Analysis Overview
SHA256
4d274a49cb04b5de876fd1c22ef6a42dd1625a33b4c045c207fd1fbc0a8f3b6c
Threat Level: Known bad
The file XWorm V5.3.7z was found to be: Known bad.
Malicious Activity Summary
AgentTesla
Xworm
Detect Xworm Payload
AgentTesla payload
Executes dropped EXE
Uses the VBS compiler for execution
Obfuscated with Agile.Net obfuscator
Drops startup file
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-10 06:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-10 06:22
Reported
2024-03-10 06:52
Platform
win10-20240214-en
Max time kernel
1800s
Max time network
1790s
Command Line
Signatures
AgentTesla
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk | C:\Users\Admin\Documents\XClient.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk | C:\Users\Admin\Documents\XClient.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe | N/A |
| N/A | N/A | F:\4c3f295d499a0e4fe06bed3c14\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe | N/A |
| N/A | N/A | F:\559daf81a1cb3122d599b6c59065\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO43186BD3\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\XClient.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | F:\4c3f295d499a0e4fe06bed3c14\Setup.exe | N/A |
| N/A | N/A | F:\4c3f295d499a0e4fe06bed3c14\Setup.exe | N/A |
| N/A | N/A | F:\4c3f295d499a0e4fe06bed3c14\Setup.exe | N/A |
| N/A | N/A | F:\4c3f295d499a0e4fe06bed3c14\Setup.exe | N/A |
| N/A | N/A | F:\559daf81a1cb3122d599b6c59065\Setup.exe | N/A |
| N/A | N/A | F:\559daf81a1cb3122d599b6c59065\Setup.exe | N/A |
| N/A | N/A | F:\559daf81a1cb3122d599b6c59065\Setup.exe | N/A |
| N/A | N/A | F:\559daf81a1cb3122d599b6c59065\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\XClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\AppData\\Roaming\\XClient.exe" | C:\Users\Admin\Documents\XClient.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc007.dat | C:\Windows\system32\lodctr.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO43186BD3\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Program Files\7-Zip\7zFM.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\4c3f295d499a0e4fe06bed3c14\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\559daf81a1cb3122d599b6c59065\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Documents\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | F:\4c3f295d499a0e4fe06bed3c14\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | F:\559daf81a1cb3122d599b6c59065\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Documents\XClient.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\Documents\XClient.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Documents\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\Documents\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\Users\Admin\Documents\XClient.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0 = 50003100000000004e580a9310004c6f63616c003c0009000400efbe4e580e8d4e580a932e000000b35101000000010000000000000000000000000000000f9463004c006f00630061006c00000014000000 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\.php\ = "php_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 78003100000000004e580e8d1100557365727300640009000400efbe724a0b5d4e580e8d2e000000320500000000010000000000000000003a00000000003715f50055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0\0\NodeSlot = "4" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0\0 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0 = 4e003100000000006a585735100054656d7000003a0009000400efbe4e580e8d6a5857352e000000b45101000000010000000000000000000000000000003b81dd00540065006d007000000014000000 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\.php | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 03000000000000000100000002000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell\edit\command | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\php_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\telegram.php:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.7z"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.7z"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO43100149\README.txt
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.0.1412446766\1107708480" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1468 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e768c8c-d378-4ea6-a686-86674374e787} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1796 2c1632f3158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.1.136112083\1561317928" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {464e56e5-e0ae-4cc4-80d7-f85c8f8d611a} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2152 2c1631faa58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.2.197623608\1544599160" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2668 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8eae8b6-a7c9-4785-9f41-dd4bca44e5ce} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2964 2c1674da258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.3.518542900\1017934777" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd0a2a8c-17aa-4e2c-887c-e711ab10c10b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3408 2c165e10158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.4.790196201\2035127841" -childID 3 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82a961d4-a3ea-4584-983a-e67603d7419c} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4200 2c165f50758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.5.496112914\123480724" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e57c03f-4c1c-4eb7-8de6-f950ea83c4d9} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4888 2c15822db58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.6.1964946419\1823380225" -childID 5 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65af23c7-1dd7-40b7-a9ba-d0f43dd0c78d} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4792 2c169a87358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.7.782984577\1162338407" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e4dc556-9abc-46f2-b376-4a52602c9227} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5196 2c169a86a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.8.183340857\2130098373" -childID 7 -isForBrowser -prefsHandle 2716 -prefMapHandle 4608 -prefsLen 26514 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a101bd6-17d0-4cd1-af19-a5a4074e5cbf} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1520 2c16a861858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.9.720380631\238483592" -childID 8 -isForBrowser -prefsHandle 4944 -prefMapHandle 4960 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b573fac6-d30e-4378-9eea-0694ffef7f73} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4316 2c16b362e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.10.1261740061\1803182618" -childID 9 -isForBrowser -prefsHandle 5092 -prefMapHandle 5028 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a453ebd3-b9f3-4166-8fec-1b08978a9b5c} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5496 2c169a86a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.11.1297652320\414197335" -childID 10 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 27389 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37189d9d-0917-47ce-9785-8747bb86aed0} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5348 2c16a863958 tab
C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe
"C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe"
F:\4c3f295d499a0e4fe06bed3c14\Setup.exe
F:\4c3f295d499a0e4fe06bed3c14\\Setup.exe /x86 /x64 /web
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.12.339671722\1142303740" -childID 11 -isForBrowser -prefsHandle 5172 -prefMapHandle 5156 -prefsLen 27438 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbacee3d-ffa6-4372-837e-173a7653683e} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5144 2c1674dc358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.13.992913219\298105311" -childID 12 -isForBrowser -prefsHandle 10452 -prefMapHandle 10460 -prefsLen 27517 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aae0b2b0-0fd0-4877-b5ae-546cc21a0bb2} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 10440 2c16a862a58 tab
C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe
"C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe"
F:\559daf81a1cb3122d599b6c59065\Setup.exe
F:\559daf81a1cb3122d599b6c59065\\Setup.exe /x86 /x64 /ia64 /web
C:\Users\Admin\AppData\Local\Temp\7zO43186BD3\XWorm V5.3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO43186BD3\XWorm V5.3.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO431159B3\Fixer.bat" "
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe
"C:\Users\Admin\AppData\Local\Temp\XWorm V5.3.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3cc
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.14.1353164301\2093578753" -childID 13 -isForBrowser -prefsHandle 10260 -prefMapHandle 10212 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f882b873-fdfc-4b0f-a4a7-114e916d3449} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 10036 2c16ab0cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.15.197897002\66223970" -childID 14 -isForBrowser -prefsHandle 9844 -prefMapHandle 4344 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b046a201-d2d6-4707-af66-1083cf25ff8d} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9848 2c16745fd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.16.173682328\1959396079" -childID 15 -isForBrowser -prefsHandle 9560 -prefMapHandle 9564 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6696aae-0080-4c4c-8ac3-f4fcdab4011e} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9552 2c16b14f958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.17.1467407934\435550339" -childID 16 -isForBrowser -prefsHandle 9432 -prefMapHandle 9436 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59cda812-d8a6-4fd2-9cbb-d1db6ce40331} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9656 2c16c1f4358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.18.1675564274\557625459" -childID 17 -isForBrowser -prefsHandle 9212 -prefMapHandle 9220 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d06cc7ab-dec2-4ea0-a7ea-5c7c6249221f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9228 2c16dcb4b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.19.1144334962\1872850773" -childID 18 -isForBrowser -prefsHandle 9052 -prefMapHandle 9048 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f3240c2-8bde-4363-9162-32a866462494} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9188 2c16e231558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.20.1484388542\1469895230" -childID 19 -isForBrowser -prefsHandle 8872 -prefMapHandle 8868 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fe8a75-a9ad-4072-94f5-7d8d4e13b0b0} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8880 2c16e231e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.21.108427010\1498976393" -childID 20 -isForBrowser -prefsHandle 9076 -prefMapHandle 9544 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e51e99e1-7b39-4b0b-98c7-9236f53d71fd} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8624 2c16e425758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.22.1666425175\1368026097" -childID 21 -isForBrowser -prefsHandle 9708 -prefMapHandle 8996 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {248c81e9-1096-4a70-b9f0-467c99e3c0df} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8428 2c16e639858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.23.825066818\178257242" -childID 22 -isForBrowser -prefsHandle 8348 -prefMapHandle 8252 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e710285e-7336-4650-88a6-31a7fcb00950} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8268 2c16dcb5158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.24.639983562\2005668221" -childID 23 -isForBrowser -prefsHandle 8808 -prefMapHandle 8892 -prefsLen 27602 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb183052-1a2b-4ce0-a788-e9bbdd4885c2} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8728 2c16f093a58 tab
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\telegram.php
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.25.1334460282\451771722" -childID 24 -isForBrowser -prefsHandle 10064 -prefMapHandle 10068 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87fb9048-1793-4b99-b8da-326f04f7a57f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9268 2c16b305c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.26.1633466451\1422317398" -childID 25 -isForBrowser -prefsHandle 9640 -prefMapHandle 9436 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35797f6d-5058-4db5-851b-b4f4acccff6f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9724 2c16b306b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.27.797599673\260465153" -childID 26 -isForBrowser -prefsHandle 8016 -prefMapHandle 8280 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b396ca7-45bb-434a-b3a2-5ef01ede9e6f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8352 2c16745fa58 tab
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1vjwmxqv\1vjwmxqv.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES891F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8F62AE2B2B914860A45A8C2CAB9BC544.TMP"
C:\Users\Admin\Documents\XClient.exe
"C:\Users\Admin\Documents\XClient.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.28.1644562716\136913544" -childID 27 -isForBrowser -prefsHandle 8876 -prefMapHandle 8676 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4c30f5b-ad0e-4a61-bb34-af678133c154} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4676 2c16b9cea58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.29.1078586189\992412714" -parentBuildID 20221007134813 -prefsHandle 7748 -prefMapHandle 7740 -prefsLen 27658 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {015db2df-20b4-4e97-8dec-79f77288adee} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7756 2c16dbd6b58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.30.12151158\919403900" -childID 28 -isForBrowser -prefsHandle 4608 -prefMapHandle 8344 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1435066-ddb2-4e3f-974d-0f6b1e7a69bc} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 10440 2c16f10c858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.31.96750385\1659603580" -childID 29 -isForBrowser -prefsHandle 8032 -prefMapHandle 8040 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {465f43bc-8560-40a2-bc55-6d97b60d8ddd} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9712 2c16f109e58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 54.218.225.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49935 | tcp | |
| N/A | 127.0.0.1:49942 | tcp | |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 239.225.218.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-5hne6nzy.gvt1.com | udp |
| NL | 172.217.132.166:443 | r1---sn-5hne6nzy.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-5hne6nzy.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-5hne6nzy.gvt1.com | udp |
| NL | 172.217.132.166:443 | r1.sn-5hne6nzy.gvt1.com | tcp |
| NL | 172.217.132.166:443 | r1.sn-5hne6nzy.gvt1.com | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.132.217.172.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| GB | 216.58.213.14:443 | plus.l.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| GB | 216.58.213.14:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| GB | 96.16.110.13:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscg.akamaiedge.net | udp |
| GB | 96.16.110.13:443 | e13678.dscg.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| GB | 23.48.165.137:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | e81481.dsca.akamaiedge.net | udp |
| GB | 23.48.165.137:443 | e81481.dsca.akamaiedge.net | tcp |
| GB | 23.48.165.137:443 | e81481.dsca.akamaiedge.net | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | e13678.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | e81481.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | 137.165.48.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | greenid-prod-pme.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | greenid-prod-pme.eastus2.cloudapp.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 52.167.30.171:443 | fpt2.microsoft.com | tcp |
| US | 13.89.178.27:443 | browser.events.data.microsoft.com | tcp |
| US | 13.89.178.27:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdcus03.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | onedscolprdcus03.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | cs1227.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | cs1227.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus17.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus17.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| GB | 23.44.234.47:443 | download.microsoft.com | tcp |
| US | 8.8.8.8:53 | e12671.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e12671.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 47.234.44.23.in-addr.arpa | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.213.14:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adservice.google.co.uk | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.246.64:443 | part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| IE | 54.216.138.85:443 | w.usabilla.com | tcp |
| US | 8.8.8.8:53 | 85.138.216.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| FR | 52.222.161.46:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| US | 8.8.8.8:53 | 46.161.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus04.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus04.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus15.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus15.westus.cloudapp.azure.com | udp |
| US | 20.9.155.148:443 | gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com | tcp |
| US | 20.9.155.148:443 | gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 148.155.9.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | onedscolprdwus15.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus04.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus04.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 8.8.8.8:53 | gig-ai-prod-wus2-02-app-v4-tag.westus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | gig-ai-prod-wus2-02-app-v4-tag.westus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus09.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | onedscolprdeus09.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | download.microsoft.com | udp |
| US | 8.8.8.8:53 | e12671.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e12671.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus09.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus09.eastus.cloudapp.azure.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 8.8.8.8:53 | gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | gig-ai-prod-wus2-01-app-v4-tag.westus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus14.centralus.cloudapp.azure.com | udp |
| US | 104.208.16.90:443 | onedscolprdcus14.centralus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | onedscolprdcus14.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 100.21.251.158:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 158.251.21.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 172.67.1.225:80 | tinyurl.com | tcp |
| US | 172.67.1.225:80 | tinyurl.com | tcp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 225.1.67.172.in-addr.arpa | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com.cdn.cloudflare.net | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| GB | 142.250.200.10:443 | translate.googleapis.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| GB | 142.250.200.10:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 37.214.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| GB | 3.162.19.143:443 | cdn.amplitude.com | tcp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | tcp |
| DE | 54.93.147.185:443 | btlr.sharethrough.com | tcp |
| DE | 54.93.147.185:443 | btlr.sharethrough.com | tcp |
| DE | 54.93.147.185:443 | btlr.sharethrough.com | tcp |
| DE | 54.93.147.185:443 | btlr.sharethrough.com | tcp |
| DE | 54.93.147.185:443 | btlr.sharethrough.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| DE | 18.185.180.173:443 | tlx.3lift.com | tcp |
| GB | 13.224.81.88:443 | tags.crwdcntrl.net | tcp |
| IE | 52.211.239.186:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.211.239.186:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 37.215.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.147.93.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.239.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.180.185.18.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | qsearch-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | udp |
| GB | 88.221.134.90:443 | qsearch-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | a267.g.akamai.net | udp |
| US | 8.8.8.8:53 | a267.g.akamai.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 90.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 156.184.233.64.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| GB | 96.16.109.9:443 | e6603.g.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 54.185.172.28:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | pugm-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.172.185.54.in-addr.arpa | udp |
| NL | 198.47.127.19:443 | pugm-amsfpairbc.pubmnet.com | tcp |
| US | 8.8.8.8:53 | pugm-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | b04b437c5a5f057d7a4900be0ae509c1.safeframe.googlesyndication.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| GB | 18.165.155.172:443 | cdn.prod.uidapi.com | tcp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| GB | 216.58.204.65:443 | b04b437c5a5f057d7a4900be0ae509c1.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | d2avimlm6gq3h9.cloudfront.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | d2avimlm6gq3h9.cloudfront.net | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 216.58.204.65:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com.cdn.cloudflare.net | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.155.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.mediago.io | udp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| US | 8.8.8.8:53 | images.mediago.io | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | tcp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| GB | 3.162.20.8:443 | cdn.mediago.io | tcp |
| GB | 3.162.20.8:443 | cdn.mediago.io | tcp |
| US | 8.8.8.8:53 | cdn.mediago.io | udp |
| US | 34.111.60.239:443 | images.mediago.io | tcp |
| US | 8.8.8.8:53 | images.mediago.io | udp |
| US | 8.8.8.8:53 | trace-eu.mediago.io | udp |
| US | 8.8.8.8:53 | cdn.mediago.io | udp |
| US | 8.8.8.8:53 | images.mediago.io | udp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 34.111.60.239:443 | images.mediago.io | udp |
| NL | 35.214.168.80:443 | trace-eu.mediago.io | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.168.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.60.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | tcp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gtrace.mediago.io | udp |
| NL | 35.214.168.80:443 | gtrace.mediago.io | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gbc6.fr3.eu.criteo.com | udp |
| FR | 185.235.86.177:443 | gbc6.fr3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc6.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | 177.86.235.185.in-addr.arpa | udp |
| FR | 185.235.86.249:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc8.fr3.eu.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc8.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.86.235.185.in-addr.arpa | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | download1638.mediafire.com | udp |
| US | 199.91.152.138:443 | download1638.mediafire.com | tcp |
| US | 8.8.8.8:53 | download1638.mediafire.com | udp |
| US | 8.8.8.8:53 | 138.152.91.199.in-addr.arpa | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | udp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 54.230.10.111:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 104.21.96.72:443 | www.ovardu.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 35.157.234.97:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | front-geo.production.opera-website.route53.opera.com | udp |
| US | 8.8.8.8:53 | front-geo.production.opera-website.route53.opera.com | udp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.234.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | e11604.dscf.akamaiedge.net | udp |
| GB | 216.58.213.14:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | e11604.dscf.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 216.58.213.14:443 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | 174.85.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | dualstack.reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | dualstack.reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com.cdn.cloudflare.net | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.19.214.37:443 | otnolatrnup.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 104.19.214.37:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | 54.219.188.15.in-addr.arpa | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 104.21.87.79:443 | g.ezodn.com | tcp |
| US | 104.19.215.37:443 | otnolatrnup.com | tcp |
| US | 104.21.87.79:443 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 104.19.215.37:443 | otnolatrnup.com | udp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | udp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| N/A | 127.0.0.1:7000 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| GB | 3.162.19.143:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.41.106.252:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 13.33.52.56:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| GB | 54.230.10.124:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | device.maxmind.com | udp |
| GB | 3.162.20.77:443 | vc.hotjar.io | tcp |
| US | 8.8.8.8:53 | vc-live-cf.hotjar.io | udp |
| US | 8.8.8.8:53 | device.maxmind.com | udp |
| US | 8.8.8.8:53 | device.maxmind.com | udp |
| US | 8.8.8.8:53 | vc-live-cf.hotjar.io | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| US | 162.159.135.22:443 | device.maxmind.com | tcp |
| US | 8.8.8.8:53 | 252.106.41.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.52.33.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d-ipv6.mmapiws.com | udp |
| US | 172.64.145.79:443 | d-ipv6.mmapiws.com | tcp |
| US | 8.8.8.8:53 | d-ipv6.mmapiws.com | udp |
| US | 8.8.8.8:53 | d-ipv6.mmapiws.com | udp |
| US | 8.8.8.8:53 | 79.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 104.16.113.74:443 | app.mediafire.com | tcp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 104.16.113.74:443 | app.mediafire.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | udp |
| US | 104.16.114.74:443 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | 7.88.190.35.in-addr.arpa | udp |
| US | 104.16.113.74:443 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafireuserupload.com | udp |
| US | 104.16.126.23:443 | www.mediafireuserupload.com | tcp |
| US | 104.16.126.23:443 | www.mediafireuserupload.com | tcp |
| US | 8.8.8.8:53 | www.mediafireuserupload.com | udp |
| US | 8.8.8.8:53 | www.mediafireuserupload.com | udp |
| US | 104.16.126.23:443 | www.mediafireuserupload.com | udp |
| US | 8.8.8.8:53 | 23.126.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | upload.ee | udp |
| FR | 51.91.30.159:80 | upload.ee | tcp |
| US | 8.8.8.8:53 | upload.ee | udp |
| US | 8.8.8.8:53 | 159.30.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| FR | 51.91.30.159:80 | www.upload.ee | tcp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| FR | 51.91.30.159:80 | www.upload.ee | tcp |
| FR | 51.91.30.159:443 | www.upload.ee | tcp |
| FR | 51.91.30.159:443 | www.upload.ee | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 104.16.113.74:443 | app.mediafire.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.184.233.64.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zO43100149\README.txt
| MD5 | 432355e07e5399ff85ee44dcca189dda |
| SHA1 | 189f4a720b7288a13ba84be02e3c9d19a14092c3 |
| SHA256 | 1c1995a3eaaf9e9e2a177b21541737231b33abcfdcf9b866495b19029cc52121 |
| SHA512 | 646918e701aacc9decdbf4676ae5df5b0e6d920d67fed95fd621160804dbfcbdb4722f9171e828465e166116748dd2e53bc12c3b90d265af4b216b2602db0241 |
C:\Users\Admin\AppData\Local\Temp\Icons\icon (15).ico
| MD5 | e3143e8c70427a56dac73a808cba0c79 |
| SHA1 | 63556c7ad9e778d5bd9092f834b5cc751e419d16 |
| SHA256 | b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188 |
| SHA512 | 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc |
C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe
| MD5 | 1d9b3f35068b44a010eea7515db3ad6d |
| SHA1 | 05c1ea62f38efe04ec9591c5fb63ad3882ee9263 |
| SHA256 | 00c6d090a7f78c548dd7d7b518749d6b014ecc7929ce05f849a46df4c63577df |
| SHA512 | de159eb9503593edb32eefb6a2ee0215931d5071a695359a03f134c6cd53fa50e4cc4d71896e9196628239f741196ef12d35e510612921348230bf1db25b4056 |
C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe
| MD5 | 92fcb691c4a48e618d23e6adeec2cb5d |
| SHA1 | 51e135164bc679dc6f6b68e4cf6e38ec961e79a4 |
| SHA256 | c7ed3bd06ac569f9b31fd20859dff9ea238939d7a6cb12a24edb85df5f91c78b |
| SHA512 | 1f61867bd9436d6a968a2944e6ede02043e6a08001d416670ff561f78b1e8b70ed3d138ecd658185dbc7932de6328c49b541d4ecf13496063193c96c5af4a4dd |
C:\Users\Admin\AppData\Local\Temp\7zO4312440D\XWorm V5.3.exe
| MD5 | 41570e397d617d61ee9efa16bd174cb2 |
| SHA1 | 9e2f4d2971babbb99ff92b6a87fa64d39a69e9c1 |
| SHA256 | e779d11a6c5c914837f973422883c029bc37c5eab77f21f16223c1a40c6e891e |
| SHA512 | c52bdcca71ca37efa44fa105634da73b72e5b97dd13aaa28b23c189e1e4006b18d21ebb4bf98463f30643c8a98a0527f88942739679840c783a1850c43f71ce9 |
memory/3924-148-0x00007FFFA5460000-0x00007FFFA5E4C000-memory.dmp
memory/3924-149-0x000002C7A6DF0000-0x000002C7AA068000-memory.dmp
memory/3924-150-0x000002C7AA3E0000-0x000002C7AA3E1000-memory.dmp
memory/3924-151-0x000002C7C4800000-0x000002C7C4810000-memory.dmp
memory/3924-153-0x00007FFFA5460000-0x00007FFFA5E4C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\pending_pings\b54e1144-e4be-4291-ad82-c36736fbaeed
| MD5 | 29f379f6a7039d4e37c36c480e8393d6 |
| SHA1 | 5e4ffe4e8460f3333f3badb2c16ce2b98173787e |
| SHA256 | 423a4ce8c645b32418323cf57c4a09122e259cdf5752576e6be742ca8a66ed43 |
| SHA512 | 504f8708b4e648ba8ce5a9cf3b7a3f372a5c4d8a8ae23f56d09bf05fc3c2f3df28b7eb3d8147f014e3b6e8cfb55538a59a815a2c1e65a9c16e588675fa9d3837 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\pending_pings\408dfa12-d3b6-4bda-b520-08cec59dfe05
| MD5 | 6e9067de87cf1ea1ffdf30b4db1adb53 |
| SHA1 | a144be58b2d06745417be4870289bdaf3b6be21c |
| SHA256 | 44a2c18450249aa0dfe88c23d86dc523adca860c8d87504a9486eae9af86081e |
| SHA512 | 21c3fa8b8c2d57f64c86b16ec23ce70533dcf198f53fe828f4a216c9db5534e430b56c595200ee8dcd1ea8f7a976a118bcd78e9d9fa3738b7adeb1c6b04a0e30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\datareporting\glean\db\data.safe.bin
| MD5 | a7a3c69b399f402bb0dae0e3e0cd0472 |
| SHA1 | 08a3a0993d0e66e2b0bd361b75096d01e9c7fbc0 |
| SHA256 | 6a1fb70a560b39f2c2a45ac7dea47f83f3c48ed4e909a86f64383f3682b83f4d |
| SHA512 | 99a5eec26a2fc14c58de09f6d3414680b93892ad271c00890c9c051ba3ece5df975b12d3c566160cd03b3a084d891df315eab729e827530bcd508281f12fdca2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a469497d9c45c833cd619eee4c84f564 |
| SHA1 | e042a60247ed243a2abdc8c528ba1b5bd86a47aa |
| SHA256 | c2ec23df5cecd28a4ed84131921662e0eeeb0ab9f160e72b5fea85d753d15c08 |
| SHA512 | 1588aab6f85e243cf1e0e78ce9dd4a9e49429a8191c98561c560d21f64e3992bdb5b55e66fa6d6cefe7d61e7fb5675e4b8d2f264385e389771df04553752e1a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e07d8a745747198b21a23a8cbd7d51e2 |
| SHA1 | a267995a577a3181ffa5a14e8de7e07175dd74b2 |
| SHA256 | bdad500e6d4ca298bf2e1239c8b21714effb4740b5c6d5ef795ec897fba35c2c |
| SHA512 | e94669edc150b189ffb986075422069b653d48ece4a5080a60b2276ea74984f950fe12e62b5cff48de2807459b52825a9bf0aa78bc56f68a37884a66cabe3d02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js
| MD5 | f610f222e0bfe809fa46673443677421 |
| SHA1 | 19ba666843e5a7d0dd1954a7815061bbe7d04286 |
| SHA256 | 935851b4258fd0f1fb413ad311a8855ec1a30d665c1da8fda00d431f18ba791c |
| SHA512 | b6ec291613a987a6f75386f3065a382a2bc67ae61f963b967ead5f5531256a0d4a889c17a2beea201f1022a9609e22306e955d6c3cf81d564b5067b4f55096c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a5840673033a13d4a8af4418ab1087e2 |
| SHA1 | b175f3c2b54280d545483629124316d919f4a5d6 |
| SHA256 | 6bad54202569f49a9000bbfc6de754ea7937d340dc7a269d7972844c1ae53f21 |
| SHA512 | 5739ddcf311cf036d5834360260cc9f9525ba4e2497100087ffe0c97ed4466c804c738cc5cb4798af669a4ac36b8bbff3dc47d1dc312bf976328e4ca08ff16bc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js
| MD5 | 8edb5a8c1e09a0108f08fb5b5e619c70 |
| SHA1 | 9ad97f5b784f4cc9d4c628c71853cebb546ebfd2 |
| SHA256 | 75f28bd93368f0bf9a89753c854f3b6ba28b58fa4d92d1400582841fc7e6f272 |
| SHA512 | b8f474beebcaf5177d0d03e1d51ce37d53258ad2d25895c4189b4cbaff240d44cda399f1d078ceafa0e990eca1403bc06b8f5531b3fedd56f29ce4ed66172443 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | aaef03bdb9b041bf877f5ed225e95fc0 |
| SHA1 | b4ff94b97d15bc5be9f588ece5145cbb31477a8e |
| SHA256 | e231098d8fcde31c99bb1988d3142c0985c279a04a15cf9ed89e758daa3d23d7 |
| SHA512 | 244e0e50866b8d11953636b62e9b4f2a6191768781ef361e94230da51005afc0a8022cdcab8aea2974cc96fd3f897910ba50a360ab9a387737e9cdac93a7a326 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\25671
| MD5 | 2a0481f137ef734e4240ff8f8ca12876 |
| SHA1 | f4a17edb41ecf8b176bbb2c540a93c6f724bce27 |
| SHA256 | 316dab6c32313650e30273c81d94b0efaedf7a2d2882aa26ff447a9a744354c1 |
| SHA512 | 11f962da2cbcb8a8d0188bf39071fc526e434f0f6cc3f56eb496879b137abe11b0c30e13cd752d9539fb89180ba0ec62655f53f85c5fdcaea337f5704fa69787 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d017d761e905a5e09c19353c111f2f2a |
| SHA1 | 671f1604940e714a56ee73834622ad0574fbac58 |
| SHA256 | c9080bdd55d518d839136adca88328ae4dadd2f89effa49decb831a274941a3a |
| SHA512 | bea731ee9830b7c2a7f9f8e5cec2aa99ad1abbcf4af0ff67d33631339015aa232fa4d86a64d9cff0bc3b025fa473fecff4e08c3e8f736f373e820591c99abfc9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dca9e09f0ca6c65b42b0db0b4d6ce022 |
| SHA1 | 64e85970ef4bf66b9bcc08037026f891f2458c77 |
| SHA256 | 4ae7126de21b3e38f6f7363419585b533b73cc23236b61f4346206ed87637f01 |
| SHA512 | 223c90ab1365a3d7a05b39dad00534dcdb72a85d8bd59a50aa54e35c9a552f6249085f2031a96adb948fede95415d008efc866650c4ab502bb2b9596e14050e3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 6ca7f24fa802989314069b1c5e4b27e6 |
| SHA1 | f4316e6ab8dee01ce8085f3660632cf1d042ceb7 |
| SHA256 | a72301d941d12e563d42749f7bcbb10ccec62e65dc47febe553f034709c4c994 |
| SHA512 | bdb18ae1f652b13d5d306f6d2d22e240568ee1ebd43b475cf77c6caa45cd658796730b38d88bdb699a8826e50aebcd791d1514ad11ba01567f3720471f0ee51b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 72e0cdfcfff1c6be4489dde5e2796086 |
| SHA1 | e229de6ee2a5d0dbe703997ad4ea9db404402fbd |
| SHA256 | 1d5649f02f0701bf6061e583794a2d3a417a305218397967fef96b86b3e6ebc8 |
| SHA512 | daf6e3872e860eb2f93a8763e9478ed7d0a781e15cb857c6ff2e7b3991cd5e956c268925401d2eeaae99d94ae277207e2557a8796494a25686691ab22ae8e604 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 99128c4f8334acc4d1c7ed37c5a5cfb0 |
| SHA1 | 5867323efb5d2a696fa114d9810de7d5f17c75a7 |
| SHA256 | cda467371ef7641081a190511199684cd8f0e54bf97c21205c0f30d3b52eda39 |
| SHA512 | d29bf38bbc7389114723e4978fe5aa48eebbd7334b23ccd74ded14105ce6961820f223d8b72a3ac4fb9c834637076f0cb0afe58bd055c6b4d33a3e87b2e40f29 |
C:\Users\Admin\Downloads\dotNetFx45_Full_setup.Fm_0kYmO.exe.part
| MD5 | fc668d59f66c0a28616dfd9c613bbe06 |
| SHA1 | 3a8112e00b943cd203448300077225ef4eaa168d |
| SHA256 | 2bbea7c370063e5fbf2971196ebd7c422c3aeb32832ba2c64846bef57228554a |
| SHA512 | 97bd4e039e9f5ca25a3bfd4dafa1250df9f74fdc4e8416d3e72badd689e07f605f9d911b538d16eab6e14b06286d6354d61cee1ed9856b2d584f1e4141b0c171 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 38639caa8af4df08e6067136b6cf9f50 |
| SHA1 | 01a75e71397222006960f66796415fdfd5f13440 |
| SHA256 | 37fbf9729346f620777b09dcc1fc1fc29ee4de5d44e57b2dc6dc2e75636c013b |
| SHA512 | 31f7617c4fc4bd8be927d74f6678961ab25a8bf93ceea484b5151c9e75da8885be918f7d4423681c2aef817719cbd2bc496e55cf5ba7c702a163ab5b19a3a422 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js
| MD5 | 900a80edc58004d18a5ff36266c042ea |
| SHA1 | ba3f0a9a0b8c19050fb5bbd7af166eaebbdb92f4 |
| SHA256 | 9da64c78b16830cf01c9ed29019f6441967d4a58cc9c564e7f7f0929cdee4c90 |
| SHA512 | 28054c5859aef75ce33bf8194f4b7bcdf9491a1a031b5ba9f9b316449bf5bfaa45f9d2d0bf934604149b4b77ce42b80a5698ec9a82a498ba507e05908af46791 |
C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe
| MD5 | b3f682dd9782efff6cd60de4d1605bb2 |
| SHA1 | b6377b036ef0b61a8936dcda9c9b87a00fa9a722 |
| SHA256 | 013f7c76f911dacf9d838df58328a47b8caccbfcfd47360a44ffcdbefb5c8f2e |
| SHA512 | ec441ff113292598e25f159ff15cacb66678d8a8169096b2da66ad5c8df5c611866ba6387022eaad933fa1d5dea0d0e72ed2af88e9510c6e142e59faa9ed3ab6 |
C:\Users\Admin\Downloads\dotNetFx45_Full_setup.exe
| MD5 | 8950600dcfba48bf4c3eb1229ac69f79 |
| SHA1 | 0b4eed75d594620cb6596056d9311e55e38896a6 |
| SHA256 | 6c194883843b416255877d08cdc1a028f9bab128c9b7828bcccf4b20a8f028f9 |
| SHA512 | 14a2c0ee82e4ef286c2e45584b41181f75e9e997a3b9312b9e984cfc00e6b862157b65b162c32a1455f377e2491254441f83bf4e806f038c7fdf8992bfad27cb |
F:\4c3f295d499a0e4fe06bed3c14\Setup.exe
| MD5 | 8b3ecf4d59a85dae0960d3175865a06d |
| SHA1 | fc81227ec438adc3f23e03a229a263d26bcf9092 |
| SHA256 | 2b088aefcc76d0baa0bff0843bf458db27bacc47a8e698c9948e53ffc471828b |
| SHA512 | a58a056a3a5814a13153b4c594ed72796b4598f8e715771fc31e60c60a2e26250768b8f36b18675b91e7ecc777ef27c7554f7a0e92c2dfaba74531e669c38263 |
C:\Users\Admin\AppData\Local\Temp\HFIA78B.tmp.html
| MD5 | 716b967e75d60719e94aef7580d0879a |
| SHA1 | 619c265ef07b01655c3233ef03a7dc2078669f22 |
| SHA256 | 0479fac737b1375ac12a5a2f33c471e0caf570e0ebc32abdc5161b079bb773c4 |
| SHA512 | abe09bca075c00eaa8d9e1a45dfccee7800d75756e1b8954913051fe25475740d49e62c22cf238554e1784811a0a1c8e65a7dbff470b7b44e69cabb37c237360 |
F:\4c3f295d499a0e4fe06bed3c14\DHTMLHeader.html
| MD5 | cd131d41791a543cc6f6ed1ea5bd257c |
| SHA1 | f42a2708a0b42a13530d26515274d1fcdbfe8490 |
| SHA256 | e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb |
| SHA512 | a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a |
F:\4c3f295d499a0e4fe06bed3c14\SetupEngine.dll
| MD5 | e9c972015a30ced238bba0f8f06ad56d |
| SHA1 | 64ceec44cb92c7245c5ef0d875f8f964fdf28f1b |
| SHA256 | c8e4da192c890b7a49034963a41919e2d7bd9a318b4cdbe76ada7e946da1f7e9 |
| SHA512 | 693c1bcd7d237869484f235fcceafa3d0937e2f4f30cce85bed438a79c9a280ba69af4230907780edb1de68fb6090ba68e1dae91c14ac3b15d4192a6204395d6 |
F:\4c3f295d499a0e4fe06bed3c14\SetupEngine.dll
| MD5 | 43bc7b5dfd2e45751d6d2ca7274063e4 |
| SHA1 | a8955033d0e94d33114a1205fe7038c6ae2f54f1 |
| SHA256 | a11af883273ddbd24bfed4a240c43f41ce3d8c7962ec970da2d4c7e13b563d04 |
| SHA512 | 3f3068e660fea932e91e4d141d8202466b72447107ff43f90dea9557fc188696617025531220bc113dc19fdd7adf313a47ac5f2a4ce94c65f9aeb2d7deda7f36 |
F:\4c3f295d499a0e4fe06bed3c14\SplashScreen.bmp
| MD5 | 0966fcd5a4ab0ddf71f46c01eff3cdd5 |
| SHA1 | 8f4554f079edad23bcd1096e6501a61cf1f8ec34 |
| SHA256 | 31c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3 |
| SHA512 | a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce |
F:\4c3f295d499a0e4fe06bed3c14\1037\LocalizedData.xml
| MD5 | 94f3480d829cee3470d2ba1046f2f613 |
| SHA1 | 9a8ffc781afb5f087b39abe82c11e20d3e08b4f3 |
| SHA256 | eceb759e0f06e5d4f30bc8a982f099c6c268cff4a1459222da794d639c74f97f |
| SHA512 | 436d52da9c6c853616cf088c83b55032e491d6d76eeca0bf0cb40b7a84383a1fcffcb8ac0793cdea6af04d02acf5c1654d6b9461506ee704d95a9469581e8eaf |
F:\4c3f295d499a0e4fe06bed3c14\3082\LocalizedData.xml
| MD5 | e58efac53fe2a16be9b99d0aa33baa3d |
| SHA1 | 7f2fecb6c4ebe9374a04f374d43465d968b3e33f |
| SHA256 | 64baa04b7ebb5ee833f43493497e99a6f2584bdc763a7c24700693cb89b35a0c |
| SHA512 | b9b2e07e845e6bb509d4471cbe3c848836938e507308293f7c083c54cef61911a06110a5616c216ec72c39ce887b2e7f5961688809a2dad787d131ef2780d22e |
F:\4c3f295d499a0e4fe06bed3c14\2070\LocalizedData.xml
| MD5 | 6930ce4e8e28f54a0db5d919b6babd0e |
| SHA1 | 0278bf717168c061709e60ca754c8dc6e32b92d1 |
| SHA256 | 4bbb7f8a9743a5a21711156dc978dc8683b3edcd9ca32e4c6a38dbe6f5001e04 |
| SHA512 | 904dc390c6cad81e60159683fadc5e8556585b32f1f9482accfedf3ee6b14cd8240e2225e3ce8a0338da93162cef601c4e9798327a1bc390e62b4eb2fc59cd4c |
F:\4c3f295d499a0e4fe06bed3c14\SetupUi.dll
| MD5 | c6760e8b45ffa0cd56b843bc498b919d |
| SHA1 | 9faa762fcd06b2c216122c31a387d6d9cf5a6558 |
| SHA256 | 26f324b3d8e7af4994459e118d20ef5b0abb332075432dd42c6597833486e269 |
| SHA512 | b83f7eab3ee1ef167f81c3ddfa6a578540fb0da2efd15b54650fcf5b35cdb6f54229e04887a6f66a78c4e20cdc21119db4e0f0ed3799eeea3d2e4a308ff3f54a |
F:\4c3f295d499a0e4fe06bed3c14\graphics\warn.ico
| MD5 | b2b1d79591fca103959806a4bf27d036 |
| SHA1 | 481fd13a0b58299c41b3e705cb085c533038caf5 |
| SHA256 | fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11 |
| SHA512 | 5fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2 |
F:\4c3f295d499a0e4fe06bed3c14\graphics\setup.ico
| MD5 | 3d25d679e0ff0b8c94273dcd8b07049d |
| SHA1 | a517fc5e96bc68a02a44093673ee7e076ad57308 |
| SHA256 | 288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f |
| SHA512 | 3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255 |
F:\4c3f295d499a0e4fe06bed3c14\graphics\save.ico
| MD5 | 7d62e82d960a938c98da02b1d5201bd5 |
| SHA1 | 194e96b0440bf8631887e5e9d3cc485f8e90fbf5 |
| SHA256 | ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5 |
| SHA512 | ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67 |
F:\4c3f295d499a0e4fe06bed3c14\graphics\print.ico
| MD5 | 7e55ddc6d611176e697d01c90a1212cf |
| SHA1 | e2620da05b8e4e2360da579a7be32c1b225deb1b |
| SHA256 | ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed |
| SHA512 | 283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e |
memory/4728-950-0x0000000002D00000-0x0000000002D01000-memory.dmp
F:\4c3f295d499a0e4fe06bed3c14\Strings.xml
| MD5 | 8a28b474f4849bee7354ba4c74087cea |
| SHA1 | c17514dfc33dd14f57ff8660eb7b75af9b2b37b0 |
| SHA256 | 2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b |
| SHA512 | a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369 |
F:\4c3f295d499a0e4fe06bed3c14\1033\SetupResources.dll
| MD5 | 541d0525f83b665b9237bfe3e3483031 |
| SHA1 | ddc3b3dbf0524c38328b1dcbb7207e265b7d67cc |
| SHA256 | 6612a68898b89bcc6f1b74c11d4ec33a4b230ab567aed78d31e0120509ef2990 |
| SHA512 | bf6f131b0d26c6785991e1b4c460668e82e01fe949dbe94bd0ed4fb2be0cc38d50dc266f03ef491f33f447b7d724e045a486410e265561b77c3205964cab55ff |
F:\4c3f295d499a0e4fe06bed3c14\SetupUi.xsd
| MD5 | 2fadd9e618eff8175f2a6e8b95c0cacc |
| SHA1 | 9ab1710a217d15b192188b19467932d947b0a4f8 |
| SHA256 | 222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093 |
| SHA512 | a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca |
F:\4c3f295d499a0e4fe06bed3c14\2052\LocalizedData.xml
| MD5 | 759eb338d738ca6c531b9d5b06591b3b |
| SHA1 | c9ed5ada615ccacd887a0d07ee25dfe1d7fbc00c |
| SHA256 | a4c3bc545fc028935ad6ec4bd8ce51a300fab8a0b128cca89a8c14923d437b16 |
| SHA512 | 82e6b969dedfdda477f6fb7fcb50a0acad0b26b9b4cca9f1adab5323c6c144da6c0bff34e39e0ef7b39f37ab5808f0064eace99867f7cd258e91aeb5aa5baef2 |
F:\4c3f295d499a0e4fe06bed3c14\1055\LocalizedData.xml
| MD5 | ddb64b6c4fc498c27d291edaaf65a536 |
| SHA1 | e312eef1e9a485c5c6fe4578bbe1dd0cadbb1e3e |
| SHA256 | 027180d93ceb875227a1d76a018b870cd1d09e143ffa1632b31c322b92dd6a35 |
| SHA512 | ddb55169000052fb27caeeb349939925c7df1535c5c697da7cc2be3224c2c8ebe64328d865d1dfdbad4c1e0588853c5309e31de747f71b7f3bc9b6a9eb4335c1 |
F:\4c3f295d499a0e4fe06bed3c14\1053\LocalizedData.xml
| MD5 | 984229d90d2e75f49cd9de5df014e484 |
| SHA1 | fc32854972f189305a38c11a62ef457cd94026c6 |
| SHA256 | c884f515f337e977d4cf1a19ff693c753813ede2e52a9dbe8f6ef25184ccae8d |
| SHA512 | 23101cc1b6c17f10a8d53c59c4e9bf6d24d03d781fa1a36fcb89315f2257ea4a1bd652bdbc81845479a88f00f1db52b35a0bba311a9885c7503689f9c25e49c2 |
F:\4c3f295d499a0e4fe06bed3c14\1049\LocalizedData.xml
| MD5 | 1c8ad8f7aacde7ac59bfd9730cfcae80 |
| SHA1 | 815c79113429b37d34c7ddff46ceccfe58b4cddc |
| SHA256 | 4faa58922f623685f05386ce518c0243e3f310db5ac64c58e5b4e91a3e4477b7 |
| SHA512 | 27d5871f862756945c66397d539c79bf6032ec0d6a06255ad6b57ad1df3c1e8c87dc55dcc3febfb4bd1ce4eb24f3268fab30b1df3fd1c035d66410337db73785 |
F:\4c3f295d499a0e4fe06bed3c14\1046\LocalizedData.xml
| MD5 | c13b50e2a7f6e7e9343500771cf2d247 |
| SHA1 | 0b679d20dda94224a5ddd80863a2a32de1cc6f1e |
| SHA256 | 3f9bf4eee9ece4a0181ea344344230d73d711aba2fa9248834e3b7547a3062cf |
| SHA512 | 32daea597a34f60ca5b73648d66663e4723c0d588af4ce08f76240aabbecd3a35abfbfd5e22abd8eac8ca64a9f2b3edadb8d1c24bc31f53ce5cd902dba3fc5da |
F:\4c3f295d499a0e4fe06bed3c14\1045\LocalizedData.xml
| MD5 | 95c6472f2c8329ec1c10f7df3a31c154 |
| SHA1 | 624d46235912dc169913ba77caa7889219e2c394 |
| SHA256 | 197722527d1ad65a10a29ecec04f029abc549eb5d05bc07a68107ad6dd4bd35b |
| SHA512 | 28149ab0c041dc35f717435f3c2218700090fc38723219c1cd40ec7f777c68d99dd08b6a42014ead8fb1e309637b6c33aa5dec0518dc1b72273c7a6fd7ef06c0 |
F:\4c3f295d499a0e4fe06bed3c14\1044\LocalizedData.xml
| MD5 | a459afdbe20f5d4c904d3e3700ee9191 |
| SHA1 | 22570b1de34c11796390057537269145a2c63438 |
| SHA256 | 0ac4bcf5cee39ad42070e34393303ffe3ef27e71c8d9522f3dc01e12f93dda03 |
| SHA512 | b01536c774121ba9fe25014bb802b45449ba46529af8ad59f3ff93e339e7443238b268716ac051d24ac9eba093e5d66fd5c5faa2ca17bf744ec31e50627159ce |
F:\4c3f295d499a0e4fe06bed3c14\1043\LocalizedData.xml
| MD5 | 898d2a1a5fac4d1a028aa11e0ed9f9b4 |
| SHA1 | 343795fbc1bbf1b0982dc9e70501721433fba892 |
| SHA256 | 73130da9b103f1812ca69cfffdf5750e74b0228cd40e0325a7f14e799aaf21a3 |
| SHA512 | fac3fd81d803c1029df6a3cd93060c950b0ba399fe074d438c4867d55468e7de9aa77bbd7b51fe866f6849684408c853d70956e94de39d4f61019825028a25e4 |
F:\4c3f295d499a0e4fe06bed3c14\1042\LocalizedData.xml
| MD5 | ad25367f86144f29946df3b3866e7dbe |
| SHA1 | cc8470dbe0bfe9394742d639d9caeec961a27928 |
| SHA256 | 90d0885f929059358fe76e61b560b3d188abbe7c041babefc82038f6faebb7eb |
| SHA512 | 66a343d1405e377bf2d303b0ec896814a46248c05dfe61a2c3167ed1c915964f7f57b335bd7fae324461e65e5ee6bc2384eff28f71c4325eb3c4f89611659afb |
F:\4c3f295d499a0e4fe06bed3c14\1041\LocalizedData.xml
| MD5 | 5ab13768b6c897eff96e35f91b834d25 |
| SHA1 | 54f04c73a57a409e4c1fe317a825ee2ed4ddcd10 |
| SHA256 | 87b5ce86b0134ea82215dcf04ffbf7f5c8a570f814f82b4c7ba6106195924c6b |
| SHA512 | ee98f34723a1593ef12589ea9657f8d9a3c9dc8a3fb5eed6f8bb026c6656a3ca6fec8243745ed7fbf406019b6e2b42762c1ee74d26c0f70cc9da272291fe680f |
F:\4c3f295d499a0e4fe06bed3c14\1040\LocalizedData.xml
| MD5 | 5e805353cb010fc22f51c1f15b8bcaa1 |
| SHA1 | 9360f229aee4fed6897d4f9f239072aa22d6da9e |
| SHA256 | 02b83ebd2689e22668a5ee55a213091fdc090dfee42c0be9386f530d48af8950 |
| SHA512 | 275d7c7c952a352417fe896c5be07f5a4c50ff51569cb04ab615cda6a880a8e83f651c87f226a1eb79d8286f777488bfaac2636a1a2057cf5db83037b3e1214f |
F:\4c3f295d499a0e4fe06bed3c14\1038\LocalizedData.xml
| MD5 | 818e35b3eb2e23785decef4e58d74433 |
| SHA1 | 41b43d0b3f81a3a294aa941279a96f0764761547 |
| SHA256 | 3d8b2c8079cf8117340a8fc363dceb9be102d6eb1a72881b0c43e1e4b934303e |
| SHA512 | 98ae09da1be0ebe609d0e11d868258ab322cdc631e3105296c8ce243d821b415f3c487cbb4cd366bb4bdb7f0f9447a25836e53320b424a9ff817cac728ff4ae2 |
F:\4c3f295d499a0e4fe06bed3c14\1036\LocalizedData.xml
| MD5 | 75bf2db655ca2442ae41495e158149c9 |
| SHA1 | 514a48371362dfa2033ba99ecab80727f7e4b0ee |
| SHA256 | 1938c4ffedfbb7fea0636238abb7f8a8db53db62537437ff1ec0e12dca2abfab |
| SHA512 | 1b697d0621f47bb66d45ae85183a02ec78dd2b6458ef2b0897d5bbbd2892e15eaf90384bc351800b5d00cb0c3682db234fac2a75214d8ade4748fc100b1c85b2 |
F:\4c3f295d499a0e4fe06bed3c14\1035\LocalizedData.xml
| MD5 | de5ccb392face873eae6abc827d2d3a7 |
| SHA1 | 50eab784e31d1462a6e760f39751e7e238ba46a2 |
| SHA256 | 6638228cb95fc08eebc9026a2978d5c68852255571941a3828d9948251ca087d |
| SHA512 | b615a69b49404d97ce0459412fbd53415dfbc1792ed95c1f1bd30f963790f3f219e028f559706e8b197ce0223a2c2d9f2e1cac7e3b50372ebef0d050100c6d10 |
F:\4c3f295d499a0e4fe06bed3c14\1032\LocalizedData.xml
| MD5 | 8ecac4ca4cc3405929b06872e3f78e99 |
| SHA1 | 805250d3aa16183dc2801558172633f718a839c4 |
| SHA256 | b9e9740a1f29eeaf213e1e0e01f189b6be1d8d44a2ab6df746eebe9cb772f588 |
| SHA512 | 6f681c35a38a822f4747d6d2bcacefc49a07c9ca28a6b8eed38b8d760327419b5b469698bed37366c2480a4f118d4d36c6ae0f3c645f185e39a90ff26e749062 |
F:\4c3f295d499a0e4fe06bed3c14\1031\LocalizedData.xml
| MD5 | f8e3a846d4aca062413094f1d953075e |
| SHA1 | 09f2aa5b5ef693051862965c7c1063d31623f433 |
| SHA256 | 5a929328125673d922e7f969769b003f5cb6942daa92818a384d50ac755174c2 |
| SHA512 | 95fead89ac87c700615deef0b5c75aa818172cb387fb5e7178d0a96adb4a60abe86c3793f1174ad27b3a12fe29a371682a032d83d2c63f50a223e37a9d5fc7c6 |
F:\4c3f295d499a0e4fe06bed3c14\1030\LocalizedData.xml
| MD5 | 53aa67d27c43a35c6f61552ee9865f55 |
| SHA1 | 504035de2fe6432d54bc69f0d126516f363e1905 |
| SHA256 | 5d08b297b867179d8d2ec861dbf7e1dfdb283573430a55644e134ee39083157a |
| SHA512 | 7a284076f6f204e5be41eab3c3abb1983fbbc21669130cc7e6961a7b858f30caf83fbcb2ef44cfe712341ab664347df29d58b650f004608b015e61e4f5d4f47b |
F:\4c3f295d499a0e4fe06bed3c14\1029\LocalizedData.xml
| MD5 | 51130f3479df72fe12b05a7aba1891d3 |
| SHA1 | fbaf9c0269d532a3ce00d725cd40772bc0ad8f09 |
| SHA256 | 8845d0f0fadfdf51b540d389bbb0a8a9655cf65055e55dcd54fa655576dd70a1 |
| SHA512 | b641e22b81babbde85a6f324851d35f47bd769fc0cff74911010ae620cf682f9c7bc4d946d2f80a46a9851f3cc912625991c8a3876f1d958ea4d49d8791d1815 |
F:\4c3f295d499a0e4fe06bed3c14\1028\LocalizedData.xml
| MD5 | ff41100cc12e45a327d670652f0d6b87 |
| SHA1 | cb53d671cb66d28b6eb7247a1a0c70a114d07e6b |
| SHA256 | ef3de7ab3d80a4d2865b9e191d2311112b4870103d383ae21882f251bbde7f0a |
| SHA512 | f8a2f8db5957a43aa82bd7d193b2ff2a151bba6a9d0ad2d39e120909a0f8939123b389ebb4244a417f9e4d8e46629c49ac193c320231cb614253612af45281a8 |
F:\4c3f295d499a0e4fe06bed3c14\1025\LocalizedData.xml
| MD5 | d84db0827e0f455f607ef501108557d0 |
| SHA1 | d275924654f617ddaf01b032cf0bf26374fc6cd5 |
| SHA256 | a8d9fd3c7ebb7fee5adb3cafe6190131cebfcbeff7f0046a428c243f78eac559 |
| SHA512 | 1b08115a4ea03217ce7a4d365899bd311a60490b7271db209d1e5979a612d95c853be33d895570e0fb0414ab16eb8fd822fe4e3396019a9edd0d0c7ff9e57232 |
F:\4c3f295d499a0e4fe06bed3c14\1033\LocalizedData.xml
| MD5 | 24fde6338ea1a937945c3feb0b7b2281 |
| SHA1 | 6b8b437cd3692207e891e205c246f64e3d81fdd5 |
| SHA256 | 63d37577f760339ed4e40dc699308b25217ce678ce0be50c5f9ce540bb08e0a7 |
| SHA512 | 9a51c7057de4f2ec607bb9820999c676c01c9baf49524011bb5669225d80154119757e8eb92d1952832a6cb20ea0e7da192b4b9ddf813fa4c2780200b3d7ba67 |
F:\4c3f295d499a0e4fe06bed3c14\ParameterInfo.xml
| MD5 | 4925613d29bc7350130c7076e4c92c1c |
| SHA1 | 2821351d3be08f982431ba789f034b9f028ca922 |
| SHA256 | 9157a0afe34576dfea4ba64db5737867742b4e9346a1f2c149b98b6805d45e31 |
| SHA512 | 3e69650e4101a14ef69f94fa54b02d8d305039165a0bffc519b3cf96f2dcbcf46845e4669d29ccc5ceb887b2f95fc4756265b19d5c17aa176d3d6dc53ed83f77 |
F:\4c3f295d499a0e4fe06bed3c14\UiInfo.xml
| MD5 | d8f565bd1492ef4a7c4bc26a641cd1ea |
| SHA1 | d4c9c49b47be132944288855dc61dbf8539ec876 |
| SHA256 | 6a0e20df2075c9a58b870233509321372e283ccccc6afaa886e12ba377546e64 |
| SHA512 | ecf57cc6f3f8c4b677246a451ad71835438d587fadc12d95ef1605eb9287b120068938576da95c10edc6d1d033b5968333a5f8b25ce97ecd347a42716cd2a102 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js
| MD5 | 0dc07cbc67fa94e7cbee8fda996a014d |
| SHA1 | 6c4b30c0b5e429ed3e2e53384eb5c2a3c045f7a6 |
| SHA256 | a2d891635d990fbf1353a4791ddc2c9191934b63754086883d2ec943070d76ca |
| SHA512 | ae9b43c61f43f3b02217a15343897a1623bd2eaea6f9778f9bc7125e6402094c56539a0ab852705936571655c3f8aef098f0a514fbaba8056eb373838f72cb3d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6725957748e5f4883cd64f30e377e2e0 |
| SHA1 | 0f17c23e28d5a31959ef03f62ca2b96e5c45e0a8 |
| SHA256 | 05897a58733bf62fb6b0c05d5d49f5b46f1f0aae11116bbdb8b3aa12efc2496c |
| SHA512 | 70d12ddb6c97aa5012668d17335af2eb22625708316fadff794fa67448d561214f6ca40269b4e91aee042e7eec4fb7df455b9459834f8e4e74d3827e0f99e46a |
memory/4728-968-0x0000000002D00000-0x0000000002D01000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\19971
| MD5 | c84dfd518362449e4273fa3f3b237908 |
| SHA1 | a4eb46c894c0f5c2334fc669ade93ba7cd85d253 |
| SHA256 | 134d82d757f520f3049ca49ccc31b48b21f22a20a2a892f3dedcb72b790bce35 |
| SHA512 | 941c5dde105a1b9000429ff6d18c6c5a8b899cd70b514d7306774f8ff4afabe1a572b00e6a9ff4dd4b75e6de78c85b5cbd05fbcf80af91a57d9d6968bf2264f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 10f09213bc24d26baaa2dd88e7f59cee |
| SHA1 | ce8549b1e6ba37157e9f10846d436defd3bb7afb |
| SHA256 | f99b03e56a4848f157e1ff22862dc79abdaf168e3bc89b871124650340fdc75e |
| SHA512 | 15202c1a0766f8d8f008e2c8f247166cbd09f5b7d387ec4eeaedeb5fb92dd070429e72f495eb0f561d6dc83b476c13af336c311ee1ff754fc2bde6242f62ff62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\213F23EC71F31B1E827CD8F739A11D7F3AA746A3
| MD5 | a9b6f9e8a2f8405828d0d5259c87da73 |
| SHA1 | f52dc04e34a444eaf813f344d6616164556d02e0 |
| SHA256 | a10a66b046685bff9e2d387b5783c834e9159de950bfbfe2d3039cd9c661c66a |
| SHA512 | 322763198e5ae72d0d734836643ea7b8a66ccbf1f0679daefdf7a61d6d7b9bc5e47e0b407493acd18602662b38251a8f75efab8898c6a5e2ffa5c2467b4b70d4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\8501
| MD5 | beade991e1893d1e5ad45b2601a5e1dd |
| SHA1 | e5136879a7c5a1066cbefb5edc320bf3fedbf4e7 |
| SHA256 | 91dba21ef2bd9817e2841bce4b5607ace3e877f7344c45146ba6601c6850fb91 |
| SHA512 | ee8a1d526ece0bd5a96563cb07db7841bf82b99ac9ef0c3175dd26a5bda486cab599e631c72724b5e47fe711a0d822c7f00b55afea5837a9dbd93f8a971c58ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\21564
| MD5 | e206a790e94ae29b32c08f148fce21b2 |
| SHA1 | 7ece78fbcd0047a3158d53ee3520a0573e8e4f27 |
| SHA256 | e413c9f8f83eca0890bf02e958ad359c61c90c4bbe569558554e0ff11cea75fb |
| SHA512 | b986a7b725ef0744295ed88481d4b83bea9873eae91ea815c60e7ead1bebf3af26bf9601fe7d7db97793b42afbe46e9e1c18eae473b1bbb26c6fd7279563d30e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs-1.js
| MD5 | f9bd315e5f27f0aeea6ec2f72d503029 |
| SHA1 | 2e37489bf2e124c29f2795e171b2b65545942941 |
| SHA256 | 34f92bf6a13d0c4e7b7314669641424fb9431ea761773a325fdae7dfcb617020 |
| SHA512 | e439a63112992dfd8a2d55f8bf3c135cce51f66e728a3747593edd7b6bf417578e7a03de956fa65d389333c1993544711671ee87907e9f867ccc8ca64b522015 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 140f06d829b82728e353ba044814e8af |
| SHA1 | e947ed4c5854bb0943ce5dcf27c56006a9d45217 |
| SHA256 | 70d5fd66db67e902c7a3f3edfc32f8beec7d538feb1e53091f476714a22e60af |
| SHA512 | eeb626e15b7f230d1819fc89e6360fa7f617ac8ea38d407bdf65cc446fd5b418bbb80e5232b0878000fdda7c815b78c947dffa62e5dc2ff75d80543ae54c6f51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 814be2a661c2982729b1d3aa79850240 |
| SHA1 | 0956e7953b44bc28fc6a4669d88002e88eea90d3 |
| SHA256 | 1c045f315f26b409d03ffe48a0f44e160572a429d21eb91d5b5c10efdf3a34c1 |
| SHA512 | 2e19f27d869c285bd957499dea7fb0a757799336ac1e851a0b39f648fcf09f7255dff09e500bd6aa4f6c35c99c19cd82154fb8fc69aa149d7690ba98cbe4f08c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6032357b4d4cd049e5c14588db230bb3 |
| SHA1 | 169b0edd10363e5c286e1cb156ed49441769deb3 |
| SHA256 | 94be77df3e359a3f23d41c4c9427dbbc9b3b08ab8aec144501d8208a3f7f2cac |
| SHA512 | da035aed1a8c40b4f56477419397ee3c1a6372cc5ec018dcdcb52517ae1e0acccded530f167febe2304cd8fc737a9375d6f18dadc4a2f3bc3c42e7c26cb56fb5 |
C:\Users\Admin\Downloads\dotNetFx40_Full_setup.vD7A5XXD.exe.part
| MD5 | c6daa9c6badbc7b053745f4ab0bb26d2 |
| SHA1 | 88bd792d0a1944544e2b9fb4fff2489c109e85c7 |
| SHA256 | 30ddc398c44b4cc6949c360ff793142c9661e6c9d05b5eecd01b05c7ebfbb55b |
| SHA512 | 658e6e47d1650ab2e2c0c0309708900b3edfa2368099a4b8a3fe1c3a835c7aca37cdcda0b933cffd0dac43711bfa92d8a756a2ca562c6503108e4ae9ce3d7aa2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\jumpListCache\5sYPQ0xGWYphUEsxMFc3eg==.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\Downloads\dotNetFx40_Full_setup.exe
| MD5 | 53406e9988306cbd4537677c5336aba4 |
| SHA1 | 06becadb92a5fcca2529c0b93687c2a0c6d0d610 |
| SHA256 | fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425 |
| SHA512 | 4f89da81b5a3800aa16ff33cc4a42dbb17d4c698a5e2983b88c32738decb57e3088a1da444ad0ec0d745c3c6b6b8b9b86d3f19909142f9e51f513748c0274a99 |
F:\559daf81a1cb3122d599b6c59065\Setup.exe
| MD5 | 006f8a615020a4a17f5e63801485df46 |
| SHA1 | 78c82a80ebf9c8bf0c996dd8bc26087679f77fea |
| SHA256 | d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be |
| SHA512 | c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76 |
F:\559daf81a1cb3122d599b6c59065\SetupEngine.dll
| MD5 | 84c1daf5f30ff99895ecab3a55354bcf |
| SHA1 | 7e25ba36bcc7deed89f3c9568016ddb3156c9c5a |
| SHA256 | 7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd |
| SHA512 | e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3 |
F:\559daf81a1cb3122d599b6c59065\UiInfo.xml
| MD5 | 8b8b0a935dc591799a0c6d52fdc33460 |
| SHA1 | ce2748bd469aad6e90b06d98531084d00611fb89 |
| SHA256 | 57a9ccb84cae42e0d8d1a29cfe170ac3f27bdcae829d979cddfd5e757519b159 |
| SHA512 | 93009b3045939b65a0c1d25e30a07a772bd73dda518529462f9ce1227a311a4d6fd7595f10b4255cc0b352e09c02026e89300a641492f14df908ad256a3c9d76 |
F:\559daf81a1cb3122d599b6c59065\ParameterInfo.xml
| MD5 | 7213da83e0f0b8ae4fea44ae1cb7f62b |
| SHA1 | f2e3fcc77a1ad4d042253bd2e0010bcb40b68ed3 |
| SHA256 | 59e67e4fb46e5490eee63d8b725324f1372720ade7345c74c6138c4a76ea73d9 |
| SHA512 | 86186ab0f2cb38e520dd1284042eced157f96874846eb9061be9cf56b84a1cab5901a4879e105a8b04b336bbc43b03f4bdf198d43af868be188602347db829e0 |
F:\559daf81a1cb3122d599b6c59065\1029\LocalizedData.xml
| MD5 | 0b6ed582eb557573e959e37ebe2fca6a |
| SHA1 | 82c19c7eafb28593f453341eca225873fb011d4c |
| SHA256 | 8a0da440261940ed89bad7cd65bbc941cc56001d9aa94515e346d57b7b0838fc |
| SHA512 | aba3d19f408bd74f010ec49b31a2658e0884661d2efda7d999558c90a4589b500570cc80410ba1c323853ca960e7844845729fff708e3a52ea25f597fad90759 |
F:\559daf81a1cb3122d599b6c59065\1028\LocalizedData.xml
| MD5 | 967a6d769d849c5ed66d6f46b0b9c5a4 |
| SHA1 | c0ff5f094928b2fa8b61e97639c42782e95cc74f |
| SHA256 | 0bc010947bff6ec1ce9899623ccfdffd702eee6d2976f28d9e06cc98a79cf542 |
| SHA512 | 219b13f1beeb7d690af9d9c7d98904494c878fbe9904f8cb7501b9bb4f48762f9d07c3440efa0546600ff62636ac34cb4b32e270cf90cb47a9e08f9cb473030c |
F:\559daf81a1cb3122d599b6c59065\1025\LocalizedData.xml
| MD5 | c5bf74c96a711b3f7004ca6bddecc491 |
| SHA1 | 4c4d42ff69455f267ce98f1db8f2c5d76a1046da |
| SHA256 | 6b67c8a77c1a637b72736595afdf77bdb3910aa9fe48d959775806a0683ffa66 |
| SHA512 | 2f2071bf9966bffe64c90263f4b9bd5efcac4f976c4e42fbdeaa5d6a6dee51c33f4902cf5e3d0897e1c841e9182e25c86d42e392887bc3ce3d9ed3d780d96ac9 |
F:\559daf81a1cb3122d599b6c59065\1033\LocalizedData.xml
| MD5 | 326518603d85acd79a6258886fc85456 |
| SHA1 | f1cef14bc4671a132225d22a1385936ad9505348 |
| SHA256 | 665797c7840b86379019e5a46227f888fa1a36a593ea41f9170ef018c337b577 |
| SHA512 | f8a514efd70e81d0f2f983282d69040bca6e42f29aa5df554e6874922a61f112e311ad5d2b719b6ca90012f69965447fb91e8cd4103efb2453ff160a9062e5d3 |
memory/4412-1562-0x0000000002850000-0x0000000002851000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2222578136111a386f8f811b493396a7 |
| SHA1 | 22f47e52f422e7e4211620e0f9473211fc283b56 |
| SHA256 | 827ff05e8686366e57885451ba5d5d69231ad77aa079034dcbc000dd1ba69595 |
| SHA512 | 87240757f9848c3e510414295bc459264dd029d0bd3c024d519b0688e7c6dfb1c2260d1c5bf37d871614cc2439e0157a22c387317127a6004f03a40a80887ba9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | be8cd8ca49990d4626a02cfd6bc2d8fa |
| SHA1 | 3e978e4d54b81dc59bba8bebcecfee5454cb9c23 |
| SHA256 | 38975405e1102a33c384712f36ec26aa6749d3e82237853c15e4dfb972235afc |
| SHA512 | b3609c92dac78c40001b52176a547ad24a194b0420c3f953d633da2c99d2220e840511ee4870d4c1e0aafae8a5315610eae98658b70f9e6f2c3c4f6de99a429a |
memory/4076-1659-0x00007FFF97500000-0x00007FFF97EEC000-memory.dmp
memory/4076-1661-0x00000227E9E20000-0x00000227E9E30000-memory.dmp
memory/4076-1663-0x00007FFF97500000-0x00007FFF97EEC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zO431159B3\Fixer.bat
| MD5 | 2dabc46ce85aaff29f22cd74ec074f86 |
| SHA1 | 208ae3e48d67b94cc8be7bbfd9341d373fa8a730 |
| SHA256 | a11703fd47d16020fa099a95bb4e46247d32cf8821dc1826e77a971cdd3c4c55 |
| SHA512 | 6a50b525bc5d8eb008b1b0d704f9942f72f1413e65751e3de83d2e16ef3cf02ef171b9da3fff0d2d92a81daac7f61b379fcf7a393f46e914435f6261965a53b3 |
C:\Windows\System32\perfh007.dat
| MD5 | 0845cebf933086a66e207aae57a427ee |
| SHA1 | ecf8587f451664c64e121f840f2c2f441ab2b78d |
| SHA256 | 7795c8ab095783b73f1752a4f38749d7c7f1685e2260257911784c371fe02071 |
| SHA512 | bd3a6fb855a163129d5c55caee9b3325eb541db43e3c606352e5825fc8c496fdef84c788fe7db5551393aef5fb802c6374a923c2d0aa072b02963d43ceaa8993 |
C:\Windows\System32\perfc007.dat
| MD5 | c5ab9298b0503f20e6f88fcc902563ca |
| SHA1 | b8fb62b4e2ebad2222d882ba43d437ffec14e55c |
| SHA256 | 140abd66468171331b2fac4e032ba8ea0a762c72f25eb613616861674cdc8144 |
| SHA512 | 1f13de06ec0bcc8a78faa7bd708b9563b07df620b246cf68e8d84ea797924cb4e71a1eab93bfcc55e25a6653cbc525a9dcb12dbafcc0af5a17fb0dc216d6a305 |
C:\Windows\System32\perfc00A.dat
| MD5 | 9abcc480d2a0cede7fd7393e50c0333c |
| SHA1 | de6d9114c9632e4683fd7a03251d0de34893f64e |
| SHA256 | 2ddbd04182af159fbd282610381b9a265ebced2338fcafccba93556ac710f09f |
| SHA512 | 4be9e6a999a89188b0bf20849f6663914a44c67acd382514fd554d87fb72bff3ca1cdc9a11e163085e5638ef8c16d35383bf9611e409aa07b249dcd9c2dfdc49 |
C:\Windows\System32\perfh011.dat
| MD5 | 41f2dbe6f02b3bb9802d60f10b4ef7a2 |
| SHA1 | f1b03d28e5be3db3341f3a399d1cc887fe8da794 |
| SHA256 | eca01d5405d7e8af92ea60f888f891415ea2e1e6484caff15cbaf5a645700db2 |
| SHA512 | 1c7b85e12050d670d48121e7670e1dab787e0a0b134e0ab314dc571c3969d0f9652ff76666bb433aac5886ca532404963a3041a1d4b4352e3051c838965fd3b1 |
C:\Windows\System32\perfh010.dat
| MD5 | 4e277d7a9304103e3b68291044c7db6b |
| SHA1 | b23864c76259c674ac2bc0210dab181bfc04dedf |
| SHA256 | 5dc2192236274fda886a0c0f396646f9292000ba33bd0e2061a65bc06639be16 |
| SHA512 | 094477571cb17d7b19f6e81ef237c579f03c944745499b2e537d77972da89f8f4baa0825c3f79993d96116aa071bbc776a96f55cf8ab3f60698c2c4e03e36957 |
C:\Windows\System32\perfc010.dat
| MD5 | afc0429d5050b0057aea0a66a565c61a |
| SHA1 | 73f4910cee7b27a049d6dfe291bb6c8a99c6dc8b |
| SHA256 | f6847323dd961aef9230bca3409a01b7c4e5e16dcca8a2e2417c9dc750871cf6 |
| SHA512 | a33920642f3ec69c04ff61b09149a57ea91e76bb8d51f1d393a31b5079a3f83939863d6a924bf2a2982786b2825bb634e3d0c0920c7bc0bf6a91e214ef8555bd |
C:\Windows\System32\perfh00C.dat
| MD5 | d5972cca5d434d4ca1742fe0a5ddd5d4 |
| SHA1 | a3cdc3ad50ff9ba19722f2e2cb76f95b60bd92b2 |
| SHA256 | f85cfffd1414d3e975f430a1e2f2a3b473ee8995a961dfb103fe18d5bf06e321 |
| SHA512 | 2ce34cf9b868fda0852e6b0d805171fcfda00c0c6cf044bf8831e6fa2aef4933ae00a8eaf757c09d67c30ae7ab58136959351f7d04d8ba6921f51fc87378565c |
C:\Windows\System32\perfc00C.dat
| MD5 | 0cfd5298e63f44351ebca47f6a491fbe |
| SHA1 | b86c08b13f0e60f664be64cb4077f915f9fc1138 |
| SHA256 | 562261cc16c6e5e2e3841a1ba79083293baa40330fb5d4f7f62c3553df26ccb3 |
| SHA512 | 549e5c28598ac2a6b11936aa90f641dfa794c04dd642309d08ef90a683d995d8f2d3a69ee2ecd74adae5beb19e9de055e71670922d738bd985657ffe75ebe235 |
C:\Windows\System32\perfh00A.dat
| MD5 | 893d78f82b3994cf86b3c8c80cd7ad6a |
| SHA1 | a68cfd50ebc35eee62c84f0fd74d20d1e0bb1476 |
| SHA256 | 411b7581b0af88caa8c75409dc83ac8b521ba4d987d9347402438be16d31097c |
| SHA512 | 7f7cc32aca4f023f34e4ab7a51fbd0ca0b0ea51fde6d79b9a4322bee9b4d55800a981b2d97007ceadfa609767b7d84e9eebd8b3e92f9cb68855625a25767f42b |
C:\Windows\System32\perfh009.dat
| MD5 | 367662b55faba4e0728f3c296daa92a7 |
| SHA1 | 1775899bd0f1bb5cf945910db18aa3a9d4d15b7a |
| SHA256 | c2ea1af1c970468f522e354c8e47b121b66a0d0428a8400f4a5cb03216368ce1 |
| SHA512 | 283e9cf2bf6fe904b530bd188347641c1d30b27c95d89552e18aa33be1c7e2840f10a09868a2862ee53bb805cef2cdbb31b8db391ca140b5dda27058dcad11ce |
C:\Windows\System32\perfc011.dat
| MD5 | d2e290b16307caa1dd426f08b6224b4a |
| SHA1 | d45b5170af096ac4bc9f78a44be251595316b77f |
| SHA256 | fb62613c279eea286bc6ae7c4065cb225894b0ffadabcb0a6f239fca4cf6306a |
| SHA512 | 5f47de23b06fe51c0fb29fba9f09fdc3ac7b1268fcbdd6810a5d2a0739af726535929cc30730a651c1820f86726b4263dfe2735375e4eff0c12550a17a8dc800 |
memory/4904-2907-0x00007FFF96F70000-0x00007FFF9795C000-memory.dmp
memory/4904-2909-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2910-0x0000017FDBCA0000-0x0000017FDBE94000-memory.dmp
memory/4904-2911-0x0000017FC18E0000-0x0000017FC190C000-memory.dmp
memory/4904-2912-0x0000017FDC190000-0x0000017FDC472000-memory.dmp
memory/4904-2913-0x0000017FDBAA0000-0x0000017FDBB22000-memory.dmp
memory/4904-2914-0x0000017FDBB30000-0x0000017FDBB8A000-memory.dmp
memory/4904-2915-0x0000017FC18B0000-0x0000017FC18B8000-memory.dmp
memory/4904-2916-0x0000017FDC010000-0x0000017FDC178000-memory.dmp
memory/4904-2917-0x0000017FDBEA0000-0x0000017FDBF52000-memory.dmp
memory/4904-2918-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2919-0x0000017FDC480000-0x0000017FDCDB6000-memory.dmp
memory/4904-2920-0x0000017FDCDC0000-0x0000017FDD9AC000-memory.dmp
memory/4904-2921-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2922-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2923-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2925-0x00007FFF96F70000-0x00007FFF9795C000-memory.dmp
memory/4904-2926-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2927-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2928-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2929-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2932-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2934-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
memory/4904-2953-0x0000017FDB950000-0x0000017FDB960000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js
| MD5 | 5df68341fbaee798cfbac6aabaa2c49a |
| SHA1 | ef3d4b008c7748a868a76649feee55db425b20c8 |
| SHA256 | a35c000cf4d05b6466eb80aa65f8f6f0662a539801712a8acd0d0ff872474b65 |
| SHA512 | 7b4576ed0a22291c418aaf320c7c5532615edeec57c6b31e188ef36bae4bd2f219faeef05b78c884e19522ed0eee47346a1b9293e6e1bebaaf6966c6ea9787c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2565f151293c4ad00cf15daf1751728b |
| SHA1 | 2a376ff4c595142f838b7fbe55cddb8d40bf54ad |
| SHA256 | 410785ded9f211f1d48bd1d9e101c1ea00af4c47655a68c4d6b28da6b3083276 |
| SHA512 | 2c2ab85c3e1d884d24f7ee8451db8fc99da3fad428c08c32b708d6e65c69144f71016a7f357280a468b1737b9c4085244afb2cfecc9ffe38a9cf9eddf4717c82 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1f8742e079e241b4b8e83b205d048b93 |
| SHA1 | 76f5cdf77d487fbf3567ae4e16730cca8abc5a44 |
| SHA256 | f8d201af9b466d712fef728c750cfe5dc97ef773d19dc234353b517fa2acd063 |
| SHA512 | 1734f620b465d2507f209f4be63abe4f8cd9c05dfef0b4c26b033092b0e15fea3e3ff3861a325b00ae696fa2435d82e70132e95789b42f87e303c803e0725d3b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\2236
| MD5 | 3e720c80ce90e9e7ab52eee16bed3b7e |
| SHA1 | 666ab29b7aaaf068828093cc8157a28fb3227544 |
| SHA256 | 421a8159551ab16d0d7bcc3c084ed673a1bdc2c027520345259467442d708d8f |
| SHA512 | 4aa7ff4fb51783f89d06300b2e1fb9b0cc194172195fb12583228b2c1e48e69e101840386437d98ae91ce538813d801193b529f361d84c40348bcdae0b4629ef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cd80401368854a373a1e016cbe4bb42f |
| SHA1 | 58b7d5ca6a3d410d1c7606f69942a054899a5532 |
| SHA256 | f4db6fe5952a646ba29ec31eab37e9e134066e1b02bfc41136f8b72675c4806f |
| SHA512 | 950ce0f4a71b403a3d18790942935a1546a5d97d1053c562238656af4483e7d4e7ca3d4b1e9e6d56c884c3e18ddb16b861fc66f1359af002d21bdf6de22c81e8 |
C:\Users\Admin\Downloads\q8zHt-Hc.php.part
| MD5 | 99387e841bb52d4de9766fd081db1fd4 |
| SHA1 | b0429fe731dcf50fa603b5573d17bdad2a6bd035 |
| SHA256 | bfe2766ed7baa371515ea1396a845baae6393ed411e7ba7dd4d933955cf0c0eb |
| SHA512 | a6623c7951cad8b9d944d68c02bf930762698aace345c828ebd129b1c239977c100c8a76b4bad72809bc38060524a22eb9edd9691a9bbf66143db58f2404c9bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\prefs.js
| MD5 | 9356dd79cea003e34ad47282f60fe326 |
| SHA1 | 7b1fc6e38ea35ae23ddaf0ce006c2f465404bb50 |
| SHA256 | 6106913cda906ca5bc3b0a31964ea3dd0666dedc2bbc58309a963b3e08c4b661 |
| SHA512 | b3b9d37b9b8bf0fc900b2f3bdc7e583c555c4f556256f5f7a02e0845e0f976c4cc9bd2578eab119bc6f98ae9894ffce378b88e5add797820cf73c330d10355d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 30e97d6ca4ac67d8bb6afeafae0c2fb4 |
| SHA1 | f15ed4573a5d0369150b65ed271faeee3b4b89e2 |
| SHA256 | 9e96079150a343a8b9fa9f16fd7b00c72d8d803d2a2c5aedac0d8efec29cbb8d |
| SHA512 | 234439b3252ff6d5ea1910f643b2622c458a9300aabd0ff99ed956f9cab84e5a438f0c3407e596bb3c895c7344c6fecdc3a1929600475efa227f37e0b6bd03fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2c653cd528af653ee339ee0e33cacf62 |
| SHA1 | fc50c4d0ec96714f7a24818641d1b0d58804d989 |
| SHA256 | e9c637cff3176d420f3037ea97fe500f7fe7d166b6209712fc9fb5ff81020ce5 |
| SHA512 | 69380d3f92ae3b486da9c736a3595b334ae06436de22cf6d1a500a40a0d5e4e361e7766fa3820a18b1274044eb8abc3728037902766ac4a3aa3d63b3de94c176 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3L7OBC1LBDT83GQJ147C.temp
| MD5 | abb8415f0db45696c9aa59056c272959 |
| SHA1 | e8e82fddd5087b4b9b1615c6f104943372870186 |
| SHA256 | 48f08537dee7ad55cd0dde66d4ceaa472f1c1cc9268a5ad9361b3154d4ba00d7 |
| SHA512 | 6206e1cd69c2c60cf209222c7702af8b1b73890877f8d8acfc3a13163e86048b40e7a19af1a4f7a93260e96da7b2e0de41adefb47470d6a7445454657b0961f6 |
memory/1904-3441-0x0000000000240000-0x0000000000274000-memory.dmp
memory/1904-3442-0x00007FFF96F70000-0x00007FFF9795C000-memory.dmp
memory/1904-3447-0x000000001B060000-0x000000001B070000-memory.dmp
memory/1904-3450-0x00007FFF96F70000-0x00007FFF9795C000-memory.dmp
memory/1904-3451-0x000000001B060000-0x000000001B070000-memory.dmp
memory/1904-3452-0x0000000002550000-0x000000000258A000-memory.dmp
memory/1904-3456-0x0000000000C00000-0x0000000000C0A000-memory.dmp
memory/4904-3459-0x0000017FE0CE0000-0x0000017FE0E7B000-memory.dmp
C:\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v98_NET4_x64\System.Data.SQLite.DLL
| MD5 | 1b1a6d076bbde5e2ac079ef6dbc9d5f8 |
| SHA1 | 6aa070d07379847f58adcab6b5739fc97b487a28 |
| SHA256 | eaadfbcafd981ec51c9c039e3adb4963b5a9d85637e27fd4c8cfca5f07ff8471 |
| SHA512 | 05b0cb3d343a5706434390fe863e41852019aa27797fe5d1b80d13b8e24e0de0c2cb6e23d15e89a0f427aaeaf04bf0239f90feb95bfc6913ca4dc59007e6659e |
memory/1904-3480-0x00000000008A0000-0x00000000008B2000-memory.dmp
memory/1904-3481-0x000000001C980000-0x000000001CB3A000-memory.dmp
memory/1904-3482-0x0000000000890000-0x000000000089C000-memory.dmp
memory/1904-3483-0x000000001E730000-0x000000001EC56000-memory.dmp
memory/1904-3484-0x00000000008C0000-0x00000000008CA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\SiteSecurityServiceState-1.txt
| MD5 | 8c7d5e2e1aca6afdcbecdd783a85dc7e |
| SHA1 | bc2fb6de1c5640b80794c02d462134f1a27f0e7e |
| SHA256 | bab5e7aac17f7b4703d1df9b94b6d1df7d8b440f606bc8572a1b6600a338c774 |
| SHA512 | e994dbb31362b13f9282fb4a6f10bb9027d63b820179f6e65200026264a9a6bca1f9a6d7dbc03c68cb83bd8eb4f7dc24545a5fad164aebc32aeb9d738c338594 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\10648
| MD5 | e6eafae82ac1d53d84ade786f3306c04 |
| SHA1 | 4e58c1b273b53f10170d812241a67459115070cc |
| SHA256 | e3bdfdbccde9150107cd00fdcf5d50562dcc1297a65e5e84554ecc868c7dd462 |
| SHA512 | 9caf70dcb8cfd48e709a65a366de1e745b06b5fdf9f5592c0810bca45bc9038358fcd1a3e21aee01e09c56e2e26ae97b1467b84fe9d58392b94a91a7175f2b15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 80991afcda6de5027e40407f6125b88e |
| SHA1 | 740a7a027d0f9c3c228710b4909a1c749cf8e6e3 |
| SHA256 | 2bd6b57d99439e1019e10076302f01d4165944c61714dd4265320e0721c1b98f |
| SHA512 | 46239097c380d498a2b9e21b4ea5d0e30a5d514315bbd540af4ea6871eb6286f47bb880825838986c1ce55de8f57564dcec7036967c6688998633af1adb627af |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\doomed\32102
| MD5 | 0d170673554218f176db3a319c0d7f07 |
| SHA1 | 4fd71329539db3a29cae77c63fee862fd4f227db |
| SHA256 | 1777d18ffa64ee608cfbdf59a63f53ae76dc97f121cb95ab823f682b7f892b6e |
| SHA512 | 0f60edc6bbc264ad0071c32565d0dca580709dd392f46c7e9855706223805d699e4580de97d0768d60433bcc894ebd26a432ee22a213b3e13e6e0357c1eb4f8d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\6DEB29D17C485651349B02343DA2A7FC2D115161
| MD5 | 79f93cb45e015aaf57f423f1e1391fc2 |
| SHA1 | c8ce059315d4f6e10448536c703700d7b3634033 |
| SHA256 | 301fddc9935ec6c1582bb4972ead28b892181317ec55bf7337e6d9b350349d88 |
| SHA512 | 6dfc6409960feb790413138422e1a7a014245f4851adb5789052d098515eeb7a82332867d930c8d2ca15410af3869a76e8e3b3c424164ce366053b83fb45a1dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a791dcd4aed87624d184f8be5a3bc0a5 |
| SHA1 | 381f08b66dfb9fe2d25a3db0da20c0a18921ee73 |
| SHA256 | 2250ea15ae63cb67d8a0f313bfaf48d59f410a5871f2e517d3703d8a2179b4f1 |
| SHA512 | 9b4a96bc2f49ffa7c62af63777d1503a48469b32777cea6eb67b5f0a0fb6529847ae78047e93c5f733ec40819e7acf7bbb1ea240c62c77f32c7c0245f2d63a4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 499721a05e4e45990b4fa0f309f86773 |
| SHA1 | b9f4c625d52f43cfa60ee91a17ce7548f2d6f909 |
| SHA256 | e58f0edd40588fba88334d0d2aa3926f5455f3f9c1e222204ef0da2c1cacc4f0 |
| SHA512 | 48468ee1aa0a950685e9ab4bfd1e8b83cf2c17a30e7d6e96156f1913b1888220eebd1675a05c2619a7f028d6ae1fdb25597791ae20c0d8663d2ae9d7d129039d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yq8h7er1.default-release\cache2\entries\655BF3A2A93E26139146DF1A34B70AAFD95900DF
| MD5 | 29885123d46e3ab8fd151c5cf4924503 |
| SHA1 | 00fa0f229b8ff24636b66c506d8690e4427e97b8 |
| SHA256 | 509a3fafd71881c9f844398e7c61784d2e90fe9c41427c838963afcfb1d4fbfd |
| SHA512 | f46e8ec46df5282e70f22c510f7d49914495a51c86dea4e8c00d388379c59d382a2ee6ff433fe59cb216bece1e874cc26cd5e9a9e1edea331d9349fff72eceb2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 821c21c7c606cca24049552386689bf6 |
| SHA1 | 8654c52a8e15d4196200fa6333687e1e65b26c82 |
| SHA256 | 899a39a27dd86a6672bf2a211510d601b77acb1c11fb3a31f3a5bac4cc1ff120 |
| SHA512 | 9e41e5930cec56370db2155788ff32a6715201b8dddbd24269fdede62f7d75a8eba599199f475114a1eba5f6457779bcf6e2d94768ef4393f216bf64adc1a846 |
memory/1904-3749-0x000000001B060000-0x000000001B070000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3441c6eb3c07ddbe002550e9060ecafd |
| SHA1 | b74779685325e78f2ce3e09701d146535d72b891 |
| SHA256 | 4b5b1fa7ed64a005c4b94cae387a0d6b9625e8a146bc3eb4c4211941671619c5 |
| SHA512 | e084e3055dd3d2f549dfb790a26b4b91dbdcd4d7f0b0b63ef4de3d563baf0169df0445cd232697dbce4dd4980d57342709fb5e29eef69eb9fbe2c82b6e21f90d |
memory/1904-3805-0x000000001B060000-0x000000001B070000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9072825b543fdebdbac630a0cb21bf26 |
| SHA1 | b0a84c0ceb020b43a4c10c6d7e88b92aa3c2d2e0 |
| SHA256 | 42f52128a2d3aa3bb871d2201d7311ebeef2edfb7ecbcc4b40004b5f88889c8a |
| SHA512 | 3a5029dd2731c68fa9a0f5e9eeb664d0f5edf7b3f9335a7761d0416f1ce920e0c89629bffe3965736141dbeab03520d151c5c05afe120d424d3802e1db6db5b2 |
C:\Users\Admin\Downloads\HwFRdWFS.exe.part
| MD5 | f46c7d1b3bb2fe7ece358588cba4921d |
| SHA1 | 3d5817438568c964d328839c6cf7c9963f11f5ac |
| SHA256 | 0440542d21dafe98763066fd040e3b3612ada0f0c0c457b67acb3e4103a86322 |
| SHA512 | b591839b1c32c2aa8bdda4ac7bcb42c864f98630b72b91f35a552a7539144e6ce7a2772169534fdd37be3d980d76f8c13ea6099e8c525c3f2bea2bdcd9e1c256 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yq8h7er1.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2bd86c0ab6d657c3a96c312a478edd01 |
| SHA1 | 0e32af8f3262ccb071a179d12cdc0d6e04dd7823 |
| SHA256 | 15b105acb4e8f0e9caece99828e99cccc8a09882c95ceb3abfb18322a8b45108 |
| SHA512 | ed61345f84b396eeca1d47698b8969be13e12c313b4c6b092549fd983260a4995e3001a745de14e9155d28b767767cdb7b2fa301765c1a1fab2383f66efc7163 |