Analysis Overview
SHA256
d8e0e4e4c6d3ee6e27ea515fe0bab1d9e9627d9fd603128cdacdd28fbcfd7b5f
Threat Level: Known bad
The file a77c54306bb0f7526d059b0a76cc4bb0_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Executes dropped EXE
Drops startup file
Reads user/profile data of web browsers
UPX packed file
Modifies file permissions
Loads dropped DLL
Deletes itself
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Sets desktop wallpaper using registry
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Runs ping.exe
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Modifies registry key
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 08:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 08:15
Reported
2024-05-18 08:21
Platform
win10v2004-20240508-en
Max time kernel
309s
Max time network
310s
Command Line
Signatures
Wannacry
Deletes shadow copies
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\rcxio.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDAAC0.tmp | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDAAD6.tmp | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\Program Files\vbciv\ble.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vicity = "c:\\Program Files\\vbciv\\ble.exe \"c:\\Program Files\\vbciv\\blean.dll\",Group" | \??\c:\Program Files\vbciv\ble.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bbnbuexzwbcz676 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\l: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\m: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\h: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\g: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\i: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\j: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\o: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\q: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\r: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\u: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\e: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\x: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\b: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\k: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\p: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\s: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\w: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\y: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\z: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\a: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\t: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\v: | \??\c:\Program Files\vbciv\ble.exe | N/A |
| File opened (read-only) | \??\n: | \??\c:\Program Files\vbciv\ble.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | \??\c:\Program Files\vbciv\ble.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Public\Desktop\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Program Files\vbciv | C:\Users\Admin\AppData\Local\Temp\rcxio.exe | N/A |
| File created | \??\c:\Program Files\vbciv\blean.dll | C:\Users\Admin\AppData\Local\Temp\rcxio.exe | N/A |
| File created | \??\c:\Program Files\vbciv\ble.exe | C:\Users\Admin\AppData\Local\Temp\rcxio.exe | N/A |
| File opened for modification | \??\c:\Program Files\vbciv\ble.exe | C:\Users\Admin\AppData\Local\Temp\rcxio.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | \??\c:\Program Files\vbciv\ble.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\c:\Program Files\vbciv\ble.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604937885330688" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\WannaCry-main.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a77c54306bb0f7526d059b0a76cc4bb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a77c54306bb0f7526d059b0a76cc4bb0_NeikiAnalytics.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c ping 127.0.0.1 -n 2&C:\Users\Admin\AppData\Local\Temp\\rcxio.exe "C:\Users\Admin\AppData\Local\Temp\a77c54306bb0f7526d059b0a76cc4bb0_NeikiAnalytics.exe"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Users\Admin\AppData\Local\Temp\rcxio.exe
C:\Users\Admin\AppData\Local\Temp\\rcxio.exe "C:\Users\Admin\AppData\Local\Temp\a77c54306bb0f7526d059b0a76cc4bb0_NeikiAnalytics.exe"
\??\c:\Program Files\vbciv\ble.exe
"c:\Program Files\vbciv\ble.exe" "c:\Program Files\vbciv\blean.dll",Group C:\Users\Admin\AppData\Local\Temp\rcxio.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8413fab58,0x7ff8413fab68,0x7ff8413fab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4260 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.0.786867642\1830448149" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64ba5248-7f70-4ed5-a6a8-b52f1796e172} 744 "\\.\pipe\gecko-crash-server-pipe.744" 1852 251e2b10858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.1.1216041831\1941794166" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85147050-85cb-4da2-afb6-2beaa75de8d3} 744 "\\.\pipe\gecko-crash-server-pipe.744" 2420 251ce785f58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.2.186497301\1544801421" -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 2704 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eeebda8-d8f6-4e5d-bbed-26968bea3829} 744 "\\.\pipe\gecko-crash-server-pipe.744" 2708 251e52d5e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.3.755299947\416672635" -childID 2 -isForBrowser -prefsHandle 4264 -prefMapHandle 4260 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b128eea5-0617-4c1c-adee-c156e81fff6c} 744 "\\.\pipe\gecko-crash-server-pipe.744" 4276 251e7a82058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.4.1415945255\822722150" -childID 3 -isForBrowser -prefsHandle 5068 -prefMapHandle 2648 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a231e96-eddb-44a0-926e-86ad1e201d88} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5008 251ea13ab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.5.167065297\2141429365" -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91300c97-636b-4010-892e-8743025a45b9} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5164 251ea13b458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.6.2050976187\643859025" -childID 5 -isForBrowser -prefsHandle 5452 -prefMapHandle 5448 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0e87748-079b-4a72-bb66-e74483a377c6} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5460 251ea13cc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.7.164192426\1160708578" -parentBuildID 20230214051806 -prefsHandle 5732 -prefMapHandle 5972 -prefsLen 27776 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b23e6ee6-97af-462d-a175-9a13cf719923} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5984 251e325f658 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.8.452445191\441237300" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5976 -prefMapHandle 5928 -prefsLen 27776 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79a0170f-5e38-4946-8edf-bb2a939e79a9} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5720 251eb551958 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.9.1887060246\1916730903" -childID 6 -isForBrowser -prefsHandle 5976 -prefMapHandle 5404 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a25040fc-c6ba-461c-93d0-934afa550580} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5392 251eb876958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.10.1452559968\1292012105" -childID 7 -isForBrowser -prefsHandle 6408 -prefMapHandle 6396 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aec6750f-4a93-42ed-8e27-063dc562649f} 744 "\\.\pipe\gecko-crash-server-pipe.744" 6436 251ebca3d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.11.428281574\548669350" -childID 8 -isForBrowser -prefsHandle 5148 -prefMapHandle 5468 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5441055b-0ce3-416c-a3f6-b754a99994dd} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5352 251eb40fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.12.617842999\1724356081" -childID 9 -isForBrowser -prefsHandle 10520 -prefMapHandle 4516 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb3e8cdd-446c-42f6-85ea-9493d8ccfe9b} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5380 251eb410758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.13.1620143101\1467737733" -childID 10 -isForBrowser -prefsHandle 6164 -prefMapHandle 6176 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {936477d9-6530-457f-bfb6-bd8625125508} 744 "\\.\pipe\gecko-crash-server-pipe.744" 5044 251e7565e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.14.1399797116\1950541407" -childID 11 -isForBrowser -prefsHandle 5720 -prefMapHandle 6148 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8432374a-9d10-4c0e-bd6f-5dfc15cbf5ad} 744 "\\.\pipe\gecko-crash-server-pipe.744" 8276 251e7588e58 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1928,i,13002773837385435221,7982457756739733027,131072 /prefetch:2
C:\Users\Admin\Desktop\WannaCry.EXE
"C:\Users\Admin\Desktop\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 314921716020323.bat
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Public\Desktop\@[email protected]
"C:\Users\Public\Desktop\@[email protected]"
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bbnbuexzwbcz676" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bbnbuexzwbcz676" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.15.881769286\2006596769" -childID 12 -isForBrowser -prefsHandle 8196 -prefMapHandle 8172 -prefsLen 31350 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b564a253-a37a-4b1c-b400-83e25f6446ce} 744 "\\.\pipe\gecko-crash-server-pipe.744" 7216 251efdc3b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.16.1578256505\21903257" -childID 13 -isForBrowser -prefsHandle 7420 -prefMapHandle 7404 -prefsLen 31350 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cac2ed1b-4bfe-4b23-9ceb-f346a83d2742} 744 "\\.\pipe\gecko-crash-server-pipe.744" 7448 251e2b79858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="744.17.635227301\1782861185" -childID 14 -isForBrowser -prefsHandle 5404 -prefMapHandle 7408 -prefsLen 31350 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86a77f1b-d0d0-4b40-86b9-2166b81b88e0} 744 "\\.\pipe\gecko-crash-server-pipe.744" 7580 251ce741858 tab
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 107.163.241.185:16300 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 107.163.241.193:6520 | tcp | |
| US | 107.163.241.186:12354 | tcp | |
| US | 107.163.241.186:12354 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| US | 107.163.241.186:12354 | tcp | |
| US | 107.163.241.193:6520 | tcp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 107.163.241.193:6520 | tcp | |
| N/A | 127.0.0.1:60615 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 54.188.201.143:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:60622 | tcp | |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 143.201.188.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:80 | bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:80 | bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.194:80 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | www.start.gg | udp |
| US | 8.8.8.8:53 | www.takelessons.com | udp |
| US | 8.8.8.8:53 | a-0003.a-msedge.net | udp |
| US | 8.8.8.8:53 | a-0016.a-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| NL | 23.62.61.194:80 | r.bing.com | tcp |
| US | 8.8.8.8:53 | a-0003.a-msedge.net | udp |
| US | 8.8.8.8:53 | a-0016.a-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | www.onenote.com | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sway.office.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | sway.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | sway.com | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | dual-spov-0006.spov-msedge.net | udp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | LHR-efz.ms-acdc.office.com | udp |
| US | 8.8.8.8:53 | dual-spov-0006.spov-msedge.net | udp |
| US | 8.8.8.8:53 | LHR-efz.ms-acdc.office.com | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| NL | 23.62.61.194:80 | r.bing.com | tcp |
| NL | 23.62.61.194:80 | r.bing.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| SE | 2.21.96.66:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| NL | 23.62.61.194:80 | e86303.dsca.akamaiedge.net | tcp |
| NL | 23.62.61.194:80 | e86303.dsca.akamaiedge.net | tcp |
| NL | 23.62.61.194:80 | e86303.dsca.akamaiedge.net | tcp |
| NL | 23.62.61.194:80 | e86303.dsca.akamaiedge.net | tcp |
| NL | 23.62.61.194:80 | e86303.dsca.akamaiedge.net | tcp |
| NL | 23.62.61.194:80 | e86303.dsca.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| NL | 23.62.61.194:80 | e86303.dsca.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | platform.bing.com | udp |
| US | 204.79.197.237:80 | platform.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | 66.96.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.14:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 8.8.8.8:53 | help.bing.microsoft.com | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | waws-prod-blu-447-b731.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| NL | 23.62.61.194:443 | e86303.dsca.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | waws-prod-blu-447-b731.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| NL | 23.62.61.194:443 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 104.18.33.89:80 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.97:80 | th.bing.com | tcp |
| NL | 23.62.61.97:80 | th.bing.com | tcp |
| NL | 23.62.61.97:80 | th.bing.com | tcp |
| NL | 23.62.61.97:80 | th.bing.com | tcp |
| NL | 23.62.61.97:80 | th.bing.com | tcp |
| NL | 23.62.61.97:80 | th.bing.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 689797810b07d05b067be659e06ac258.clo.footprintdns.com | udp |
| ZA | 20.87.44.201:80 | 689797810b07d05b067be659e06ac258.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | udp |
| ZA | 20.87.44.201:80 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | browserdefaults.microsoft.com | udp |
| US | 8.8.8.8:53 | waws-prod-sn1-021.southcentralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | waws-prod-sn1-021.southcentralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 6a383b54c4e3df11234e25ddbe2c2480.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | bea2a9b3d242be5acfd77d0b1dc13b53.clo.footprintdns.com | udp |
| ZA | 20.87.44.201:80 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | tcp |
| ZA | 20.87.44.201:80 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 204.79.197.222:80 | fp.msedge.net | tcp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 107.163.241.193:6520 | tcp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| ZA | 20.87.44.201:80 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | 689797810b07d05b067be659e06ac258.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | udp |
| ZA | 20.87.44.201:80 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | 689797810b07d05b067be659e06ac258.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| ZA | 20.87.44.201:80 | 689797810b07d05b067be659e06ac258.clo.footprintdns.com | tcp |
| ZA | 20.87.44.201:80 | 689797810b07d05b067be659e06ac258.clo.footprintdns.com | tcp |
| US | 107.163.241.193:6520 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:63259 | tcp | |
| DE | 178.254.20.134:443 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| DE | 178.254.20.134:443 | tcp | |
| NO | 185.11.180.67:9001 | tcp | |
| US | 8.8.8.8:53 | 134.20.254.178.in-addr.arpa | udp |
| FR | 212.47.237.95:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| US | 107.163.241.193:6520 | tcp | |
| FR | 185.13.38.75:9001 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| US | 135.148.27.19:443 | tcp | |
| US | 8.8.8.8:53 | 19.27.148.135.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 107.163.241.193:6520 | tcp | |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.194:443 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 689797810b07d05b067be659e06ac258.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | 6a383b54c4e3df11234e25ddbe2c2480.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | bea2a9b3d242be5acfd77d0b1dc13b53.clo.footprintdns.com | udp |
| ZA | 20.87.44.201:80 | 689797810b07d05b067be659e06ac258.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | jnb21prdapp02-canary-opaph.southafricanorth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.97:80 | th.bing.com | tcp |
| NL | 23.62.61.194:80 | th.bing.com | tcp |
| NL | 23.62.61.194:80 | th.bing.com | tcp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 104.18.33.89:80 | www.bing.com.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 107.163.241.193:6520 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 107.163.241.193:6520 | tcp | |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | www.blockchain.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 104.17.11.85:443 | www.blockchain.com | tcp |
| US | 8.8.8.8:53 | www.blockchain.com | udp |
| US | 8.8.8.8:53 | www.blockchain.com | udp |
| US | 8.8.8.8:53 | coinzillatag.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 172.67.206.14:443 | coinzillatag.com | tcp |
| US | 8.8.8.8:53 | coinzillatag.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | coinzillatag.com | udp |
| US | 172.67.206.14:443 | coinzillatag.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | 85.11.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.206.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ws.blockchain.info | udp |
| US | 8.8.8.8:53 | api.blockchain.info | udp |
| US | 8.8.8.8:53 | ws.blockchain.info | udp |
| US | 104.16.237.243:443 | ws.blockchain.info | tcp |
| US | 104.16.237.243:443 | ws.blockchain.info | tcp |
| US | 104.16.237.243:443 | ws.blockchain.info | tcp |
| US | 104.16.237.243:443 | ws.blockchain.info | tcp |
| US | 104.16.237.243:443 | ws.blockchain.info | tcp |
| US | 8.8.8.8:53 | api.blockchain.info | udp |
| US | 8.8.8.8:53 | ws.blockchain.info | udp |
| US | 8.8.8.8:53 | api.blockchain.info | udp |
| US | 104.16.237.243:443 | api.blockchain.info | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 243.237.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | request-global.czilladx.com | udp |
| DE | 142.93.100.104:443 | request-global.czilladx.com | tcp |
| US | 8.8.8.8:53 | request-global.czilladx.com | udp |
| US | 8.8.8.8:53 | request-global.czilladx.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.100.93.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.15.177.108.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blockchain.com | udp |
| US | 104.16.237.243:443 | api.blockchain.info | tcp |
| US | 8.8.8.8:53 | ws.blockchain.info | udp |
| US | 8.8.8.8:53 | dogeblocks.com | udp |
| US | 172.67.175.103:443 | dogeblocks.com | tcp |
| US | 8.8.8.8:53 | dogeblocks.com | udp |
| US | 8.8.8.8:53 | dogeblocks.com | udp |
| US | 172.67.175.103:443 | dogeblocks.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | changenow.io | udp |
| US | 8.8.8.8:53 | guarda.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 172.67.29.58:443 | changenow.io | tcp |
| US | 172.67.29.58:443 | changenow.io | tcp |
| US | 172.67.29.58:443 | changenow.io | tcp |
| US | 172.67.29.58:443 | changenow.io | tcp |
| US | 172.67.29.58:443 | changenow.io | tcp |
| US | 8.8.8.8:53 | changenow.io | udp |
| US | 8.8.8.8:53 | guarda.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | changenow.io | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | guarda.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| US | 104.22.61.169:443 | guarda.com | tcp |
| US | 104.22.61.169:443 | guarda.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 103.175.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.61.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.29.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| US | 107.163.241.193:6520 | tcp |
Files
memory/3168-0-0x0000000000400000-0x000000000044E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rcxio.exe
| MD5 | d9021f4ae0f732e8b212fa5b9df08118 |
| SHA1 | 303f1e77b9669afb408be69cdb6c9bad62bc4383 |
| SHA256 | 12035ad3018f36a323c7d024231da253a9c35f8ea345d301d6f666406d1a88e0 |
| SHA512 | 1b2cf364fc719df3dd226af2e3065fbdaa6736fd25f124f7f97127d7c54d68727a8b5df068ae1c630e1c8a5ed7f5f1b2afc913366fada7eda47f7531b7194d9c |
C:\Program Files\vbciv\ble.exe
| MD5 | 889b99c52a60dd49227c5e485a016679 |
| SHA1 | 8fa889e456aa646a4d0a4349977430ce5fa5e2d7 |
| SHA256 | 6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910 |
| SHA512 | 08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641 |
\??\c:\Program Files\vbciv\blean.dll
| MD5 | c4e74086331fce4cd36ba46de2f2e964 |
| SHA1 | 551fa017a47ef872ed3998a7b89022511185b23c |
| SHA256 | 917bc9fdf9fb773a46f423f247d951deea2a059b7e8e7bae7cc6b25e7f319910 |
| SHA512 | 07e138a13f8ef5a333aeac14b8ea4d8f9878b5c50c5df0c6d2bad0ef5d6572b92a48f66b419372464e38633178a389259ea0bfba14cfa455ce7f0d18e500e6f9 |
memory/4060-13-0x0000000010000000-0x0000000010038000-memory.dmp
memory/3196-14-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-15-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-16-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-26-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-25-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-24-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-23-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-22-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-21-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/3196-20-0x000001BBD4FF0000-0x000001BBD4FF1000-memory.dmp
memory/4060-27-0x0000000010000000-0x0000000010038000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 91c6831982326bc3cd47245fabf6a6b8 |
| SHA1 | 632dc42545a0becc3dddb08ba73267242a85c080 |
| SHA256 | 4084c955d9ee4907745e5de962383328c3280e15d437867088d735c6af9d7856 |
| SHA512 | 82f48309b62630f0c20b2b5985e2f0adb389f08ff28094bfc4ac80798358fd86f4605617a155297c98404eb2f6e95fb91e0eee7667b65c6883f0227da512062a |
\??\pipe\crashpad_4032_JUDQOUMQPFBKCWQZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4d98f54e89546facb3a310db98ece330 |
| SHA1 | 99d0f8683b513edfec680a28a0d7c0103c9f7ebd |
| SHA256 | 188356ed458ca415d482211e697074090af14867c7cd5c86d5b77e31bbcf9911 |
| SHA512 | f3f4c7b574101a40b42ed12bb40114c5aba9cbdfb9335eb2633ec3219d27076a66038dee1df5f1d6c175dcef320da0d986b264a39a03bbe3e77e8bd82faac9cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8df7c8880efa4be1712e8e11c138b8de |
| SHA1 | 5bbdd82456a813dfc75bf60e85d6a378eb805453 |
| SHA256 | f2df0cf9b2da5b150828573bbf5a82f1cc855614fda50627aa6881cb80ebd7f3 |
| SHA512 | 6edada64cefcefbd420a445f7ec8da1c07ebfcc6bf683766ff5c8ad5c63e0da2363ecb6d79ac223fb0f6faa2b99574ffbb04f6b754fde846f82499e5e54b0428 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0bd2fc89004cb6a9526e9c19486f2736 |
| SHA1 | a1a1010147e091c3053df9c83a468071dc68c77c |
| SHA256 | d8456f79094f9f12dcd1f0a2ea888bf87948d8f84505e0775f12fbd1ad03d495 |
| SHA512 | 31595a016d15ef9c6e8ae3b58341513adb4a023592f26d875d4cc5c49448b0853166855a70d9ad850a84fd07d8c7da1466ead08dd6881488b6618c43e1bb0353 |
memory/2232-91-0x0000015B93300000-0x0000015B93301000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/2232-92-0x0000015B93300000-0x0000015B93301000-memory.dmp
memory/2232-90-0x0000015B93300000-0x0000015B93301000-memory.dmp
memory/2232-102-0x0000015B93300000-0x0000015B93301000-memory.dmp
memory/2232-101-0x0000015B93300000-0x0000015B93301000-memory.dmp
memory/2232-100-0x0000015B93300000-0x0000015B93301000-memory.dmp
memory/2232-99-0x0000015B93300000-0x0000015B93301000-memory.dmp
memory/2232-98-0x0000015B93300000-0x0000015B93301000-memory.dmp
memory/2232-97-0x0000015B93300000-0x0000015B93301000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 072573adbb8a1b9fe32d90f200912bbc |
| SHA1 | 39a3afe3df5111b121bbd69230b05e1780a718e7 |
| SHA256 | fa5bb5d070221f514abd2be8552c7319528c244deda262bee74d1c6ca39e80fd |
| SHA512 | e8fead324f13402027a598cddc76cb4aca24ff726dd3097476de9e3398cb9a865f26a55fd384116995521f30f15acec309a1d346eb49a6c760c86793bfb9a4eb |
memory/4060-113-0x0000000010000000-0x0000000010038000-memory.dmp
memory/4060-121-0x0000000010000000-0x0000000010038000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 4a1ddfb168d6a5e177e672744dc5b6d3 |
| SHA1 | 33c5ddbb99c531c5716ab08a3f1c337f052e13ef |
| SHA256 | 82c396bcf098654aaaf191ace59fb8f66e348ee4822435bc252d300bb97389c1 |
| SHA512 | 2793abca0ff7e0ee181d2dc9377e5955a4bff4506aa7adccd5ee6acc7d77d4ca8e44fe9bd2b256ff9ef66c1f8b910d7e96019303f78097f45565f7a8b7d6430d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581c5d.TMP
| MD5 | b9a330f32a06c58c384f59b2d0644e76 |
| SHA1 | 3e6c34b0daf739da711602c1cfb8af7a9bdb9dfe |
| SHA256 | 60c1e7938b9b41894e1a77f3f47901bb5ee2c615bc0f656c1017b25818494e2f |
| SHA512 | f4a5d47862cf4c5f0c82e9cfbfe6cb9016c4ea5d17503db211ac9f5258e2a1a77bd6f21a643cbd75baa1787c61dd58043c051051cea190d744209b64d358fb02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1edfce2614c77990d252042a13937f4c |
| SHA1 | ac947c959c9816b1c8cd6d6a4a64adc70dfc443d |
| SHA256 | cae8548edef0795c6c2fbbc2f153e4279454fd771432e9dc09c01f7cb7d013e9 |
| SHA512 | a976be1b8b00f4357e2e39158868678e13ac60c47ea268de9b5fcfefb5bdeeb24b6111e8d2cc02fdc7a264d8817cc33b404e02b65202e6e1599838c80d9ab3da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6ec6f141f7679fc26dc70192b05fb5d3 |
| SHA1 | d6c6a8a595a8e0e289818ed354792d0ea3a8d84f |
| SHA256 | da282af0755f4fdd117113e9764cb280a9b3f0d507640a8c69b50f595854b429 |
| SHA512 | aef59623688736af2fa363cf838097de7f0e20f7b7ef35c7ba55d8518bc2642ae59568f614cd1bb2cf54a2fff5d14b6156900ad2d3676471afc5e5318c6a067f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0d7ae4346b9485fd7a5cb3034457cc0e |
| SHA1 | 519c5b6a86d5e3ad8b9cb47b452c2a65a9ea2f84 |
| SHA256 | 95b96630a3be00aa6bcafcba2e1d6256cacae9cf98c5ab9a1671bfe67242f5b6 |
| SHA512 | 412c5b8f536044e18926174d5ab1d503bc9bc748917807e1c0c423d2860e2ecd154f7d715107bea50434a6ceb07bde433fd1f386de0864954c14382369cedb28 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
| MD5 | 935284649539d7db9b404b1af2606835 |
| SHA1 | 5d1007e018c4523038062eab27ff7fbe6c3d4243 |
| SHA256 | 4dd5d7b67754fdc49969c57c044580949974092d36deaf7dcb9ec5c492edbe42 |
| SHA512 | 41e7a19e240fb13e5b699c94df1f1b1ac9e0d4b18fe6763573ad951d77537d71b8647f3adc3c544397d3354f9ef91c7fc06e9040575f61f652f3be66459b917b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
| MD5 | 4377eb27b683e95baf498e3b9b3af441 |
| SHA1 | ee9f9103bf1b1109c9e026ace6ca5449ab1cfec4 |
| SHA256 | d1439c407ed8136a996ba630b5b73b35ff07e4533fbce2f36a7f6dfea681c73a |
| SHA512 | 348c40d6946f4dbe08053e88ebe42a96ac1af08a67a73f01ac9f731092febbd987273671a6d894066b22545a7f5131d9c36142ef7b69c6ba169bb1c6bdf39ec3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 22ea5064ff008b1b06497e00afb6829c |
| SHA1 | 201971ef61f49e7f29d405b1ca2913b52b8bc6c0 |
| SHA256 | dd3523cd973f29116405238571cb5ea36244b7955394fa6919e40452adb3501a |
| SHA512 | fa8804df4dd3b173374af9e250f134158cdd23b7ddc3834440325309653ee161df68299ea52e0bf3532315971bf4c234322b2cb3452f170c615c94f011aa723c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9432152afc669309afd6d41b660332e6 |
| SHA1 | fc948b32ec4b486cf8bea89ab9cddfa33be6d65a |
| SHA256 | f3b31422b2596431bf79bc4b474c61c42ac46f7873ef4a3cdda0e572c55de77c |
| SHA512 | 186ad8df306aa6c9ce3bd6d8f5f9d350e9dd730425660a90ba53eea5936b36b19af402c06cdcaee4c0a6677bf9f923053d8aa2a96af6e07293ff655441e706cb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\80BB96996C8133B0FE5E0D6E5EA21B26135E8EA2
| MD5 | ea605223f0c607f12052799be2ff402b |
| SHA1 | 5868125e3b489543e104b271bdaa2fce298dcaf7 |
| SHA256 | bc959c5b4e902231628d034b558bc807c1a9645e4cd9017ad92d8de54cdf97c0 |
| SHA512 | 2bbc3fa97c07ab0dff494d4b58040b152d9866b67a629e2626fe9bdac0c19f1f5fe0dd5fe25ba89115a00f3f7ea08ea5f3a3e5e9c7968e7c7d43546217b99a8e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\5AE6D89F9E02E65CE57A707F37A56F985F9BE4BA
| MD5 | e913a2bb525699190ffe4f0457517413 |
| SHA1 | 4ac21f046fcab44cf6f8801934726c4469007fba |
| SHA256 | 84a56b1b77f27e13900f02fea70da9a8f041147688358ddab4550ec30dc87c82 |
| SHA512 | 98b169a63f69923a19ab2d573281854ab232ed4dc25595553051715da1a4f239902d302fd25bff189326eddcaa6f0f656f5a8e9df025f9e57eef8f6e5e173eb9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\1F4EE80161108BE95F29EBD42E65216A6DE85E3D
| MD5 | 87e294ec432cd549a987b4f4fc70274b |
| SHA1 | 1bc3cf90c86bc887efdf71b916bba913da34bc33 |
| SHA256 | 0e9268543e88015bde8bd245b2fa6eb552a566afd6ef99c2dbb1e68fd9b7037b |
| SHA512 | 53cb2eb170e5184a4264c45d5b2402114f5feb6847a434ba6f418d85d0f5d52a51ab1d16965acbfd14c06f39d30790bf957ea07aa79feb33b226a2aacc9a7895 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4
| MD5 | 69795b4bddbecbf5cc6b801517bf1717 |
| SHA1 | 47027371799fdca91c3ec8097ccc92319187cfd7 |
| SHA256 | 91b03dc5799360280e6fa0b35ec407b104a2153c91b0c5ecf162ceed6c00e88b |
| SHA512 | f1be191a4750682cb4fddfe8c6a10d028d913cf4f68719bfbf1c7d44f8c4423cd575b50dcb0cd5456a666a49c517661f512dc2806bfd145e56eed543893b6d5c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6
| MD5 | 7d08ae388218f416e77ea01ef029a20e |
| SHA1 | 71d1dd09865969a3325b689c07e7c7c114906d09 |
| SHA256 | 161f420a96d3c9fe632b457f123fd00dbdd480ce80691969d393d0238fac8472 |
| SHA512 | b3ca806f7c6c69bab3f6f3a80fad8728bc77b28f60f01a6f2298f8cf05f163638b615cffe55bb4dcade94aab765c8fc661f3b2dd449a3f8cf4f31fcdcf49f4b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\7B4DDC5C54C22B453905BE2C11FB661712C71DD0
| MD5 | c661c4eb996a46606897781b93489974 |
| SHA1 | 5c4f9169105471460787700ee759cc29fe125ab0 |
| SHA256 | 9e09ad43522ca8a86ae51ef68b51e3dbab38cd76f0bbec2142d5ba83b1c54937 |
| SHA512 | 0b3f681dbe76f8c534a69ba28eeace3c3f51a6b083caf3b0c41bd512c1ebffa18e82c2f092d2cb49f1cda3f032e446341808616abf79f81504341d6ebcaeaa2e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 354b57590a2f098a25275f463fbaaecb |
| SHA1 | 99f3ed5a876bfbe56dcfc3d05798c7f3b3e0d7f1 |
| SHA256 | a27be116c975bff9c451d86613b846ff3d1c9f30c7968790f22d6629c624f983 |
| SHA512 | 04006944eb2a31ccf5cdb9c51a9c9c581be63754b6a6f25d212429a78d17eb55e04b0cdb0e88629436b12472064038afd6e3f82389c46882e9188eb1a3c1b2cb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
| MD5 | 5d8d58f1b1860e786b4995f4d60599a0 |
| SHA1 | af927c1c1de8f53dea9470ad766809896043345f |
| SHA256 | f47773548434297da1a56f6eba5354cf222750bcefbe9feedba262b43d470aa0 |
| SHA512 | d5390aace921461cc37561c7bcb7a4189ba84ca80d74e41e6db27568ba9faeebf1e3fd96b3ae54e1f9afcf4ca8e6f84fd3759fca90418bd55301fc2f0a2dbf35 |
C:\Users\Admin\Downloads\WannaCry-main.YEWctOEA.zip.part
| MD5 | 3c7861d067e5409eae5c08fd28a5bea2 |
| SHA1 | 44e4b61278544a6a7b8094a0615d3339a8e75259 |
| SHA256 | 07ecdced8cf2436c0bc886ee1e49ee4b8880a228aa173220103f35c535305635 |
| SHA512 | c2968e30212707acf8a146b25bb29c9f5d779792df88582b03431a0034dc82599f58d61fc9494324cc06873e5943f8c29bffd0272ca682d13c0bb10482d79fc5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b61ae983ec1a8a0b6d709333b88ec82b |
| SHA1 | e8f1fdf71fe40a9b51fecbcccf25a6c811c9823e |
| SHA256 | 0f50e4e59abc684c042c9c041e015206734fcfabba10e3a7754f3d99dc639a3c |
| SHA512 | adec455e2109d84dc9376baed44b2e9e7d213eb6b411c4f263f4b7a76eb31379bf6345ca6549cc923f5a29ef3ac4450b2c5b32a0651a1937304cc15d1158ac8c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e0b1b8eb8db365735d0eb55daa230661 |
| SHA1 | 6950bfa04a0544bcc6bef8de04ea6ab8be9fcbf2 |
| SHA256 | de491b2af7aff92fca1e1dec55458eea6363a088ffb03b200f3ab4183770dbdc |
| SHA512 | 93104f7dcf0c125cced2c06226aff003bb41f3a9d9f4336f8514e7fab1c5ae5b1f455e10c7d40e760bdb6bc7ecf23334b8b95530b8e80e78e3812e6f462dd316 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
| MD5 | 15b35a1dbc187eaa78cd25f5e043e8db |
| SHA1 | dc857866181faadb4672c36f3c20ea2f7dbc743b |
| SHA256 | 7b94b8880c2359baf48c0df59508a4035f8f042ba4e9bdf26305c2103a7f39d1 |
| SHA512 | bba01c273b6d72b86fa238dcf2d27739324fb494a19bb4d1d4bb765c130c41d12b438ff579efafb28b6c1325b3366ca3056bbc75b62e84b0829ca44046340b63 |
C:\Users\Admin\Desktop\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/5512-1319-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Desktop\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Desktop\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\Desktop\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\Desktop\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\Desktop\s.wnry
| MD5 | ad4c9de7c8c40813f200ba1c2fa33083 |
| SHA1 | d1af27518d455d432b62d73c6a1497d032f6120e |
| SHA256 | e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b |
| SHA512 | 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617 |
C:\Users\Admin\Desktop\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\Desktop\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
C:\Users\Admin\Desktop\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\Desktop\msg\m_swedish.wnry
| MD5 | c7a19984eb9f37198652eaf2fd1ee25c |
| SHA1 | 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae |
| SHA256 | 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4 |
| SHA512 | 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020 |
C:\Users\Admin\Desktop\msg\m_spanish.wnry
| MD5 | 8d61648d34cba8ae9d1e2a219019add1 |
| SHA1 | 2091e42fc17a0cc2f235650f7aad87abf8ba22c2 |
| SHA256 | 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1 |
| SHA512 | 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079 |
C:\Users\Admin\Desktop\msg\m_slovak.wnry
| MD5 | c911aba4ab1da6c28cf86338ab2ab6cc |
| SHA1 | fee0fd58b8efe76077620d8abc7500dbfef7c5b0 |
| SHA256 | e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729 |
| SHA512 | 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a |
C:\Users\Admin\Desktop\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\Desktop\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\Desktop\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\Desktop\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\Desktop\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\Desktop\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\Desktop\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\Desktop\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\Desktop\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\Desktop\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\Desktop\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\Desktop\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\Desktop\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\Desktop\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\Desktop\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\Desktop\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\Desktop\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\Desktop\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\Desktop\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\Desktop\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\Desktop\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\Desktop\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\Desktop\c.wnry
| MD5 | 8124a611153cd3aceb85a7ac58eaa25d |
| SHA1 | c1d5cd8774261d810dca9b6a8e478d01cd4995d6 |
| SHA256 | 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e |
| SHA512 | b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17 |
C:\Users\Admin\Desktop\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Desktop\314921716020323.bat
| MD5 | 571157c22380fdc8591a9cd21837d664 |
| SHA1 | 688b93b39bd24bcafa42df39b4dedc12185be833 |
| SHA256 | 039e45ed9d82f2695b8dd277dfbf2457a1e3272b17b27978c8dd1d45dc7a40ec |
| SHA512 | 383c0232e31b4af9ea169b2fdbc4112a4065062845314e9c0f09a7a29e7a778dc57e23d54fec5824713b46b51e613446fa3bdc635d9f708d99854f59863020f0 |
C:\Users\Admin\Desktop\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cert9.db
| MD5 | 3b326415f64f1f50fa20cc893132b7dd |
| SHA1 | f6cce03b45654a11d814ee3980a6a2b4ad632f80 |
| SHA256 | 35f051ee7fb845fac4a717efedc7b3a38bdeb2b1e41b98a06d0a6544758390d1 |
| SHA512 | 232e667710231d1bb866088d9c35445a6aeb96691471373e3cd94ab5e3d287d8dd85c7f71056927970333281b2f205a30f538a3e28bfb88bbc17435e99e9ae91 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
| MD5 | b2a68958c85537df4e9b1bca201ddb34 |
| SHA1 | c73e8ced87027105dfeae2f4da43625513632f23 |
| SHA256 | 9848395cc60e273dcbbbf1323a99040b2d496402239c21945f3aff4d2daf9e07 |
| SHA512 | d291c836235bcad9bd9481c3a61178be0f9188ae5735b3881ddcdc5295ba2731cbf7c68f9d8ef303366a0e816531d06fc647b446d0cabba9a5d33702b57cbfe4 |
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/6520-2736-0x0000000073460000-0x00000000734E2000-memory.dmp
memory/6520-2735-0x0000000073240000-0x000000007345C000-memory.dmp
memory/6520-2737-0x00000000734F0000-0x0000000073512000-memory.dmp
memory/6520-2738-0x0000000000CF0000-0x0000000000FEE000-memory.dmp
memory/6520-2734-0x00000000735C0000-0x0000000073642000-memory.dmp
memory/6520-2744-0x0000000000CF0000-0x0000000000FEE000-memory.dmp
memory/6520-2749-0x0000000073460000-0x00000000734E2000-memory.dmp
memory/6520-2750-0x0000000073240000-0x000000007345C000-memory.dmp
memory/6520-2748-0x00000000734F0000-0x0000000073512000-memory.dmp
memory/6520-2747-0x0000000073520000-0x000000007353C000-memory.dmp
memory/6520-2746-0x0000000073540000-0x00000000735B7000-memory.dmp
memory/6520-2745-0x00000000735C0000-0x0000000073642000-memory.dmp
memory/6952-2751-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
memory/6952-2752-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
memory/6952-2753-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
memory/6952-2755-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
memory/6952-2760-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
memory/6952-2759-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
memory/6952-2758-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
memory/6952-2757-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
memory/6952-2756-0x00000193F62C0000-0x00000193F62C1000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 60fe520a5e050d1239b82474b47771c5 |
| SHA1 | e0466a592e16d48f9bb850521f2f549aff235c6f |
| SHA256 | 8b8c777b7b3ba378a55841c3018c7f6020eed938260c7cb35394c366b510ce95 |
| SHA512 | c4ef9788ab31e1e4495f2a5e8fef44b944b7fc0b2a1af4bb7555d02729de4a5c74a41dc6104f8a743c2fa05e6773b03428c250a2f44ce072819ed5f1bea742d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f87f92110ca2531eb0220333e5996e19 |
| SHA1 | b8ede6e840fcf159cb1f3f8b7c8434194afa8c7e |
| SHA256 | c5f980525bb9e8398e54b67aa1d601f160f9887adfefc4f6eabf5d92280ee955 |
| SHA512 | 01920200b09fad4c71d9002549f6e5ab5a3811072053998b768ff81da2638da9ca535d49f36dbe11c36459647a231718605edd16dcffa6dd612e675970ba0b14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c56219d69ac4a536f9d5b1be10069f4 |
| SHA1 | c70cf7728ac76006e3fde9fc85cbf30f481e17b2 |
| SHA256 | 777b4c7a039703f12b68596defe2c5b151261819d572f003be1db0d7a3a44ccc |
| SHA512 | 6144ad58caa1ddc2989aaa7e5f318717c581a534852cc021308496b99bbe996dfe2d3391383fad25b521c83383542e82b5b27f55b43d3f329fe4eb10af13d1da |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\2647
| MD5 | ad6c7a62c346a5c09ec27c2a6ec62dd7 |
| SHA1 | 88c6fd3b6e4a5a820b097d194d4e8bee5be26205 |
| SHA256 | ca63b769ee0f163cf8d460510f6467bceb75ee413cf512f590ff67b5af3409be |
| SHA512 | 1ee71221552e7b6cd62a32928700caacc7c2c98889012a4825188acfbf7b417c8b2023d05ea3f4ce1d9b91efca6a832782a1b9e7397ca058338a955e513852b5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\4C7B6F2CAD8B3C17C2BFE488FBEA72FE061AE34B
| MD5 | 18a5a61d732db464c71d69397c769d1c |
| SHA1 | 8034f10491ceddab7fbac3e3eac2395f8ac4bb3f |
| SHA256 | 35ea4f799acbb5534304cd8e8fddc33999ef5ebd864b16b6cdce9aa1ba5a7943 |
| SHA512 | 16ddb16a966449ba02f8d2d9990e06f99514464047d9f7a0a87c216212ce6bbafc67339e7ea549b516c7308673f6d98cf3e49076f337ac92ebc857b781270402 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\9190
| MD5 | 843a2763b4bb4a11973bb99b080a8639 |
| SHA1 | 99d30b002e4afe453a2fcb10e28eca2f78bc7626 |
| SHA256 | 37cc7b0f6eec2b16a083ddc941ebb4bfe45b562b8b13a6964a0ad63340f25d55 |
| SHA512 | d5a8435ca72fe2eeadca900f35f959403f9d48653bc48787bfdb14d2ec4bfca28ed757b5b0f02b12bc08a8363239455b09d2cfda77d99a362eeffbb8cde699f8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\19099
| MD5 | 7f415c9a2f7261c3071a45d8545583e1 |
| SHA1 | 1a65238ef2de2a3f287d2acd563b53287baad6fc |
| SHA256 | e96720358c313a858eb6610a2158c026d592e2f6cfe297a39fbb87bf24a02993 |
| SHA512 | 56b66a0e588f525d9398e2b1e9f046189d5e1784cf673cb0f91213e27439a0097dc2855aa67561da1dedcde6bb95be33009efa13770ed53879a30ce64fec9083 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\25630
| MD5 | 0f6ec7b8a1bda52e23e9f18e29cf0bb3 |
| SHA1 | 456d1b36d29effcd7e582d7d2606eeb4c8e7fcbd |
| SHA256 | aea6b6ab946d57c80218224273a0a7eca90d95d97942ac75bc8935263411bf75 |
| SHA512 | a5f5e33c7500d7c258854bb958fb8f5ef6489dd3c3570779176c7fe88bd3999c131864b97abb0d839346de287701c19928b836e744b06a220b13268acfec47c9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\20267
| MD5 | 4d064215ba7c509d62e7fafce1bfd008 |
| SHA1 | 988b15fad692d54b3836c6be706d26d7727a41fc |
| SHA256 | f38a0c0093d0487bc5e6d281aa6b348069e4422784159fb9471714f2ab85cc48 |
| SHA512 | 2c9b7659cb674ac825cbfbfd2620a83a793ed53e4c7f160e6f782d2ce3bd8eaa3ebcc21f28a07dce793ecd5572d526d2f63aa87efc3e620df3d9f39975dee552 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\19323
| MD5 | 9c8ee372853529b02ad584a2870b197d |
| SHA1 | 265f74dd3bf15fea393c91a579676b1083e8ba0d |
| SHA256 | a40ccd5b1779138fd1131036c0439f16e2f770870dad4e6ef1d4c35953a35807 |
| SHA512 | a2c0d9c304a4cc9e7a6e2bbbc8f0bd9be0c746681961472396e3b52c3bb982ccb617f7424eb234230a3116276dc846d17dcc783d8f4e342c6d5be533c3134d70 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\9526
| MD5 | 88c8ef678b091e082fa71fbf7c6af737 |
| SHA1 | e9b71e42ea49aae5546f3d3c62e4e822fb54ab47 |
| SHA256 | a1c1f82b5c3bd2e2b7f5074cc54b0cf808390210133b7493887c348cfb682f97 |
| SHA512 | 6604b5f1633102e2f8391fc1e4e78efe04023ead94110f477e9dd195d76812697571025f827fe67062e9ead9dd8edadedc3bde47ea07fd1b050619062bc80713 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\16394
| MD5 | f9ffae5ae7ccdb25f14125f2ca7aef4f |
| SHA1 | 1c89350689e7bc3da831d6aec203739d97ef3840 |
| SHA256 | 7a8586567ae849a3338d973eef69fe53fa7b198880eae23f549bbf6c65ec4172 |
| SHA512 | a0499a6d7d16a40fec5bf1ccad8bbc27e5f8a787e6aba9d45fc841daf09a0f7a281a75dea231ea442b988732f3cd0624332526b48a4bb9344a8a6e120f107413 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\43AF6A0B96B65E9C285379BBE64C9DF77572921F
| MD5 | ed12e1fa8472289037c2b5fc8f9200d7 |
| SHA1 | 27875a2bad6fcf81a764220fc66173d0077cab18 |
| SHA256 | 9217114cdaedd77e404900009f1a455f70e1505b0a4520537e9c6f942088a90a |
| SHA512 | a71d8ded9e87a51d6ae01be73fd8cec191680ddb8e258fb5e76646f5427522ec80d7fee15b7f2b0ad72075186a883100afee281b9acd86f216f5426cebbb7812 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\F10A066E60C8543AFA8BA7F20B10CF4387AD5E94
| MD5 | 093e1c6775cc39b42c1e2c6f912bba2e |
| SHA1 | 0a6fd4b16b1de96e915099f4b65fcf16b9f4a8cd |
| SHA256 | c79baa81031463b1bc158d5ddc31779b804091faf7efeea5f99c83d81c1520ee |
| SHA512 | 030db35369ae0b94ea678c97cc30663a0f3a05a629a4ecc663f54322146eea9a4f5ea857b6737e53e41363eef4fcefeadbe98c9ac8c5bd44d7067bb66aa059c7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\16728119574E5FA95CEA25E9D82C52D010DBF71B
| MD5 | 20de82914e2a405f252ad55fded4ae24 |
| SHA1 | 084a392ad3ea362e8cf1dba850c90e8930865c37 |
| SHA256 | d9e28dfca5b5915fb7685eb62c151d33a7fa0cddb48c42bfcbbd3a9c81f19ef4 |
| SHA512 | 1bfa1553683f9105519ab0549b394e1664dce6cbdaab546771e85066ea4938a6765d492ae5b6847359e826f5d2aae833eec815635e173cdc6975eec2b68656b1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\64734067DA3FCAD3A190A95377C1AC95EC2B62AF
| MD5 | 639e165ac1755d113cfcd20ab61b6ad7 |
| SHA1 | 4a02c8c5fb99a9f03b49227127ea92c1db2414dc |
| SHA256 | 7d874dc6726670c79473847c48d49f0db2651a876921873a552209f2f003b92d |
| SHA512 | f4b5de0816c708f68ca2684dda03e4c6c9d099469e6940d3f9b126c5269a5a160575636ce52d04b006f320c29ec31dd887a534828d83fe6ff886227330155d3d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\6546A3E3122659FBEF720E1E0FB8BBF278C1A182
| MD5 | 4615175b0a8f437b32179d9978a7d90e |
| SHA1 | 2b445b043102e7bb710a3e5d2311bdd9f84a11a4 |
| SHA256 | 3d3ee11eeca7a68d09ae5fdf6a26b1b16d326cb2b64e4602a2b442b6b151bf55 |
| SHA512 | 01f765a4fac82a121935d730d44847b350c21679a1148f1e22eb2da9bad5dbc430df09c509cb20eed172c44b650b6bce353ce6d52b66239f2670563a01821b45 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\5C6562685FA6323BD8D7D70C068D472A131393B3
| MD5 | 7978ed794550d0c1774db0fc9d8b077c |
| SHA1 | 347e929d804dae4e32e888b2d291c9a8684538b8 |
| SHA256 | a8fdc96ad1ddafe85b4860562deee2b878bb0c802213551dce9b11777fa71a7f |
| SHA512 | 87f9e1f9e1d2c7ab8a9778bb467c63f8d1e9c6f449039748e9ce45c49d4cfe83a957c783858f2be710d9a5efba5b4c97ce7de8cc7183ce1f62a165d5c592c30f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\7990
| MD5 | d9402877dc3f1705b85d0e3a6e47afc1 |
| SHA1 | 68953b63e0b854fe58587c8fed5dd306848fb79f |
| SHA256 | c2149b00994117243eb584295b4219472e551678e4a263a1452dc9dd10bc0d76 |
| SHA512 | 9a3e3a3f82719f42ae9c8bb1d9400808836a0bdb8a7d25b5f287583421f76ef555880442c9560d79d59f6243dc1079b3898f3d49af42600639e12ec8ab9afdfd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\560CD1634F1DAEE31F3A7869660292279CCCEFF6
| MD5 | 40c9133e5ebe62e1182a9b522be06a1c |
| SHA1 | 34e2a5e591274cd66be17603b220db551e87b1e4 |
| SHA256 | ce05248f449cc66f939072b2fb9263bdd0549740527ae25be20083675e3b1cd8 |
| SHA512 | 86b957c62f1100bb6961bc8be65f1590815bad4ae7a102e011915a976c8981ef9b8ebe91478ea22ce321e36578f68ddcfa1698bea61a0b0ca64e3f73a1853ec0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\F7D099507A8A54552FB331F6AB8EC100F0F7E596
| MD5 | 2bf9c2d9f55ace1d354a77a00b31479d |
| SHA1 | ca69bf7006229a92e8ff11d39c033516cadd7b67 |
| SHA256 | fa76c0114560d3aae75cbcaac6d4c998b24774e4df604959168109433f8adae7 |
| SHA512 | af72cc4728aaca0675befb05b6415f3529e937a775c730c98245b459680722f23ce1b777ea964556de5162b8b5a68f46905cd9ffb316b04c19f34db09d56640e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\483C26C5EB9CBA8F8DC58D68D0146414CBD8B1DF
| MD5 | f03a51a6fc6b87e842b19a29a0e87739 |
| SHA1 | 71927c0ad3d1dc8811fa9a25eca3eab07a333b9e |
| SHA256 | 30e899b50aff88acb579f025a3dbd4e5fd190a22e9f680a06e0abebf68a2b7c9 |
| SHA512 | f014931611f454afe899d0cdddc4c79d544506b976685524ccc1810f8a145c04911560c9dbe3e3f01b9a0d986056b731565c9e11f0ac26e5f0fc9633fda1e6d1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\8C882D7BC348B8BA3B613F6E985ECD964F8370DC
| MD5 | cadf47ec653c974c4c177e48bd2a695d |
| SHA1 | ad575e3c8d712aa19adcffe67eec203301355080 |
| SHA256 | 9a830b9f8b7b4df42080d34efc6ef19364d8e62767bebbb3200424aaca289402 |
| SHA512 | 06244b5c5a24446457406dee970bf72cc7b591ac988a7bb18b79184b1c55cf18023f06d695dbb338279b5054aa889f499fc2789f837dbbc82c6411264254840d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 60ee599ce190761510e8a61b6bf0fe8e |
| SHA1 | e06165f66881ff795d4b952affb39d9967319088 |
| SHA256 | c6f57425150b371269c2263a3a001655163f2236c483eae078e1747e8c509390 |
| SHA512 | 409723812dac8b14a6c15ad30203078f0faad57009244bcaf7fe0cbf52f06fb2ec3b2a4b67cfe880aeeace55b1a0a376bede2eb72ebeba4c191efd622f8feb9a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8630544785b9a7c8137ff62725a0af3d |
| SHA1 | 0aa6302f3ef3884a10d8841c74ed115020d66a64 |
| SHA256 | 8fe7614270f7bac342a01e25f377a3762d55b3d7cbeeaa8058d130d5343ba0a9 |
| SHA512 | a1ac9f9268cc52dcdca89655149a46e02812814ad68a3c4347105e511967fa6e86c40658f4cf4ad38eff6bee5b352c5715ab6f9b298e7ce6622703bb8057537b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
| MD5 | 31e80908b2509a7e226a4450dcbe8e58 |
| SHA1 | 332e4ed62a84960d663c42adf3bf5c7f745cffb0 |
| SHA256 | 0d67df156a18ef29807be1a8678761340aa76d8267d52eb52c6325e9e16d6441 |
| SHA512 | c83580c80af9a9fa0985825ebf875d7ef8b1768f1c273852c8abd954386c6760afbbc02465a79b8829fe0eec82524995560026ec95727911204a6c2d42e5d709 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
| MD5 | 6ccddeaff7576cf2a4e64c6697aac88a |
| SHA1 | 388e3788ee1109e2ccb5fd04f1d88c92c43e1034 |
| SHA256 | 9a885fa7201287dfd661ff164e46ca0ef797c811c1ce3c4059f7da63c7f72ed4 |
| SHA512 | 1361b99beabf8023b6c35c0f0e45823e1729fcf043f0778e7a3eff17c72dce117269a611ef3429ac4a807a93f57f27e4f30d00817e2da5cdc0dd050a89226e6e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3b0ca11bb038ff531b9e07643d3f6b96 |
| SHA1 | 272d2b61f32ca5447d43b8cacc74ed1dfe8e91ed |
| SHA256 | 2ee2566d6acef59ad656874e3550d329261ad00cbafc9290dcaf474e59a60a79 |
| SHA512 | 8ad9097d8c5a70fb28cf1d58a30e96e98aa8221e4b15afec94f71cf7d5c4f34e69e8d19910ea4f9761368a66b35f646a97aff7a3fc5f501d317c441fcf40e879 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\31800
| MD5 | 01ccdcbff79b246abdfbb705cfdab553 |
| SHA1 | 84472d50c28c6cfcbd299ff57e12f62437b90f82 |
| SHA256 | 294f02d3c654374254c18e36b0824ea5f332ff5acffaf1d30fd8befd2f65d47a |
| SHA512 | 8ebf99f2bc9e909973a120118b7469c73fcf0ebc2f1b3f80c280f9a6308972788d3e872a76d08c93e8ca8011a1a2d6c9b977cf0c25b8ad68a551a5f134688284 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e8c70bddf90ff1f3b793ebe054c718a1 |
| SHA1 | 95d11876591c0de3589a58b1dea1d885a8f54e7d |
| SHA256 | 4c90950f377942e2f0a24877fd543390693f59f399075bcc3227b6437c873a32 |
| SHA512 | ce1e975bb0f74f8a545a94d0822393dc050a281813397f24480ab8160e6116d41c1918670791ca9aa81ab08ccc5801a88a6b7d69ba0a617a846fa0c94400f687 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore.jsonlz4
| MD5 | 8acda0722c8080696898457332a63ec0 |
| SHA1 | cb17a1f7d875214dcb7d557a5f09cfd23b83fb81 |
| SHA256 | c99dabd649fb3fc953a331032d1dadba2e94fbfeaf74a47af12bb927bcbe0b4b |
| SHA512 | c0fba642a1669720c50e4fbf2d3e0a0d1aef4d34fbb2e6e54d0ab80b9a6aec092a825d7f6ab2f344d678e3f31fe29fbc02913d4bc23fa3d7f34c7decf85c6c32 |