 98bb34e9dec8e7391bad4c6d6a97dbe96e42e52ad296da9fb558edb323161079
SHA512 18c7792d4d7bf39c75f53738831fe8e1ad210c48bf0f820ff837c356bc5f6b1d298be5c4eae67985b739e738dc4324e58a934b9ebffd5961c94bbcea9cea94bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aaea0b4935f440f5c54a71f0817289d1
SHA1 06d9e15d83cc5813dcad46b98fcb9e12ab0be176
SHA256 5299f52c55b0ce254f2add72dd7027e379d56e07d7d2160f8fab87a81a718982
SHA512 2f5d0aeb32f08efbb25825dd71c0a2ff73b9f89533180df3fc61a72c95aa79929053b912f31f5fa6ef3481856826d74340a08aea9bd8cb98b61132b091b80b11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a306e0444a92ffd810b5c998f0b6a8f4
SHA1 5ac2f96d81720e523f2183a82f90205ace1ccf8e
SHA256 8f50dff7da0d66583536adebbb1b9aee6e1dedb05f110a15e6e462d5093b311d
SHA512 c8180483d540367513d7575ef6cc1357e23750369c4e5ff943ddac80101ccfe49eba57b4cddbbd753ef0a974bc3f64f5bfc7528015b73dd3401a61aa8f8f1113

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 054c815acdea5bb477f98a8656312f50
SHA1 1976ea56b93cf3a6060cbd6f43f6038453d875e8
SHA256 572228ff86c3dcab66a7d809b325804ead6486e3b272bba69bcaf18d74868fcb
SHA512 d0de17316f14ad224e30e0969dabe3e3b5406ba7ec6cec123282561a9ec66d5d434d99c4a50e7294a39375db51d6841e85f52415b8f5345d93a666c919d71809

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a338bfd155af7c70b8d7659c77af132
SHA1 aacc1b855c3593790c0b4468afabf398e9280126
SHA256 7d391e81b483bc02c2ce969dfebf99cce72427f383c5487c069789fb72bd3d60
SHA512 48f1e4c6b1e4534ff8ad8993a15a8e04d284f15c4d20c826bfc49459d58a6c0d3bd1a3dff9698bfb77447201a57b5a95f53b8b120ef2db10e5db183d0d584d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bc3d6eb545e0858053476ab42b193755
SHA1 9c50229ff3d4f59b67a307d485468860b734c90e
SHA256 0aedb5e8b5c4c16b1ed7eb9011cda5a963dd7e21eaef0b9228d9a16a5dac0b39
SHA512 99e8cf82c6f6c78c1f727978134542228ad1f243c615a69e0be67001ecf7b80033bdfb8980cef750c83ebc6611405c6d15b1553568cb8962108c3e3c7c915549