Malware Analysis Report

2024-12-07 16:48

Sample ID 241113-j9qkzs1pdp
Target instaler.exe
SHA256 6d64582dda33b8e575b24c72fc77d536aaf55662edf6c3d14cdadb849cf371ed
Tags
discovery lumma defense_evasion persistence phishing privilege_escalation stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6d64582dda33b8e575b24c72fc77d536aaf55662edf6c3d14cdadb849cf371ed

Threat Level: Known bad

The file instaler.exe was found to be: Known bad.

Malicious Activity Summary

discovery lumma defense_evasion persistence phishing privilege_escalation stealer

Lumma family

Lumma Stealer, LummaC

Downloads MZ/PE file

Loads dropped DLL

A potential corporate email address has been identified in the URL: style.min.css@v=2.css

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Checks installed software on the system

Suspicious use of SetThreadContext

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Modifies registry class

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 08:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 08:22

Reported

2024-11-13 08:25

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\instaler.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\instaler.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\instaler.exe

"C:\Users\Admin\AppData\Local\Temp\instaler.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 08:22

Reported

2024-11-13 08:27

Platform

win10ltsc2021-20241023-en

Max time kernel

317s

Max time network

318s

Command Line

"C:\Users\Admin\AppData\Local\Temp\instaler.exe"

Signatures

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: style.min.css@v=2.css

phishing

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\instaler\instaler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\instaler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\instaler\instaler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\instaler\instaler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\instaler\instaler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\instaler\instaler.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\instaler.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2408-x64.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3432 wrote to memory of 4608 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 2588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 660 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 660 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 660 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 660 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 660 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 660 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 660 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4608 wrote to memory of 660 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\instaler.exe

"C:\Users\Admin\AppData\Local\Temp\instaler.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6413c878-c00e-4f61-947f-0f63fa439c29} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df634a1b-820c-4665-a732-16758cfdfe86} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3220 -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3032 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b168e594-124e-4523-ba93-101771bf7c9c} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3612 -childID 2 -isForBrowser -prefsHandle 3716 -prefMapHandle 3712 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd4b2e5b-a579-467b-8da8-b983539701dc} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4568 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4648 -prefMapHandle 4644 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b81b023-b03b-4852-9b55-c3a13e4836f6} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5412 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfad2a75-dd55-47c7-93cd-eb09206d59da} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fc6152a-e86d-44b5-adc0-c0bbb02e4fc3} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5832 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5756 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd60216-45b9-4b69-a614-b899feed3794} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6156 -childID 6 -isForBrowser -prefsHandle 6148 -prefMapHandle 3052 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fe492ab-48a7-424a-be94-9dfe77fcfa0e} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 7 -isForBrowser -prefsHandle 2668 -prefMapHandle 5100 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ca7c400-2ce8-40c9-9bb0-5915b1c92250} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -parentBuildID 20240401114208 -prefsHandle 3840 -prefMapHandle 3848 -prefsLen 30911 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c63ad608-22a2-46ca-b309-bab1bc24409f} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6588 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3052 -prefMapHandle 6628 -prefsLen 30911 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {659ac609-f3a0-4a42-a3f0-6a745ee89d62} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7120 -childID 8 -isForBrowser -prefsHandle 7112 -prefMapHandle 7128 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b5c7abb-263a-4ac6-a84a-04344f1d53a9} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7600 -childID 9 -isForBrowser -prefsHandle 7604 -prefMapHandle 7596 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {704f8a2f-0c62-4765-84c4-dd5ec9001913} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2fc 0x33c

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7420 -childID 10 -isForBrowser -prefsHandle 6972 -prefMapHandle 7380 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {546139b4-e144-4326-87c3-cd012b18998e} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8004 -childID 11 -isForBrowser -prefsHandle 7996 -prefMapHandle 8012 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc54516e-28e5-4ada-aa67-adfab00c54db} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8216 -childID 12 -isForBrowser -prefsHandle 8228 -prefMapHandle 6960 -prefsLen 28329 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72848e8f-8ee2-40bf-a7f6-ec6e21735639} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8360 -childID 13 -isForBrowser -prefsHandle 8372 -prefMapHandle 8368 -prefsLen 28369 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {379264b5-9298-4722-b605-dbe778cc67b0} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6272 -childID 14 -isForBrowser -prefsHandle 7048 -prefMapHandle 7340 -prefsLen 28369 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3929b214-db86-407c-83ce-1cd97dedc369} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" tab

C:\Users\Admin\Downloads\7z2408-x64.exe

"C:\Users\Admin\Downloads\7z2408-x64.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\instaler\" -ad -an -ai#7zMap20472:78:7zEvent26688

C:\Users\Admin\Desktop\instaler\instaler.exe

"C:\Users\Admin\Desktop\instaler\instaler.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1828 -prefsLen 24857 -prefMapSize 245165 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87320f00-92e3-4d4b-a66a-1526cc7e1a5a} 7048 "\\.\pipe\gecko-crash-server-pipe.7048" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 24857 -prefMapSize 245165 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {580f53ed-b15b-4f31-bffc-d0d472a70830} 7048 "\\.\pipe\gecko-crash-server-pipe.7048" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3348 -prefsLen 25356 -prefMapSize 245165 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2021dfa-3b27-41aa-aa72-74ab3b671749} 7048 "\\.\pipe\gecko-crash-server-pipe.7048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3028 -childID 2 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 30589 -prefMapSize 245165 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09a40514-0931-4685-9166-f8a45699c79f} 7048 "\\.\pipe\gecko-crash-server-pipe.7048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4616 -prefMapHandle 4612 -prefsLen 30589 -prefMapSize 245165 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de7b988a-3d2b-4fb9-b79d-88dd8595513e} 7048 "\\.\pipe\gecko-crash-server-pipe.7048" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 3 -isForBrowser -prefsHandle 5272 -prefMapHandle 5268 -prefsLen 27974 -prefMapSize 245165 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc31af38-38c2-4ce6-8f41-1fece24f6006} 7048 "\\.\pipe\gecko-crash-server-pipe.7048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 27974 -prefMapSize 245165 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c22e1a3-8857-4e46-b696-9144e565a049} 7048 "\\.\pipe\gecko-crash-server-pipe.7048" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 5 -isForBrowser -prefsHandle 5440 -prefMapHandle 5436 -prefsLen 27974 -prefMapSize 245165 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a06f485c-1585-4d59-a03c-dcca1254b5d1} 7048 "\\.\pipe\gecko-crash-server-pipe.7048" tab

C:\Users\Admin\Desktop\instaler\instaler.exe

"C:\Users\Admin\Desktop\instaler\instaler.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Users\Admin\Desktop\instaler\instaler.exe

"C:\Users\Admin\Desktop\instaler\instaler.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Users\Admin\Desktop\instaler\instaler.exe

"C:\Users\Admin\Desktop\instaler\instaler.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Users\Admin\Desktop\instaler\instaler.exe

"C:\Users\Admin\Desktop\instaler\instaler.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
N/A 127.0.0.1:49791 tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 65.204.21.100.in-addr.arpa udp
N/A 127.0.0.1:49801 tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 23.55.161.185:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigl6ned.gvt1.com udp
GB 173.194.183.71:443 r2---sn-aigl6ned.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 185.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 71.183.194.173.in-addr.arpa udp
GB 173.194.183.71:443 r2.sn-aigl6ned.gvt1.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.212.209:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.212.209:443 csp.withgoogle.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.200.46:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.200.46:443 consent.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.213.14:443 youtube-ui.l.google.com tcp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 rr4---sn-5hne6nzy.googlevideo.com udp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-5hne6nzy.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-5hne6nzy.googlevideo.com udp
US 8.8.8.8:53 169.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.180.14:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 rr4---sn-5hne6nzy.googlevideo.com udp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
GB 142.250.180.14:443 youtube.com udp
GB 142.250.200.46:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
NL 172.217.132.169:443 rr4---sn-5hne6nzy.googlevideo.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 rr2---sn-hgn7rn7r.googlevideo.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-hgn7rn7r.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-hgn7rn7r.googlevideo.com udp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 231.130.217.172.in-addr.arpa udp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
FR 172.217.130.231:443 rr2---sn-hgn7rn7r.googlevideo.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.180.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.180.6:443 static.doubleclick.net udp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.187.238:443 suggestqueries-clients6.youtube.com tcp
GB 142.250.187.238:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.187.238:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.200.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
GB 216.58.212.193:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
GB 216.58.212.193:443 googlehosted.l.googleusercontent.com udp
GB 142.250.200.1:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 216.58.212.193:443 lh6.googleusercontent.com tcp
GB 216.58.212.193:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 rr1---sn-aigl6ns6.googlevideo.com udp
GB 74.125.105.6:443 rr1---sn-aigl6ns6.googlevideo.com tcp
US 8.8.8.8:53 rr1.sn-aigl6ns6.googlevideo.com udp
GB 74.125.105.6:443 rr1---sn-aigl6ns6.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-aigl6nek.googlevideo.com udp
GB 173.194.183.106:443 rr5---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-aigl6nek.googlevideo.com udp
GB 173.194.183.106:443 rr5.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 6.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 106.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.212.193:443 lh3.googleusercontent.com tcp
GB 216.58.212.193:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 rr4---sn-aigl6ney.googlevideo.com udp
GB 173.194.183.169:443 rr4---sn-aigl6ney.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-aigl6ney.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-aigl6ney.googlevideo.com udp
GB 173.194.183.169:443 rr4.sn-aigl6ney.googlevideo.com udp
US 8.8.8.8:53 rr5---sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 169.183.194.173.in-addr.arpa udp
GB 74.125.168.170:443 rr5.sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.170:443 rr5.sn-aigl6nzl.googlevideo.com tcp
GB 74.125.168.170:443 rr5.sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 170.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-aigl6nek.googlevideo.com udp
GB 173.194.183.103:443 rr2---sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-aigl6nek.googlevideo.com udp
GB 173.194.183.103:443 rr2.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 103.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 rr4---sn-aigl6nsr.googlevideo.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 74.125.105.137:443 rr4---sn-aigl6nsr.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-aigl6nsr.googlevideo.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 rr4.sn-aigl6nsr.googlevideo.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 74.125.105.137:443 rr4.sn-aigl6nsr.googlevideo.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.187.194:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 137.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.187.194:443 ade.googlesyndication.com udp
GB 142.250.178.22:443 i.ytimg.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.200.1:443 photos-ugc.l.googleusercontent.com tcp
US 8.8.8.8:53 www.realdudesinc.com udp
US 172.67.71.47:443 www.realdudesinc.com tcp
US 8.8.8.8:53 www.realdudesinc.com udp
US 8.8.8.8:53 www.realdudesinc.com udp
US 172.67.71.47:443 www.realdudesinc.com udp
US 8.8.8.8:53 47.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 static.klaviyo.com udp
US 8.8.8.8:53 api.realdudesinc.com udp
US 8.8.8.8:53 klaviyo-onsite.map.fastly.net udp
US 104.26.5.179:443 api.realdudesinc.com tcp
US 8.8.8.8:53 api.realdudesinc.com udp
US 8.8.8.8:53 klaviyo-onsite.map.fastly.net udp
US 8.8.8.8:53 api.realdudesinc.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 embed.tawk.to udp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 104.26.5.179:443 api.realdudesinc.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 172.67.15.14:443 embed.tawk.to tcp
US 8.8.8.8:53 embed.tawk.to udp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 104.18.128.216:443 diffuser-cdn.app-us1.com tcp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 8.8.8.8:53 embed.tawk.to udp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 img.youtube.com udp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 8.8.8.8:53 ytimg.l.google.com udp
GB 216.58.212.238:443 ytimg.l.google.com tcp
US 8.8.8.8:53 ytimg.l.google.com udp
US 8.8.8.8:53 prism.app-us1.com udp
US 104.18.128.216:443 prism.app-us1.com tcp
US 8.8.8.8:53 prism.app-us1.com udp
GB 216.58.212.238:443 ytimg.l.google.com udp
US 8.8.8.8:53 prism.app-us1.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 172.67.15.14:443 embed.tawk.to udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 151.101.194.133:443 klaviyo-onsite.map.fastly.net tcp
US 150.171.27.10:443 ax-0001.ax-msedge.net tcp
GB 151.101.188.157:443 platform.twitter.map.fastly.net tcp
US 150.171.27.10:443 ax-0001.ax-msedge.net tcp
US 151.101.1.140:443 dualstack.reddit.map.fastly.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 trackcmp.net udp
US 104.18.34.214:443 trackcmp.net tcp
US 8.8.8.8:53 trackcmp.net udp
US 8.8.8.8:53 trackcmp.net udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 179.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 14.15.67.172.in-addr.arpa udp
US 8.8.8.8:53 216.128.18.104.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 214.34.18.104.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 151.101.1.140:443 alb.reddit.com tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 151.101.129.140:443 alb.reddit.com tcp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 static-tracking.klaviyo.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 s.twitter.com udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 klaviyo-app.map.fastly.net udp
US 8.8.8.8:53 s.twitter.com udp
US 8.8.8.8:53 klaviyo-app.map.fastly.net udp
US 151.101.65.140:443 reddit.map.fastly.net tcp
US 162.159.140.229:443 t.co tcp
US 104.244.42.67:443 analytics.twitter.com tcp
US 151.101.130.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.130.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.194.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.194.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.194.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.194.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.194.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.194.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.130.133:443 klaviyo-app.map.fastly.net tcp
US 151.101.130.133:443 klaviyo-app.map.fastly.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 s-part-0037.t-0009.t-msedge.net udp
US 8.8.8.8:53 s-part-0037.t-0009.t-msedge.net udp
US 13.107.246.65:443 s-part-0037.t-0009.t-msedge.net tcp
US 8.8.8.8:53 fast.a.klaviyo.com udp
US 8.8.8.8:53 static-forms.klaviyo.com udp
US 151.101.66.133:443 static-forms.klaviyo.com tcp
US 151.101.194.133:443 static-forms.klaviyo.com tcp
US 8.8.8.8:53 140.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 140.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 67.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 229.140.159.162.in-addr.arpa udp
US 8.8.8.8:53 65.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 172.67.15.14:443 embed.tawk.to udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 d3k81ch9hvuctc.cloudfront.net udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 3.165.148.10:443 d3k81ch9hvuctc.cloudfront.net tcp
US 8.8.8.8:53 d3k81ch9hvuctc.cloudfront.net udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.8.8:53 va.tawk.to udp
US 8.8.8.8:53 d3k81ch9hvuctc.cloudfront.net udp
US 172.67.15.14:443 va.tawk.to tcp
US 172.67.15.14:443 va.tawk.to tcp
US 8.8.8.8:53 va.tawk.to udp
US 172.67.15.14:443 va.tawk.to tcp
US 8.8.8.8:53 va.tawk.to udp
US 172.67.15.14:443 va.tawk.to udp
IE 13.74.129.1:443 c-msn-com-nsatc.trafficmanager.net tcp
US 8.8.8.8:53 168.129.153.4.in-addr.arpa udp
US 8.8.8.8:53 10.148.165.3.in-addr.arpa udp
GB 142.250.178.22:443 i.ytimg.com udp
GB 173.194.183.169:443 rr4.sn-aigl6ney.googlevideo.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 172.217.16.225:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 yt3.googleusercontent.com udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 172.217.16.225:443 yt3.googleusercontent.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr4---sn-aigl6nsk.googlevideo.com udp
GB 74.125.105.105:443 rr4---sn-aigl6nsk.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-aigl6nsk.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-aigl6nsk.googlevideo.com udp
GB 74.125.105.105:443 rr4.sn-aigl6nsk.googlevideo.com tcp
US 8.8.8.8:53 105.105.125.74.in-addr.arpa udp
GB 74.125.105.105:443 rr4.sn-aigl6nsk.googlevideo.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 216.58.212.193:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.212.193:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.194:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 gamexeasy.com udp
US 172.67.223.214:443 gamexeasy.com tcp
US 8.8.8.8:53 gamexeasy.com udp
US 8.8.8.8:53 gamexeasy.com udp
US 172.67.223.214:443 gamexeasy.com udp
US 8.8.8.8:53 fusionhacks.pro udp
RU 37.140.192.190:443 fusionhacks.pro tcp
US 8.8.8.8:53 fusionhacks.pro udp
US 8.8.8.8:53 fusionhacks.pro udp
US 8.8.8.8:53 214.223.67.172.in-addr.arpa udp
US 8.8.8.8:53 190.192.140.37.in-addr.arpa udp
RU 37.140.192.190:443 fusionhacks.pro tcp
US 8.8.8.8:53 www.dropbox.com udp
NL 162.125.65.18:443 www.dropbox.com tcp
US 8.8.8.8:53 www-env.dropbox-dns.com udp
US 8.8.8.8:53 www-env.dropbox-dns.com udp
US 8.8.8.8:53 18.65.125.162.in-addr.arpa udp
US 8.8.8.8:53 ucaa1c8c978558dc0430de845adf.dl.dropboxusercontent.com udp
US 8.8.8.8:53 edge-block-www-env.dropbox-dns.com udp
NL 162.125.65.15:443 edge-block-www-env.dropbox-dns.com tcp
US 8.8.8.8:53 edge-block-www-env.dropbox-dns.com udp
US 8.8.8.8:53 15.65.125.162.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.212.209:443 csp.withgoogle.com udp
GB 142.250.180.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 142.250.180.3:443 id.google.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com udp
GB 216.58.213.14:443 ytimg.l.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 216.58.213.14:443 ytimg.l.google.com udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 www.7-zip.org udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 frogmen-smell.sbs udp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 8.8.8.8:53 thicktoys.sbs udp
US 104.21.52.119:443 thicktoys.sbs tcp
US 8.8.8.8:53 55.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 119.52.21.104.in-addr.arpa udp
US 8.8.8.8:53 fleez-inc.sbs udp
US 172.67.150.243:443 fleez-inc.sbs tcp
US 8.8.8.8:53 pull-trucker.sbs udp
US 172.67.135.173:443 pull-trucker.sbs tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 243.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.135.67.172.in-addr.arpa udp
US 8.8.8.8:53 3xc1aimbl0w.sbs udp
N/A 127.0.0.1:53650 tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 172.67.173.191:443 3xc1aimbl0w.sbs tcp
US 8.8.8.8:53 bored-light.sbs udp
US 172.67.192.57:443 bored-light.sbs tcp
US 8.8.8.8:53 191.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 57.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 300snails.sbs udp
US 172.67.138.157:443 300snails.sbs tcp
US 8.8.8.8:53 faintbl0w.sbs udp
US 172.67.176.72:443 faintbl0w.sbs tcp
N/A 127.0.0.1:53663 tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 8.8.8.8:53 157.138.67.172.in-addr.arpa udp
US 8.8.8.8:53 72.176.67.172.in-addr.arpa udp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 104.21.52.119:443 thicktoys.sbs tcp
US 8.8.8.8:53 crib-endanger.sbs udp
US 104.21.39.101:443 crib-endanger.sbs tcp
US 172.67.150.243:443 fleez-inc.sbs tcp
US 172.67.135.173:443 pull-trucker.sbs tcp
US 104.21.52.119:443 thicktoys.sbs tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 172.67.173.191:443 3xc1aimbl0w.sbs tcp
US 172.67.150.243:443 fleez-inc.sbs tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 8.8.8.8:53 101.39.21.104.in-addr.arpa udp
US 172.67.135.173:443 pull-trucker.sbs tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 104.21.52.119:443 thicktoys.sbs tcp
US 104.21.52.119:443 thicktoys.sbs tcp
US 172.67.150.243:443 fleez-inc.sbs tcp
US 172.67.150.243:443 fleez-inc.sbs tcp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 172.67.192.57:443 bored-light.sbs tcp
US 172.67.135.173:443 pull-trucker.sbs tcp
US 172.67.173.191:443 3xc1aimbl0w.sbs tcp
US 172.67.138.157:443 300snails.sbs tcp
US 172.67.135.173:443 pull-trucker.sbs tcp
US 172.67.176.72:443 faintbl0w.sbs tcp
US 172.67.173.191:443 3xc1aimbl0w.sbs tcp
US 172.67.192.57:443 bored-light.sbs tcp
US 104.21.39.101:443 crib-endanger.sbs tcp
US 172.67.192.57:443 bored-light.sbs tcp
US 172.67.138.157:443 300snails.sbs tcp
US 172.67.173.191:443 3xc1aimbl0w.sbs tcp
US 172.67.138.157:443 300snails.sbs tcp
US 172.67.176.72:443 faintbl0w.sbs tcp
US 104.21.39.101:443 crib-endanger.sbs tcp
US 172.67.176.72:443 faintbl0w.sbs tcp
US 172.67.192.57:443 bored-light.sbs tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\70e85362-0cc4-45a1-a065-075a153d8509

MD5 49f0afd559123cce22db480666a602f5
SHA1 768e5030337b3147d7955ad154025baa10742a47
SHA256 50f84e4433d7b8c2dd0b09628cc1271a51f8fccb305b1aa4a1013d265b225831
SHA512 4e58e2caed6186a9bad33bc0b8cf4fc243d0e28ec110b229774a4153e8b99c7afcbb42f046e6559033419f59014b416639548ae386cbc929390702a391ecfd37

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\8a1ebf8f-1933-4fa7-a067-83b62d3e69bb

MD5 22acdfb982f202e7ca7c7432b7c04fa5
SHA1 a7be3b620087704d5e1e3b88a923e2457d53f1e8
SHA256 550a65ebbf1333b16661c06156c13489e4f421f8bd53dc3896f2a642500108bd
SHA512 1a20a8621b6a1cb02b5706358f61c5c78fc679a516f2e1dc59b145c664911592a50fee5eb7460f5dbf0fedfb6f8c836a467e97994017c50ad53aacb22a7b1cf8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\034d9d77-8fbb-4921-8516-7daf6c85ac6c

MD5 28515899f2007486c9b951121538431f
SHA1 57d9b2326dffd30307d669243994f2b162e1ddf0
SHA256 470e0841dfd7b1acd88ad940ce4067b1d6211eccb5ec74f951b8954844a6efc8
SHA512 67aa958187e055e1b4016834ae1cbfd136f21e2eaf92299b4f555f0a3b581c01429caad584ef25f4a97daf6b8f2510a700575d012b18e66ee332d96cb1e1baa6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 c17c52781b1a94a9b9053b7845539ca2
SHA1 409464bb129a6c475965bbd341b90611ee826e1c
SHA256 38ff4d4a755adac27ff3137c261f2f6cfd58a2940d032c0456dadb3fe9a27dd4
SHA512 428b13b26f0f0a16db82f8047a2db4d3dca77f90a7f821f5492f08c08e7b69dc21263fb0e2c51b0230d8d68e9f3b191c965ab70fc6994b1c725b9349abb0e5ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\activity-stream.discovery_stream.json

MD5 ebd4ffd450dcfa3231a80217378180a1
SHA1 bfa2bf561b7897e07460c9b50f9562899b84d8ad
SHA256 3968f547b0f521e1650e131fe62666f01f26b3c1ef157982c493f3ff4680b7ea
SHA512 2cc885fd9362d2210e7e62f25fbf83392e246d57accba219ce9266532a237d46f560f899347170e846156f534083f66543be05f73fcdb02d5d580b79ef3e2057

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 a60c6394ed0a239d4788091d85331332
SHA1 ef6d3f4614ec985b1e9b01f8a9c5efa92894b5cf
SHA256 6e2c7536e99e4da7c2e238e2769e9a5db08a5b58209ed91cd3ccd28386d2658c
SHA512 f0e95cd9862075940de3f1c717566d2e8d69d42da0ee878f2d72e05435ce2827a94dc301f7e7d739948a878edf19c4b1f72372d0eb65ffb6077f1fa9057f498f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js

MD5 e3f2f5ad9a807e54ba7209c2dffcdd1f
SHA1 bc708888549a786612a6fb270fee943adc0055e1
SHA256 5240e03fa4b7f22eb948b5f4a210a8277dd673ea853aeab5fafbe6636b08c62f
SHA512 0fcf1af7725277c77025d1b8c5f76e948f7831cf81fe45f78e664ef2768c4a84991edfd7dd823226f667cb87bc26a5fef38e7f49674784d9194a8146a50f00a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 4d3225b3ac36bae4f91ed8bc5a982bd5
SHA1 c2917ca1f5bafb2b23e07d958248b70d854f8bff
SHA256 36bec20c7e26de8ce806156ca671290dcc31ceef02b6b239c24f807850cc6674
SHA512 b73952c3dd8df4a0b1fe180a0c28c38ea0fc3681ee43791575d72094c1d1da7e3531bea12f7cd610b7e683b63a54b2e748e0f00ca5a559b1cf215da8b78de948

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 23bf871c5ecf5e26b0b638295e05ab36
SHA1 6a83824e4607cd77518bdfc4175d1d16e4dc10e4
SHA256 f43b1e40604c50f4a04b48f1a3e0abe6e265505aa98881f480b29e2b95dab8af
SHA512 f284dfad277d2676484d01c1b7e1a165d2fa0fc53050c6a66336d9f2c8c2bdb986f42153d19a07056380789d8a50c17ccc5126a355764501deb5572c785c84be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 4662c264e1a83b9e4f9b78a95ec472bb
SHA1 f6a198f1d198f2e3db79f66d36b2e938ed3b5b00
SHA256 ed9470991428ff74674159a195288cb7033a4b0e250d550100b3b8a83a78b5ee
SHA512 73baffd38e77aedd997aa05b9fd855ec01adef40ea6e4a9d9aa11311f624ca35d2baef64832dc004f5acab366f1bc04a429d46d6819b509e5832235eaf6de218

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

MD5 3cbda1473909515327a8d0f178c5f0c7
SHA1 a14def9bd0fcd42d44e7853d04a31fae4895057e
SHA256 9d9d5930e93e6b2ceaa85b9ae69317072f1154fa6548177ab08379c26747c61d
SHA512 8cd9a2593e05e94603db02e32f3597dcb2297aa982c93ad92bc5bccd0b5519bf2902c61454e431dc0386b3a47717fc2f79f2b48f26619f7d1cd7f36f6611d08b

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 e8deb0a3b00b9e592aa476e5958eeabf
SHA1 c5c65673a7ba417583a2e49efedc0e8463d9fed3
SHA256 498b5df02e924b8231cc314c2aa2321fa9a12cc5aaec91ab9ea84a06e8dbbcfa
SHA512 63b7a3e767a512583d888273ad9f2bd6e70b13e63b2f0d37a5bc0c7560f60667a5304195b0e20c83225d23be36de392e7b9ba229d9fec7f35277f9b70b0ce264

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 130b1758d0e28a5543246b3eef77310d
SHA1 23864e5b0d9a89e1f3570afe3c5b533f20c886de
SHA256 0b42a66141bb0dd987a5d3b133bd55a587bde9fc319d24659c8070fedfd18949
SHA512 b035aaba9693add50773a480207a63fa92310311d8a02ea5f2a79cc0d4093a94f1ce817ea74c590db78d238516012a740e5fa4e76298c9f8625a46f539a6bc66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 739413b4440686a1c8b8471bc3d71787
SHA1 f857ddbea4c57e8bffbc08b94d29fb4516660a66
SHA256 0c54a4ea3a29eb0081f15f772b838425106da52e57c08a781411143b0d20a63f
SHA512 154e816c226486304a4ecaf6e32193670b459273081df0addea46386bc47a43ed8ad541476fb8aff80c144d7e9f2792c7fe6669b17caef3f1c5c6ccf19e7c938

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\97\{49abf866-7a8a-4652-8b2b-42450dfca361}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\idb\1140467276yCt7-%iCt7-%r4e0sdp7o.sqlite

MD5 aef07912649479eea61783bd47d3305c
SHA1 4ddb7486af4bba834455f39513d610e850453145
SHA256 0e5c0efe55f43f491c92a203a089bb5529c15416373b6be3d0b70f09267b2202
SHA512 ad93d2fc0aec62ab1f9fd35f6fe2f7038b987c5d340eda6355f4021f4c3255b5868c830d44b2f7136cee206f6c9963dcc0480619d65201cf3f12b56daeec0afe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\121\{931008f6-e467-4b61-a856-56c656592a79}.final

MD5 d218f88c04e20a40503d5f8a5e565f2c
SHA1 b2d114b9925148490b6eabec4376a4e6e8e7d1b7
SHA256 e2c3ace516100df42266379d269bde1add532a203481e5c2648da04a170a787a
SHA512 2d39ed0c9f47da2830fb66c5a3a8b7ac952407fc080aa73c1abde9f47bfa1e9be4c57bd7cde9b49f8d39eeee459395bdc15d8ed8c6151ce2548cbed2d478600e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 27adba0efa9145f138d7ef324bcaa9d3
SHA1 7fafddb52bd39191183f14a6e4223c1748fff31f
SHA256 539892b7e22c68db39cc0c3a39a9efd02735354828087ddaa342fbe182a23a7c
SHA512 f11074068d9e8c1a7448fb1a31fddbe1d0034361085b3bbbef777eec0e5007f8d66a064badf0c2b3834ad3e96f1278251c75fa66b9a2bd7545b8f79dcd17ac52

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\87\{8e93b36f-16dd-48cc-b83a-2c44c7e6ef57}.final

MD5 92ccbe6108327dd051d1bce36c574f6f
SHA1 21f4ae2144eeb51f674755301d63e946639e4e90
SHA256 2230108c8dac0c35044696b98f9ab09344f109feba9bb62289a10f5aeb3e8dd7
SHA512 e7bc3ec185886bda2c05c46b1bc99a59587a684f66242f4749ee8cb2f8324aba90761a901e3d1b1186d0a2faa65e9a71fbb9072b276ed19ffe55a8b878222c71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\206\{e2ce96b6-da8c-47d5-aff6-c7c5960ea2ce}.final

MD5 be912f4bcd3b478ace5df6dc46d82aa8
SHA1 2485e534279a5fa834a6e099cccc92f20c91052f
SHA256 8a3103971412691de6ca0bf149f63e274d5347e8942210e0b14470bc2c74538a
SHA512 8d082b4bbdc165115c47454a3d641a6d6fc9ac732a6f2bc511802fae3ebdba8a84ecf64d1acfe1fc9c023cf40ae2520cd74d5cc428dc9eba7913a2323b27d59a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\20\{0cfa6e24-aa70-4ba3-b249-cb6f516c9e14}.final

MD5 be203547ce77fa7a91259437b55c0d1f
SHA1 cff2ff2c9469ac96eff7baaa308cdc886fab804d
SHA256 e5f9c781a4756c64455652d9b4bd944aab9ecc1eef556814c00b1797209f4840
SHA512 adf00778a63ea8a143f8fbbf61188392a87a376234e17856339036854cff3a5247aed0b1c0b603332e244d348d58402ba58b32f6df6cc8e18f9d8242f6573f71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\190\{2a56efc3-af28-4044-a889-9334ef2358be}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\60\{98afddc7-44dc-4214-9549-66af24f6c03c}.final

MD5 5bb91431fd034c035d8d1457c752c8f1
SHA1 26c815553a8a3b7729d2096fbe111ed2e835bd15
SHA256 9bc714e5306d673cea8a5fd4a58851ceba71a42c3ff760291992d5b78c2708c6
SHA512 4ed4f3f40c0d7725af78eb1bf136ca4edeb14c34c1aaeac023fad838b286fe255a10deb2e0d5c0d71f7d2b55c8c8303b8e1e0813a74bab0fe204c4b6e805c4e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\124\{8b5863de-5765-40b6-9ebc-56260e0a157c}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\78\{6ffb3350-7956-4ff1-9cd4-912428f8234e}.final

MD5 329d8ae08d8dc87f86a511b55ecfc6ee
SHA1 46a40fb3e9c046870707b0a98fff5a53cb4857f8
SHA256 a61773d79b8fc91cde32c678a7e7b10cd7ee94c0023a83cce29180c032f5472d
SHA512 6940b02abfbf4cda7439f2b0ddbfb7b63fcc451b12d2a3fd4dee2e0d1f2fa3c23af1b5177d7e6f68db6252d5aaaa702838bbdfac9cbbb12b6588e9db535324ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\serviceworker-1.txt

MD5 da46b70e6b7e03dd0266dbde1116b439
SHA1 e856835df0c911058e7abde4354b4f92e6800f22
SHA256 e5f16aba2be60aa782181997adb98b33d90f4fd2c10ed7e7e834fc862d27196b
SHA512 cf8f27a199502263b5dd257dd5bca20c89bc84bb72aee663d4a87347b959b4dcf6504728f134b572a0dda12d1a90799312d004f1c3f23d29ec4e416b934ebc72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\serviceworker.txt

MD5 5b0c864c64591d61f724a4676cfdd78f
SHA1 04504db74071369ceefd533c49d04c39d75930f0
SHA256 56b2f67c1b0bb8686eb9754c3cf4e7afa9ddaea0043e23e943e96867b1737eea
SHA512 50bb60feda775e2fda26e0f1cff0e1a945dde5bf34906e8354dd12b5993c5df97474b5871cf6119a96ea67f204c15a83ca9a3d29f5fbf5b3707f98bd3d5c3fdf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 1028ae72f65ea99277eece423cfc2844
SHA1 9734361f46e0d82c7235231737b45f03cc9d4014
SHA256 1a46bf2848bdff56bdac11037078de4dc12daa1ba012813abc699f557d7d6ece
SHA512 d6ce5820a6945b44055c80d3a18f035577e8590739ed56ef70946b2fb6c8d361a0cf0ce18823979dbe0a9635f75222745bd2fe31941feb64dfc231f919cfd66a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\109\{482c775e-6ef5-4a26-aabd-26dc418c656d}.final

MD5 d0d1672cc7d147f9f802ebefdb01e914
SHA1 22ed7eb147f695ec1df8ae6f43cb7787dd0ea652
SHA256 62efa98b135e5ef8779b99489ab8200b60026a5b1000ff3c997f3be230febe2f
SHA512 7f8ef8af3f57a6aab90ccda6ab1079e43630de11d14a780786a1b0f1ab057d7cfd5ab512b53ecd8ddd1bcc669fa56a0c260b2df421db64e3855dee7d63251a68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\229\{0c4a6e15-bfb8-4cd1-a9b9-c8426ea253e5}.final

MD5 440b8569f0166adb464f65b587fc1864
SHA1 bd9ec70774c72144b24d6b025169adcf97f4100f
SHA256 7679aaa38924228f58794ffd76387e65f03fb1a7ed42ba79a369069f2da4c13a
SHA512 2a4d57dabf61b213de49a46569ad00401afeee417d28936851c1ea346d65d5019be0b8092d1857b58ca0bd0f2a1407452920a2f3e0a69688d61bef25b419fcbe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\43\{54f99427-a0cd-4650-8c92-49139cc9bd2b}.final

MD5 9f99c5db53c5fab1bcd32e05ca06def3
SHA1 6b898b3b757218e0bb43f98266f14ab2ecd922af
SHA256 99daba8f81f9cff4feeea76ecec876840213816b0b53a16c60b9077c640e6831
SHA512 36d66379ced9bb670957e4a1705b8edc22ff433c601c1acd34b96efa900d58f1971b73ef8c7ef0ad7e07d15fadc97b68ac182d4ce5f592b67cc5134976be4b9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\2\{3141961c-50d8-4f69-a11d-8a279a513b02}.final

MD5 c77897e6cb56bf612d5da32a91818a01
SHA1 87cbf849510db922f150d580aa60348f88cebe7d
SHA256 e255e1806d795b9af361addbb3eb121468dd6d81ced2ef48db65aca794ee601b
SHA512 cf2eddf97b7e5a94ff53358bab04f599ccfb6a9601de758c41865c76506966e75d75516915428a357bb9760af1fd0053448d1cae852ef24f238ca7d9cbfa76bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\189\{1ece1bab-4c89-4a70-9ea4-7bdb466437bd}.final

MD5 fb3d6634360a9125ce7edd27c987c8c7
SHA1 d3b094de4065f9302bc48d57637bbe04cca19d0a
SHA256 e75d4b40320638f498c0e1b2daf9a4c9f2ef1f09010d48a88740c48b43d306c3
SHA512 c880e7c9a5174e0e31a733393744e19c82e6a7f424be9e35a6736cc1209d17552e0c5a6cdb8cd725a77a00f15d2e4065b21db78a99abb5f35758d32adb52a53a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\159\{5b7d2ecc-543b-40c1-9786-7c3123c23f9f}.final

MD5 830028a05fd627d68ab70e41825f7f63
SHA1 721199e2f117990f999b2a41d91536aa4790fc76
SHA256 d7f263bba51f160914640b1310d713268e564d9bb1bbb878e67d442589edfca7
SHA512 7af9479e45a89cb49053df5657133a83b86553cdbac5be5fa18ed069c111021ad7d82b02404bb3c35b9e8dc1ed66c3c05bd8a5e8afd4c0d66a598be3ba24641b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\207\{5831bc3e-10f4-4a23-8c71-05696a5605cf}.final

MD5 cedfd917c042bfd5faea22058d451ad1
SHA1 5a98904fbf1c9bea6d27f75c42aa49c66db8c54f
SHA256 9cfc9e25c7e723abf5c14049886f33d836c6ab91b40218920efbdc864764f3f2
SHA512 5f7513b881549aba1fad170019ddf45e780ddb6a576e08365f4c9ab2c8bf4e7d2d5053b1db4ec6a2af570de21a182fc8981a0790881172d8605c023fbbbba4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\152\{9f20b73f-7e44-4118-bb73-0139d7510998}.final

MD5 5409f7bf4f5bee52df75c2e72dcc9f36
SHA1 7d03d02ac3127b6d3bae88725b830f05e2c19b92
SHA256 1e026c82f67c10fc4746f558ac948fa6549402b7331d97fcf7b22690cb8a6696
SHA512 b3b6a124599c979b29f89ecb3d28f494e1d9046e373539f94acd3d89de284dcadf860c38067bb496e0d8a9d6f1a4e54e15a82d0dbabfcc6280543a25b7bb86f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\50\{ab830f43-6d2c-4367-9efd-bc8e57c04c32}.final

MD5 5dac736054f1bfd6efddc9f8941f6513
SHA1 8d333e22dc6fa20e26c4732d5ff91c954433185c
SHA256 e1f390622425670904099ccdffe9b808e555fc402e7015697d49f9f22abf9175
SHA512 3ea570e7041a136d250e5e94c215b468991b70a6d6609ed27907aba24123e068e08559bbd96ca39a615a52dceccd524e3aa52702a8ad544f8a7b952fff935577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\8\{933d8154-4071-4993-a721-1b0898197808}.final

MD5 7b4110fa3efde7eaa286ecb28002c24e
SHA1 ef18905bf90bcec8d651b137f902e2d70968b960
SHA256 3b339433141e9d91736ec678e692c2ec5890be7d216f4ba576461109835b802b
SHA512 bfa6025d1b2638ec2aa85188c52d1d15b9fe8c85f1e431da724f9a28bf6fbe78299539497a24fce08e48985430e713c5982aec2cc5b5c137f5b611be77767fac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\205\{ba68530c-80a0-4add-9fbe-9ca89e9b31cd}.final

MD5 da8e7790bb2c0680d5a9a526d7474a08
SHA1 3279d1b1f5ca2f2a2b9e5b7a29e2f9f5ab61a4c4
SHA256 8b9eb35aeca66ee8f955adae46f47e61f8f2440956f55efd1dc56719ce039033
SHA512 8b2012e93e957f9d6386e3d736345dc63e47e568fde53f763b96341c5195246a0779abbe4d8e6e8e0ebdcce37fe8a76c50e57c4935768cca5e341e94d06c54c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\211\{a72c5427-d91c-4777-a1db-b8c29b774fd3}.final

MD5 8c366ecb84c70e347b29a3a7d4481aa3
SHA1 10d4652278f842f021edc0e3236a6236c091423a
SHA256 6b05f1c42868a41e00179baf6ccf28dce77c03484e47c547e55841143607be15
SHA512 031a9f94420f7d0879313d0af17d6d4cd0ab7e640a3e4da608f1c06da6f6cc945f372ab6c26b582528f64e14875eb1844c659932557ef1a85dc7c1562eec4f56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\88\{6a0c04a8-875c-4e42-9cec-4d65cbb87458}.final

MD5 41ac5330ad29447b8df7fbcd77d3560f
SHA1 e883b4f25097c82ac74adadf9411a389c93464de
SHA256 5a2a0a377651fd208b769efaddc27a0393edfa6df9f57f42b882e3e629a08658
SHA512 5f01c7a53e232178f8429fe8d5709fff90ba48c4eb9f0a5d206d4d474823a8c05388b6985ac057aa759e7a386cec0083e2df5894a2606fc03a465813cfecac8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\166\{bfd53982-de63-4bbf-9123-0f40f3df24a6}.final

MD5 67303b1686c6123ec1993a7973dd2757
SHA1 c39df2ca0805f5e9f640554f92ec61df8d04917f
SHA256 aac4f7cdddc0c2a0ec73c0cc01664ef6ba0510f5f047045598f681c4ce8b5c3f
SHA512 40e2e2e0ad6500526fbe5e588491e55ae8d27bd80bf23e41d5158f48a50a0e9ba430a8b0852f71f625428fa3f5050130e057edfcb962c30305d86488ff0e6be7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\12\{d17e7cb2-13a2-419d-a565-4c4e61b2ab0c}.final

MD5 a975d247eb217c175e9104e649cfa5d0
SHA1 d85ba5f059f8b624aabbdcb974b16d05fad94b1a
SHA256 3165df152edec50d78e9a54edb28e74682976dd15e4bc1e7ae72a5838a8436b4
SHA512 cd11924a023f8c57315aca37f3b77a90b2ddc2db55417c4002e916c917fa7826c521240a646e24b94ce72192bfcc2739b1ec0edcb790ae33960a3329c2af22c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\150\{9d95b57f-59cb-4513-afbc-67c309e7e396}.final

MD5 680103ce64ae5c8edff61a1e3240326c
SHA1 03038ee24f31ad0b8da727f0c3dc3b5879b26c8e
SHA256 3c24065c3b89ce87c07f724caf59d270c80b7a072d751bd51e2f0b27b594442c
SHA512 68c0beb28e4050858d9ed8f79e0bc4a24abc99b9776faa392aa7d412a83b8d7320645ed498b7de7f1d712ec13abb554862d6c2b01d7223a229a96f27c9e130a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\34\{0dbef22d-e167-48c1-a35d-1d99a5fcc922}.final

MD5 63c7f2fc0ff6a57ff3d98d003b00abc5
SHA1 7eff871879b328e59dc2a5e959c9efdb9e93c91e
SHA256 d750432333b0cf3e88461237110ce0718e2118f3f65d368e9e0d798b9986c440
SHA512 b3eb057cb9578836664bc1d73ff55a40e66eb48b8a210587dcb2adbad404c99a324e388b2d88a77e61f67bf25a3825a4768e7cf6f126008637feb3dd01255d63

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\137\{acbe6f12-8b8b-4287-9864-471a3ae71789}.final

MD5 61fe63358ed5c171881bfffc422a3d0e
SHA1 aa75bd2ab0c3337649e0c8b70bda7f026c873854
SHA256 b595399f19902bc6fd474a33408fa74f5f4f97308c2fc8f8e6226897241e5cb7
SHA512 8f8de25ad07e2b76f2e8366d6be5c636cd40e1ea3a36c82595abd42113816a0c7668d1aa6af84b23c57644710cb607d166324330e8e095613190de5159b3b3bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\220\{147f8297-d5fe-48f1-bbf7-d9269e4ee5dc}.final

MD5 93fe42b9cacad9a58418d5702e29918d
SHA1 fc31ea0118b5b0999dc102efb09ed974b0a6ef9f
SHA256 10a26c50074171def0db39d8343ce1b08c398e77336f87dac2707492053f891a
SHA512 9248b47c5b621c6dcd9792b25c765c6bf7dbab2a03eca1f4507ea42c1aff3f08ca165f89c75f43c2bb1f35514845ea7ccea5199bbf57ddaaf631d0a4bb2ccd7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\191\{420a3231-3668-469b-882a-fbd5c6ad8cbf}.final

MD5 103a3bb224f38cac909b8f5719ac61fd
SHA1 a2f0ca0141add7d8ccf18e2cfb38acfcee45a0fc
SHA256 63f1c1eb498439212024b5bcc18287e503b28cf7d84c3723d153a78f1cbde45d
SHA512 00c640a963ab78076b97323b51f2a3e8fbcfe288bf3cb52c97d4c3e5cb8e62e29affc9f616ed35d3ee978027ccc9d8d23dbc9d7e78f48abe8dc707fc6fb215c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\82\{d2c6f7c5-4873-4b25-8704-039f63c4aa52}.final

MD5 1a840973aaba0bc8aa82cd789f229983
SHA1 dcdad762a070027acd4d167c919a8b12eb7cd4f2
SHA256 fbefd71795c1a773b199567dea99ea28a5bd85ed96abffee7e3f4c1cf6f57c6c
SHA512 871508335ab32879d045ed3309d52512edd03c69e3da9813de212b19ab3ef2e4939f7f108262f12bbcfb593cfff2f1b3774bf4a84076111569fba0f306dcb773

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\38\{754b9f27-5652-4970-ba11-9a5594ab5926}.final

MD5 3642d5820ca7ce4525164aa44f5d6beb
SHA1 b8d4c651b067c3bd08f2fefbc9cee8fda03c9354
SHA256 9624b4751a170b67e592dc6b20f93a13ad959ca57a74bdd0998871414f05e512
SHA512 3cd72c8df0f244da5aa0ae250bb9ced273a45c30374864ea662b4e518dd03c6b7ff8030bbe1ae5ffd078ccb8b8338d43b7ee61ef7545059e87616c56fd3a079a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\155\{9b113a2f-bec9-475b-a080-e79e5206e59b}.final

MD5 501e302df1cacf7ffe388900064433f7
SHA1 d044ddda684b1a7b8acb5d9a887f1b92f77f10de
SHA256 baad1d86dab561f7abf009b62005456a15797550fd0dd565328f8c1e7e7c23ca
SHA512 8a75f975a60c979627e4f325e7ca6b8af17df51e425b7df27ea45ccb45b0b37b8ff339a7cb1a22108f1085854c4bdfe8694a6009a41df07ffd93aa7c6766c80a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\120\{de3f69b4-5ed6-4b4e-8efc-6b3eaecf3878}.final

MD5 ff1714439da5865eda7a26d7366ecd42
SHA1 d05ac8350fa53bcb01c187b349b9c0b6cd990da7
SHA256 f2406a6799cc1538f17a8ae8eb0f6b053fc8f8cc37f77429de1fb638bbbebffe
SHA512 4d76e9d3676913d82fe7c85f4f481c2508eeb7bdc76f61507353e6af12c70dd2721d43d3405809d518f29b87c0cfdc1658ad688453e37aaceb4e6cb68669204e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\178\{c20102f4-9a35-43a7-bc32-7641e1f3aab2}.final

MD5 25bc26013ca16ec022cc26f5370c3769
SHA1 0b959045667e2ab2efb992cdfe8abf8d833ffa83
SHA256 8e291ff624d1139db9423256f8b7637e909580a54b8838c81119b12cc631b84b
SHA512 ed775d60df5dfa9d6fcabeab00e46d6ddd421f19c8de2ba3d1a78786cf70ddcd86e3dfce18519d916078a36a23f64e9db42149a4e3c26d58ffdd565f3dd9afdc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\231\{ab338970-a2d2-4782-91d2-24f5fa4ebee7}.final

MD5 d53cdfdc78bbfa83f76b88fec1baf8d5
SHA1 44fdfb015f2e0ef773b74c91e7aa3084f86be4b4
SHA256 b60f85072330edde455cf9a62c94958d66793b18f461289da8a88b6bc0e29621
SHA512 07f7f09c3828e81d79f88d768dcee3d8f91aded0b408bde57daf82593eee49a1ef2dfde683b0aef1059031b5f9d701dd6a20673020578801a66555eef720f023

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\229\{a814403d-6994-44c6-8e09-f9e5a8dcfee5}.final

MD5 4a514bed69506c494569d2de079a4565
SHA1 cfbcb0c9ef303e49adb4f8c85191593dcbdd95f6
SHA256 9b16a083b682783c5014b9a1f4f6914ec9399100e86fd5e56a82fec41ea96a68
SHA512 c2d81af256d7d5e8bf9b4c2ca467a1972aa625511ad0d63c5da573d0916b85b1b09babf4a606d94f6b79f3db26bc00ff8c4b08db485224383d487749881b88fb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\60\{a59f5284-fe39-41a0-8e18-87baac573d3c}.final

MD5 5ecad04347c2a8c59c4b6a885e947fcc
SHA1 ddfcb94ac1af832b6a831dfabd66b47138534ee0
SHA256 9fb212fc86221efff20faff19c616c41932108a588078ed6a6377cde48e81d4d
SHA512 9a79703298ad64b902f6a0328f6c80031f540a7267ce4f4c96cc33b6b9ab2ba23f1b190f0ed1a51da1ed7306dab020ef30f87331da5cd77d01789c5e8887faf4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\24\{09e70d9a-e668-4106-bbfe-19e41772e418}.final

MD5 c4e0cb3d3de8b6bcac527d2f0e5ed241
SHA1 2425b0c4ddb89f31d101257662629cac0c3cf0af
SHA256 3135abfbd2020a12ee327fd81c3739da37a6fdfc11d2032634ce5d33e916505c
SHA512 29e026c7ece58ce6c56d64073f3b0f6a008286edfef920973b7e399ef57f042780f8cb5a940d8654c41abe2a6fc8f60e4427d70fc285fa7fee5fdf473ae66fee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\76\{76d48a99-a530-4235-8c00-766d1a68214c}.final

MD5 4281c6880b38580a12983db6afe98254
SHA1 052f3dbcc36e439f4f23b1e1b608d92ee8e72654
SHA256 98cdb9a3eef1764f2034497868bc60328364b1a414eba55860fc1756aa5f85b3
SHA512 6b92b3ccf7ab00db56c0cd6c7c180741e1a154be3cc04199b883e7c350a818a6b0357454116ddc86af433f3afd57cc8dd89efed7cd0dfda6c3d9bbb270dba533

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\129\{552c2752-efe7-4102-9ed9-6dcaf2e47381}.final

MD5 590de80c94ccf9eadb9c7d51be8e796c
SHA1 e2c967e833e34a61c7bbb2cacabad6743f3d48c4
SHA256 75b7670458b285925b57d33949d24b515dd8fe50466ef7e4a4cbd9a402f168d0
SHA512 d06068e443b20e3778c98441fd8fab3bcda4fbba3daa683e3e7c18c0de280d59d4261de63ef47ce8fb9a819b3c7f8d612f7d6b7c6fed591be25c19421ebd7a91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\192\{1b7d8d7c-c960-4295-b658-c32fda887dc0}.final

MD5 5525a3d889a5f2b22309572b81eb632f
SHA1 75570ecf4e74c8094526263c3f8fcaf09d4ea87b
SHA256 82b1f81789c3cf58f4985bcf3dd14d3606a9bda013bc08501e36bf46c4fd4e52
SHA512 d1e9153d5da3549d63b5833648191ec199a616e64c343b2985a11626465bcb728e39a3a04b906ea5bd42bff8b7376ef1a26e65c4e62b689af0cba19487fe982c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\77\{61279fa0-534f-4d26-a3c8-c5dd01e24d4d}.final

MD5 a5a12471c60b1660512fce9579675a2e
SHA1 d702b7183c27a6b08b626c9bba460ce0e20a7395
SHA256 2b8ad66d9eb14d6020cc86c9472a8d32859faec20e5bc971bbbe068753b378c0
SHA512 ec69cf09ef623b7971bf8a42267e23c4f5265127608a70d1ea8ee7a910982e075723a0dabd7053022905c9d0e44cbecb4fe2fb1005258fac9a0bd5a33f3b6014

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\81\{087e252f-dd3c-4bb2-9b47-1422deb31751}.final

MD5 fcaa7f35d0b6f5dcc3edf6ea35b7ef98
SHA1 37eab86381cd122095b712d205eefd4c15ff49c1
SHA256 67b688b893251d9e52650b3cb720b6f8be62c6e1afec8ea4b223a8e975d27b1f
SHA512 becd339b63fb55676cabeed67fbf4e28740feca0995b8734a430359c96e14b8591d4242a526d920ac8893d9d22ac125288e8ae8dbfb0a0fb484ed8544774958d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\92\{43ee6f3f-7268-454d-9257-4022a14f0e5c}.final

MD5 a5b6e175f5a577af3302c7029593adfc
SHA1 7b21982420c602f2678b28d3eeb7172d5c491903
SHA256 02240202d841f7910cfc4d17aebdef67a1084e704359fdf544d80dec3809a8e1
SHA512 9e62f4350403815e642a70d746bac7c8862238a8f108491f6e33031db7ebef4ce91a9a97d83f9fe9c15dd70333bda1229dd7d1ee709f964dd8c65071833b6544

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\244\{2eea4345-4d06-488e-a8de-94d7e3b890f4}.final

MD5 3f7a4ebdd9e533cda0125618ad02dadd
SHA1 8f024e90ae75e5926e0f9d0847e2a1520b4f8eab
SHA256 3408ed8bd0781a9ee0576ff0ddf30150456e0fa59b40406b21248613602c1043
SHA512 6257799dd555ca13833a2320b10056a966f1f384d474cc66e6ead51a76b726e66ab64add92d9bf3a85456ec75b5b97404bf7574eab7d3e6090b8f60d2799c1ca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\53\{0e1adb5f-22f9-4db8-9c5c-65532a50cd35}.final

MD5 321ea72e49df8692233391c1f36451e6
SHA1 2f016758fc5830a806ed9891e574936db521c034
SHA256 8113ef313d8a5519df57034e29db538c65721112804bf1a1a446b8302ae7e0d0
SHA512 86d5a408e472a62c2cfcf69a5fadc122f7a62dae866a36fdc4a7381de6cc8028af4ba51cec9c827b9815c26f75db82c4813ab25682c728c1f03d3bfc7ff21114

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\32\{3d162dd1-6c70-420b-9f54-24233e9f6520}.final

MD5 fe5981f30c81e299a4b3cbb8d54c236d
SHA1 86d257366f84c5da701ce39084e8bd6b54a644c5
SHA256 d94c2ef736a7e46e3c6da5ce1b0f4ae07d1aedf5de035104fa48c3804f5cc86d
SHA512 51bc339682768b4ab038325bc12186aa16836e7179d36ecacdc8b4559b70e76e7868bfbd1ae19af5fc35ee36299060166d5c4da74f70c0816849510f93e2a403

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\84\{390b6873-6ef7-467f-8b30-5ce751cbe254}.final

MD5 ee0078268c18aacfbb32f121a2bc2902
SHA1 413487a0a575c27405b739fa8938a66b61a24149
SHA256 9718aa5eb454fe31d59fb6cb2d7bff3ba1f7e73b171c76390ed97b749493a85d
SHA512 2d776ef4276e4f8cbe7782e1aaa91d78f1154cafe818b8fb507e7e5f823c1ace750e8b2214a82448fe0d3be43fc25f1c15eb93d9198ca4c6b1962d19af45ccf2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\125\{52904ec4-7fd9-4810-b1d7-ffdaffe5ce7d}.final

MD5 f8a4486578289f338eccea68bf578c6e
SHA1 6cbd17168a35b3f10b74a28f1fa3a83e161a7e35
SHA256 264c3ef4f7bc3f390875ca49d87ec35f9c4f0bbb0eabfdb38073951253ca721a
SHA512 e896ce1bbfd145a4c38f7e81a8afb12c3f354d5632f24f26cf19e8b5f1a466fca8d098e7277a4c0979170c37be25b6cdcc0654ae94f46908bde1810d4c03c3c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\147\{7c7a9394-0c5e-49fd-baa5-b278d10e5693}.final

MD5 184e8de5f2d1b10b1cd688026dfec0ca
SHA1 dd632464c3ad026e57bac8efc3348eb7349dad84
SHA256 e3aaf869118c6db298d843c5308262f88ce5ba474d88e7043badfdea4471c93f
SHA512 e3495544032b7f6760967b0ccf57861ec5454bb32e8f5f7d2165fa63e6ab580e278275a1f719fa55fa17fc0a3aa9788e15ba60ff2ea0e25557f0160607066143

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\6\{e2f4c5c1-d44d-4e7f-8365-8fec005c7006}.final

MD5 41d7c0ee3ebd3ecf60e8f06238d8976a
SHA1 313d08e7b04eefdb0ec87504462f522d7cb94d4d
SHA256 7b48b7ea9af7535de272491304ba8988db28c4cdf0d50c800e7d461666e73efa
SHA512 9619b290dd7e07d7a4d9768ee35dd564e37f1b0f4357bd2cb8a39c1289772f275f23f260114fac395974f544ff70efc168285a34611f40950eded0735d2ca6ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\153\{f382ba21-87c0-404e-bca1-9b3556968d99}.final

MD5 18ea68569ded72b5f8f681906febe6a4
SHA1 5797e923cf4e23b0c5b834923ed11b3fd101ebf4
SHA256 3f7e5effbbc5b1d293c34e82334eef3f6f20195436b46a97c9322a406af63cc6
SHA512 e32bfa8081fcb47042097617f10454358b0fa206db22cf3d4ceb09c7134ca97c4cc3d8d283e1dfe7b4db13c0254ca9aae2fc2dad38d50cff4375373d76d9e060

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\144\{8ecf1558-d857-478e-b5dc-ca9cf3aca990}.final

MD5 a601665adcb4c6be23f3f43db3ecd713
SHA1 daf1dbb4c74201e6e986283fba3603b508d576d2
SHA256 38f281885066fb223a840e11199c5fe053ce470857cb8ffe5fdee25e226e2e7a
SHA512 b60b5afbcafcfb4d4751dda855ce4e40674ba635a28dee30b9ee8dae0cc1a751623ebcc3f1657aa1e847ba317dbb4bcdf44e73fd68b96ddb9ebc3d0a73bb5ae8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\166\{09090d2e-d67f-4c9a-b153-7f040af38aa6}.final

MD5 50af989865f9dad63f573c5f2bb66321
SHA1 91c2c613fe2faf799d1916e3245c8f7672926d28
SHA256 d36552977b70782f63c9fd0ebbadce131eb78616c7c5f0e0274746cb0adcde8c
SHA512 074f69af44958bf010198bdd2a37272d30da53a22d58313606f5c1f19d67597b98c6cff376bfebf63e199f3965bee93a0588cca0ad70a8eb9e9de3ad9afe5d29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\252\{b7f074f6-354e-4b60-afc1-1884460f6cfc}.final

MD5 31f682f3d011c942f1c41b7f915eec10
SHA1 0163e4cb475138b8f6ef221cf0bb15055f628f4c
SHA256 00392c87ab0206705a7f066ab9b2cad308eb3b2d0b538fa535d053b0c662c48a
SHA512 da32317bdc01471cf7fe107c80d3b69646aafbde3ba9ef7d4fc674c56034d78dfc08ef33d8c133cdf198e4ce265625c8411cd85b2cc6d57016af360129db733f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\215\{3d77e162-0ae7-4b25-9787-80910338a2d7}.final

MD5 b0e3a03d13d45c1f130df30ee51eea72
SHA1 ed19adf38b3978300a958e5287546be08c8fb371
SHA256 ab156c3358cd6b946718508bda5099c8cba2e4583e3d03fbe0401c0e6f20e5e7
SHA512 3fa2fbaa7f78f69d0df8e3b8211ad56532cb0a68a9ac89c37fa5354fce51e114babd0673f2f44d109fe2e518ad7806b7ff3040a840e3099be4cc5f6dc07f8154

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\186\{e1a97bab-d958-44ad-afe0-bbb1bd4e2eba}.final

MD5 0c93d244125f8056cc0a69a4ca53f049
SHA1 e35678e1a49498e40e1ed508b521e79779a6d25a
SHA256 f286ce18e4e82f60816536d23dd2b1708cc45a3d1850b132b282feb1d5aec4f9
SHA512 198952bcd97b9497f6cabd7c9dd6cf0b8e75416fe5a2eaea15ca1e30919b7219be5b28985752834f0b8d501b9d6f6b637ac799db078a16f1e7e95480dfedcf5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\146\{eb80090b-7c9f-4ab5-bcb2-385423cb6492}.final

MD5 93215d67966bcb26afdfaa76aa00aa91
SHA1 aa3252645abeae4e228d6595c93d829afad380a8
SHA256 aaf4281ab5534bf37010c4e3ed86dab18a9f4cf8185f85ba7b0e6ac59c844849
SHA512 52df1847b0b802417b245e1fd51197349639fb25ece34a48003120b2920255b52848b3318f0f9602f8d8bf22bc7e761082befcd21b9d06b6a1e882a23f8c9ba6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\42\{98be01f1-5e8b-4553-bae7-01b3b9fc632a}.final

MD5 8d9443186ccb116d608c8970023a6c4f
SHA1 c280277c0344161167dd348d9267548041e95124
SHA256 70feeade7e05a69d4604df99cf1ff6793f7aed0879ae06b50a69b86906a892bf
SHA512 66240fc8a36102b8d3cc7cf157dc80981bb05ff707efa775b82ad6219fcb72fca9a3c45f30aed6147b222356a06a9b4063c9967f41f1a246735d68bd502eca51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\187\{b893a93c-9c5a-45d4-adc6-62dc82b03bbb}.final

MD5 9d8bbd70725c7ef1461172bcc4e85c13
SHA1 a4c4db2ae4f58c81ca1de7fced23b522d6bb8f73
SHA256 4fd302f56fcfae608964aad2038a1570e38e96b82d52d590387ac91915a8c8bd
SHA512 fc90e23b5e86c1d6aab537069159ce5eeee5068817b6923bcfa33d93e54358fc38c5dd8ec4638b9eb5349da1fed4679af0159ef958cf48227efb14dd67511811

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{a0b84d03-2f7f-4a29-bd84-da6dfbea04f5}.final

MD5 c6993227cd75c082eb25aee8332d888e
SHA1 a2e27914baf9a1a4b8579506f419bc7167dff937
SHA256 75c2bda8599570de972a83352d94cebc61a2bf66c8470a0461f0803c59dd8223
SHA512 bc37854e6471273085bd3ee362ede016fea6eaccb11194f749c3a092bc803df07c7dfed2d0a3fa538cd447a21d4875f95ccac3ff4f278c96249e7110cb968b39

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\199\{c3206fac-bad3-47b5-a59c-3462442fbfc7}.final

MD5 f5ec5b6fdcb0fe6f76aca19310305268
SHA1 46d30ca75e110987809f6cd78f52b5cb35302754
SHA256 c9f94f5a2384b5a253cbc563cae021fb1d15762412fabef25d90b4f0c60814d0
SHA512 d22ba260c9738129d976df698208c8cc7a9b70dd89c0f81f995f0105940a2956e3097adfd2c300c94387ebbff54af720429795ee1bf4d81f3a1b6a6cc666940e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\72\{732bbc41-4d1d-4488-90ba-d04c2f9eda48}.final

MD5 a2359dd14ab60b6ae0cb3de77ae2204c
SHA1 68a7d0619712a6b39427822c566995961903aadc
SHA256 fc224a0ec6745ccd78824a367f32ea4fbbfadd69e509579410eb8572d8e19db5
SHA512 ef69bd0578175d500ba1f0e2dc852de6feab7ce78d55506a64eac9438e89e7be673e540cba40b89162f2346079d99e2f84ccddd65ca61870dace29260e8381d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\44\{bf4fb268-1ca8-45ec-984f-4cb68916e72c}.final

MD5 32355676adf4c64f1fe47b92f9500b6f
SHA1 cc2a0c3f0da02c1a1ac32a3a5ba417010f89f73f
SHA256 f4b28298d53a353c23a88b0c82002f1036c376d22154ed21630a8c1d04e2a841
SHA512 1945dfb8bf90df999cf7aaed9c881b2d10df4a3550f2bceaef655b2379e79d8128ebefdcd4f37705c7b42dcabbbc4c25dec1c1f9559f4e727c6df45f769a2f95

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\99\{7efd5211-e69b-4334-b543-aac13dd35a63}.final

MD5 004c0529776665be8335ef4beb8d0eb6
SHA1 8b1fb58622c92f0ce3e490bbf21b532818797f8c
SHA256 493593022b630c1c1bdfc20479ebd34465a1bc79e066b04f388c6572375b0005
SHA512 6ee9bb5cddee2ae52ad1d3f068d08011ca5696975783fcdc816c0e16dd27c87ec0957d6c4b63cdbd76664899fd8f8df087db375a5eaca8b9d494430a6ae09efd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\84\{4061c9cb-cb99-4a27-95cc-3e19037d4b54}.final

MD5 bc7d8425fe4aaf118642e9a60d1b764d
SHA1 7456f9cbd82c691a2832ca856873d8e00901fe1b
SHA256 0ef51d3deb46884c157b25b78667241a8809dee794e3402c07b3c5fe972c1d92
SHA512 0a2dd57fb2ea736faa79c3127af31ad0671a06653d5bd152597fff5275c38d816ad1633cfee6e870c2de82aaea14a976d627fac4458c688d3650ad8197173301

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\161\{2311f310-779a-4948-a2c4-2f25ff92c8a1}.final

MD5 b6c6d354eb2e7e52adb948c0366f0053
SHA1 d7f4586d41fcee9be681c70bf002d36f6d2ed624
SHA256 8383e636c9249a611493d7c83a9f02bbc0d9566d5d3389d8082ad6042271ef28
SHA512 9a08680e4aef9e54a24e7956858ffea9871f874966cb36fef70b5e49f6126b2662c443b4049a3c4d74fdcc00c83d3af12072fadb11a96ecddbb87280a0a2303f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\16\{6e9e3e72-2dad-4e01-9a90-9db3feea5110}.final

MD5 253a9d7dbf4f2f8141599d38f58f86ea
SHA1 0766863065b6c57e98fb00fad0e6d8ca1c1f6aca
SHA256 fb659afa77a61d064962153784f63ba71e453e597d98b770c02aa31d1cdfa7d1
SHA512 379424e9196ca464ecff6e513cb32a296a63afa9fbb8d19561d0ce9cac304440896f4efb71956bc781cc51eedbda4f6d0e588e075ecba82e482ea2bf6aeb7371

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\30\{0b888d35-3486-4589-9346-09c855ecfa1e}.final

MD5 7732897c3667adcbaeb632ed111b170e
SHA1 eee532cc36738b7e586c193db814a088896038ad
SHA256 ea06cf7afba50fefdb6b8ef1a084dab27ba0d9b578814b3b79eecf474b200b67
SHA512 08a7130e9b36e13b2cf41be54a7eef19d209c494d177dea1d11e2e224f17a611c649683fc5b49976e244dfc4d91944ef481fe1cbe08d130126817180b97a0717

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\117\{51e0660d-7528-43d6-98ef-4e986eb48175}.final

MD5 bca3032426d23daed1b2d997b7bd5fad
SHA1 76a4776fcca6e6add4773481b6b3a82a7c3f5a34
SHA256 41b63a851c63d3c6ba8bd92548013e1a472973011f0be1b95eb2e29697b32b34
SHA512 67b6c14e89be76624f964eca71653977f3e4c5d8364fa9e008a6810efa9d0ba359aafa79570278bd80e57b6e31820d27dda06a588873c181ee96d8c868c4b822

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\60\{5dad0f94-ef4e-49c3-b20a-0086d09fbd3c}.final

MD5 df74de9b9890000872199833e120bb06
SHA1 9514f328171b10d04003469f6dc8a7a4f7daa741
SHA256 3756c1dee77d8250d1431077670e560f38dd9081ec36fa0b5f7f17ad58aa1f84
SHA512 73b313870183d2fa4ca5c38d2192b902c7a79796af1fdbe5e64d8b2d212d2ef85d0bb57f2ba486ff8610f22a9e952bb15947289107ac0d1d307c00015f4baed8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\233\{e52dc9f6-0bfa-4749-9680-6b32ed2450e9}.final

MD5 b85f318ce844cd0ac2d4ccfbfde4d2bf
SHA1 f3eea534e7b991836ce9eef594480ddb1bda1987
SHA256 480677e695c4b197a66db44b3d42f937f304e44fc560c6690885827cc99f4a5b
SHA512 1f8ed38e5dcc51daab4e6bc8af64e6b1b8316436519ccf21b2a8414f493efd374bc541a4de3a00fca1b9f48d113b235b657a94d9bb8aba4eee58d0802c1e10b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\75\{a567aabb-8417-47ec-a024-4cc279d8274b}.final

MD5 2d5401040d875e10273c9d8ca9fc511e
SHA1 79ba0a97214692e52090f4d2063deb4f20ade88c
SHA256 31342b78121940f85212b9b664588235affa0cc7fa398e80d5f3914ea12efe88
SHA512 b82ca313bc8e3daa966316e10c8303d144aebce1c00761df10790b93113b6eac2ebca429f099d88750427dff8de2a7448fa470e5cc2eb000c7cf71ee73c3edc6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\41\{50d8ffdb-6cfd-4c10-9b72-d69475805629}.final

MD5 b719a3c8378a40cb900349ad2a922921
SHA1 10a71eded94cf7fcf70bb4952a35434526264e88
SHA256 7d6082dff0e7a043a631ee1ac1c1e094458d7f7607d075db809ca60f531539ba
SHA512 5bbfe366cc072b80c4d35c45ec91c4ce60a6f5140e6ad7109554ca3dcecb765336ffe938bf490e99c8edddbc3571d41c8e2a34e1becdbd9adaf334b15207e167

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\99\{1593f0a6-a733-4455-8c31-9f6974768063}.final

MD5 030dd07949fee4d5e67e6885b76ccedf
SHA1 a83002727b38d84882fdc444a3f5d7fd7963acae
SHA256 95c8349deca56128ead6daceb682594a737a5af8a03b70065e1f2c6c4fb84209
SHA512 f094815a8ed89bb7e6376238142cc13887694fb184d9ffffdac56b7fae2bde2ce7acf3d50c0431d14ca2e03620526cc21bfe1b6c44b467e079e30e9dc3a8e87b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\99\{36b433cb-5148-4261-bdce-8da29f555463}.final

MD5 2300eafff09d478fbf68f49fdafbff49
SHA1 12f127da15a69beece4f71f600975e0503c77ce1
SHA256 f8c94c9f9dd4455eb89053d024bfd28afa482a9c697732ce5acb2df3144e885f
SHA512 93d447b0a87e4c25dbca71a80a198693b12c684c0a96b370693d693899230460bbd8c85c137dcc0b4872bd2d85fd0d10bfe3f4137c1b08f01da3a9bbfa481447

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\38\{ebacfcef-ff79-4652-8f87-05a9aa3bd926}.final

MD5 5a85b3ec969004ce7b23e6712c04860a
SHA1 dad284278108abf777290add4971eb92142d52aa
SHA256 bfa4bd5ff49d8418628f3a3c0da5b6d8a95d5436168b9482d6de954c0fea74b5
SHA512 37d836d572226967995b3f20557f98e4e55b89c08fdfbddd4dc45a6d4ee90a24e5dc8276d0e1971d7b366712bba3382086183e1498b006905169b758e44394a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\102\{5182450a-b2b3-4866-b4b4-a4d2518f9e66}.final

MD5 3183686d3a59ab0d15fab2be7411e186
SHA1 22d29c6b9fcfa649773e12680f00d868e6714485
SHA256 2a1c50b6d5014af422db7ff5661a5a68cb0c27ee9cc4768c99502ada0eb63867
SHA512 eb7dcb18d20e28d283ea7d4cfdc08c0da81e0499089117ac068194b1ca2be661d380fe7d938d5828c42d711842bd3793b2dc2a3fe6285fab83b90be4fe3c7b16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\104\{93eb5c7e-441a-4805-b826-e1e9d24e0a68}.final

MD5 77b9aae1c7a8890f8f7eea334cbbb493
SHA1 8d3c30da9a1d3c593b7ec593a6b9f48580f504db
SHA256 3df7b8fa7c272913690bbbb34fb054b8c8528f755bdc52b279f1db3ba9b1e875
SHA512 7798929f3422de3f8158923cf0cd5bd5a3199a093514682a983cba5f59869fd504952298c48184c392e9c763955df53e36737e912e3fc7e7b7bb5f9d06dedbe7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\70\{08a8b1c9-ed28-46b4-a666-f267a9c1a546}.final

MD5 4468362c2ee1eb539b7401cdc15cd5ed
SHA1 9602cd7e055024c9f005f4babc30a2b081116969
SHA256 844c8aa8b69919d5f1b1b31955211ce6c12a660eaa1d861c6d6753af51121d83
SHA512 744a0a5720ace6117e4aadce6cc4de732ee0546fdfe6bc61569bf93461dcce265bee7070ce0da4f468455460252dc371462ae18f2dd36d7df94db93f99b78dc4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\249\{63914289-3aa3-4e44-840e-855b612c0cf9}.final

MD5 d5863a176e9ee6ac54be60599d039e28
SHA1 f5f7a29eb9a11af06d43d5d898b36f9f3ce3240e
SHA256 54cf5bc7cbe8953c9804e0a58fb8943155199a10f17c4562887ca3ba0b923d6b
SHA512 06c32b976edde1a0e6f54b30ae53941b22c822986795d55bf831edbb63829e5f98f281e46eddb178ade027342d30242588c536e4b68f9b6b490bc0e3b53e6077

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\200\{bd436e27-f344-401f-b4c8-293159abc2c8}.final

MD5 40eeda94c4515eb0f5f42e669f82379d
SHA1 39132fc1c7d969a962cd635deac1080a8a988747
SHA256 153594e1d19e760a5dab99067dec3711f7363658dddcfd810bb9c9aecb9e9cf1
SHA512 487a41c6cee2268ab8df0d80d611ccdd8bbb58713dba08e6e5e14516e44784a85720cba0c3806bd6d1f010e32b2ed278bde753ef39d06f9cbd10dceb88c44d18

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\120\{f320ee81-3624-482c-8f24-75537c204878}.final

MD5 276cbe7276c7f3a0fc88eafb5ec6e68b
SHA1 de67587eaf19b38f2e9f02fa238219c2469605a1
SHA256 8f2a87983ce99d8418be2ccd1a0a69aaa0753c5086ba37d627a272b2b97e184c
SHA512 4f0d71b0dc2b94016e4983ef8e6288a57a2864f174b3be96809f0a6c4a755115cb198a22988f603e4dfe89f97616b39dae6c47662b2dbc359d40f184122611f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\164\{a898d0aa-213a-44eb-b132-9e112142d0a4}.final

MD5 06ce5d1f93456bf84d4fbc0a21d3c723
SHA1 e5af6cbbfee1f0f6664598bc5857bf8cdc1babfa
SHA256 0495e9f2a6dd37a787587b96429e7e96a5821085f53507861063e51832f853f0
SHA512 24380f9c2f3945dcaa3ef376c8c0d809ef73d5d88ff16bfc85b8f63cbfc9cdc21c2584f9866e835d93eefbc50ac7b692683c5073c6f92903a1f83b8181b8ad0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\182\{00dc38e3-a027-4ee3-a54b-5d5ec5a49db6}.final

MD5 270c7d24a7dca765ef1d970800a93686
SHA1 f63302cb51a13077592ebe8400033f9a6161c79b
SHA256 afc6e7f6866f1d4b29693471539111e745c3fb8c5134f77ac28aa576014f9577
SHA512 5a0ec373b86467b549c58ea11820e012be2a33c98c4ae86ca704d3f37a412e17137e3150be645013e8987a4fa6f6461df5099eb5ad3009d7c1c541a1aee51173

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\46\{8fea859c-317a-4568-968c-e0c49e97352e}.final

MD5 5f0826d7ab4d0c0d8674cf3933ae8fca
SHA1 3d680029dfc67c018e831ba039cb44086f6e8c99
SHA256 1dfb695c9be4cc9e5e39324c08abce9b23885de466fd2c4ab37e5338c5731527
SHA512 8e5fee0488ed6dbadb0b4331f039d7e31b015b019eef067efefcade716c11877ee869316554b7caf9ab468e88352bfee21e7765c537b4b2fe652024b3d34fc59

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\106\{f4203224-c681-4ae4-8830-9b3624f5746a}.final

MD5 037651d913277da474eb3fdb480957ad
SHA1 4f22a8ef775e6a571f7fc552e6ea0a522e5e6f6d
SHA256 c4dc92a2d8b27272c3715c9a332f5ff94ce47bc914c7e9cb94999876639f26c4
SHA512 c5d1a70050239b01ae39f9e0496e780994b37ccfe2349680c0cf39a8429e4b303d5da5d80f5fd7da667e8c7b392f36606123495b758e80dd11673ede8ffaa5f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\72\{bbcaf09c-4ebf-4130-8cc8-9fb07e86be48}.final

MD5 b3a912f7ad1772f6fe5812fb79fb8f4f
SHA1 00443a5067e504d2b102a4358ddb6f0484d464b0
SHA256 7663eca944129445deb2757f49ef731ac2a95ac01080067f5938dcc0904fcd7d
SHA512 58e365169f36ce049bdabe6c19ef7788684a68b2b38fc499f0cd7ea8232dccf0708d585ecd249d9a92b2023fed544145b967848e50ba44b0d2af5447abb0b761

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\172\{4870ef0e-c5ce-4156-8a18-f84d1784e7ac}.final

MD5 34eabb6d7873666c4dcd0f6e2c379fde
SHA1 e6dceb2fcd82d2513d383afba73625a4822b44cf
SHA256 2f6cdfea39358c552286c9a055d5e364e27d8a1e6700de932fd8f406446d7048
SHA512 ddd2d6d1c98d67ce10e3c4085fcd33499767b0a158de2975cc6993f2cc06c8c09cb1daf1ff628e4cf9127c973e87a6f3559e3459de1ffe4c8685e40c1998ece9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\201\{0d68f23e-a542-4dfe-9b78-c1f4c39486c9}.final

MD5 887d18f5d2a951296bceeccc0a2908bc
SHA1 d9ea3e25c31f63fa2b5c234df3f4a22c87b7abdd
SHA256 47c2305553e87db8d59361705090fda372c32938564297a6db1dec0e5dcbcf20
SHA512 ce858e1c6730655d32e099d8c2804288a654bf2f7629c9bff0a28636473c1834fc9f8e437e04b0b985998ee7cc499abc3b474ab292f3d7180e5e6adbb4d07956

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\76\{139e9c4f-79d5-4138-a9f6-d0bf4403ea4c}.final

MD5 3a412424ac9e9e38359ed78efdadc85c
SHA1 efed1bcfc57a1a6b9917cd3bc20d59f767adf5bc
SHA256 8cee6015ffd0f547e1bdfc958c906df98b64e24cb6dd5d89cc1aa3b38bd62bd4
SHA512 244689ba698e3c6323e8b72acc8ee5672bcdca4f859dc402e463d09b631861c996d90f8740b75d7e1668abc27ec447a1cdea1aaa30434ba56da1f7b06b84d57b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\180\{10470783-5e31-446b-a297-9c567bd6f0b4}.final

MD5 a57c59c5082da22125cfc69197546e95
SHA1 ecbc238d1f440562832601a78bc3fdc052df1e0b
SHA256 aa70e89647f51593908420aa5856e5ae4f663065bf8a12cc4ee1aba1a0916a9b
SHA512 ca88eb897f8ef1fbc65b1e2e426a2e8274a7cf8c225e02e5406c39ef5d1bede11a732673162e21379773622207b28c9a45de83a64aed110ca82218e7097e7cd0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\209\{681984b6-c1f9-40c8-b8c1-17a6035d80d1}.final

MD5 977788f7041189490d48fe8cb2db70b0
SHA1 896bbafbc1f4a310ab867f215c6b4c4494847f60
SHA256 02f5dce12d59393d9d124cf943957bb5eb8a21d12c9393e4a5e17142d78edc80
SHA512 f72744f7c9e77107fc48cc156610acbec7ef5d10aeb0a7e4319c4d771c63df47be77555e1ef057d07c6f6f593e2e7432cf529d337c1d97b111201bb01c056a42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\135\{06fde76f-2794-4f43-bf24-afaee2e57487}.final

MD5 abada082ffc6679a2067c452c7cf2afa
SHA1 99a4e6c70bfe85066f09c2ac1b2108d05f129c52
SHA256 fdd42399b41bbb74565be3da15f861b96f044ddee74f6f2ba29940a96b1f2031
SHA512 a4db103b9409b1a544ad9e449a3cd65db72937fa325f1d08419450997f0de9b1481fc7c31ec915b89dfaee13f42f4e50bed68155d2e39d42332c01f4f4e6fbfa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\52\{2e017b6c-dbab-479c-bcfa-1012bf2a5934}.final

MD5 0ef1f531ef723ae794070d8fb9f22e7e
SHA1 359a185e7e59e52162aa084fab2f31d2131d2da1
SHA256 7b92f7b90080f024b9f265b888631c058878628e569fb1301c8dc93ecafc90b6
SHA512 876120bfdb112bdbbbeb2a87140af386ebf91d13b9bbc02cf7e96fa0f9f10d66c4a7265811b7ca79223a61fe141712ea64c5c2773aad6199648e3bcd496225eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\107\{e9cb5473-9a61-46e9-b608-d430f627416b}.final

MD5 6593c3cd0cd304b103124a65062a274c
SHA1 aba82966f9eebb81bcb05ab9eadc5f9ec7087f38
SHA256 89e8c95a42b02e26e31e55e66381898d19e3ad9e6da3f27ad837c7470f9b9324
SHA512 ac4026f5fe5346f518171c3ce08c0ba5652382f1ef83b1358140e5696ae1721d980b925925ca24d2b84cc6a84b5fddc9433ac492c943d09ba2f8f2485e892768

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\49\{1d8dc734-76ba-45d0-bf9a-a9d7ba20ba31}.final

MD5 a16ea228c26d9635887c0f16939633fd
SHA1 4296ff50e58e69f667e69a5eb0e4b33d5584c011
SHA256 1147a378214d10a08296484419be2cfe7e251bf90f5f0ea9897ec1b79e195664
SHA512 357c2daf556aa2471b6f0887d32000939044ce584534fa0fba618fbec99031d0569c5ce662a9f3c1235785ab3fc9116e095e99396a082cb60e1c763f9e561c74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\76\{41316402-8434-4bbf-864e-1cf1fe3bb04c}.final

MD5 c39ad8422f2a033a19029e992171863c
SHA1 d4bc0db91f8b6a7e562632cdbc47238bf7074311
SHA256 d4b92610c82ebb2fa1beecdec652dd1b40731ced23e5281a1746739bb9636783
SHA512 abd2d36b411db7e869da2fa6434644768801ee8db91c4b06a15b8af4e3bcb8b58721d654a7208809eaacceb2d17a91bccf8d40aeb81c2ebb0817eeeb0a9c31b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\125\{8b9dd3dd-5859-4b17-a522-c664247bd47d}.final

MD5 3e7dc63be6da02f295c1b9a5c56dd322
SHA1 0aa6083dee17a265efa6814d10f0171753c5f042
SHA256 6ccac4a1dd37f1f6d1bc68aaa92f48f02d92d3a23be15dee4d83c0b892fd09d8
SHA512 3ee1d46e61646303fbe77cfae5231366edd2862e9c2bfa45529fd7e90d7bf8fb62969c95f4125a17760ba6f934e5d51dbb5ba42bb43e24af33b43ffc0faf53b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\132\{ebd5f957-ee13-4e6c-b092-2d7daddfae84}.final

MD5 ed6fd5e11dfc8e4cf53ea851ea9ede04
SHA1 fc392e8d4f64aec77d892182f63fedcd543977bf
SHA256 478c763f896d5b271626a85070b75e8d66dd1eed1dcd244d9d6874bb1c24e6b1
SHA512 5da78d681d8feed8958b8fc60c4bc7975e9a4cf3e94e884e2525005cc1852c5643cac43cfc0c387381ab6f8d97d90a1d22b31faa0a1ee3529117b471cf6ff21e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\157\{0463e194-d228-4712-be46-02223f6bf79d}.final

MD5 a8ac2b1daf1197439e18577f9341b301
SHA1 7c6e18163d4915ae57f27df9cfe607834bb998c8
SHA256 de289ef6a8ba393577207b6a036d9bb0462b56479d9fceec6b4c094c8891a72a
SHA512 617ac8779a29725613666c729e3b0976f0bbfda6bfc358f7e606a552dd0ebf712de791d483965a72b225412fd7532764a2ccb2df1b3b91666ff25fb841cd3c93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\94\{58cbcd55-0067-4500-9f54-433fc30a9e5e}.final

MD5 6034306070954b482117c7883f153714
SHA1 dea03382c66843d3b2f548bcc628dbfbc3cab661
SHA256 dacb173c166fb4640953753914c783a1c8aecda2eac07dbc30ca70804bd8c029
SHA512 dc178d0f42734ca82160a12caabd406b1b16f414e09d67fee35092249aed61f570702bd1716a169c1e97e33fcdace6709e98044884e7459e453377f103946e62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\94\{765a7e10-07c5-4306-b08f-8a76e2d3465e}.final

MD5 9aabec02bb846ee3fab89838fc80448d
SHA1 8b0f294de64204dbee03446885a8f31f03a22b17
SHA256 31afb122c87ea568cbf6b96fc5bb8ce12eaa379581d41c269ecc4674d452d72e
SHA512 198e2db29f6cd3807e92fdc6fb2fce689ead581fec734e414f953595d1d4dfd0de8a23a364d3665380b99e58c4146d4899ba0ba6e3e818dce29bdf809ca00b73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\157\{f811d1d9-d28e-47dc-89ae-51cae347c39d}.final

MD5 d8600167064fcaaeb007ccce6e8c5571
SHA1 ff4f24b4e4a11fd0703493b065d23d7da5477050
SHA256 6b94baf0f0549a6896dd61c16cc206116ae604fa2caede23703140fe2851428d
SHA512 0da3e4fbe39bc4add733ba23efaa688daf92ea59a60b2debf02ba58e78fd59547b7633af44883d759e57aed5581c11d35c233aefe2194eddf690a2a34c8a9f0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\86\{b1a3cb4c-079d-4a0c-bb91-3a0c22c6ee56}.final

MD5 825d21b021999d7c6639899c3380191c
SHA1 6e6d6a34be083c7203c1d883bcf4b8157d120ae4
SHA256 a97e23d4d566e6ba57577902da4aa7118999b3a0bdcc675950cf562ff7a039c0
SHA512 c934edc33fc08acb4d48f4d928400bbe79c8401480bfef884b751e330822d5203b126323ea463e3b164b33b97c647f7aa946bb57767a04e3866ed04964645385

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 712fd97521478b1a84107e323442e109
SHA1 4ab6cb16920473dfa905cc56fc771069f839e0ef
SHA256 837c99ae6b5c28210f117e7cc4b2139ad0173cc1113a2daf9f737c92a47662ab
SHA512 b5df4bdc453f41586c979bee6fbb39694f06abdcf7c32f229e979393c2359d676cedfc1aa77a68bd7e3550c30a7f89cf11c73ec741f757530ab6b49958fa1fea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\148\{128dbbf2-980b-47ab-9ce9-3cc848f62a94}.final

MD5 eeb1c60cfb2e43edb0acbd48948db9e1
SHA1 91525d9fdfb5a68c41563d52ce29c2a2d046afd5
SHA256 2b2dd7671291d8c85cbe89b986c919744e7e9affc1365739db65191c3f027e25
SHA512 a86af6d9ad7f3108f677ae967a4214f7999e40f16dfd58577d19e88d9bbff42742326c8331885fd891b7a7aa0c9f590c2dfe483913c1f5e001cf880adb97ff79

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.youtube.com\cache\morgue\196\{a7f014da-0431-4008-8ff7-35e86eaed4c4}.final

MD5 677c73f8f02cdf43105105ca8f640c66
SHA1 5e0cc23e8090fc05e2b57f83fc0ce747d69a1844
SHA256 0fd6a3f9d3fef04cac3faa62fbd27119a4c2880a57f1e12404531f9a3cf708ef
SHA512 79e1517e3c0ac2305002822710f2644eb4fc1131d7e7185df08c5c53ca2613edb9e3d90374bc96fd97b7e985da2d53f44bdacec1c371139ff96804c20356e58b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 ba682595eb9f2de585bd4a7d86120054
SHA1 aaa9e4c65a0970049e2d6aa21c55ef69dc52abb9
SHA256 92b9c81c66faabe4fda09eedbf5cdb7fd0e348681994d4f7ab1073a84f465c9c
SHA512 85c4c295fb30f76a2599808d4370c4bc22a4fcd4cb49dd84b0dafc1250e8e493901b61f58e7a2efa001a6037733f75f2ef1f535ee7757992aec8ac83a7aa3b22

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\981EA6CAD229B03875A5683A852AE1126631BBD9

MD5 b2b250723cc74eaa044ab44cbbc7fec1
SHA1 9630c29741da4d1198479dbb462e5e28fb7a8b2c
SHA256 8a3d23d04b7d83d441460888abfd51b000fcc80acba9e5393ffce7ad13aed8e1
SHA512 519155d1f1e4749ea2ee1b71ec7a24b11ffcda849630b4dfadbcfdf238e8ed38df6e0d4f57369990e84c632a44a7af27ecf95ebdf17a15466c53a3d6616102a9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\08AAE2C2A8132BED5A928F57CDAE482973885BA0

MD5 1fd8e1158f7ceaa27d988f97220ce889
SHA1 4b0dd6005d4802e92742a27c3d7e88df86fa21b8
SHA256 98298e18a4988a9ea3c59d14dc588a9f5caa1a52d8228d101d3493a9995e9582
SHA512 b5028fc0b627fd9b60c8bc6ac5811e1d67ff228ae1c9ac75b3b429c573a1a86123921868c58c626acfbe4cc7bc86e06767fbc804ce657482c3e346d85a43f8e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 445caa4ff61c48d5bfb045ea04e62484
SHA1 f701eba1f440ccb56eef5af56ef142fd32a7197f
SHA256 2fb8cb30a848c4fbd13da0ff76379661cd9331ecfdebfea8b040ebc85238e90a
SHA512 2f156dc9ef498605925bd534230fc15581785a49a61de0b21acdd4702558cb0023f23927d6e63c0f88249f3d06f3afab4f24ebfa42f080293670bdb017b7ca4c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 8194026192f4e30a00c4c864d268f848
SHA1 00e5fc5228b4fc1847ace0a36db2569d216c97b8
SHA256 8db2525cc49b0d0b06c754e660f5c44abd3f4dc24ec722d78eee25d1b8783d5f
SHA512 ce85eacc60ad69b8778c319cef45ba28a25987204de571c5d8a2a8b84dde2a2bcb78cbbc882eca3acbfffcef2c28a4e4107b6938362143d88195b24e27705db4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 28e4e186ad26fc563c11095dfbbd3853
SHA1 e49c18a88607a6e937089ae307983835db45658a
SHA256 a3388638d49b6a7bd4cd23168802cc37942fe975092a585f87dfa390da20b5c5
SHA512 277e625989132e4a771fab7bfe5d98a06088499890d63b982ddb9d8a39951fcc25de3b16d1a5c5f3c0c7a56534d4e421ed23732a8aa9ef01f169364c5b962e21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 dbb7a4f17621bc6721884cd8e0185b3e
SHA1 a6c0a1d4d0990b80f76a458f1299f7fc1daca7bf
SHA256 0f3dd9c7b76f6022c905ccd559c39ab78b5fd5206a522e0f1524acbc7daefdb2
SHA512 9db93b93c5c48238ec4f3815adf228933f5d8c8b1c82074e3d930cc46fb641115c8f8b0e4f410a1478ec13ac3b4bd3d94fdbe28d91f65c46005a75daf68a5d74

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\ECE063F9FAB3B4F8592145710D2483131A0C39CD

MD5 8d034377e59b727663fe9f2c94df55a0
SHA1 d6399036e17749413b0cb913c6399c0b80239efc
SHA256 e807975fcfee23d0cf2f249304be9fb29b8b984e99cc485557f02bb49c8e484b
SHA512 0d5a2c409a0eea9406a5be5e457dae4e7a02d946d8abf31a29515da528334ce6ebfaab23618a41f8233ec886ba3bb325c6b29588434352d666d78135e0a623c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 41c55f638d0e84d82f00e0f31a3edb10
SHA1 417c2592dd8a3a516b1a947c773fe32393198113
SHA256 e3baba63c6c510b6b9a4e56c248991562d89f5b115f96bfcd79cfd89ec3a6ea8
SHA512 cdf6a23fb4e2c001e864b969eecbb4d843eda5faa07d6e43445eaad96ab9da72c2ad6d888a71af903fef9b07ecbfceb9beafcc5e118f44729656d9c78b4c8e46

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\doomed\14933

MD5 e6a62280a55c6d6571c224b97454bc7e
SHA1 8d76d9de6c26ff1897f9c71ce51402c04db89a1e
SHA256 df00eca5f96bf97ff35d82e5716ec5cbdd2c7681b74a5a4d408ef5d3d2ed545e
SHA512 c6c40df2c25dc55ea4abc419196185ecda752aea399385e5990725793d44a76521e35f4cb04a8b8e1f63a282b6e058d482c1a1fb0be473a8265ae5838b9082fb

C:\Users\Admin\Downloads\instaler.xDIZYaso.rar.part

MD5 521adc74affdaba4fa7da6462239ed0a
SHA1 cf8a7892e190c3cb5b4d60faca218f7ec8d87eb2
SHA256 11e83fc49a48f19f1fb87c6f656713e633cdd44df80ece3fd0f930d5a69dfd82
SHA512 9561f2a0f7baf455733ee89d3d05a4c6f3d5ac6f0d867b457f29307a132da4b16672237abf0255bc2e491a0ec3043edd4b794ce4fef822e629acfe8adeebaea5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 49659efde541b2ec729bd1f7e5c5f342
SHA1 43028ed2b26e9a5d0ca6af11483f193b93ce1494
SHA256 1fc9db8249dafb776149dfb3d02df1b10a436a206383fabd540b9cd73a17abf3
SHA512 50353f11a8006d126b33a5eefb69ebcd2f2715d0a51ece992902ebb3ce3785ca1b8b794054071cdba5989af896bcd3a3a0d3d4e8eead51c75ff69094ba9d1574

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\2B16ACC15AA680352D12943E950AB926A085A466

MD5 5b159e9abdd19e4d0cb4f8908c5360c6
SHA1 96256868187c8b99e4002f4d94190961bb07580a
SHA256 1f93f9ac8b88a44e9422a3c1904d1288fcd18c2fc09abcf10f0c6aa7c05e7622
SHA512 00aa03e9c5b3634b844d4cf768342f0d2a16c5759471e6b8512d88be0b37a4e7d5d6920898778f1265abe60e2bf97ed8b7b58b58b656ea1efd59c5379f36e148

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\8FE29648FF5F63BAB33CDF49A7BE627C71FB6A7A

MD5 c09ae58a663c64827bc2a8112ce040c5
SHA1 8bc2852a51281676ad96ac1303405a192b37538b
SHA256 b82c8217824442f0fd9fca5052bb19755367080eabdb6b4ee939766f1658823c
SHA512 2761e88670f6a6486c80b6a4f51f333a06aff4c2c5b216d8107d26d899fb14770da2ea1bd00a16b6edfd2057b1dfaa52d174e171aac440e94104fd07d0a0f931

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 0fb9fb140bd02f68e7445026b8b887e7
SHA1 4def92e3e4ec70e1eef5d27e9a41437c26bb6c3e
SHA256 5f2179881a73a88047668babaa31e806e04f9879c591e7a834ca2128eab3f551
SHA512 3ac34b1efea92029d57e8351efa0c74444753d7c977ca4ae2193b84c15e0edbbf6811f305678f449b41c3b8b7362d74a42b226600dfa5f17b669afe2ca461d6e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d08c0c9b5ed98a7cce6c068ad1517c1a
SHA1 c115067eb74a32f119ef8e8f5ddeadb18bb6ba0b
SHA256 c81b1199b4b08c965af20fb5f4e614fbb55fe55a3a6260f10b89c8b07b75ff2a
SHA512 f6de85d08c1fa640cbd7ded6b2a04e78e22cfabe7ff15c19cefac834b8281fb53b695fc3441ed290708c6dcd445cf7ecda5eb7f5d4e237310cf39a850fea8db9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 986affa219cc910d25c47980550ab746
SHA1 a662f0a7c59fb5f51880c0b99d5dcf97edd919b1
SHA256 51715de17b95eca20f90d08325dabbd87526b7f61d8840cda9941f80af50c159
SHA512 692a7b33fb2298326c55615760efe619e56c9510991af75915017e875fc1699027b6fad1ecea0bd83f4c9e9b9e21a591ab12ecc4b1b6f2468d7b854ddcbea282

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 adf54e81129bd4b2387ab64ab34cc787
SHA1 b02d965b6fa8d20d503272b8c00bd975f67466b7
SHA256 b86d147624fb49aefb2919132f8bcb0afaf0a2ac658d0b12415894180f28c95b
SHA512 4027872e28f398830a13073cb62d13e381c4e30f08b33839744666aed7381afaefcfc710253b5038b2355676caa0e0300916d77586408766971b8fcf4da85315

C:\Users\Admin\Downloads\7z2408-x64.eY4vZxle.exe.part

MD5 0330d0bd7341a9afe5b6d161b1ff4aa1
SHA1 86918e72f2e43c9c664c246e62b41452d662fbf3
SHA256 67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
SHA512 850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 6d08f016eefec58121223c6ce2e32ed1
SHA1 659a9e364355c955941b3e9c8b514936b2456dae
SHA256 70197214728a5bc7f45dd32df48bbac34edf4404ddf4a4029dd27836c00481cd
SHA512 0fe529681a245305bc83471c22e8d24b155d5d2d74f63f93521cf689865aff63fbb61a73517e808144693cfa78d2ac50e8f9df34d350261b694374ddc10b0608

C:\Program Files\7-Zip\7-zip.dll

MD5 d346530e648e15887ae88ea34c82efc9
SHA1 5644d95910852e50a4b42375bddfef05f6b3490f
SHA256 f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902
SHA512 62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

C:\Program Files\7-Zip\7zG.exe

MD5 4159ff3f09b72e504e25a5f3c7ed3a5b
SHA1 b79ab2c83803e1d6da1dcd902f41e45d6cd26346
SHA256 0163ec83208b4902a2846de998a915de1b9e72aba33d98d5c8a14a8fbf0f6101
SHA512 48f54f0ab96be620db392b4c459a49a0fa8fbe95b1c1b7df932de565cf5f77adfaae98ef1e5998f326172b5ae4ffa9896aeac0f7b98568fcde6f7b1480df4e2d

C:\Program Files\7-Zip\7z.dll

MD5 1143c4905bba16d8cc02c6ba8f37f365
SHA1 db38ac221275acd087cf87ebad393ef7f6e04656
SHA256 e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812
SHA512 b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 d9e710c0adc55db11351580dd07e882f
SHA1 117d77ba760da36314f4811889152c1d56fb4698
SHA256 fca05f5102d09db360916122ffb7a27910f16400799f8d79d736a91183842f1c
SHA512 abdd3b92cdeb897475a45344620c8f2b2f6585dc8f2e0f0e51cef383e530deb5e1bf98fbb114855d641e23382187019336dea54bbb27a92e202561941f852e82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\122291b2-5f7b-4b79-8f46-cec88ffe1f2a

MD5 6de844d3896862262054c66cf27ddde0
SHA1 f2a736be14ab19ab175763b78ccf425ffe81b3fc
SHA256 19bad8e373421de7dd8026a98886e80321dcb2dca61605f4c7c2928f7b0b0518
SHA512 bfc4088d372e732c6debc2221b45d160403ca667957f8ae23ae5c1b0afcc6032fc34fd25c76710ed1ce3ff784396129f80e04bcc091ea636f640eb24f985afb0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\40d9a96e-717e-4f83-9255-bd98f4f78d6a

MD5 3104ac869a32d0d991fae75c4aef4347
SHA1 9f1c76af226fd4e6cf6780d4a8fe854da05ca2db
SHA256 26b89b593b38f0e040538d5482ac17f4c74a12c4accbe9160bb138803cc293ff
SHA512 9b523dda9adadb42324ab9459c3f47c590ac16d5c2eda055b1c38188fae25ff6c9c88990ac16d651190bb98df5c62d5d3742edf7de4ef605ff7c76658e45fc74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 b8d60eea98efb39905a8d330d088bd12
SHA1 9a52d49136bc0a77c5c468249a1e2fa5a9e18c87
SHA256 9416c068e3c035b7c277a6c004ad07f06fa5c2be793db21a3fb6a645301859a9
SHA512 214c82fc4c1fced9b0ec7300001f7eb85025fcf0f2271ba279d0584e6e04f08e228cf1d019877cb29c7e4d556f352648ebdfd68befc06af378d1850c6a5d3d7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 79942f64fbecf048cda63d47910b53c9
SHA1 d943a4fea0e93247c8e5eb9d66faa2606d5aa995
SHA256 5646aa1aa413d21825a2b50c20c22b412b83204abf713faeb3c6afd7a8130989
SHA512 08536b10d84c8cdbf505ac2e2c4f43abb535e9a1bafa7521e0db67194e6c6cee3721b84863b2aa15484a437fb196f5df067abde807ae775fd73064ff0fa11fa7

C:\Users\Admin\Desktop\instaler\instaler.exe

MD5 239074f975271c70552d19b5888bfa2b
SHA1 29b72646b7f820d1c300a5b46a19bd7e88a3e510
SHA256 6d64582dda33b8e575b24c72fc77d536aaf55662edf6c3d14cdadb849cf371ed
SHA512 3adf1c61e8942cba7c899d351f27390dba60ff5a745f0299e0ecf7aff8d91a7a9f3ce8da3d4aa232553861bb83229a770c35f70d3bf18823177297dd499a74cc

C:\Users\Admin\Desktop\instaler\WindowsManager.dll

MD5 2ff6e48815a26d20ed12218d7356a69b
SHA1 b0cfad1db4b5a6d9164aa2dcd6798c60bd5da67b
SHA256 94b0254854b31e4615fb6d1eec5004b2d4f697798e989d7de24e5f6123ee614a
SHA512 7482eb016d668ff1f56ecb241b739cf95c62fe8a092b9443371e7736c81d11a673cdca14dfa64b92bee3f25228ef7e46dcca98f94645abd4609384c429994697

C:\Users\Admin\AppData\Roaming\gdi.dll

MD5 db4dd0691133a3b8c06a362efd9f0505
SHA1 07c831cc51d6d285879f7fc87feb06fbc798a490
SHA256 c1d7a25633c1c659e5de22af89e68a95ed82af0183d1425a529a99d4b9950830
SHA512 6c2950a690814648501ff3d30f7d96a4d1769deadc7bf2dcced285f4d4763d5e73b2a05271c8d733131cedd542513bb231383314b4bef91fbe04a31f44cf5ffa

memory/6964-3689-0x00000000006F0000-0x0000000000758000-memory.dmp

memory/6964-3690-0x00000000006F0000-0x0000000000758000-memory.dmp

memory/6964-3694-0x00000000006F0000-0x0000000000758000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\xulstore.json

MD5 63551fb6f552c5368b744bfaff666a7c
SHA1 651043fcb9f6928e316ae460c8718ab6ab3343c1
SHA256 f7d4ac8704c17f0096c508b35322f06dcb80ed5eaf8823ebb7a828977f92ed11
SHA512 9d63eecf65215362eba40e6f72627d7f2a79c18b4a2408e89b9b8be7ec6f1811553159536587d8a75071ecd8f7fe17d4402e2621d9a8f57a084ed322a99cd687

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\startupCache\urlCache.bin

MD5 bc36a55f379b1510bf4d869aa903f396
SHA1 f2b861cc3d8bb50fc9bdf93924fcdd9a370451a6
SHA256 af6d4b25c64ad9afffd0f0ab69d2c2b739abb4e13c73608a9c72572ab00c347e
SHA512 e85d070d9581a7b459ce693985b5be81502fb4763732814b0aeb4056cdcc8e8331704fa9b2d922bf855065a7d31ac70c907ac447675921950f62f657f04bc3f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\startupCache\scriptCache.bin

MD5 42ef850edbc139a84e7e3b20653f072a
SHA1 8f4865cac36ba29890d1d0bbec93d36393d545c4
SHA256 4770d7a9a2fb83641bca7ba915eadd15fd6349d4a0fe3e37627550453feb08e5
SHA512 aceaca216366d624744005c55acc2c11c065bdf54c309358973d9cec1fca7f9cd9b12573c2be7487dba3e5147ef8b01ccf9237492bf8086deb3799eceab217f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\permissions.sqlite

MD5 aae75c259c6e6e3acb34292540b03aaf
SHA1 5a5d77b4364f1bd3cb0812e1b36e07545b6f67b7
SHA256 b2da72bc8841c46a253d22f3f8f920b4c5a8ea11c688465a09de5fedfb04347d
SHA512 db1b1f04e59e563462b60411d6ce81db3bfaf29c648f36c2c5b23ae6ac8b854c0eefa80a8714946eab98b308e7f89c5cce8c4ef2ab86a636ccfe2b57f2dc6d4d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 2a148387f93bd0e664998c09c857ca50
SHA1 e74b28791df7f3e4b0ea467f1566001f17acf4f3
SHA256 89f309e3cd4d3baf15c070edd8c83a04c2d0601fcf15556730b56973df682e3f
SHA512 899f748fe5d460a0bad9cc625ce0bf3d59502e6b6e29c552d98c58d820a44a1d0e3bcb701228b0eaf5bcda98ad3c5d40f4e6a1c66fee437ac78d78e9b052572c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\startupCache\webext.sc.lz4

MD5 03983fbb4467c5041859cb7166bb327a
SHA1 373208ee3c1c0684f2d5feea910c9466a6483bee
SHA256 c5da85f60e104078c98686b5f27b127056c657eabd1f24e0b32096aaed3978d0
SHA512 c5f45b46aeecc96c1d0790a2aa9398e898681f0c4a5b6321d28af34d604f3e25c527c22657457f5b7917e2ff1cba91ab7140dac403acdc7e562bc0fc913f3ef6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

MD5 2cbaab193b36cc5023f8cfc1c3c8d13b
SHA1 8251c9ca106ca30be759a42e83ea787f0925c1a4
SHA256 a877169b33c0fa13606a61172aa6d737bb3813d34dc77a8951552c0a3a51f4c7
SHA512 713204f1334806c6dffce618d6b011f116f7ac3b655328e9f9be997f3ad4b00f575764b9f742ec25cbfecfbe264397135693ced00253269ceb23f0af0c55d4c7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage.sqlite

MD5 d28b9bd55372de7bfd05a0a0c81b6653
SHA1 6167ea471f3e2c9d6bc4c6e304f85ebb9870f22b
SHA256 f07356bbbf6c58cec5f0193b46ece764bfa8859e941be75c6371302c9188da85
SHA512 f7621ef0b472550f25b785731dbc1c97e982fbe4c2a73ae400970a378ba6e6ebc20ddc85eac4406fdc812845c11efc905aa28abba50223c5702cdd10af6677a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore.jsonlz4

MD5 1d8af71fe5f630c35f6b2061afdaaca3
SHA1 c3bdba212fed11eedc8df770b49352da6da48f3c
SHA256 312453adcccca7052025b2508517a204ebe5d7c1cc5ea972f44fa6041f0eea13
SHA512 170f33eb0c6334d4f882f5434ee5dab72e090652889b09d6836febc5fbd7f99d6a1effb4970efb4fa841b4bf5cd7fd09a7e68ce556cdb836789b9133febb1e3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionCheckpoints.json

MD5 362985746d24dbb2b166089f30cd1bb7
SHA1 6520fc33381879a120165ede6a0f8aadf9013d3b
SHA256 b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA512 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\index

MD5 ed67d91968f0733757679e0ad9bd8588
SHA1 a29fdf256ff5f0d56378a2153684a91ab4e2234c
SHA256 364d3cf90e829ad70b6ac256d3342a70a54a8ea78a2ed60375107170208109d5
SHA512 1fbb26bdf74d06431fe084f2ebb3b9b8687dfe2620d61e7eeee3ad636bf668b8ae0205e3a6a84b657d47b1d90b560994a0348ce6502a5693258fcc6f1f93bb26

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cookies.sqlite

MD5 9cb818e8eab16d95f663c4cb9ac86658
SHA1 703109936e7f8bd065ecf1759fbe3de189e740c3
SHA256 013f962bab5323d799750158356d1c325c677bdf2fe2c41c4be0034f722e4c81
SHA512 55797bc6d4f5735cc6840b41735b8247ac30794e73d33fad869ead1b3ecafb33c59b99e43ff4102e7713150675101086d1427555213ecefa1b8f272626b402bc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\index.log

MD5 99e95a5718e32d6b4dc7fccf0719d735
SHA1 e66488236d5ecbd502765eafd642edb2ecae2b73
SHA256 9ec39150ef6e74c84534d60e8d132c570f4dcd7f4fdd30de52c976b729f74945
SHA512 510347292384dbce57e9aeb6952b7b92a1d19bad2758b78585b94c42b4493e4827e72c079ea9dad8d14ccd8ecef096a7b358821c8442f50e0da7088d3ae61c84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\extensions.json

MD5 9e7d67332fbc4dfb8ca2e93df7eb18d9
SHA1 da0755cb661fa72dfe6fab67f950bc8d8414e783
SHA256 9bfd241fbcc8985f209129d5064311d19d293670738d21bc26390cf8c5c95b78
SHA512 a1c98b77981ca6e6d52232982e4ea52e66132e9ed6ecb5ec7c2ffdec6b401b5a0f4533a28200239dbd608ec752082c75d428c083e2568118fb56386d4fa07bc7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\SiteSecurityServiceState.bin

MD5 ba969ad6560e513b9bc916c773b7ee68
SHA1 da530042a12d31dc9c3a46fa6ade1a124be2ae24
SHA256 c595bc2bf7c65e2641402ff681b561eaf0031a9dcfbd11270e7f7522b32f5f46
SHA512 a63af1aca56c050829dad3fd41896bbc2815194397ef426dad899bf267ee4554dd72243e795ad6921d4fb0e192a9c00b0cad70be1f19a36c164d45621132a306

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cert9.db

MD5 ad475323b888e02d1c4cc83b98bce0d1
SHA1 b16dcbf751ed08e5e262e9b21427963ffe05b05c
SHA256 c007de826c94d2a016c9fa7639aa97929c9945a8aa8b77deb1b35f7b5b8c3cd1
SHA512 9efa62c514b4d8e64bd4e7589f383664e05355ff647b273c316941fda5fdbd13e73ccbf09a76e2a62247c1512c2edfae40e1b8685b080ef2b3cc2a15cb41ba04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\content-prefs.sqlite

MD5 b41ed219e2c8dac47f2701562d092621
SHA1 90d507eae3ec943a121dbe5a080412e40470b54f
SHA256 cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f
SHA512 5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\favicons.sqlite

MD5 95d5b87925fb5ba7dc2231b5fb43ddea
SHA1 25b7793d9647c920b0f12f89a43710f9f8df4b6f
SHA256 ba88ba176abb9d5c0372356de39a48525103ddf5f0ca28d6d3977c2558d19f60
SHA512 82cc146a09d751f74789e9c423132de09c59f3a75280b65b0ba34230a001882cc4e6a673347c6c417edb95ac2dbf71f1622d27c65465ba02c359de05394868ab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\15b9c57e-1a79-4f1d-bf30-66c82a38d181

MD5 abc9153f0b5499fcb477a05adb414d66
SHA1 1599cf02d25162bc4c29d8fa48120710c1ff0381
SHA256 48cdbe3f56f5f565ff73d5f39e9d2b22b7660c6f4aa1a674a1ee0211778421b3
SHA512 a4bf4fab13b52da93fe06649cfec796f3d9c7a9a0a77b1420122135b78149080d6f3bb390a0002a3a38b577f14ba2a551d45e7899b2918356f45658d3fda9606

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 afb63c4927a1a6b18ab1ac004f734dbd
SHA1 c38a8b3f0c361dd0450c308ffcc7bc37de37a254
SHA256 66c5f49fd50e645b60ea9dc5ea76358086246bcc6c59c1e0f0fbafdbcb55b4bd
SHA512 330b79ef65e13ad199f074e4fb02406de3e38563b05c30be15d3c45aefeccb3b8cfe43e9032ab3ee9f3ef82a7d4160e4ade4bcb0be22ee784e99f81412452e6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 72eeb0abaed5cac78b4c07d0b0fa176d
SHA1 b6b39016f3dc36f1bbd6e1031d75f4f6e21debd9
SHA256 ffd90a9927f3d6ad57f08395c41f53e29a048a00b778c4958557e1d031bc3330
SHA512 808cda5804f522ea6298db08b8d8c4c25f4b29e3f962c4ff22dd007597681633b13d443be08a742ca5698e8fbdd2585e5fb2a4234e203f8fb2c6003354ad3647

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

MD5 ae5401c1ee44264c8d95eeee66fd909a
SHA1 29e950b49bb9bd5d4b8f12acc7520bbfac9c7d0d
SHA256 02205ecebaf90b46b511f7b0f51f402b3add83f99a6ca07f77bed8f33f9b5154
SHA512 84086bb2a6c9375a7f298764467365310f423681823e4305a1923992822dd0fcfa71fdc3026497a800576e880b7c1fb572fbfa63941407311f84fc32f229fbad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

MD5 d4b8b56390935a596b75779cfcf042f5
SHA1 c53053652b509cf23448216b4da2109882912b88
SHA256 5f822863ae4e64b7b406391cfdf4f48abb9c53f9d1b2d89d2363cdcfb60b1ada
SHA512 fa92b61123fb1907169d47919e40c9aec4f46f3ab50e790a0c9186354a17e2baac7d9f9d2600057b856804bd6a24e153c2efec2991f8222979f75d5bc59bdfd3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 9922fb161b557fb4c1db7db8035106e6
SHA1 2d621aca27d0e678e3d32ac39627ad5721fe6351
SHA256 d2fca24e39dc719d98bc64e68973d9c5ac8c25f742e85dae5c39a3de6e423e8d
SHA512 af8417338c4df6d70ee3ed321b23865fea0b05f71833606b5075a1c5572daeaba2927f5ca50afe2e66786c45e0792acf04cd9d952afbfb60bba14800ad70bcdc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\protections.sqlite

MD5 1f11bc803e93f70ec6964ec25558993e
SHA1 8050a31e6eb10eecb6399f071ba96e80a1784616
SHA256 245d2fea734edbd77a830b9de20fb05b3f6faa5094d7ddd8abdb86140f601bf5
SHA512 d6167439c80e4a0e3a9f4fd52d14d21eeb1b9f35067e66f0f2daa81452de7fb61f2899a1849ac3945d4344da67724de1b0bbf9e955f06130d16a1fa0146f2cfb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\aca3cfaf-0406-42a2-ac8c-e04360b76c67

MD5 ae67ffc9baa492494f33352bfb9f86bc
SHA1 05064fe0351ce05ae6caa0ad1aeda9b2a018578c
SHA256 8bf6ce5708c5ea474cb38cc37a222d01e2221558c6a6a64132500541ad7d63a7
SHA512 48bab6636d349f4e9ef87142970e3e51e9fbfdca1cbf5c325b4af3b9b4516e1a324670e72f8b784695743fca6aa05ab85b623c566ef9e1f555e9510742bd5e2c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 f99b4984bd93547ff4ab09d35b9ed6d5
SHA1 73bf4d313cb094bb6ead04460da9547106794007
SHA256 402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069
SHA512 cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\7ec719a0-2902-42f0-be73-d4e84ce18c4a

MD5 c8b4c4159309a7a30719bff81188850d
SHA1 c34b51770fdb0732ca47ad1377aa9192d4718fbd
SHA256 54303b1a141eb2d12a7801925d49b24e6dbce5a68f30ef335221566145e411c1
SHA512 d0cad430f00c902903b6e8ec43879c84ec0a579f80d2e6ed9a19a3d4a4e0011f11ad142e2aee75902c5837c744277ddd8d76ad272270900a5fd3c99fd3f64395

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 5b9efe9622edade000b6a5a7b0dc7672
SHA1 41ba3c44bb9a062884c2baaf061c0c7eea7beb67
SHA256 8229ff85e4786022662d1f612007207e1a9c857b39edaea81b97f485ef99c60a
SHA512 197b7f43b269eace78873c7a87c472b73280db67e8f85271e41a4b6bfe0f04de4be73868050dbbc935d61f761bf163d89f64bf3c793149a34990770cadfc917d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\events\pageload

MD5 aa6a4d56e0c0dda3f2f623261eee5b1d
SHA1 a82e7b7b26ef11a3894464ab3e7d49129db6b1a3
SHA256 bab92b2996ea160de101a52171f7fa39ed328ab2aa2560af02996c5d5316fc18
SHA512 50d825006f032636044c72ec1abd06da219ccd526ca9f7fb90e355e1243bd064642b6fa2e9dc02186ac5e2db2e5ca24c278941b245384845f5f157f8e191aa5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.bin

MD5 28200611e9715a359cd6bb83d460c085
SHA1 ccafc13a286fb83b0830d9e6a1f6a33d04ceefd7
SHA256 c869b22180b9c9a37f1e8f0ef6c9983451cd747ec54e410afa540b479f639a74
SHA512 2f16ca352f499f486d26bfe64d6fbe6b3a584071e71923037c5c6bd76afcfd136c0b8932bcb1cb0bb9908d5a0a0f61548d9010b0485523b523bbd607a25a5efb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\places.sqlite

MD5 bfd3b079302825efb303d12de0c50c73
SHA1 af828e6245c0f27808c680dc4ea29ac635e28629
SHA256 303a94bc83db06d1b9eb821b2f89875aa785ad214f1feee8234c0de44358fb1a
SHA512 2c77aa90468536d99629acaeea2b5461601599d1e2d7212e090399055cda6d9fd0ddc3c4112f88078549697c55b2473024c5f371da40bbbadc4a7f324015181e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 52811c4ec162ede805623a6562165794
SHA1 6564c5202609447710b0b43d21c2546f40975544
SHA256 48bdd98cc048c8e2d0851bbc62d4c9a94504a8c41eaf472fedfe7238950b76ad
SHA512 54905ae3cf2c414aafc30ebe3873f920f16ce53efcb5345d3108995cd1e292755c335ad93403bf5a8265b17ce6a54db344436c1817e572edbbe9d1ed693f98a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 817324520985c8d7fefe880a88f08b77
SHA1 784cb4afbb5095ab99e8d72f53c6c5e5803885d2
SHA256 b2299316cdf84a0fa0df984a2565d37bb7a8b82def380cb820ccee39404f6930
SHA512 35836dcd2a09e177e8066d6c4d1378e838733dd9023eafd4b82e39ba624e42f80f671cf378d49b6a55768ab2842acb52bce1e32ec4b186fcd2df105cd66947cb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\6E5C8379688DAF4F420872AA20FAC255F7A99AA8

MD5 173740a8c5cc69df833a086e95805348
SHA1 04f064ce0baff3ba3ad91047f742c185002bc731
SHA256 2649d86961ba8381f9933b71306c95564ca62e0c7d0e009aae5add388db30de2
SHA512 44e782c37fe7b665ff39b87aa2124a86f176ae09e9a28a86533824ee9e83de2859213883e6b719baf90252f401f0a45b9722f2f7bbb8813e0623d79f57ebece9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 0344d5fae12b1cc1978e3395314ed999
SHA1 ff657ad6de4edb256ea67498f1a3efc26033bae1
SHA256 479de18b037f3b0bab14587dd31fe40f67dfc3353f47d5961758e1fd855ae48f
SHA512 8ff04c7c68f676589d59a2fe61af68eeaaea2f0bfe1482a23bf4b40b830f67aef467d563e33b428658de79487a96a32805cee848025ae42de6539d9383e95889

memory/1556-4001-0x0000000000970000-0x00000000009C8000-memory.dmp

memory/1556-4005-0x0000000000970000-0x00000000009C8000-memory.dmp

memory/1556-4000-0x0000000000970000-0x00000000009C8000-memory.dmp

memory/2252-4019-0x00000000010F0000-0x0000000001158000-memory.dmp

memory/2252-4015-0x00000000010F0000-0x0000000001158000-memory.dmp

memory/4048-4034-0x0000000000EF0000-0x0000000000F58000-memory.dmp

memory/4048-4038-0x0000000000EF0000-0x0000000000F58000-memory.dmp

memory/3796-4045-0x0000000000F70000-0x0000000000FD8000-memory.dmp

memory/3796-4049-0x0000000000F70000-0x0000000000FD8000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 08:22

Reported

2024-11-13 08:25

Platform

win11-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\instaler.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\instaler.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759597677321791" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 244 wrote to memory of 4748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 4748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 1700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 3832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 3832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 244 wrote to memory of 572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\instaler.exe

"C:\Users\Admin\AppData\Local\Temp\instaler.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc96e2cc40,0x7ffc96e2cc4c,0x7ffc96e2cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1680 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3540,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4416,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5252,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5056,i,17516445924495534061,11787199082464982552,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
GB 216.58.204.78:443 apis.google.com tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.193:443 clients2.googleusercontent.com tcp
GB 142.250.178.14:443 google.com tcp

Files

\??\pipe\crashpad_244_TYDNILYTFOHBAXDX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir244_452627308\ccbed044-36c8-435f-9eab-2ffc24ed2506.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir244_452627308\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 ef235d029aa5537a0856a38836aff13b
SHA1 a88f27e8d5295a88a256d96d453b3ba41a939483
SHA256 e0cba41f6bcbb24c410c258bd139053a58a1c2a8198580b3ddf84ff371ff1114
SHA512 9b567adcca220adf46001c6d1534c421e30a5c319fa1dbfc7ca4f19304faafbf90d55a021dbe0845add6e81449194f462a986a664106ba0d5e57bc1038134745

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 79cc47f6acf6a2648bc64cfe95c288f8
SHA1 b9507f92f59e8f56ed1f19aa196221f5be7f5070
SHA256 861b825ab2d568efc31dd0106bfe903063448348ffcd1b0847d31458b6d6f617
SHA512 7fb271fb1dccfa9292d69bc14afdf0c3da8afd8529a8398ea6f0735bfd40d84dd0f141c4b2b2423985f2be4174d65a2617760fb70c2a921452d300570a1dd479

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ef2d00835d114decac0e95cd0fa0080
SHA1 d4afa5fa8fd3b344b0dfb6024068e0e743b9ea4a
SHA256 30815e529079ef73c1263393bb296f83b51ccbe2145b34c301756d333d4a5f8b
SHA512 107e485e0ef1edeff8647aa47ccf56212b6326d5e733aa95e7e97ca73f60444689d80997ec5218166399d6fab99343e994f6bc685cc033b1e21aeacdf04f39cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 39d9abfcbd530ce341882e812cebe540
SHA1 22174a29f8a886471cdfa4b4763c6897657c2221
SHA256 639e0bcf96ec67c1768aecf53b1919e0aca9cb14308f427c18c4e2b7298e4b15
SHA512 f51ebc650dfdb470dd465dfb0f33b8c726ea260117e06b95900c5bd3a2ac138594c168cfa63f54ce1d056d15bcd6d140e5d903b413e93f76606df3b9dd831ca5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 915aed7c3e151ab9fb8e3ecc723869db
SHA1 28e01a17783735409581fbb0105df4b605394122
SHA256 21ec64d3d43572fa392ede77e240f8695753b9f010b577855c7ba17fb325847b
SHA512 fcf264e4e17fc0f2499b05bc74eda1a07b5ac096e8e85dafcb54590d9bb63cd25ecec77fc2087157fed99239925cf592b4ba0c682a1e63bae02f92b474b43eb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b1e1a598ef864b4e9872ddb1fd9e4685
SHA1 d8cfe2a432603404b08942186563804017b9b93a
SHA256 98dfac377589403c1ea2e4dd02f8ad5b09070d496236d567474cf919b7baca03
SHA512 1e3f57cff0a29fedbc1d4ce4999ef73ec2984b4ece9810ecb97f7e95037c84b623e1cb73e3b6c6c8b61eafe73cae7dc8e328507140a8d151b51d24427cc6e1b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 491f1d5e6f20dc26c2b3b93c8a5d74ed
SHA1 82ae51af2db10201dbe36318687c658f5f975dfb
SHA256 553a970b86a164deea8fffbe3b402216220a3531277b4ff109579af1cb98c4b1
SHA512 f7f080c94a967a78b9f8cbdb47399460729390c0afe9710422338ae65c0c82fc87dbf17afedd4b80f3174415dcf4c88ed2cd1cde8ff27de5e75cbdaba4e6539c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c52f52f1cefe72b57ce433302d4c262a
SHA1 4fc4c899fa3e5e0b6030df56cd721f9275ac3200
SHA256 41a496312935cc09a69a3338ddec699b97b6c66f212a1840dde362cb2db98552
SHA512 cd69d04c26ac6a3f91a71385f1d43ba3fe971eeda7083a39153ab48ca908c96973f7c5181d7f14cfac67630dea1b364c13d881a25956c5f2dc3a8a06c202d9dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3fea480b95c99b01f81562e287521967
SHA1 fe0fdfe90444fdda9f57edbd53ba54fcd67b6239
SHA256 3415ecd7bf17ce03cbc2ab117b832f8baee2eb5b8f76c90dfaffbd4a47ec312f
SHA512 85ba26aaaf8be9577871d4857e0e488b0b73a3cd371b9dc89c0f724cf225638a6a9fcade0dbcc2824be9a4e7458e9cc614c448a5d84aa8b883ac7ebab09b9bcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8221598abdede2793559472215a7106d
SHA1 ed75b5733100684d74e88e2d29e196e7439a8a95
SHA256 2420923390c34720d772d332a095e146889c30a31285aae4290c685a970f1960
SHA512 c4dbe5cc83bd83e8f84e37373238e1c02c83f70027512faa261882101ee0ebafd7126380ad9751805007381e2b97efedb22c1ad9fbc76a07de2d86728844612f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 30b2465370e947747250d6a6b27690d9
SHA1 698a871c83b476a02951bfc2bee7f4b8ba529120
SHA256 dd452868d8b90b468778091021e26cbcf03bdf50b98088f66616ebb493bdb60d
SHA512 232730468a0dad4e8ec0b68f4cc56993685aac6c9b49a7352358c343dfca0f02fb8ade1fe1898adc2b80db02629620cd3f565a55705c7137b078c21eee9f5a47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6e167ab7c840e6436af91cf2ae4f72a9
SHA1 4404227e7c0c6338a62f04c05de60b9bd1530280
SHA256 aaaf5706c2a76cc05fa57245621a9253997ee04e733b75f8a3ef0cda30826baf
SHA512 22d02b4f0a1ca9ee97bcf3542abd4dffc6149bea83052e9b2edf0d5237d59725b2ca295e96487918ec0ed76fe53563f611fd379e9d825af60e10038956f850cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 beec5ba2ac94b70dbf951e03e596a1fa
SHA1 aa8300363143d332816b64e970d0737a30923097
SHA256 1599543bc7f0b97c9487bdd02dd783d1aa4b2026ab80cd8e8e5de4882af02bc0
SHA512 74e8e76b7d43048a70e8e61eb4df7e7f07f3e810f0c424f0174fa4bf908702d1a108602ee1bdb42b9b2b8912b1a182500b7cfafa356743310dc00008825bec34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 923aaaf8e259056287ac0f5497e2a240
SHA1 16a6114a6442c1dd237cb5a3efaf87c5bf558524
SHA256 7a85130d63a8a8277206cf8bc1f6c0357423e02c56b531ff76f6f004991aed20
SHA512 7808149d0c9d19455257c371024ba23c87212204980d56e3ecd3d73b2cc15a2d79dcef0c361ba5581d4ddd9ef7fdb0a9eed46f3a1889ab00fe77ffc5894e04a8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99e208003f2765a5f175d2b2f447ba73
SHA1 32975032f6128469a568d612d04e45d86a36c9db
SHA256 57d8bebfb27a307321ac96913bbf8a6014eab6e0cffc22bd25fc01332de858c0
SHA512 921825e0d758b415151d9d15fb511353b1be198e1984bcf44803038719bb9be46a24430040f132836d67dfb629b54ee1b790abc8d82d51299d3631f5ddc52604

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-13 08:22

Reported

2024-11-13 08:25

Platform

win7-20240729-en

Max time kernel

49s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\instaler.exe"

Signatures

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\instaler.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2312 wrote to memory of 2268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2312 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\instaler.exe

"C:\Users\Admin\AppData\Local\Temp\instaler.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ee9758,0x7fef6ee9768,0x7fef6ee9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3184 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3032 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1284,i,13482475947081414781,17533340182136328728,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
GB 216.58.204.78:443 apis.google.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_2312_NWWCPUDVZCEUYIFU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 319b47ba1d78ba887aabb6531016425e
SHA1 786873a407312455017dbc7744ed3612f68c2459
SHA256 099e16f35e0b23c66bd75edfc750d4c55e55d1dce28a08a647b8d3adc2c72166
SHA512 c0fb170624bb4b6dd8616ceb06c6e3075444641cc4db1412cc7aed9393b31ea30161ca1ec6a345db315caa8ae905e254552cfa9ea77cb61b7c01d7cd8c326301

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5eea7f689e40b0a4d7619eb16d136c58
SHA1 f866594d61413d6d668e8d73f9328ad91bb27ae1
SHA256 4039ed98b057bd321565016b2f847849bdfb8026aeb1db4af9686f69712860bd
SHA512 187aa65992d5b2efe692a72ab0aa2622ce607298d9a9c900d786e75f844344a79708316acb0eede7952a34ef641c36fd4196008a1203d1fe13ddc2d465fbe9f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 af352d47e221508d56e2f73658ef26f3
SHA1 4b6dca2d8ce68274e9cdc68a589260436bc676ba
SHA256 7c00fab317d884f59dbd79a8c085e8d42cecf1f20ec1c4cfdcc933b8a0820bae
SHA512 3c23ae51e30a4a0faa1af0eeee0e361752b814262c7e572d891a9ee9d6d783217e5f2ee5d4b5d057fa8445f03b98fd96cdd5e847bafbe2d01e9d8ebfddd8fe82