Analysis Overview
SHA256
a4a082399578ad342fcb15b72583ad752b7440b9dde1c5f2f0623ea7253e7fea
Threat Level: Known bad
The file 220.jpg was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Stealerium
Xworm
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Drops startup file
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious behavior: AddClipboardFormatListener
Kills process with taskkill
outlook_win_path
Suspicious use of SetWindowsHookEx
NTFS ADS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
outlook_office_path
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-14 16:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-14 16:22
Reported
2024-05-14 17:09
Platform
win10v2004-20240508-de
Max time kernel
2653s
Max time network
2702s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealerium
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\ProgramData\clientlol.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\ProgramData\clientlol.exe | N/A |
Executes dropped EXE
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\ProgramData\\svchost" | C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\ProgramData\\svchost" | C:\ProgramData\clientlol.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | icanhazip.com | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Windows\System32\WScript.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Midnight(1).zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Midnight(2).zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\neverlose.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\winrar-x64-700.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\neverlose.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Midnight.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Krampus.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe | N/A |
| N/A | N/A | C:\ProgramData\clientlol.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\ProgramData\clientlol.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Downloads\neverlose\nllauncher.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\220.jpg
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.0.1254435731\1461667624" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {979127b1-da2e-46fa-b64e-7ac0972e1200} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 1868 27beee0c058 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.1.703109256\2065115805" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2ca844b-d1e9-407b-9623-f79770154bd4} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 2436 27be2188758 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.2.1484218809\1332437058" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cdf2850-9ecf-46aa-b000-1bdcd7da41a7} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 2984 27bf1d0bb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.3.1789298966\965123177" -childID 2 -isForBrowser -prefsHandle 4244 -prefMapHandle 4240 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f09338-48e8-4411-a74b-0b707488531a} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 4188 27be217ab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.4.240411078\1237602084" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4996 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6d11172-8ce3-4605-95ff-d41ce45b6082} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5024 27bf58e3e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.5.499638333\251191840" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53927d09-dc08-4e3c-90dd-1b1dc88029a0} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5156 27bf666fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.6.1569127740\985831071" -childID 5 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b25ec568-776c-49b9-a63a-c858bb050b04} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5348 27bf6672e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.7.286130067\969324896" -childID 6 -isForBrowser -prefsHandle 5728 -prefMapHandle 5792 -prefsLen 31086 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c157c45-3315-479b-b5b6-0281f5d26cee} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5716 27bf1aebb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.8.79973832\1229771714" -childID 7 -isForBrowser -prefsHandle 6036 -prefMapHandle 6040 -prefsLen 31086 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {266fdd48-4598-4014-8e7d-93e3b24e6d73} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 6024 27bf1aed058 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x454 0x498
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.9.1219986538\1393085902" -childID 8 -isForBrowser -prefsHandle 5320 -prefMapHandle 4788 -prefsLen 31086 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aad733b8-b9d7-4a3d-bc39-a35bbb1bcb99} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5308 27bff294258 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe
"C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dkk8821hdsa.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\svchost'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\ProgramData\svchost"
C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe
"C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe"
C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe
"C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Midnight\Midnight\readme.txt
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta44a5c4bh058bh4ec1ha5ach960ee53b132e
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffff6f546f8,0x7ffff6f54708,0x7ffff6f54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2829811000801820964,2627192445800905266,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2829811000801820964,2627192445800905266,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2829811000801820964,2627192445800905266,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault922ca61ch99f5h4014hb5dbhe1494bd2a028
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff6f546f8,0x7ffff6f54708,0x7ffff6f54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1099896376347154478,10500635101003064604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1099896376347154478,10500635101003064604,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1099896376347154478,10500635101003064604,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte19b9235h8de6h4042h8f66h3b6652f8e44e
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff6f546f8,0x7ffff6f54708,0x7ffff6f54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13035858093167113453,3884601204103625865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13035858093167113453,3884601204103625865,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13035858093167113453,3884601204103625865,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultdb7668a8h1002h4daah8efehb4e59aedb5c3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff6f546f8,0x7ffff6f54708,0x7ffff6f54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,5346422060959616665,6504476104262316615,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,5346422060959616665,6504476104262316615,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,5346422060959616665,6504476104262316615,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultac6b0770hff1dh4953h9f8eh18ecd06de289
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff6f546f8,0x7ffff6f54708,0x7ffff6f54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,15333712564518772439,11180282327444855964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,15333712564518772439,11180282327444855964,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,15333712564518772439,11180282327444855964,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe
"C:\Users\Admin\Downloads\Midnight\Midnight\dkk8821hdsa.exe"
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\DefenderControl\Defender_Settings.vbs"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe
"C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe"
C:\ProgramData\clientlol.exe
"C:\ProgramData\clientlol.exe"
C:\ProgramData\KrampUI.exe
"C:\ProgramData\KrampUI.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\clientlol.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'clientlol.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\svchost'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\ProgramData\svchost"
C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe
"C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe"
C:\ProgramData\clientlol.exe
"C:\ProgramData\clientlol.exe"
C:\ProgramData\KrampUI.exe
"C:\ProgramData\KrampUI.exe"
C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe
"C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe"
C:\ProgramData\clientlol.exe
"C:\ProgramData\clientlol.exe"
C:\ProgramData\KrampUI.exe
"C:\ProgramData\KrampUI.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\UserManual.txt
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe
"C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe"
C:\ProgramData\clientlol.exe
"C:\ProgramData\clientlol.exe"
C:\ProgramData\KrampUI.exe
"C:\ProgramData\KrampUI.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\readme.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\UserManual.txt
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Users\Admin\Downloads\Midnight(2)\Midnight\dkk8821hdsa.exe
"C:\Users\Admin\Downloads\Midnight(2)\Midnight\dkk8821hdsa.exe"
C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe
"C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe"
C:\ProgramData\clientlol.exe
"C:\ProgramData\clientlol.exe"
C:\ProgramData\KrampUI.exe
"C:\ProgramData\KrampUI.exe"
C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe
"C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe"
C:\ProgramData\clientlol.exe
"C:\ProgramData\clientlol.exe"
C:\ProgramData\KrampUI.exe
"C:\ProgramData\KrampUI.exe"
C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe
"C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe"
C:\ProgramData\clientlol.exe
"C:\ProgramData\clientlol.exe"
C:\ProgramData\KrampUI.exe
"C:\ProgramData\KrampUI.exe"
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe
"C:\Users\Admin\Downloads\Krampus\Krampus\Krampus\B1OdUv8CBH.exe"
C:\ProgramData\clientlol.exe
"C:\ProgramData\clientlol.exe"
C:\ProgramData\KrampUI.exe
"C:\ProgramData\KrampUI.exe"
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.10.831226630\877824730" -childID 9 -isForBrowser -prefsHandle 1584 -prefMapHandle 3800 -prefsLen 31376 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03103579-6450-4fa4-8c59-2665dee35b31} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 3968 27bf44f1658 tab
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.11.1432386543\871282138" -childID 10 -isForBrowser -prefsHandle 9072 -prefMapHandle 6988 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2209373b-8d5c-4a23-8890-b00c26ba8603} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 6272 27bfdbbe658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.12.959027837\1508466366" -childID 11 -isForBrowser -prefsHandle 10840 -prefMapHandle 10832 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b88c137d-732e-46ae-88f7-4ce170f13ea4} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 9056 27bfdbbd458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.13.1225401382\2135293040" -childID 12 -isForBrowser -prefsHandle 10704 -prefMapHandle 10700 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3f3ebcc-cd6b-418e-9e05-a2bc4752a14e} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 10836 27bff30c258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.14.1447537937\1252071497" -childID 13 -isForBrowser -prefsHandle 5796 -prefMapHandle 5996 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61c85bb4-43ea-455f-9bd5-bfd3bcbe3b6e} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 6684 27bf3e42258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.15.12916141\995554490" -childID 14 -isForBrowser -prefsHandle 5132 -prefMapHandle 10844 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {298078ed-4ed9-4ba7-9f78-d69aa32550fc} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 11012 27bf3965b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.16.528615974\1178721035" -childID 15 -isForBrowser -prefsHandle 8932 -prefMapHandle 4120 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44f4bf00-e797-4d7f-8465-eabf42797cf9} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 8940 27bf477b258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.17.841215213\1516372081" -childID 16 -isForBrowser -prefsHandle 8704 -prefMapHandle 8976 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e181ef1-9cf0-4926-9102-86dcad90b22e} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 8720 27bfb60fb58 tab
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.18.1114398336\1309140502" -childID 17 -isForBrowser -prefsHandle 6868 -prefMapHandle 6012 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5672083-e497-4210-bcac-b490928ac8c1} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 6196 27bfd0e5358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.19.1279366172\1673834727" -childID 18 -isForBrowser -prefsHandle 10896 -prefMapHandle 6240 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f33675b6-b56b-45cf-a985-918a83ce64aa} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 9044 27bfa472a58 tab
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\45f0c3c19d3f4cab85bdbb1b8a87db77 /t 4168 /p 668
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5781dd884c5a4c4aa772d5424a0ec672 /t 4696 /p 1040
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6a122b713d2f49cd956c4f38d95aecc3 /t 5496 /p 312
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.20.166905546\549524367" -childID 19 -isForBrowser -prefsHandle 6656 -prefMapHandle 5236 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0da07ef-2d27-4ce9-bd22-b5611e00b4ef} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 6164 27bf8b95858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.21.428841005\1205144137" -childID 20 -isForBrowser -prefsHandle 5252 -prefMapHandle 6976 -prefsLen 31385 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d41af139-20ec-4ffe-88a7-ab546b7a7d5b} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5264 27bfc02e858 tab
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.22.702749738\333415721" -childID 21 -isForBrowser -prefsHandle 8000 -prefMapHandle 5248 -prefsLen 31450 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {071e39e6-c53b-48a0-828e-bc25730998b9} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 10612 27bfafccd58 tab
C:\Users\Admin\Downloads\neverlose\nllauncher.exe
"C:\Users\Admin\Downloads\neverlose\nllauncher.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name="65001." key=clear | findstr Key
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile name="65001." key=clear
C:\Windows\SysWOW64\findstr.exe
findstr Key
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\neverlose\user.txt
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9A13.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 4216
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\Users\Admin\Downloads\neverlose\nllauncher.exe
"C:\Users\Admin\Downloads\neverlose\nllauncher.exe"
C:\Users\Admin\Downloads\neverlose\nllauncher.exe
"C:\Users\Admin\Downloads\neverlose\nllauncher.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name="65001." key=clear | findstr Key
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile name="65001." key=clear
C:\Windows\SysWOW64\findstr.exe
findstr Key
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpD5B5.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 1204
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Users\Admin\Downloads\neverlose\nllauncher.exe
"C:\Users\Admin\Downloads\neverlose\nllauncher.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name="65001." key=clear | findstr Key
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile name="65001." key=clear
C:\Windows\SysWOW64\findstr.exe
findstr Key
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp1166.tmp.bat
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\taskkill.exe
TaskKill /F /IM 2748
C:\Windows\SysWOW64\timeout.exe
Timeout /T 2 /Nobreak
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.23.739589120\1234848477" -childID 22 -isForBrowser -prefsHandle 6776 -prefMapHandle 9024 -prefsLen 31450 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f67df563-0f67-41c7-ac00-648b7eb1e1bf} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5832 27bfbdf6958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.24.851985549\1547341145" -childID 23 -isForBrowser -prefsHandle 5972 -prefMapHandle 10840 -prefsLen 31450 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65d33c56-40db-49a7-a88d-8350a67ddc9e} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5832 27bfd92a858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.25.95208354\1498393642" -childID 24 -isForBrowser -prefsHandle 10080 -prefMapHandle 10084 -prefsLen 31450 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea55a81a-f362-4ed8-931f-3bdacc0fa91c} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 7956 27bfe4ee858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.26.1115294379\826413686" -childID 25 -isForBrowser -prefsHandle 7932 -prefMapHandle 7936 -prefsLen 31450 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d33e99a6-1ab8-42ef-83c8-50db4efabcc4} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5380 27bfe4eee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1032.27.859610438\98774979" -childID 26 -isForBrowser -prefsHandle 8268 -prefMapHandle 8276 -prefsLen 31450 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8656b81b-8e49-412a-aa53-bc425f1fed95} 1032 "\\.\pipe\gecko-crash-server-pipe.1032" 5516 27bf587be58 tab
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
C:\ProgramData\svchost
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.192:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.237.171.47:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| N/A | 127.0.0.1:52909 | tcp | |
| N/A | 127.0.0.1:52917 | tcp | |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 47.171.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.75.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.75.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentryhub.cloud | udp |
| US | 172.67.219.128:80 | sentryhub.cloud | tcp |
| US | 8.8.8.8:53 | sentryhub.cloud | udp |
| US | 8.8.8.8:53 | sentryhub.cloud | udp |
| US | 172.67.219.128:443 | sentryhub.cloud | tcp |
| US | 172.67.219.128:443 | sentryhub.cloud | udp |
| US | 8.8.8.8:53 | 128.219.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 184.2.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 235.3.20.104.in-addr.arpa | udp |
| NL | 84.54.51.18:7000 | tcp | |
| US | 8.8.8.8:53 | 18.51.54.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 123.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 172.67.219.128:443 | sentryhub.cloud | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| NL | 84.54.51.18:7000 | tcp | |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | sentryhub.cloud | udp |
| US | 8.8.8.8:53 | sentryhub.cloud | udp |
| US | 188.114.96.2:443 | sentryhub.cloud | udp |
| US | 8.8.8.8:53 | sentryhub.cloud | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.178.132:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.178.132:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 132.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.179.78:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.179.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.178.142:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| FR | 142.250.178.142:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| RU | 185.178.208.137:80 | oxy.st | tcp |
| RU | 185.178.208.137:80 | oxy.st | tcp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | oxy.st | udp |
| RU | 185.178.208.137:443 | oxy.st | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 8.8.8.8:53 | cdn.adlook.me | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| NL | 88.208.46.222:443 | smatr.net | tcp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| US | 172.67.43.178:443 | ads.themoneytizer.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 8.8.8.8:53 | ads.themoneytizer.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | cl-7c56f4b3.edgecdn.ru | udp |
| RU | 193.17.93.93:443 | cl-7c56f4b3.edgecdn.ru | tcp |
| US | 8.8.8.8:53 | ads.themoneytizer.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | cl-7c56f4b3.edgecdn.ru | udp |
| US | 8.8.8.8:53 | 137.208.178.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.43.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.93.17.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ced.sascdn.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| US | 8.8.8.8:53 | ogffa.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| FR | 145.239.192.166:443 | tag.leadplace.fr | tcp |
| US | 8.8.8.8:53 | a1184.b.akamai.net | udp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| IE | 54.77.250.4:443 | adtrack.adleadevent.com | tcp |
| US | 8.8.8.8:53 | ip-fo-ovh.infra.leadplace.fr | udp |
| IE | 63.32.182.32:443 | p.cpx.to | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| DE | 178.63.248.57:443 | system-notify.app | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | a1184.b.akamai.net | udp |
| US | 8.8.8.8:53 | ip-fo-ovh.infra.leadplace.fr | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | ogffa.net | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | ogffa.net | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | adtrack-php-loadbalancer-vpc-1246401395.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | adtrack-php-loadbalancer-vpc-1246401395.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| BE | 2.21.16.25:443 | contextual.media.net | tcp |
| US | 2.18.190.81:443 | a1184.b.akamai.net | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| DE | 91.228.74.244:443 | global.px.quantserve.com | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| BE | 2.21.16.25:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | csm.nl3.vip.prod.criteo.net | udp |
| US | 23.220.112.27:443 | lg3.media.net | tcp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | csm.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | lg3.media.net | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ads.adlook.me | udp |
| US | 8.8.8.8:53 | d2fashanjl7d9f.cloudfront.net | udp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| RU | 5.200.50.170:443 | ads.adlook.me | tcp |
| US | 8.8.8.8:53 | d2fashanjl7d9f.cloudfront.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| IE | 63.32.182.32:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | lb-prod.adlook.me | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | lb-prod.adlook.me | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 23.220.112.27:443 | lg3.media.net | udp |
| US | 8.8.8.8:53 | 166.192.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.250.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.182.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.16.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.112.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.50.200.5.in-addr.arpa | udp |
| GB | 18.172.89.57:443 | d2fashanjl7d9f.cloudfront.net | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| DE | 91.228.74.166:443 | pixel.quantserve.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc4.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc4.fr3.eu.criteo.com | udp |
| NL | 185.235.87.56:443 | gbc2.nl3.eu.criteo.com | tcp |
| FR | 185.235.86.127:443 | gbc4.fr3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.oxy.st | udp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| US | 8.8.8.8:53 | download.oxy.st | udp |
| US | 8.8.8.8:53 | download.oxy.st | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| DE | 157.90.33.72:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | 72.33.90.157.in-addr.arpa | udp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | s1.oxy.st | udp |
| US | 104.21.234.183:443 | s1.oxy.st | tcp |
| US | 8.8.8.8:53 | s1.oxy.st | udp |
| US | 8.8.8.8:53 | s1.oxy.st | udp |
| US | 8.8.8.8:53 | 183.234.21.104.in-addr.arpa | udp |
| US | 104.21.234.183:443 | s1.oxy.st | udp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.fr | udp |
| US | 172.67.174.127:443 | tmzr.themoneytizer.fr | tcp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.fr | udp |
| US | 8.8.8.8:53 | tmzr.themoneytizer.fr | udp |
| US | 172.67.174.127:443 | tmzr.themoneytizer.fr | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ww1097.smartadserver.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| NL | 89.149.192.241:443 | euw1.smartadserver.com | tcp |
| IE | 54.77.42.245:443 | id.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 127.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.42.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 142.250.179.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| FR | 142.250.178.132:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.179.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | cloudconvert.com | udp |
| GB | 13.224.81.74:443 | cloudconvert.com | tcp |
| US | 8.8.8.8:53 | cloudconvert.com | udp |
| US | 8.8.8.8:53 | cloudconvert.com | udp |
| GB | 13.224.81.74:443 | cloudconvert.com | udp |
| US | 8.8.8.8:53 | api.cloudconvert.com | udp |
| GB | 13.224.81.121:443 | api.cloudconvert.com | tcp |
| GB | 13.224.81.121:443 | api.cloudconvert.com | tcp |
| GB | 13.224.81.121:443 | api.cloudconvert.com | tcp |
| GB | 13.224.81.121:443 | api.cloudconvert.com | tcp |
| US | 8.8.8.8:53 | api.cloudconvert.com | udp |
| US | 8.8.8.8:53 | api.cloudconvert.com | udp |
| GB | 13.224.81.121:443 | api.cloudconvert.com | udp |
| US | 8.8.8.8:53 | 74.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.81.224.13.in-addr.arpa | udp |
| GB | 13.224.81.121:443 | api.cloudconvert.com | udp |
| US | 8.8.8.8:53 | socketio.cloudconvert.com | udp |
| US | 8.8.8.8:53 | socketio.cloudconvert.com | udp |
| GB | 13.224.81.6:443 | socketio.cloudconvert.com | tcp |
| US | 8.8.8.8:53 | socketio.cloudconvert.com | udp |
| GB | 13.224.81.6:443 | socketio.cloudconvert.com | tcp |
| GB | 13.224.81.6:443 | socketio.cloudconvert.com | udp |
| US | 8.8.8.8:53 | 6.81.224.13.in-addr.arpa | udp |
| GB | 13.224.81.6:443 | socketio.cloudconvert.com | tcp |
| US | 8.8.8.8:53 | eu-central.storage.cloudconvert.com | udp |
| DE | 51.89.41.106:443 | eu-central.storage.cloudconvert.com | tcp |
| DE | 51.89.41.106:443 | eu-central.storage.cloudconvert.com | tcp |
| US | 8.8.8.8:53 | storage.cloudconvert.com | udp |
| US | 8.8.8.8:53 | 106.41.89.51.in-addr.arpa | udp |
| GB | 13.224.81.74:443 | cloudconvert.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.184.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | evcs-ocsp.ws.symantec.com | udp |
| US | 152.199.19.74:80 | evcs-ocsp.ws.symantec.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store9.gofile.io | udp |
| US | 206.168.190.239:443 | store9.gofile.io | tcp |
| US | 8.8.8.8:53 | 239.190.168.206.in-addr.arpa | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store3.gofile.io | udp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| US | 8.8.8.8:53 | 233.10.175.136.in-addr.arpa | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| RU | 185.178.208.137:443 | download.oxy.st | tcp |
| US | 8.8.8.8:53 | oxy.st | udp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| US | 8.8.8.8:53 | cdn.adlook.me | udp |
| US | 8.8.8.8:53 | smatr.net | udp |
| US | 104.22.62.227:443 | ads.themoneytizer.com | tcp |
| US | 104.22.62.227:443 | ads.themoneytizer.com | tcp |
| RU | 193.17.93.93:443 | cdn.adlook.me | tcp |
| US | 8.8.8.8:53 | cl-7c56f4b3.edgecdn.ru | udp |
| US | 8.8.8.8:53 | cl-7c56f4b3.edgecdn.ru | udp |
| US | 8.8.8.8:53 | ads.themoneytizer.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | tag.leadplace.fr | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | adtrack.adleadevent.com | udp |
| NL | 88.208.46.222:443 | ogffa.net | tcp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| US | 8.8.8.8:53 | boot.pbstck.com | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | ogffa.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| IE | 63.32.182.32:443 | p.cpx.to | tcp |
| FR | 145.239.192.166:443 | tag.leadplace.fr | tcp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| IE | 54.77.250.4:443 | adtrack.adleadevent.com | tcp |
| DE | 157.90.33.122:443 | system-notify.app | tcp |
| US | 104.22.1.93:443 | boot.pbstck.com | tcp |
| US | 8.8.8.8:53 | ip-fo-ovh.infra.leadplace.fr | udp |
| US | 8.8.8.8:53 | adtrack-php-loadbalancer-vpc-1246401395.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| US | 8.8.8.8:53 | adtrack-php-loadbalancer-vpc-1246401395.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ip-fo-ovh.infra.leadplace.fr | udp |
| US | 8.8.8.8:53 | boot.pbstck.com | udp |
| US | 8.8.8.8:53 | system-notify.app | udp |
| US | 8.8.8.8:53 | boot.pbstck.com | udp |
| US | 8.8.8.8:53 | 227.62.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.1.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| DE | 157.90.33.122:443 | system-notify.app | tcp |
| IE | 54.247.148.56:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 104.22.1.93:443 | boot.pbstck.com | udp |
| US | 8.8.8.8:53 | cdn.pbstck.com | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | cdn.pbstck.com | udp |
| US | 172.67.25.151:443 | cdn.pbstck.com | tcp |
| US | 172.67.25.151:443 | cdn.pbstck.com | tcp |
| US | 8.8.8.8:53 | cdn.pbstck.com | udp |
| US | 8.8.8.8:53 | ads.adlook.me | udp |
| US | 172.67.25.151:443 | cdn.pbstck.com | udp |
| RU | 176.122.21.130:443 | ads.adlook.me | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | lb-prod.adlook.me | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | intake.pbstck.com | udp |
| US | 172.67.25.151:443 | intake.pbstck.com | tcp |
| US | 8.8.8.8:53 | intake.pbstck.com | udp |
| US | 8.8.8.8:53 | intake.pbstck.com | udp |
| US | 172.67.25.151:443 | intake.pbstck.com | udp |
| US | 8.8.8.8:53 | 56.148.247.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.25.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.21.122.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d733568cf1c41a63767e535018dfa8ee |
| SHA1 | 9d3eb4d336feb574bb294627edd68eb977d07b2e |
| SHA256 | 5ef0ac117d0da7ff16c14e131de0cdff57174e80766435ed233c43cb762adf6a |
| SHA512 | 194e71d0d6c7683399bf46ee02f501a402d6238899d2b425ccb0ccaa76c320a51e3299693b39e00f7882cd2706da4dfbcd6e2e00813f4e885e3df4072050a295 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | b462b580090c0be3e1725683ca0f6859 |
| SHA1 | f24aeebd228a318d6d7eeabdf5497fac9c21aadd |
| SHA256 | 8b39ce034b5e788208f766762a106cef2e93c2dc4004fd103db6aa92d703a8d0 |
| SHA512 | 306386ecda5502ab8c745acb8c29d5c60f99d8395793b96712b323c998a08fb9a88ffb87e3d8b1b9f4ea202d9fb7584b3156f2c252ac722bc324c0a32135d817 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
| MD5 | b5525828ee3d2fe59490df64ac50d650 |
| SHA1 | fd33d6e7664aa6928e0a9c6b40e733cc25243c60 |
| SHA256 | efce7ff601fa464adaced9f0f8ec639d137fa77830b8ccf597ea5ca47a772ab4 |
| SHA512 | f0af659f5cf8ea9499dbec9036973a819ef5682c05a7c389f19dfffbd6415a6bd73ac3bde516c3ab85790b1376546dae315900dbd75f9c5b8696c0b50a1e768b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c631096c44ccba10f1110860fe3c31bb |
| SHA1 | 0a8d60bc74ca56ac3ff97c065dac4d83ae59eb32 |
| SHA256 | bfec4aefc1ff4214e896e8d211e317f5502b601645d0ef9183dee137904ea3e3 |
| SHA512 | 0c7ad5dd30235ff04993fa049e82411fadc7a31168c3e7a3d7fed2d02de06b127dbe16c4be252af96e6727e8ca2b46179dab212daed10fda43e2048dfec7e4e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
| MD5 | 33130fff8bea8762dd532063767176a6 |
| SHA1 | 8ddb8ac015f5c5108fe0e9fe996a1a2ac6aaaf96 |
| SHA256 | 9f16e1c33366fbcdf0d19f5b1cb623caab049362d855d8f3a13353bb6ccb7a23 |
| SHA512 | 8437bb7986640e6eb2686f07aeced9a9fa183204d0dab0d6b665e976c81ecf83a680bb2c518fdf76a8927e50a7db1214f6c85160e9aeddfa33fc95b6d79594d1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
| MD5 | a0be7e75ba21f827133cf52895cd1103 |
| SHA1 | f93fb069aaf8288ed9c72a498b19ce698f85592f |
| SHA256 | fe2627395b1fe35e7ac1be2836a39ea28c8f277549c5fee88478ba64f5d92098 |
| SHA512 | 45e46d410328ea601a81964ffa7abaa183bba024cb495c29b0dcfcace7585adae3499fddcb9ec1a01e2ce95e3cbdc3660c7f67ee67646d617141743e51aeb7e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
| MD5 | 29b6317a615077096bf9a1b724efca2a |
| SHA1 | d869455aec35bfe9a6185977722fe9df83beeee8 |
| SHA256 | 615c568bfeaa7d39ddefb8e82c39b604370f3a341867f45faefa2dca8da2b048 |
| SHA512 | fdbb0a39b97486ba820aa4570337974a39ae87a50a9f10adc39ee8a74f5b03e2a0f9ba0837761d2c7dc44d8c675ed835d8d162ac693291d6e21de19e5d095285 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
| MD5 | 4aea5dab72b573a452ede05a7cb13896 |
| SHA1 | 3c400bb66b566a43ac6b133d7135b4834f7dd932 |
| SHA256 | af7d73f496f7738550ab578827b2786f797822e141a4c343f09a8ddd9a6eb37f |
| SHA512 | 10ec197a75fb74cf9eb78ca1808bdf10751bff21fdcdd6fc8def4fdba3ced29a1c4e189eb9d8147c99b2ad094eb28cbf0911d667da40a8b2c1578f429a221792 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 40c574b41202f624e886b3d02f8dd739 |
| SHA1 | 0a2e275e9ccdb34f95570812e7649a25b9bdadb7 |
| SHA256 | 69b3bf640a063e9724cb34cb54b002b33463e06f4c563cc521049725452050ee |
| SHA512 | 12efbb77714bcc5abaae713bec814e6cc30899dde466e5df54ff3b8f4f887c2991d3fbe9463d6ae4b3e33a8a7961ff92b9f018b207c0294b19aa8eaea6bc32ce |
C:\Users\Admin\Downloads\RfhuIXBv.zip.part
| MD5 | 58c026459e277f7ea1a0dcf1fc87cc41 |
| SHA1 | 4e322306da29a29acb5bad716d0096e293fd0d54 |
| SHA256 | a31fe1735b04ab1ecf9bcaf0c6a217f3edc2fe4d33de0e7649e803b22232806a |
| SHA512 | 3d3b1738766ffdadeae3927db661dd09624833dc4972a41b8349f2359bad5be214cff014ea7ee0b3846a38f910c638098430e29cb2fc96a2ff670360c8229949 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8eca069ae26a1fec14a8ba62a7367d91 |
| SHA1 | ef7fb38e0e8246b931f5b269865859007d6b2a15 |
| SHA256 | 5f2004fcab09f3f56018ed6a6dc30aadb5cbc2fe3a93a5f5931a94e23b318588 |
| SHA512 | 096f5507a3a33781eb40ea6bca7e6227e12b7eac155287288cadcb891ac9c31e601690bba09701d006652dba7f510b8b404bd4d9c5f687290e7389d174e299b6 |
memory/840-2133-0x00007FFFFEF83000-0x00007FFFFEF85000-memory.dmp
memory/840-2134-0x0000000000F10000-0x0000000000F2C000-memory.dmp
memory/840-2135-0x00007FFFFEF80000-0x00007FFFFFA41000-memory.dmp
memory/4428-2137-0x000001A142930000-0x000001A142952000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4fbvmfth.et5.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4428-2136-0x000001A1429C0000-0x000001A142A46000-memory.dmp
memory/4428-2147-0x000001A12A440000-0x000001A12A450000-memory.dmp
memory/4428-2148-0x000001A142C60000-0x000001A142D64000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d28a889fd956d5cb3accfbaf1143eb6f |
| SHA1 | 157ba54b365341f8ff06707d996b3635da8446f7 |
| SHA256 | 21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45 |
| SHA512 | 0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 650a968ced14f9b41ab242ad715b5c17 |
| SHA1 | 1c81184493b66dbecded3f2639a992a393481c42 |
| SHA256 | e92f53999995e90e3536300c03cdc34b0674943535b47b7990f89e439ae1a53f |
| SHA512 | 3988f50373bd930a83b2a2c5eb7505b7b2289a391b6b8d4966d8986ea2ae8a2f416f909ac51025cb0676bd7d08cae1fbf493bb2d7988be9ed53583a1b0421e5d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | da5c82b0e070047f7377042d08093ff4 |
| SHA1 | 89d05987cd60828cca516c5c40c18935c35e8bd3 |
| SHA256 | 77a94ef8c4258445d538a6006ffadb05afdf888f6f044e1e5466b981a07f16c5 |
| SHA512 | 7360311a3c97b73dd3f6d7179cd979e0e20d69f380d38292447e17e369087d9dd5acb66cd0cbdd95ac4bfb16e5a1b86825f835a8d45b14ea9812102cff59704b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | eb1ad317bd25b55b2bbdce8a28a74a94 |
| SHA1 | 98a3978be4d10d62e7411946474579ee5bdc5ea6 |
| SHA256 | 9e94e7c9ac6134ee30e79498558aa1a5a1ac79a643666c3f8922eed215dd3a98 |
| SHA512 | d011f266c0240d84470c0f9577cd9e4927309bd19bb38570ca9704ed8e1d159f9bea982a59d3eefef72ce7a10bd81208b82e88ef57c7af587f7437a89769adc0 |
memory/840-2201-0x00007FFFFEF83000-0x00007FFFFEF85000-memory.dmp
memory/840-2203-0x00007FFFFEF80000-0x00007FFFFFA41000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dkk8821hdsa.exe.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
C:\ProgramData\svchost
| MD5 | a4745b48223ecc5ee46f21cdd24db214 |
| SHA1 | 87a4bccc61455c62540e74052bb6e1f5e98ccc30 |
| SHA256 | 7c088d8110de44ee73a2ddf6ab029d017e5712b512a109ff4fea090d69946ce4 |
| SHA512 | afa2e7d15ebff6afdccc9eca19ff6bc9f950848368763d2741dfb05a317bd79c048e67d0a5597d4ff4ee0b8fb3b0bea4485d672720dd702054e7224506878fec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_5372_OEOBZPTPCUSBFEWC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e08f68dee93337cb32baf3fa8df8a492 |
| SHA1 | 83f7fe749fd521827995a7746abf2e540573e3a5 |
| SHA256 | 06535ecf3b02a8348f94083d80a740760d84b80f3644f421a497459717ac4ee4 |
| SHA512 | 86d5af2b9c22fc199d85a9f663336d6a9218c887f61a06e8f0cc74159343ce54d327dbd18e5959bf45cd64dd7d89187c4c48b4976cb5d410f08036aabc7835dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4dd6109f-171b-473d-a796-4f61a57b0782.tmp
| MD5 | cd13dc8c233239287e7e549362d387ea |
| SHA1 | 6e66299abbb05b1ba9db7e5e434a898729e9ca31 |
| SHA256 | 092fa65fb42ab31878a84b5d9170c5e45c4e0230eaedc4fdfa8e7f52875b7832 |
| SHA512 | de809c6c9cedb3fd354520bed9ea5102bbd2a3565c75b90953570227179783a88c10ae6e58356953a83f259475dc0115dfbfdb36fc465fd1fb80812298ce13b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 3f12f6d536767607af2fe35c5e518470 |
| SHA1 | 1c84b9e388a2a74687e27f05115291da5ea89322 |
| SHA256 | 88ce418fa3de6a29dc15a11282ac6ed88be48df198306e104f46b8049f19c284 |
| SHA512 | 65e1ba7db85053095441cccc14df0dc9ab41bc46e1e7b10a652cd060fbe017eb41ddac8434fb9841b6b4914246029102ad8d6ec109e327c7d8fb32a2655c899b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 700fd11fa40148b518b26385aa712a48 |
| SHA1 | cf5b2c0ca94997f90f4334f9763f0659a71daa3c |
| SHA256 | 53a487f20962f166440734d375ad5633d3d22f028b0391986f561cd08bb5d03d |
| SHA512 | 038cb0ff6caae6b36bf4a66802f75432c1cbcd1d1d81a12a7d83c4bd90d29c64c6c5dd2c43ecd293ac527fc21e7599cfa137c0cd59b18f1bbede2cefdea44dfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4df4574bfbb7e0b0bc56c2c9b12b6c47 |
| SHA1 | 81efcbd3e3da8221444a21f45305af6fa4b71907 |
| SHA256 | e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377 |
| SHA512 | 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 666e6cc42e8ad007968cf9f5c001adf0 |
| SHA1 | 8de26b29eae2cb93cc5aa7f8f17ad6d5cf4d29df |
| SHA256 | e2459bd784281a0a1c709570afe4ecfafc807dad5d7db6bfbc37f52dd06e8515 |
| SHA512 | e8351e5c37312f17c6b2302b65aeb1435d33d5b9645187f6c20162b897990b2c2d5b6cf6698092dfa0a7030d0b2488fe8b809a9366bac784063d4cd8525a9136 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4175ca38c2ded57dc7aa5852de5eebdd |
| SHA1 | dc2b25beb9e811ac4258f5f3757b6d4ff2889e7c |
| SHA256 | 438df2a7b7889b261c0d3101c9012cb5ab1083c39f84ae8233ab98627ce51826 |
| SHA512 | 6b2353168b44b28ae8154c985a06a66f4b35b0d4949103434738639167f6ce8d338d099ea02145d99ce6db57cc5ea062564d5f851ef81c74504d46b5406873e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 20c2a8388dd4765afbdc0730d56b66f4 |
| SHA1 | 5af6f3ba58742cd338a64fc276fa2311587a4887 |
| SHA256 | d68497e0be99cf91b8c452748e1b84b4c3488049877ee5e133be64be8ac7101c |
| SHA512 | e77859d71b3810d70996702d84388e76c9934903f6a23aec72be51e2e08c8d7c2d30387f361c0904e4139cdbc3903a7beefd574b42dd2d26faf10a60eb43fc24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | f1ae4857622510aff8b4ee6a1d966e07 |
| SHA1 | 9bd1cb7e3425229acd57fd5a07330d568f7aa70d |
| SHA256 | ca4bed8068575336d9b11915139d008c2b51058994a43017a96caf62db479b6a |
| SHA512 | 9231d8532000febbdf843fa59fa64bd047a09e0544a3ce9f92bd2603247e1ac1b106494b7cbb0996429928f6261523cfe7bac296442ea94fa9de0e5a56706ac4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f98a841-748b-462d-9397-1c20ab071647.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 1a36376ca00e6ade0c237de3da1efa51 |
| SHA1 | 1a6169b1c0ab90bdbc0be47890f43a2444121457 |
| SHA256 | 6c05742dad4b478d6a65ff55c881cae98d7862362249e48ff03666fb9451ec9f |
| SHA512 | 09d174fec6c08ede6af73267411c35b89603235ea52db40454e2a2acea31baccb380d51cb985f12813864278838735fbdb5de2f183aaa4801af4ee8f8a250cf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5e71e735cac8e6ae030fa840b5994a99 |
| SHA1 | 101d3932703620a82f4d19086f449c8ab44d6336 |
| SHA256 | 91135d9b791c9456cc19c135a589cffc6d57b7e85ee765271bc83efe318f2b2a |
| SHA512 | 0a822a1245175021b3b81461ad1a8662fbf92a0b4151f6025243f4f3bff119998d971c13964b91146fc27b8513991aadd7668074de8c7ed6bff1f8277d2ed2d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5a4beeaefce1ea5a44b8a4a2546cf75c |
| SHA1 | 15d5ca5768aec0fae54c4d80427d2765e3a382a9 |
| SHA256 | 3eb5b2569059d45504ef310bee033d11cb85411c3501eb20b8110da0791cf509 |
| SHA512 | 06a419e9b5fe991d00145f36a20b65bca1ea08157427ee553c69d6c5e2523d1049d99a41ad694eedb485c0db37bca8a3d205a50d667e36c12e8051d238fdc022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 689cf93b984a495edc35f39ba7653600 |
| SHA1 | 39c5478908ca6340227f1b684137350d933d5ce4 |
| SHA256 | f3fd1d84ca151615935d0d00c007e9e1d66272df09f5da8d6e560e19085b549a |
| SHA512 | 8321e7f2281b2461ac470bd16f33eb384c622af548c879603bf9971dff5db2665450c4985aeb1234b4072583bd1f33cd8b4bc0144ce53e3ffb58be5d6003a8ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 4a0f0cf75a7776a359a6ae9163a884d8 |
| SHA1 | 8c3542665aebf672084be1a77456e631a7cf77da |
| SHA256 | 3b1b4e5247d733774aca1c318ce5dddd8c1925bfa437caac49ee4cb0ac726ec8 |
| SHA512 | c120d6858550334a334d210c28962dcfe5e32bbad30e83c9f90cab4ff1aad1363bd9d30d2b827d6086f3e2b4bdf5224369314e1d08c1865d4880e457c58dc004 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 83e36e5d1f7ad614d82d0de54ce0046e |
| SHA1 | e4001fb28932d409c04b8e57628831a00ff28c4e |
| SHA256 | b1f566f360a5f84b3cd9538b6d2468b4b129618b59ad1b30fe29adaf7719cebf |
| SHA512 | 7cb1729c75084b5cbc4269afc6a818617e22faec405787da7072d2d580bbb7030b25d939fb6794e9118ea3858946610eaedbbc70d0d7a11694a60e3550e98bc6 |
C:\Users\Admin\AppData\Local\Temp\Log.tmp
| MD5 | 562c3748ac0e0fd968130b963efb4704 |
| SHA1 | 2b3a9cf5ea482a2ae90eb9d5b0f283a55a5ff16a |
| SHA256 | c1d90faf19462e968501a2a73971a4fa31d3d3868e20e2e54958c9f6b52e0157 |
| SHA512 | 4a14f84df627715adc0bb4d4e4951613757a64337f97cd94b36ae8c213b9cb1b484cd93375a065d357df17cb0d15d781fb1d6892c11d8025bb0307f466afb8af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2f85ae7feee494b082728ac709692a3a |
| SHA1 | fb0267c49882814feac774ab3fd334e9ee3a1316 |
| SHA256 | 9245bbbb75fbcb9d2ede0513550f87e01778f569440cea256ca0e9140f184ee1 |
| SHA512 | ae73ba0aa7976b83b9424326cf23583c75f4f77b8b54b72ef482c87a97770529c714254b4bab5ab2b53ff31826d5e2576dcb297c1dd0ca92d34a0c16d872f1cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 15fb0c87f2b3fc6645e73e38bb50e089 |
| SHA1 | 96e71f56cdc0f0e3e39c810596ec752c3542ddf9 |
| SHA256 | a18c2523f9943aeb47a936d3af8cf9f4667aa0401b19a517a2de07e09c7eecc7 |
| SHA512 | 6cac5730cfefd6b39fe6b28a3962149e793f66194ceee685c12f9d6e022f2be0e2a545265c00ea5d4a32f275e733755d115a981a172c2db144f252192e2ca34b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 4b4eb1bf70e47b21229b0621f224b022 |
| SHA1 | f986e6ffb8c6c6d267ad6ad989a3bbd0cf1e10e5 |
| SHA256 | 0789e3bf6ef68f41becb0b8366955df7304822071b532ae7f3aa50412d71a57f |
| SHA512 | 5cb3bcda506e131762d77d4f5cbf58b2bf6c964f007438bae7cfa9fff2f73188594d529804b43e052ee6752bea994c9df08ad895ea92f8c9a8be38f88213b470 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 78c9f4ef3a7d270a43f6abc35972c106 |
| SHA1 | 7063f0f6e88aaccdbe594d4b0ebdcdd51bd37b47 |
| SHA256 | 117c896d982f6b2e54fb551b20925129cc885e693cc3f4dfec247cef0dbb39a4 |
| SHA512 | cfe69e70657bc44ef4111e85ccf92f0727289cef1ba20989bf815194474c385378c5671cfe4557172d8c1004605264ae3f3a3423825dde3d04b1f9bee68450c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c97155648de95338d6894f1f3ed74310 |
| SHA1 | a3c65447276542d3af5504aa710a10dce0bbf34f |
| SHA256 | b19f10712832ccdd11de2412301f517c410e30b842cddd2d4f7ac70dd359dcbb |
| SHA512 | f885b07367c7cdceaf65824f1a8ba66102713bc46fdb993a1f5a5a8698fa0d49ef6530950f53cfec57163ffa392b8cb58500b31637f068910a05b36bcb4e0036 |
C:\Users\Admin\Downloads\Krampus.EEYC_WBm.zip.part
| MD5 | c8f145209141b140b845863d5fc703f6 |
| SHA1 | a1de986e667b979790c94425ced6589345790c86 |
| SHA256 | eed66483d9b3722a18abcddb22946e5bab230a83ace7c5e8dc88fe6fa5ed7dfc |
| SHA512 | 3c40a9ff535f4a7e19b5bb9187da1ef09402364f6fa35ac44a4da897a7baedb199f174f355ac4679ad55541c39a512557ec228336ce26bda799ee86fbb908e70 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2737327b08bbcbca18f309c8ef681a31 |
| SHA1 | 297268b8a7c1c11083ed18f90b2926f53f9b4010 |
| SHA256 | 1126bdb4bbd169a948e5ae975a47996046bcd50c84481feee378d07684cd7c66 |
| SHA512 | 552deb16f4d73294332104df5a1cfc1bd034b47302eb650167a7aeb9efdea369a5f36624fa8116b237d00785e0fd0c838981ef3b43b47d1a173b21996be81185 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 92e565fede15b960bcfccb22d6bf9e21 |
| SHA1 | dd40c04766259c2e40bbef93d412508a6a4a49ba |
| SHA256 | bbd1b06506b4a6c32b86fc8a5f904a7b5fdddb0c24a50961663270f3d67c9227 |
| SHA512 | b6ba2e77a26379eab20cfe0075cd4c7611e71c292cacab4c1c4c7c580dc9c39f6a7d6b82a2f0e7f5750e1e3835f8b16e0369fc347e735f9979a7c5cd5dbc1d21 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
| MD5 | 7c31c3960b8393c5b5304363b522e732 |
| SHA1 | 60789df3a813d05b05f88c5ea9dc64b1501e63b1 |
| SHA256 | c319f1d217420a2b81a3aa1d519e91d95ae8fe8324773186ca301d19dd4cb685 |
| SHA512 | 4b63edee93ca42f762947653bdcb35c977a7e94b46cd3b2594afd0567db142dc3adddc892e5519c5e2b9d9839a25ecb64137fe812af4cf0e73901b4b229196fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\254
| MD5 | 31125fe4c78593dcbf000480f663500e |
| SHA1 | 141b7c74e0cb11a5b2648957d347393e641ec527 |
| SHA256 | 040a1a09e9c3bc199aa8e6db7ca1e65d1a05d3a39317ba1529bd254411fd8692 |
| SHA512 | c8c4cd4e7aeae509c3437f2f36593496a494976a7cade2e9fbd618402412c7b3ff6b3a7559c2c59654b2aa751a3ecbc46aeb826d70dff1f2c4cbf8bc7c5556f5 |
memory/1140-2610-0x0000000000ED0000-0x000000000219E000-memory.dmp
C:\ProgramData\clientlol.exe
| MD5 | da4f713eda91ee257714127d761852a3 |
| SHA1 | 5901870facef99c9c850b141e8f8339721e932e4 |
| SHA256 | 9d27a2b70745480a42b83777ea3aa0399c63a55c6d9b699d67f1e95f7605ebe1 |
| SHA512 | 9964eca29700aefa97febdbca4e829a64ec6fd050d49c720f04963fab831b528319c9b3b054f36093ef9dc7236a681fba02f1f988ec19194f124d7a75abcddf7 |
memory/6092-2622-0x0000000000020000-0x0000000000038000-memory.dmp
C:\ProgramData\KrampUI.exe
| MD5 | ec02c6962ff0994f0dbc06133cb32f28 |
| SHA1 | 1084bbf4c67fea18b2dd0232ad196f97ea17438c |
| SHA256 | 9663260edf06c3b9116a649af4c9fffa22f1bb3811f3e73e0f8fd6e3ba997565 |
| SHA512 | 8d00d5f21209bb7ffa24ee7717db4e9294c720a62d50ee416ab6e6e6520afde1d9cacc3c364c2c4d81d3eb565efba29f9e815d384774ba0de0671496952418f6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 15dde0683cd1ca19785d7262f554ba93 |
| SHA1 | d039c577e438546d10ac64837b05da480d06bf69 |
| SHA256 | d6fa39eab7ee36f44dc3f9f2839d098433db95c1eba924e4bcf4e5c0d268d961 |
| SHA512 | 57c0e1b87bc1c136f0d39f3ce64bb8f8274a0491e4ca6e45e5c7f9070aa9d9370c6f590ce37cd600b252df2638d870205249a514c43245ca7ed49017024a4672 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a7cc007980e419d553568a106210549a |
| SHA1 | c03099706b75071f36c3962fcc60a22f197711e0 |
| SHA256 | a5735921fc72189c8bf577f3911486cf031708dc8d6bc764fe3e593c0a053165 |
| SHA512 | b9aaf29403c467daef80a1ae87478afc33b78f4e1ca16189557011bb83cf9b3e29a0f85c69fa209c45201fb28baca47d31756eee07b79c6312c506e8370f7666 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | b27005d0e4dc6493ec81b19c241e329d |
| SHA1 | 796c20410465afd3e78d6818edc254f681530330 |
| SHA256 | 24268385734db893bd76cd9dbdfec5dc28154e23833c5007fbc6231556c67c68 |
| SHA512 | 408d2a5c276259150e0aa84ca114afb2c13c9b61af670411e787263a8b21538a925eb2883631c2650a70391c61d70ce61a262acff16f9b9cd59c3f943dcb61ec |
memory/5312-2720-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2722-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2721-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2731-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2732-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2730-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2729-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2728-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2727-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
memory/5312-2726-0x000001A5140F0000-0x000001A5140F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
| MD5 | 617124e4f0e778527fd740d121e65dbf |
| SHA1 | 98ce585dddef3a6d4f2643e984c2a03950fd5ef9 |
| SHA256 | 7cc7703460b23c14d3e5c75c617a836327da199027d34ee8da69d6dbc77b6262 |
| SHA512 | eb640cc653cff3d7d4d37e699b78f38a45a0169188b06fb19b3b16ca61a08b1a37803e230fdbfcff4c96c802e5632e5bb684e3ca16ef4bd60e5f496bac8b9194 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 52a48fd2f3232b84d93700e6d388339b |
| SHA1 | 4dccc8ef6794b40f8daa03548a66738f969c9518 |
| SHA256 | 18cc203a84ddfa3bcb5e5064c2eb01b4c5dbd704a7ab9069d9752177332a7530 |
| SHA512 | 1bf6717dec60c647d0096b2bff4558ec0cc5069b06ee0fbf91834084ac56ed4f98f8d72e1aff84f7c870dd016f57c0d16fedadba8a94b0bb0253652033af6120 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 71369ea2679845ba3cf182f9ddfba237 |
| SHA1 | 9c11a186cf1950e967801a8b96c76276dff53e86 |
| SHA256 | 684e7b8fb797f9e2948ac824fe23d32c9a5ff10148a6920d747eb0ab490e56d2 |
| SHA512 | 809eedf1c45f6d1d68e6e873db5e1163f64b5901f0f47abcc2147705ea4ada0359ffe96bf8a83d1507351bb1880e7cef36c83379700bec6546b0e3c0c948c2a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
| MD5 | 9b9f96b73d2e23e7fa8223c7352a993c |
| SHA1 | 98789c708552bad0b21d16954e1a8baa43b8ce09 |
| SHA256 | 0f78b758830001be269bb26426033083281e199ad19d566662f0b402f70b1a5d |
| SHA512 | 2fa828406ccf251e76b02970f7245827b57dfb20db1cd0359d4b48b5afa5ba490ea319619dd22543b9c36bc2b4101fe8b548c8de20a2c99e25e6416e5d7b16b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
| MD5 | 3c9aa90df3e7f10bd6d24ad9491167bb |
| SHA1 | 98edbe80f67d9fe3e8e3ef3c50d0b99991735cb4 |
| SHA256 | 21661b13a74bbf5385c68c3d5587003d5d4f717bfd1bfc0b577a39f9dcf41c44 |
| SHA512 | e2dce6b759c77a2c82db79a9f0df29cc7ed520f3b57b2eddfb19a085ce9dd93a7ed8eea0c29cf9bb0467f4143051b7eaf981b13c7f0bfabeeb3738cc9e323d8b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fce8c04ca7e0821680f439904b5c117b |
| SHA1 | 526dc480545122db66b7047628a2891d07e303e4 |
| SHA256 | 0fe22087ae4e9e00a36e3ed09207d1a70886538b0ed875cb0af441df4728a01e |
| SHA512 | 5500002bc011b522b797c8b76a31036cb8061574907b84db13d8fe134baf7f96dfb506338377a7be8f085bf70c5a4a3f7e593da408aa11b2bac7a17d35f52611 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 85f1742a6dc0e393b69292d45e134a11 |
| SHA1 | c06b41c63a4977fc41351ef715dc19981e040626 |
| SHA256 | e2fb2c0a377820b52f5eb16344d89bf6fd75ab49997afe7cc203b7b9a70f3452 |
| SHA512 | 1279f50f653bddbf3b80b29161b1fcab4fb16d6ba534f23bc794476f8b3b22a639dd1097c9d3a4cc37899307e6e29db81a6d6c652c2f9031694b3615594ae756 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 01f4a0f9a9910135d9b9446d61e26064 |
| SHA1 | 5c077ad2054d929933bf8ca269db7696e388ecbd |
| SHA256 | 04ec1b8920f85ad477d2bf4d31b30ef90b4aee8a4d2d88c9c959f0c54906f359 |
| SHA512 | da63867b798e8d4511cc4e68f28aeaa8a2f442455c7a8836b11daf85f7bce66a47a863c186daacc505bee5b1d35856207b8e55e3fffe3d2b5090bffa3868d3ba |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 1fbecae28d84fac170c4fd594f185bdf |
| SHA1 | 30b4b6de556be81846c77955da8f7e59ccf01dce |
| SHA256 | 8befbd1ec16b5b6aa0067ddf8bc577083156ce9e1d8689dd6f6deb94e14dc4e1 |
| SHA512 | cf2884fe1a27f7e35e17f1900127932ff964a7ff9ea118d3fbb5c151d20dd197fd34e9ad72c8301d7d5643605c2d6c6bd5d888e5f966ebc31d889583cf0d3456 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\29966
| MD5 | 695392f95582666723d86179f97f358f |
| SHA1 | 41c0390fb675c86baebab4f694f4947ae2de4a0f |
| SHA256 | 16e1c1928413514a42b094769fd74377e52c099475941894c07b5f0736d3fc1d |
| SHA512 | 4abb69eed338bf09db25b3c13a265434ee87ccb54800a77c5676b3f632cfedf41905ccc792ec58f24c862bc9c606e399c3aac453c6679aa809f36d8a77e36628 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a9ad0af047951782e0cebf41e1ff495a |
| SHA1 | 7f5f80ddb585949b015c2cc89baedde403e59927 |
| SHA256 | 56d193cb689604524233f5245fa3ae842a122006fcf03a8b1d644d3db3c2f7e6 |
| SHA512 | e83c0f98a44e7de168291e77e78ca66bbb1fff0360cc9062fb0b888472240cc64879bd7bef35cbda5169dabe45c6ace11d125ee12384e46b676d01bc06cdc97a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c4515e88049c4bee44b55b5173ffe54f |
| SHA1 | 99b16e81ff33e7b6e1b6f3fa885681eb2a1c80a3 |
| SHA256 | ae7b97cf5ca1ddc608e5f2a8df3f976a69d6b2795124918f82f78c9e74d50172 |
| SHA512 | f3cdaa090dec5b48c77d1485882b4e2315ad88826efc25e36db262fc582ce0f717891b7b2bfef7911e9fafb13c4f73fc872fbdf3d52d13378a7a7e40f72ad51f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++oxy.st\idb\556220133rrae_su.sqlite
| MD5 | 52443b4383af5cb1347845fcbc8250b6 |
| SHA1 | 6d5916ec894bd882fc171a57029ae3fbdee4d328 |
| SHA256 | a28b05fd0d997addbaaa8667f377daad202a422cdd7a4f8f63895efd3fcc05f3 |
| SHA512 | af1df244449af8a28b07c6f33a30632c6519cb6058e5c2239596e01ab85f7c186e6a4e025e3cf0ee5d5f572e57389cbb2063d5e8af77c0df474a70afb4175d94 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
| MD5 | c412c784d6593612a8a449f3d8caea8c |
| SHA1 | 74527d703cf832ca30cf1dcc2ab953daeb58d508 |
| SHA256 | 308cb102bd5b8bbb440112fa32ff099d29ae607dea5ab0518545c66f9e94665e |
| SHA512 | 141e1448e07bb7375281c44ca4240597dc62205740d4113816eb9d7ab102eb2cfa7ba02da91cd93c90951ab40b83dc0bd33e9ae6744ea299f60a8f283c0730a4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\13EFA2A0AEBD2083A85C899358878A2DC2AD7C54
| MD5 | 11cea621f973104a4779f10bb4943b6c |
| SHA1 | 0c1f7e3c786f5f62590df2b925aa9eede62c7824 |
| SHA256 | daff90118abf93ec86ba80ab826f24fa46bfe7f90ef7b704d8b5b7ca08e46290 |
| SHA512 | 68fe316a7df17aa78b47389b434d6493f4bb79feb2a4ea6d919ff0951d694fcda3c0181f2aed9b5f9d699f9e47d9b92f1ba71a4468998eec0dc45822d2bb6ae3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\18176
| MD5 | ceb31b048d405a5e96937477ac03c7bf |
| SHA1 | dd1b4a4fa2a4c1b17b7923e8378f2ede68dd1c23 |
| SHA256 | b76c4bea39947b7f9439dcb332f06e95f5cebece8604520dd7d3a495137d2d53 |
| SHA512 | 349fd38536d1ae3b124436dd365a539866352a33891543f257ea56608b1e365e45cf0c0ceefdd01cf9c6d87246b06bb3256c1bf5e6ce38d9b47f2afdfcd5dbdc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\4665
| MD5 | 4111430389c9b768b7e2ebd452727e67 |
| SHA1 | b35fae679818d0b0e7b8ea89f6b70365df0b004a |
| SHA256 | 99a12ea48c72c996775a27d816baaea5904a49247c6318ca277a4f7928338c79 |
| SHA512 | da525511eb8d3b288cbcf1749c313c3550c40684687db22417955adc643e30dbc3a272a8fd2a31d973cbae6f5bdee8fd26898a5fd95a18887015f9a8bf1c9db8 |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | 8a97257e88153ae27cd86083330c8113 |
| SHA1 | 98010609b585099cf717cfe3b05414627cc3baa3 |
| SHA256 | 94c185b10e32a309ee5279f550c0784babb77bed121a1c1bc91ecfac54842be9 |
| SHA512 | a5a35cdcb11870b63c49f81ead2a4e6aa10eedeecd01c4dc6c7e8d250f9bc57d05c32826060c8f234c25b698f0920430426b24658d4d1250f9142bf1f675e987 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 679251a9e98fc6a221c12762577ca894 |
| SHA1 | 7df61f8c958d10292a96bd721ce1023a34259ae2 |
| SHA256 | d3522c56d3dce9c09991ed4298c17d326c1eaa6428c2031d6b12ad01011141b2 |
| SHA512 | b659b549864f6db1671e652494c528603d4688ded57d0292872b515250e0ae6be664d2c53bc4a0ec6cb2edf4a9d8862f9c7e4ea12cfee5da683548df98944a6a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\0DE2829F91051EAAE54DC4884A6F44420B074CA1
| MD5 | cde835d949891ee66d6d9becd65b7c68 |
| SHA1 | 7d42f62beae5967fc5cfe4ffd372ba54226920e9 |
| SHA256 | cf592b27489dd441d1dc5d5b0e36daae6ae7457322dc43159289d88f2c78a796 |
| SHA512 | 1abd7302db0199156111fe0342b152251934928fe841f213268de5c654f9f5131b8c057403dd248fd98e810bdc108b40be0a97f88fc01b18b0157327a4227f75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\16196
| MD5 | b0b85efbb7e85279eda46163c6f160f8 |
| SHA1 | ced77a5e853142c99a46ebff7cfd9c5c8a532617 |
| SHA256 | 4e30c71a831ba76db021294c6f7b6001488cede6f466ae1ab1956b269c7182cb |
| SHA512 | 70b913adbf2a7828a4832024b68fe6af3278f5cd168dce8eeb12e73804077b8155253af04167e1530483d69d3dd770ee761bd40b2ede28846e1c65156b918066 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\6782
| MD5 | 5dbea872b21b05fb5d6ac9a62be2ee95 |
| SHA1 | e85474208b168d8f439fabde1bd54a653bf4bc79 |
| SHA256 | c534b1fc3e9614a12f6c299d9c3e749fde62ffa45cbf586f33ff31db24676e20 |
| SHA512 | 42420e85d3368b7e8505bb7d53b162990995e878ab7c0126dde9c9e806c864a0f1ce482ab22fb71fe267418d6695d9697419af249a18d4609c953b65f254f0b4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\16579
| MD5 | 6463d83052ed7aad0925e48c05536d53 |
| SHA1 | e8d86b745694c23b2789ef52abb68d46d081b6ed |
| SHA256 | 8a79720ff85dc8ee5c07cbd5d76e76058bd5b21a60fb17b80c53f482fa5b3955 |
| SHA512 | a37f846629ab0ad0ba7d5641c409e5db10466d461f2ea58b1e85d7ca2ee7005097b9e59515fbed0bc5cfdf1528cc568eebfa2377bc1b04ac946cf00f19b02669 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\19732
| MD5 | e35812855a9fd3707cf47efc283303c5 |
| SHA1 | 6b166d2149b03aa01fd6710c481052b32e5ba0b7 |
| SHA256 | e8071b5ac2079dc135ce91c9e055852c7f576fa847508c5e76a12feecd3d82bf |
| SHA512 | 97e2df9fee674c58c0aba910d7c2ecdcd1cc3d8199b84fc6574aa1d7a4d703f206610b6f1bcaaeab70efd1218dcaa8b6da02829b889aeab0f8a95dec6e66f025 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\26
| MD5 | 8ead37e2edca1157b39dc102fb0d7f64 |
| SHA1 | d8b4d97026f5835d2dabceba696c44e551257144 |
| SHA256 | d58f0b1ca22bbcc82cd8a4e08dea116a2f7e8e03ce6a207c12a086e02eb2e265 |
| SHA512 | 9d19057be8966121e0c09eaea301d442ed092c922673612b34e30f3ca83aae03766695086e5c663245a486e0493d8dee5918cdfbf88816a4876bead814cab3d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\9823
| MD5 | 65fafa8f9a0d9a9c67997f9ba46fef6f |
| SHA1 | 378bbf3e346e300c5c8b478184111cff49068c2d |
| SHA256 | 2241fe60a68ebaecb75885aa5e9f8a651e715d14145d490ac540ef4bb077f306 |
| SHA512 | 537234dec3abfc932cf3daed91ec9e1b7d9860d704289537f438b3501cf3cfb9f9be03b438974cc2542e994037cdfdfc3a249c59154ae6a9002d71ec0db75b65 |
C:\Users\Admin\Downloads\winrar-x64-700.-CPxO7_A.exe.part
| MD5 | 4a302706bfa1985c87a909c649b0bfc6 |
| SHA1 | ad99667ba6049b70303f6944e9c747d3316aa7b9 |
| SHA256 | 1c11b5676172e451d7879ee30936772a951a1eaee659fddc2c6232fec135de11 |
| SHA512 | 17b56264a85d467e3c7f52ec4c7cf2f2203a276f5ebef056606072781964887dd0dcf34dc7bfd025454fe9a7ef44753aa8d98dce2d0f6eb692aa6e21397f951d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b8378777ee329340411303bbabd3004e |
| SHA1 | a5011bf27a41b6daf2c38c5a841bb1782be6bb6e |
| SHA256 | 07028dd562c9bdfd72bcd9048148cf1520136649757ebb43403e5d7bec628659 |
| SHA512 | 55cdc8a5c7c6ac7d29d8caf2b5f6b576f510da5d5779dfb913c8b1e1590ac4bb34f2d0f690891fd72ad3732235b931bfc1770c38ddc3f9609a0d6e12a303a0a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8450543e8ddf0b952542c790936f7ba1 |
| SHA1 | bb353a27f0d21f4207181993a8ff296535a0caba |
| SHA256 | 33bbf7879cfcbf986a9f2947400337288910d855b707993b6bfddbb35fe281c2 |
| SHA512 | 01474468c1b6d37582579f3ab6dfc8321c98f90c53d0d16fb8b8d702f1d10472a33f884cf77de2cf2a93a31fbdde497e2c94679e06bfc113ad4337090dd3a582 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9bf8d4ba5b0efc522d2116e7a7d1f2d7 |
| SHA1 | 6e0f71545aa54b292dcfedb8131a39171f6f1a31 |
| SHA256 | a4634ccbd7b9ef694f939da1cb62e5865ebd117330fb4992539668bdf7ae0b89 |
| SHA512 | cb6f3e07b03d645cd0cad20193a68f9e79f96ea3f84967914dd47089c513ec667f4605f5136ea1ec2fa9e1718f5c91930a904579417270b4ce642ff6dfe18f0e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 922a0a50fdca22b93bbcc19208cad5a7 |
| SHA1 | a1e0f6006219c4ea0017c3fb103791699fa1d6e1 |
| SHA256 | 8de98aa9ec8f551685a8a37a02bac0d92b15cb892c7d55533d18cdb207a5c97b |
| SHA512 | 5e62c5f11754865d7a073a9e9a5e78448a1f79a073c3166085162b1a593fda5a5420010cb009d9f09754b28b8f678208b3d494215521fc2f005f0b6505f72f6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e12b6dbc53c334d623f396574a049534 |
| SHA1 | 07ac4b45a06f79e4523dd6f72f3819ba3a2b747b |
| SHA256 | 212a67613285b4296b0b0dfaa5f02e1128ea36186532887a99f3dfef2105d4fa |
| SHA512 | d0811c991bf2e1de629fc4653a6204b5db9121c3895ac9511d1eec7ed783046d2af8d529e9ef7ce9e58f249832a42aaf2f43767f91b7dd887101ff4441bb3bba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 056e1539422477023f3fbbd72759fb27 |
| SHA1 | 45569055362fb638d15eb2da3f8a0b9177cb99dd |
| SHA256 | 72c37b45d020a83622a50fa8017edcbc1fdba55958b2f62204b9f144e9437dab |
| SHA512 | 4dc061dfb38cccbf343a1e46b9bf43893c4e695d1076a706b4d5240ff008b4a629de9c37a56a00cef2f4fe42b6cdd6fcb123134b4a5fee813650b6f4b81ee241 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 63b1bb87284efe954e1c3ae390e7ee44 |
| SHA1 | 75b297779e1e2a8009276dd8df4507eb57e4e179 |
| SHA256 | b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a |
| SHA512 | f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895 |
C:\Users\Admin\Downloads\neverlose.jRazOITV.zip.part
| MD5 | aa547ed4811282b1786826cf6793ab16 |
| SHA1 | 56db07ee903549080cce6117b1de57b6794ba4e3 |
| SHA256 | f8584d8bcbf324544c28a48306a3f6165c8e24d9f87cb94f35033ae3c9204db5 |
| SHA512 | 57ac7bf6f83c9883a572270a42770f82db36c91b569fc3eb565073d7759123ce8fd2e586802cc13beeaeca26ad42c58da4a7250025d725592a984ee876f46e13 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 981cfcec6ff00db5dad3be679244d0e2 |
| SHA1 | fc738f6dfca40bf1459aae488da5e95c2290a4d9 |
| SHA256 | 60d169b09a9dee6dcae08489594a04027c3bfe735dbc90c9c84fa72f80e3ad0d |
| SHA512 | 0e5690104e763940a78867f045b276ff28ba2ec3b177226197d00df381c3051c910e0683392a22839b2024f89e037049df5d9bf1ebf50a21c4a4038762e831da |
memory/4216-3914-0x00000000002A0000-0x0000000000432000-memory.dmp
memory/4216-3915-0x0000000004DC0000-0x0000000004E26000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3864ac4fea5bce523bc600786b49ba61 |
| SHA1 | 3faa398c384654be35e6ef16779ddf062b00a205 |
| SHA256 | 6d47500f099e8a37353e0480a57646b76935c1ff63be0729fef34b6fa74d2e54 |
| SHA512 | 51aadde7dafa8e589e40fa4923b16b61b738c880fa2a2a30967db129cccf7f2e50011ad12a407c5ac4ce181cf369499bc16c10e671752fb56e8dd346a41ca949 |
memory/4216-3927-0x00000000051E0000-0x00000000051FC000-memory.dmp
memory/4216-3928-0x0000000005480000-0x0000000005512000-memory.dmp
memory/4216-3929-0x0000000005510000-0x0000000005536000-memory.dmp
memory/4216-3930-0x0000000005560000-0x0000000005568000-memory.dmp
memory/4216-3931-0x0000000006390000-0x000000000639A000-memory.dmp
memory/4216-3932-0x00000000063B0000-0x00000000063B8000-memory.dmp
memory/4216-3933-0x00000000063C0000-0x00000000063DE000-memory.dmp
memory/4216-3934-0x0000000006440000-0x0000000006482000-memory.dmp
memory/4216-3935-0x00000000065A0000-0x00000000066A4000-memory.dmp
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Browsers\Firefox\History.txt
| MD5 | 9bde263bb858cae8f146fb7b6bdc882c |
| SHA1 | 30328415058cd2a1ab892e2c6cdd172f73bdc086 |
| SHA256 | f5c1e51caab7317aacb5f33dcf18c93f90575a8fa5584986487044e117ecc54c |
| SHA512 | 5d29f66a921e43590988f5086375440b1be7661f83c3813d09671d5648060840d9459eaef2ca983c291a1f8d7cef35e8b7aa523839fde08183fae4c7a2e7108b |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Browsers\Firefox\Cookies.txt
| MD5 | 7a0688bdb8cb9a4ab9a35406a14583d0 |
| SHA1 | b6298450318cb9a25daa05c4bb50a91843e39186 |
| SHA256 | b42763866e21694738a17837224612b0da004925294921f5e0f5394cee508483 |
| SHA512 | 7684a282a269ddbbadc5656317f7eb23d936f23ff45c2bf9f438f08c13fec3a80e0c0f134e50191cdf44a4384fbac5779b63e2ccd8180ebf1548d918f3b35a21 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Browsers\Firefox\Bookmarks.txt
| MD5 | 2e9d094dda5cdc3ce6519f75943a4ff4 |
| SHA1 | 5d989b4ac8b699781681fe75ed9ef98191a5096c |
| SHA256 | c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142 |
| SHA512 | d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7 |
memory/4216-4038-0x0000000006D30000-0x0000000006DC2000-memory.dmp
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Debug.txt
| MD5 | 48fa166b34796f2f666c7a35179df9ad |
| SHA1 | 102996a625da73d282c9d0481e0b718b1770e41f |
| SHA256 | 5d26252fb2742cac1224cc6949a41d37a27bcee93fbcae7aecba0b52f1a7a849 |
| SHA512 | 4091f015116e96534181b6c36896dd4b08a0d254e0a4f9e66fa85073fd06afe6eaae3f3d5d6379990c4e0777bcd8b306be3adb9f98c6215ab0981b31ef064555 |
memory/4216-4045-0x0000000007380000-0x0000000007924000-memory.dmp
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Process.txt
| MD5 | bdabbe5040d0a4aa426cd99449d9b969 |
| SHA1 | 99b70c05f7dfc7399b64c04a997a5c925be9b78d |
| SHA256 | cd9bb478c6fe0f575288b0a631abca078f72691c39582c009b5a3646708da06c |
| SHA512 | 2518a82ba37ac3c15bc536672e5dfd7224294db4bfd718eacfd00cf29f1e4d67f0b55c5e58e7e34c0eeb62c8b33581a3be06566f6733f3d509fe22e4665dc68d |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Apps.txt
| MD5 | 955f603386294707731714dd53ca3fbf |
| SHA1 | 169e0090c28190f97d42409e65b39542ebe34553 |
| SHA256 | a3ec8f9587bc5c4a689991d204cc1be04096c0d1db9d5fd94c1e09fe9df3a1c1 |
| SHA512 | feaf5db3805e223eeda192758476db0cf49a0f83ebaf27d4574f59cafc1683ed473e0d1e8e341f3299c3158def2da29ecf0f424f973bb09fcbe24a01e2854480 |
memory/4216-4195-0x00000000068C0000-0x000000000693A000-memory.dmp
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Directories\OneDrive.txt
| MD5 | 966247eb3ee749e21597d73c4176bd52 |
| SHA1 | 1e9e63c2872cef8f015d4b888eb9f81b00a35c79 |
| SHA256 | 8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e |
| SHA512 | bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Grabber\DRIVE-C\Users\Admin\Downloads\neverlose\user.txt
| MD5 | bced433804264a9cad7b15efb0586ca0 |
| SHA1 | 86322ce08c7a2dff19a03c422d1ed86cf9f6d65e |
| SHA256 | 3fd3232a8b33189f0349a4402c1c134251234d5463cb0967ebbb4b5566bc968c |
| SHA512 | dd03598de0ef7ddbfe50fec6f70fd4c1b81ef9315c90e8376b56fb9ba65c73ec740a59f9faaf7517653e6bc2a970faff7dcdf6b3b589f9761a68720f016bce39 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Grabber\DRIVE-C\Users\Admin\Downloads\Midnight\Midnight\readme.txt
| MD5 | 86c3f86f4c78d5e5ec96ff786cb4a788 |
| SHA1 | 6fd877d17fa76292d18f4f35be64b8d877bf7550 |
| SHA256 | affb60a8decf7a9c89792579d8dbe0d3e6b5718f1a7cad4a25e90139191e6d93 |
| SHA512 | 6a8e8fa48b21441936a1b16f0e96d4a0eb0164edfe2b041a6da4a2c0d31b6e3cb2f4120d587fef039cf430e8c0d62c2b44e39665e3fe699ef74a297dbafc744d |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\ProductKey.txt
| MD5 | 71eb5479298c7afc6d126fa04d2a9bde |
| SHA1 | a9b3d5505cf9f84bb6c2be2acece53cb40075113 |
| SHA256 | f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3 |
| SHA512 | 7c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Grabber\DRIVE-C\Users\Admin\Downloads\Midnight\Midnight\login.txt
| MD5 | 0c851389594c79d61d923bab8cc71c4e |
| SHA1 | 590e69a52bde6b73031efbaf5eca26d0687971cf |
| SHA256 | d96ec1cf3e2cde32ca0dbec475dce4a64dac55b0a6ced645e001a06be0bd27fb |
| SHA512 | b60dd932474f69f60bc76834dba920b9d273101c61e41015d42233b51bd9af318711e95904a4cfc4339e19d8b8b972d2d84a044a2f646aa6946cd463844e3bb6 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Grabber\DRIVE-C\Users\Admin\Downloads\Midnight\Midnight\faq.txt
| MD5 | 10a7f9e4b16c9dafe2108d60dc0f4f87 |
| SHA1 | 5dd9d825344f3a09bb3090903c132f3ab1538237 |
| SHA256 | 48e0faca83fc1295cdc5fd2dcb2242cfb3420418f8da9eb78442c7ec7059063f |
| SHA512 | 8e8865c853358abafbc82ab23eb4f288017429e2b184a12cedd3090d0f9287761095a6b78cf9b702cd44f2bb27c4a3b9543d7f0beffc984c95d058539e4333be |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Directories\Videos.txt
| MD5 | 1fddbf1169b6c75898b86e7e24bc7c1f |
| SHA1 | d2091060cb5191ff70eb99c0088c182e80c20f8c |
| SHA256 | a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733 |
| SHA512 | 20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d |
memory/4216-4324-0x00000000064B0000-0x0000000006562000-memory.dmp
memory/4216-4326-0x00000000067A0000-0x00000000067C2000-memory.dmp
memory/4216-4327-0x0000000007B00000-0x0000000007E54000-memory.dmp
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\msgid.dat
| MD5 | 13ba9d12f8f635949c172b4924b22ea0 |
| SHA1 | 43f935c2ad6c53c2e7eb258072c78e303cd1a310 |
| SHA256 | afd0668e309bb0684a407c4883a21d474aadbf84228a01c5935298e25d5ca6c6 |
| SHA512 | 4e2c1102878065c53677b852dfe6d918ac2d218b623d7b1691300e08537be62fd718729c01a8a35c5f1e2f90bfa17383bba9d1e31faf79f2fd948358121de26b |
C:\Users\Admin\AppData\Local\Temp\tmpB4B3.tmp.dat
| MD5 | 78855c87b9d2682c8141f1afe227dd1d |
| SHA1 | 8b0bf8584c49cf70bebb1b289f765532eb0cb127 |
| SHA256 | c9217d14f586d9e694446bcf76f67442b2440af2a3bce5fa593194bcd314f4e0 |
| SHA512 | cb54bb1683f31ef4f5f4766745909a48dbf61cbbff409a3a596d8b71d65a9f879c47eb479c67e58dd3a05a0049d5bdbd4215242490a9f552ad131d5ef95975b4 |
C:\Users\Admin\AppData\Local\Temp\tmpB4A2.tmp.dat
| MD5 | 933bb36185ab02f01fa7fc1ca31986e2 |
| SHA1 | ed457b6e18084d02df2a4f88bcad5dca89129910 |
| SHA256 | 340b240638bfd551924f6b8a9527313ffe067ec9cee18d07e1ab63c4ee8bff3b |
| SHA512 | 248ebb1d20bc52c66e62f5e76f9c209f7778540f541bd5fb924de05d4f18c742d1f5c515529268788b443933f181d8f983929c6a036328ca5cf75f37473a9aa4 |
C:\Users\Admin\AppData\Local\Temp\tmpB4D9.tmp.dat
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Grabber\DRIVE-C\Users\Admin\Downloads\Krampus\Krampus\Krampus\DefenderControl\ReadMe.txt
| MD5 | 8dbe87a9bf6342c4e2ea406fa86e76bb |
| SHA1 | 35fe083b3f5793fe1b803d091262e4dee2cd0c4d |
| SHA256 | d3b0219253a58ccb394559751299bd16dba1120e02cb11571c3b6a085b1027f8 |
| SHA512 | 3fca076f1c6fe286bef4d211fad2643e2c2e426d75e665c1a1c8dd241689fbd3911544b90f65e0b2ab25ce0ff63fc5520684ff7c1c2fb71be9cda6359a8b1c8e |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Grabber\DRIVE-C\Users\Admin\Downloads\Krampus\Krampus\Krampus\readme.txt
| MD5 | 9057253221c88908cd08cb7a0161c161 |
| SHA1 | 61acb2f40d54846af7cb48ef94f54dd32ba4be8c |
| SHA256 | 6661a9e57da48bd7d8ec6c7ae8052f26ce647a313c7882693a4328903e19de47 |
| SHA512 | 941627cc4e55651b4f6b2e2d07134fba1b064f3d2ecf572e5649e7db9e3b92355491e57475c20efc63d97302c12c2efcc80d4962d82a0b444c8e20a04b3fa812 |
C:\Users\Admin\AppData\Local\Temp\tmpB4C7.tmp.dat
| MD5 | 73bd1e15afb04648c24593e8ba13e983 |
| SHA1 | 4dd85ca46fcdf9d93f6b324f8bb0b5bb512a1b91 |
| SHA256 | aab0b201f392fef9fdff09e56a9d0ac33d0f68be95da270e6dab89bb1f971d8b |
| SHA512 | 6eb58fb41691894045569085bd64a83acd62277575ab002cf73d729bda4b6d43c36643a5fa336342e87a493326337ed43b8e5eaeae32f53210714699cb8dfac7 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Directories\Downloads.txt
| MD5 | 44e240076ed2cce0b6bc31b0248e54f8 |
| SHA1 | 2cb6e71dab65d08493dc048f46bc00014a3bad34 |
| SHA256 | 990aea921aa624ba887588e5e4f76637e9dd63743dcf87678a6374b95ff4780c |
| SHA512 | ecd0f90f379e271c35179020a0d2bae60ef657b7476b85214bbaf16d57df5ce9523560ddb30640bcc20e53c86b34fd2c674df5cbc11edaf0854013c0b3fd6951 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Directories\Startup.txt
| MD5 | 4ce69b7111362f6edd118c4552179ca0 |
| SHA1 | e52d28574075640f3dbbfba3d5b0f2e2430e0190 |
| SHA256 | 072e273d6a81f771597a5a36e1052bf311c2963a35195239f26cb753e93745ad |
| SHA512 | 974fe9efb461fd6b67069fa2ebcd00bb186ea7ba73febe696acfbbad2c748e82410952d6304a19daebf179e692fc5db4ac49f3a6880c5d9a1266ea765cd23eb8 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Directories\Pictures.txt
| MD5 | a261963da47569fdf3ba244bb389e78b |
| SHA1 | fff56cd8ff4ed10c1fa95b390485bbfb36ad1401 |
| SHA256 | 8046b9c617086bc47731fe0b19af39770a4b1a44c6da6d172981944741b5469b |
| SHA512 | 2081b1e80ff9be8e5de2692ba26cd952a1d2569cfcab4743b997f72f362426e3c59de07e559c8359b8045d69b4cf0eae0c3d1be662c18ebe12ca5dff695f492a |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Directories\Documents.txt
| MD5 | 78fafae7f83a689a1d507b54fd06bc48 |
| SHA1 | 3970dccc6bac71cfba1a1d4287977b3b23f7b9f5 |
| SHA256 | 45114eac2464ef73873c445f0689e56653f7f7910a10129b651e7918fafcb96d |
| SHA512 | 6d4af568947ef498a50404ab68a2e9f941e249a0ef6c05ee3a555e1ddc4765fa38421dcd459873de5e920ca01043bdd12234fe35f5a6ff8a4500f81063129ecc |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\Directories\Desktop.txt
| MD5 | e3d8511dc93a88e93e5830ae3cd4bba7 |
| SHA1 | d3899f1847ff477a375a7969af329de7dfafcf64 |
| SHA256 | 7e1eddb5332915c0cc7704dabf01f00896b3f626b16d9ae6dca30cacfd62056c |
| SHA512 | c6ea09c7e60e21aebaf883752e2187cd4599cdf75d03d0fbce8b20ee62bce0f37c0edda391e5071cbb4c7a021794c6a1e54ee555dbd6708ea1a545145bb7270b |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Debug.txt
| MD5 | e1dbc8e5cc30c387025e9b3ff20dfbc9 |
| SHA1 | ce9b580b10d1778c7ae4ffe27ac0b1fefedbd8c4 |
| SHA256 | 579334b0e1704deef2e1a36bc7f1671fb7383efde268f01cee495161769448cd |
| SHA512 | 91c9b798d7ab91048e6c88917df69dadd40c85a7f94af3524fd52d23ad2e8632877129eb13c2df0bcdeea189e9f07e6329856807b2dd36b66b6818303459dc56 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Desktop.jpg
| MD5 | c335b95ba8e4065f101781289e71617e |
| SHA1 | be0a4039c5d13367607bafde8632799a9cc22dc7 |
| SHA256 | 9fdcdacae9c602ee6b049d3472f6b5edd6ebb9d6a1237c483692a851caaa1aa5 |
| SHA512 | 7bbd7e50e96380a22d5d5470a8c30f915d1a925b0b8a1b5807c525fc82d78a9709b68556be59877bb15ca241f50f74533319bd40a70f0ab3d8d76337e4354534 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Clipboard.txt
| MD5 | 1934b51dd47a8344972e2a3753a58d0d |
| SHA1 | 79fc1d5da461864fd0890add9e73799363239e9f |
| SHA256 | 38581f86ad427276cd6b5470540838e2214ed02d6aade2b10e63bc322089c7be |
| SHA512 | fbe6f0cd5f6a410dd63205938874eb9a3330a1cd2b1a540f21c6914f1dbccabc39dd15450acc1d600519ef88a6189cb7152a4417186bcce74b900d921d57ae5e |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\SavedNetworks.txt
| MD5 | 7eb1c55aa293d67e258a46c8ab4777d6 |
| SHA1 | 86bb7b2e0ccb82e40dffc886a30703bcb0a2d90a |
| SHA256 | 08ef669f19e37f1b928d847b67801cb8832652c02cb4c2f68db45db75cb75ceb |
| SHA512 | 1d37afb04645663d4f7c0849b0ccd05cc9a162fc01e080c30cbc36eb8cdcadc883056c8780f481f4ef0bcf7abc24bfe30e626b2d5dcca592fff68064145c0d09 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\ScanningNetworks.txt
| MD5 | bddff19ba247f2b1b52a56190f680b6b |
| SHA1 | 13b39dd03aa537cabdb38f86acf0456a5eb4c46f |
| SHA256 | c84d1fc5e86561eea12adc39843df1b9c3e9a8980d940945de1599abf06d1392 |
| SHA512 | f1b80c01fb63fa49a9607073ce764a78585163900a3126d8a6f3860361a4522c21e8f475f2cba25d3ff25b97722efa2a5bb5ae6cc5b8f95d6e48841c3bdd03fc |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Process.txt
| MD5 | 52db513939c3035d548811175223c5f5 |
| SHA1 | 4262d0c13808f259be7edab205ffb3ca5277e171 |
| SHA256 | 79b2f1b61124d0b8dba48d978343f8e5b728ed6d3dfa4032b6ea7f2306a0081a |
| SHA512 | b43afc71b428fe24f7480809b71b9cc588ba6af6a8bbd90f6317e492e405ddc9f96cff4e6e9b0010798dfbe5ba8419b055fa1d7c6f45ad1894d122db5a7063a1 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Windows.txt
| MD5 | 12c3c100ea04998fa40c3b6bd439e0f9 |
| SHA1 | c5c73ef8af9ce45cd5d44e7a01ecf3295a93adcd |
| SHA256 | f6d84ec933c1d6149d086d5be38c73cd3e3fc87d50f3f690e0f82bb2d26eaddd |
| SHA512 | 5c6b5f9b4258c298ca2633ebeec773211a3f1f6f125d54c833ac0cc27cb41c0ccaef9515ee47d268e23f8214cc7f836f2d12e6780b071237776e45dd8e82e65e |
memory/1204-4732-0x0000000007B20000-0x0000000007E74000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | d8a61d19aa98ff1db70b54a5b878aa08 |
| SHA1 | 26d854bb5c8d6df7cd75ab4bbd6669946cb396ce |
| SHA256 | 4eab08d4052ae867cd52c3062b1afbc7da04456479f2b722aed6afb48513dfcc |
| SHA512 | ba39576edd8e9fd79402ae9c51e1233d5f7901d4c4552b7fa66c636005675fae7d7323f675a6bedf7638d536451bf2c28d69bb8c28a401d74e21183896a36602 |
C:\Users\Admin\AppData\Local\Temp\tmpF17F.tmp.dat
| MD5 | 8f5942354d3809f865f9767eddf51314 |
| SHA1 | 20be11c0d42fc0cef53931ea9152b55082d1a11e |
| SHA256 | 776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea |
| SHA512 | fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218 |
C:\Users\Admin\AppData\Local\Temp\tmpF182.tmp.dat
| MD5 | 05874a646cd4f6d254a495e4753d3fa1 |
| SHA1 | f6fe1004836879598f17c75ff9a13f130539a684 |
| SHA256 | 88e9e69200f173f8489e7a4eed972e24ce1484eb2af64ff6f324fb89fab1eeb8 |
| SHA512 | 4f031a6c41744151401cfd592b06416d120b38ac8b5e2437056a08259eecd44b36b5fd4f12e31d7ada5766df21b9dbc3b809c5f5f0ef51083668a9689b4c9b14 |
C:\Users\Admin\AppData\Local\Temp\tmpF198.tmp.dat
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Local\Temp\tmpF197.tmp.dat
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Temp\tmpF196.tmp.dat
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Debug.txt
| MD5 | 889daa8f84926c6ff294cde87edf3335 |
| SHA1 | 375d3605473b64eaa37b02e299fefbbb6e664904 |
| SHA256 | 1f18572cc3bbd51479684deab0e60eca2269f1b4ff4366712afd5f78acdf82ba |
| SHA512 | 966f0b6fad58fd39348286f1d8300b560bb0b0970c682c45e4712d39074ea32e5d0029591baf7e21a14ec60639f206409d59fa956c9fe128d0d0929a7fb5e26c |
C:\Users\Admin\AppData\Local\35bfebeff69857c48a1564c3b2aa03dd\Admin@SNFVGQLU_de-DE\System\Process.txt
| MD5 | 0a784d334da926df9441aa39208fbfca |
| SHA1 | 6e48ed6da37a3aa0ff72dad1369ce634e54d41fd |
| SHA256 | d0a4fcbb55ade698d8c578ac08fce65312b9b341ab2ae484ec3bed7c6a5b369e |
| SHA512 | b5a40595c34d8a00d9c4f7fb8a417a13ae977f2afbbd9bc34bcf1d590a22d8ffb44513b53e9a5704e47b0b22c30f4b7fdc9f8e81924f8bc61c9cd2286507347b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | cad0efa4a07cc953a6bce3e9a07389ff |
| SHA1 | 599cdf3f34fd3522dbd16670438944f91269f0e1 |
| SHA256 | 0e13975555d6c2dcbb81135f2f1aaf8244c57c65d277ca307df0353c38f1ee0d |
| SHA512 | 732f1875f213aba9941d2cf83986622d87c6147faf938504194e3a184d0977d935a51cf225cc69b17c9b84ae21b2996f48d2d77103e2f55892844018ebd32a12 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
| MD5 | 6cb25893f9b48bd03e4c13932f59565f |
| SHA1 | 5b4a1c56a707ed90780e13ef521e17918f11b814 |
| SHA256 | 2d513a7b4c972a8edb73d376cc8b790f3a463f5f9a330a5a6f8308950d542fa7 |
| SHA512 | 0ad2ef46aefbcbef4b9779ee18c7c0d275b892f0ef8e79b3cacc7a7d733538503ca6b73739234c0a1bd4ae08dcca09307fca8bbc8f55e2277ec6fa530448cdbd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\broadcast-listeners.json
| MD5 | feb2ebd93a9e2e9b9b86ccc9dc18b057 |
| SHA1 | 93df955d9d708000e9c13155dab2e6ad833b7053 |
| SHA256 | 2474ddc4c64887e7eebc5e39859ab20f024b959b1e261442fb9e9094169b100b |
| SHA512 | b6db93a1ccaa00910c22ea8a8a9fc0d76879da1d04c72e3362de9dcfb23c6e5f047598e5dda472a2323340149a72547818e28c991f17cd36f23fdb401e131527 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\AlternateServices.txt
| MD5 | f9853203f215b6761f5968a21d53a7a8 |
| SHA1 | 2fb22215b3b90a3fa1096645eb0847f26361b6c1 |
| SHA256 | 8906cf4e63adff4c4cfc413e23f7ca5c71c8a66bd26dc1a4397733f3dae65c9a |
| SHA512 | 87f20a8bea52b84336e34fc266a4d36051b271d1eb51c0d0737384c2f3eb5b9040ea62855e7e85742ec0e27a5dd6fb01bc06e8ffd7b0eaf012e8fc7ae9e0f160 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\extensions.json
| MD5 | 0a2079edfb0e9f6ad0af608bb7e6b29a |
| SHA1 | 31302ad27eb051055a6fc3410c0ac4e81569e429 |
| SHA256 | 561485e7677e693e682b5a54a63407b1b9419cf462d3a1c66cac16d51a540a03 |
| SHA512 | b50ed950dd0afdaaa28b840e23382e00743f84ee8b87bae8019e29a40a4778b5ee963fce906f3f93738699404ec31314d321ebb95bc8a20f27f6b84515e30de2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\targeting.snapshot.json
| MD5 | 26cb128dbc1facc697cb90baa2358cb0 |
| SHA1 | 27857107aa25434d29f5af793145b62be87767f3 |
| SHA256 | 6118139376123ec661104bc62c3844bcff1a527802fd0bda25b0925562dbbfdb |
| SHA512 | 564250f3555009339f2c0d493e2b0f5bf3b970b9d28ae8242d1475fd57ba73f08344d7b036ce73ac67f3854cf013d8fa5b1c1915985964981daf2e1b11cca3f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\xulstore.json
| MD5 | 1995825c748914809df775643764920f |
| SHA1 | 55c55d77bb712d2d831996344f0a1b3e0b7ff98a |
| SHA256 | 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776 |
| SHA512 | c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\recipe_attachment.json
| MD5 | be3d0f91b7957bbbf8a20859fd32d417 |
| SHA1 | fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10 |
| SHA256 | fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7 |
| SHA512 | 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json
| MD5 | bb45971231bd3501aba1cd07715e4c95 |
| SHA1 | ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a |
| SHA256 | 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d |
| SHA512 | 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_sports.json
| MD5 | ce4e75385300f9c03fdd52420e0f822f |
| SHA1 | 85c34648c253e4c88161d09dd1e25439b763628c |
| SHA256 | 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14 |
| SHA512 | d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json
| MD5 | 6ccd943214682ac8c4ec08b7ec6dbcbd |
| SHA1 | 18417647f7c76581d79b537a70bf64f614f60fa2 |
| SHA256 | ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b |
| SHA512 | e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_science.json
| MD5 | 7a8fd079bb1aeb4710a285ec909c62b9 |
| SHA1 | 8429335e5866c7c21d752a11f57f76399e5634b6 |
| SHA256 | 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32 |
| SHA512 | 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json
| MD5 | 2d69892acde24ad6383082243efa3d37 |
| SHA1 | d8edc1c15739e34232012bb255872991edb72bc7 |
| SHA256 | 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a |
| SHA512 | da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_real_estate.json
| MD5 | 9899942e9cd28bcb9bf5074800eae2d0 |
| SHA1 | 15e5071e5ed58001011652befc224aed06ee068f |
| SHA256 | efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a |
| SHA512 | 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_shopping.json
| MD5 | 97d4a0fd003e123df601b5fd205e97f8 |
| SHA1 | a802a515d04442b6bde60614e3d515d2983d4c00 |
| SHA256 | bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6 |
| SHA512 | 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_people_and_society.json
| MD5 | b1bd26cf5575ebb7ca511a05ea13fbd2 |
| SHA1 | e83d7f64b2884ea73357b4a15d25902517e51da8 |
| SHA256 | 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0 |
| SHA512 | edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json
| MD5 | 39b73a66581c5a481a64f4dedf5b4f5c |
| SHA1 | 90e4a0883bb3f050dba2fee218450390d46f35e2 |
| SHA256 | 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17 |
| SHA512 | cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json
| MD5 | 36689de6804ca5af92224681ee9ea137 |
| SHA1 | 729d590068e9c891939fc17921930630cd4938dd |
| SHA256 | e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52 |
| SHA512 | 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json
| MD5 | 5b26aca80818dd92509f6a9013c4c662 |
| SHA1 | 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f |
| SHA256 | dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671 |
| SHA512 | 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_online_communities.json
| MD5 | 37a74ab20e8447abd6ca918b6b39bb04 |
| SHA1 | b50986e6bb542f5eca8b805328be51eaa77e6c39 |
| SHA256 | 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f |
| SHA512 | 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json
| MD5 | df96946198f092c029fd6880e5e6c6ec |
| SHA1 | 9aee90b66b8f9656063f9476ff7b87d2d267dcda |
| SHA256 | df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996 |
| SHA512 | 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_games.json
| MD5 | 4182a69a05463f9c388527a7db4201de |
| SHA1 | 5a0044aed787086c0b79ff0f51368d78c36f76bc |
| SHA256 | 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85 |
| SHA512 | 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json
| MD5 | 0ed0473b23b5a9e7d1116e8d4d5ca567 |
| SHA1 | 4eb5e948ac28453c4b90607e223f9e7d901301c4 |
| SHA256 | eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b |
| SHA512 | 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_finance.json
| MD5 | e95c2d2fc654b87e77b0a8a37aaa7fcf |
| SHA1 | b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc |
| SHA256 | 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e |
| SHA512 | 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json
| MD5 | 6c651609d367b10d1b25ef4c5f2b3318 |
| SHA1 | 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4 |
| SHA256 | 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9 |
| SHA512 | 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_law_and_government.json
| MD5 | 80c49b0f2d195f702e5707ba632ae188 |
| SHA1 | e65161da245318d1f6fdc001e8b97b4fd0bc50e7 |
| SHA256 | 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63 |
| SHA512 | 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_health.json
| MD5 | 11711337d2acc6c6a10e2fb79ac90187 |
| SHA1 | 5583047c473c8045324519a4a432d06643de055d |
| SHA256 | 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565 |
| SHA512 | c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json
| MD5 | a92a0fffc831e6c20431b070a7d16d5a |
| SHA1 | da5bbe65f10e5385cbe09db3630ae636413b4e39 |
| SHA256 | 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c |
| SHA512 | 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json
| MD5 | 70ba02dedd216430894d29940fc627c2 |
| SHA1 | f0c9aa816c6b0e171525a984fd844d3a8cabd505 |
| SHA256 | 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34 |
| SHA512 | 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_reference.json
| MD5 | 567eaa19be0963b28b000826e8dd6c77 |
| SHA1 | 7e4524c36113bbbafee34e38367b919964649583 |
| SHA256 | 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49 |
| SHA512 | 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json
| MD5 | 250acc54f92176775d6bdd8412432d9f |
| SHA1 | a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65 |
| SHA256 | 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54 |
| SHA512 | a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json
| MD5 | c82700fcfcd9b5117176362d25f3e6f6 |
| SHA1 | a7ad40b40c7e8e5e11878f4702952a4014c5d22a |
| SHA256 | c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780 |
| SHA512 | d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\personality-provider\nb_model_build_attachment_travel.json
| MD5 | 48139e5ba1c595568f59fe880d6e4e83 |
| SHA1 | 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78 |
| SHA256 | 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa |
| SHA512 | 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\bookmarkbackups\bookmarks-2024-05-14_11_A4tBoSfkVRtzCVRaQeQBbQ==.jsonlz4
| MD5 | 7c86057a3cc6ee546c56f21c3de32b32 |
| SHA1 | 4c8dc7f17e3dd8c05d7de9db5bc88539f4f82c5d |
| SHA256 | ae991619cbc3424ce6f225e06bd236a185cf19c95e043931b4ba46ddea826cf1 |
| SHA512 | 4ec8b911495bd299cd453c3aeeb77c015484223170c95de9986bd6f1398864e54e0386d2138dc85dd0a54541016cfa5e280cb653837c68185c30cdc503252dce |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\3447
| MD5 | 9fe529245e0cfd37bd44ecdeeaa75bd9 |
| SHA1 | 29edf426dafa1b2fa90ad1543df2b1a9db3a730f |
| SHA256 | 45598334d81a395b4150f6a0ae3cd25e2beab34caaae2b305d14ca64f3284015 |
| SHA512 | c8667110a97d3ad1f794ceb02017aa518cf940db957448be0e8e9dd8fab0f25f2e9a545d646b9799f838e46fa6d79a762eac9056a96079aab309119d1725a767 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\497C378F9C037929440B4783004814EB6AFBC19A
| MD5 | 024ea34d201e7ab9b61cdb9dd20e8277 |
| SHA1 | 7a65c5fae525aa90baa9a1d027231a20a502607c |
| SHA256 | a4cbb023518f8553db743ed42bc12031f17be98d08c8e55c7c0e2c8c048b7f18 |
| SHA512 | 8b10871e53a865b01079c3306ff72bd862771d4182a5cafc5caee9bdcc56f725f2341d322dbdd8e78a34efc90090f921690f93ff6f702206b463821bf4f3154e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\18008
| MD5 | 61fa518f6eeb0e17c0997633ef198290 |
| SHA1 | 29e8ae54f2aac4714ce486e4dcf3ec28e0142649 |
| SHA256 | db74be43fcd02cecc9408ac1f25da8a37e3d7b46d2ca5ee4d8aca6b104726a00 |
| SHA512 | 0cfdf18975215eeb755087169314ea831467e766dc11174ee5943d61c6a2c5ac141b1fe44012e07688b6dca205d798a2d970103a1ad04cc8d8798ec4e06a6823 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\6976
| MD5 | 2e840f8e628df71fafa78c19ea8fb813 |
| SHA1 | 4c4b533aad6f62afbbd6bee8a30ee9168997da3b |
| SHA256 | 2daf1fb2a577da05336291b33ddf5190a6fb4f731422c89f04bf738350b2a085 |
| SHA512 | 2a61881a1349ed2eea14e51f6b5a7155d24173046d8ba9ddeb3c94cb0cb803cc12822fc3d78d06daf649ec26186b1147beba8b62076a39c879c5e2985dac992d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 566b5a9fef48563fe8c181c0ca4a9264 |
| SHA1 | b92e9daa4f65249db903873f863b0b20e6ac0756 |
| SHA256 | a969bca809122e147f66eb59a2bca68fbfa5c0729985753b1634b2cf2a409ef2 |
| SHA512 | acd4b2d94b313db9d4c5223f1b5fa54d3fac5e7294fc768f178a10eaf2e62e4b6c9335ff96aa3f0fc3bcbff1bd8c168c1c52d43c2b21171bb2a836a68a48ee24 |