Analysis Overview
SHA256
627a4e8bc4bb16278a5fa87da31dabab6bdb73d09c6644a50f54b9430829099c
Threat Level: Known bad
The file Temp Mail v3.46 (Adfree).apk was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Reads user/profile data of web browsers
Identifies Wine through registry keys
Themida packer
Drops startup file
Executes dropped EXE
UPX packed file
Loads dropped DLL
Checks installed software on the system
Adds Run key to start application
Declares services with permission to bind to the system
Requests dangerous framework permissions
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
NSIS installer
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Runs net.exe
Modifies registry class
Checks processor information in registry
Modifies system certificate store
NTFS ADS
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 16:15
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by autofill services to bind with the system. Allows apps to autofill information in forms. | android.permission.BIND_AUTOFILL_SERVICE | N/A | N/A |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 16:15
Reported
2024-06-15 16:31
Platform
win7-20240611-en
Max time kernel
418s
Max time network
413s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "\"C:\\Users\\Admin\\AppData\\Roaming\\Security Essentials 2011\\SE2010.exe\" /hide" | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGON.exe | C:\Users\Admin\Downloads\pack\DeriaLock.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| N/A | N/A | C:\Program Files (x86)\rhcr5nj0erk5\rhcr5nj0erk5.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\Heptoxide.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\FakeAdwCleaner.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\DeriaLock.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Wine | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Run\updatesst = "\"C:\\Users\\Admin\\AppData\\Roaming\\Security Essentials 2011\\SE2010.exe\"" | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Run\Paladin Antivirus = "\"C:\\Program Files (x86)\\Paladin Antivirus\\pav.exe\" -noscan" | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SMrhcr5nj0erk5 = "C:\\Program Files (x86)\\rhcr5nj0erk5\\rhcr5nj0erk5.exe" | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Run\AdwCleaner = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto" | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\msvcp71.dll | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\msvcr71.dll | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\license.txt | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\database.dat | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\MFC71.dll | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\MFC71ENU.DLL | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\rhcr5nj0erk5.exe.local | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\Uninstall.exe | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
| File created | C:\Program Files (x86)\Paladin Antivirus\splash.mp3 | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| File created | C:\Program Files (x86)\Paladin Antivirus\virus.mp3 | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| File created | C:\Program Files (x86)\rhcr5nj0erk5\rhcr5nj0erk5.exe | C:\Users\Admin\Downloads\pack\[email protected] | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\rhcr5nj0erk5\rhcr5nj0erk5.exe |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Use FormSuggest = "Yes" | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000f8dbb9b9cb02efae9bc641da1c81bec96fd0e9f93acf85e51c334c2ec2f4a5e9000000000e8000000002000020000000d036454f29c62564bd671497395127da80926246a725db16c0275a3f71e2c8f020000000e044af508581e39772b51e84e27295ce2cceaf169fe2d73376ae524efcd508d44000000077e655752f305f4b4fc4287a65f7f37e7f97f4ede12532bccb78a0378e972b135da3811ddd7bc72ced596ed9c096d9787477a497c78d25d8435b644df3616399 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000073b5a6be1cab2b8c5b88b0b4617aa6dec210f8f99e5464f7c7497aa9c5ecd1cb000000000e800000000200002000000062215ef4b10b7be2db3289ebd96b37874158b5d6b204e72ead89d9715845db5b90000000b9cdc4e64b0b3c0d13a1496cadac7b4aa0798105abce18047202a99bca5ca7d7fa4cc46c437c51759f952776424a4649d071baa7f8b871cf15386cad9a154b9c0b7c53b1f0e96dea99c2881ac3492c8f454b489201cf03a013434afae4a562c816661250dab5fe7fe5e3895f22233641bd3e12dc30daf59d1c59d3f5278225d6b1ba6856449a0b8c6c841b785c1268a0400000008b3a5073b6f2a4050d30405a6c6288e9f53f90a79a3770dc0b4e8dbf65cbcdd443035130ff5116e934db1b07ae1d10b3919d86f303679491844a9a438a8150d9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8BAE6291-2B34-11EF-BDE5-DEDD52EED8E0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{905C3331-2B34-11EF-BDE5-DEDD52EED8E0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ = "SecurityEssentials2011.DocHostUIHandler" | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\SECURI~1\\SE2010.exe" | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SE2010.DocHostUIHandler | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID\ = "SE2010.DocHostUIHandler" | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32\ = "C:\\Users\\Admin\\Downloads\\pack\\SecurityEssentials2011.exe" | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SecurityEssentials2011.DocHostUIHandler\Clsid | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SE2010.DocHostUIHandler\Clsid\ = "{3F2BBC05-40DF-11D2-9455-00104BC936FF}" | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32 | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SecurityEssentials2011.DocHostUIHandler | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32 | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SE2010.DocHostUIHandler\Clsid | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ = "Implements DocHostUIHandler" | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SecurityEssentials2011.DocHostUIHandler\ = "Implements DocHostUIHandler" | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SecurityEssentials2011.DocHostUIHandler\Clsid\ = "{3F2BBC05-40DF-11D2-9455-00104BC936FF}" | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ = "Implements DocHostUIHandler" | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SE2010.DocHostUIHandler\ = "Implements DocHostUIHandler" | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d461d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67080b00000001000000140000005500530045005200540072007500730074000000140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d8090000000100000016000000301406082b0601050507030306082b060105050703080f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\pack.7z:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\mofcomp.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\pack\DeriaLock.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Temp Mail v3.46 (Adfree).apk"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Temp Mail v3.46 (Adfree).apk
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.0.2110921181\25012205" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20734 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbca9e01-7047-4dcf-aa3f-1246df10a0ab} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 1288 121d6158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.1.607606076\24414166" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 20815 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ace74e-99f4-471b-8858-9e93ca42b045} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 1492 e72e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.2.632257003\2130888937" -childID 1 -isForBrowser -prefsHandle 2056 -prefMapHandle 2072 -prefsLen 20853 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d8aef9a-0430-4e33-82ce-3c3fe3b82ca2} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 2044 12159958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.3.712196296\1697828261" -childID 2 -isForBrowser -prefsHandle 584 -prefMapHandle 1652 -prefsLen 26103 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c2ace67-6659-47b5-a06f-71b4219f1fcf} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 828 e71658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.4.2103562677\869081784" -childID 3 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 26103 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e978451-1d43-44fc-9732-8315bd7838c7} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 2928 1bbe2558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.5.16644133\1401619490" -childID 4 -isForBrowser -prefsHandle 908 -prefMapHandle 3956 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4684eae1-a327-4a1e-b630-4e8e51fda55d} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 4068 e30e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.6.1688861630\724951056" -childID 5 -isForBrowser -prefsHandle 1124 -prefMapHandle 1128 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba0d73e9-621c-47e4-9b7c-e0e081ca04c3} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 1732 14854d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.7.1008853078\188880375" -childID 6 -isForBrowser -prefsHandle 4220 -prefMapHandle 4224 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fcf2c73-80db-4b26-9d8a-421b0fc8434d} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 4208 18943a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.8.93694958\277111127" -childID 7 -isForBrowser -prefsHandle 4516 -prefMapHandle 4528 -prefsLen 26372 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a7bf07-c9f9-4485-bf5d-685bbf539ccf} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 4596 2283c558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.9.1920967655\155268737" -childID 8 -isForBrowser -prefsHandle 3972 -prefMapHandle 3948 -prefsLen 26372 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {784aad83-714c-4dcc-a8a2-35eb3e50289b} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 4160 2321d058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.10.1550015672\672983742" -childID 9 -isForBrowser -prefsHandle 4808 -prefMapHandle 4160 -prefsLen 26372 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69d29d18-cef5-427d-a282-3782e572e58e} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 1740 2321c458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.11.1347917080\447665869" -childID 10 -isForBrowser -prefsHandle 8532 -prefMapHandle 8536 -prefsLen 26372 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf5e8df8-edfd-4fc1-a37b-ddab74002d94} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 8516 22113b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.12.1281546685\101495126" -childID 11 -isForBrowser -prefsHandle 8408 -prefMapHandle 8404 -prefsLen 26372 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97cd7c80-c9cd-42b9-9b86-933b91953be1} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 8420 22130d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.13.47503959\1247765628" -childID 12 -isForBrowser -prefsHandle 2808 -prefMapHandle 2488 -prefsLen 26372 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10766435-e0b4-46b9-9abb-32cc7c4dbdaf} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 2812 209d0458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2656.14.561557582\1833312337" -childID 13 -isForBrowser -prefsHandle 8348 -prefMapHandle 8352 -prefsLen 26372 -prefMapSize 233414 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f4c175c-dced-4fc2-bff2-25594f699a28} 2656 "\\.\pipe\gecko-crash-server-pipe.2656" 8324 209d0758 tab
C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\pack\" -spe -an -ai#7zMap16617:68:7zEvent8657
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x230
C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe
"C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe"
C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe
"C:\Users\Admin\AppData\Roaming\Security Essentials 2011\SE2010.exe" DELC:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe
C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe
"C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe"
C:\Windows\SysWOW64\net.exe
net stop wscsvc
C:\Windows\SysWOW64\net.exe
net stop winmgmt /y
C:\Windows\SysWOW64\net.exe
net start winmgmt
C:\Windows\SysWOW64\net.exe
net start wscsvc
C:\Windows\SysWOW64\Wbem\mofcomp.exe
mofcomp C:\Users\Admin\AppData\Local\Temp\4otjesjty.mof
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop winmgmt /y
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start wscsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start winmgmt
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop wscsvc
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\pack\Note!.txt
C:\Users\Admin\Downloads\pack\[email protected]
"C:\Users\Admin\Downloads\pack\[email protected]"
C:\Windows\SysWOW64\wscript.exe
wscript //B C:\Users\Admin\AppData\Local\Temp\pin.vbs "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008" "Antivirus XP 2008.lnk"
C:\Windows\SysWOW64\wscript.exe
wscript //B C:\Users\Admin\AppData\Local\Temp\pin.vbs "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008" "Register Antivirus XP 2008.lnk"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c odjg.bat "C:\Users\Admin\Downloads\pack\[email protected]"
C:\Program Files (x86)\rhcr5nj0erk5\rhcr5nj0erk5.exe
"C:\Program Files (x86)\rhcr5nj0erk5\rhcr5nj0erk5.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 252
C:\Users\Admin\Downloads\pack\Heptoxide.exe
"C:\Users\Admin\Downloads\pack\Heptoxide.exe"
C:\Users\Admin\Downloads\pack\FakeAdwCleaner.exe
"C:\Users\Admin\Downloads\pack\FakeAdwCleaner.exe"
C:\Users\Admin\AppData\Local\6AdwCleaner.exe
"C:\Users\Admin\AppData\Local\6AdwCleaner.exe"
C:\Users\Admin\Downloads\pack\DeriaLock.exe
"C:\Users\Admin\Downloads\pack\DeriaLock.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\pack\AntivirusPlatinum.exe.deria
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 2_files\10a013708f5887bf05a3544c4a764fba.svg
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://se-2011-payment.com/buy/?code=00000008
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1492 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49211 | tcp | |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 52.33.96.36:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:49218 | tcp | |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:80 | bing.com | tcp |
| US | 13.107.21.200:80 | bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| BE | 23.41.178.99:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| BE | 23.41.178.99:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 23.41.178.99:80 | www.bing.com | tcp |
| BE | 23.41.178.129:443 | r.bing.com | tcp |
| BE | 23.41.178.129:443 | r.bing.com | tcp |
| BE | 23.41.178.129:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| BE | 23.41.178.129:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | www.takelessons.com | udp |
| US | 8.8.8.8:53 | www.start.gg | udp |
| BE | 23.41.178.99:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | a-0003.a-msedge.net | udp |
| US | 8.8.8.8:53 | a-0016.a-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | a-0003.a-msedge.net | udp |
| US | 8.8.8.8:53 | a-0016.a-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | www.onenote.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | sway.office.com | udp |
| US | 8.8.8.8:53 | microsoft365.com | udp |
| US | 8.8.8.8:53 | outlook.com | udp |
| US | 8.8.8.8:53 | sway.com | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | sway.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | dual-spov-0006.spov-msedge.net | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| US | 8.8.8.8:53 | outlook.live.com | udp |
| US | 8.8.8.8:53 | LHR-efz.ms-acdc.office.com | udp |
| US | 8.8.8.8:53 | dual-spov-0006.spov-msedge.net | udp |
| US | 8.8.8.8:53 | calendar.live.com | udp |
| BE | 23.41.178.99:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | LHR-efz.ms-acdc.office.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 2.18.27.86:443 | assets.msn.com | tcp |
| BE | 23.41.178.120:80 | a4.bing.com | tcp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| BE | 23.41.178.120:80 | a4.bing.com | tcp |
| BE | 23.41.178.120:80 | a4.bing.com | tcp |
| BE | 23.41.178.120:80 | a4.bing.com | tcp |
| BE | 23.41.178.120:80 | a4.bing.com | tcp |
| BE | 23.41.178.120:80 | a4.bing.com | tcp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| BE | 23.41.178.99:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e28578.d.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 104.18.33.89:80 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | platform.bing.com | udp |
| US | 204.79.197.237:80 | platform.bing.com | tcp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| BE | 23.41.178.99:443 | www.bing.com | tcp |
| BE | 23.41.178.99:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 8.8.8.8:53 | help.bing.microsoft.com | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | waws-prod-blu-447-b731.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | waws-prod-blu-447-b731.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 23.41.178.99:80 | www.bing.com | tcp |
| BE | 23.41.178.32:80 | th.bing.com | tcp |
| BE | 23.41.178.32:80 | th.bing.com | tcp |
| BE | 23.41.178.32:80 | th.bing.com | tcp |
| BE | 23.41.178.32:80 | th.bing.com | tcp |
| BE | 23.41.178.32:80 | th.bing.com | tcp |
| BE | 23.41.178.32:80 | th.bing.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| BE | 23.41.178.99:80 | www.bing.com | tcp |
| BE | 23.41.178.120:80 | th.bing.com | tcp |
| BE | 23.41.178.120:80 | th.bing.com | tcp |
| US | 8.8.8.8:53 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | udp |
| AE | 20.74.236.255:80 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | dxb20prdapp02-canary-opaph.uaenorth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | dxb20prdapp02-canary-opaph.uaenorth.cloudapp.azure.com | udp |
| AE | 20.74.236.255:80 | dxb20prdapp02-canary-opaph.uaenorth.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | 4c871826c37d6bd74b884e30ec6ce4e4.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 204.79.197.222:80 | a-0019.standard.a-msedge.net | tcp |
| US | 8.8.8.8:53 | a-0019.standard.a-msedge.net | udp |
| US | 8.8.8.8:53 | 587a233d4bec46873e9a4687394faf1a.clo.footprintdns.com | udp |
| US | 204.79.197.222:80 | 587a233d4bec46873e9a4687394faf1a.clo.footprintdns.com | tcp |
| AE | 20.74.236.255:80 | dxb20prdapp02-canary-opaph.uaenorth.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | browserdefaults.microsoft.com | udp |
| US | 8.8.8.8:53 | waws-prod-sn1-021.southcentralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | waws-prod-sn1-021.southcentralus.cloudapp.azure.com | udp |
| AE | 20.74.236.255:80 | dxb20prdapp02-canary-opaph.uaenorth.cloudapp.azure.com | tcp |
| US | 204.79.197.222:80 | fp.msedge.net | tcp |
| BE | 23.41.178.99:443 | www.bing.com | tcp |
| BE | 23.41.178.99:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | udp |
| AE | 20.74.236.255:80 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | dxb20prdapp02-canary-opaph.uaenorth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | dxb20prdapp02-canary-opaph.uaenorth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | udp |
| AE | 20.74.236.255:80 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| AE | 20.74.236.255:80 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| AE | 20.74.236.255:80 | cefcfe639eee154cbbf86043ff585a0e.clo.footprintdns.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 173.194.37.104:80 | tcp | |
| US | 173.194.37.104:80 | tcp | |
| US | 8.8.8.8:53 | nokizoomer.com | udp |
| US | 173.194.37.104:80 | tcp | |
| US | 8.8.8.8:53 | libraryonlinesecure.cn | udp |
| US | 8.8.8.8:53 | scanerborn.cn | udp |
| US | 173.194.37.104:80 | tcp | |
| US | 8.8.8.8:53 | www.vikingwebscanner.com | udp |
| US | 8.8.8.8:53 | arizonacode.bplaced.net | udp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| US | 173.194.37.104:80 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 173.194.37.104:80 | tcp | |
| US | 8.8.8.8:53 | se-2011-payment.com | udp |
| US | 173.194.37.104:80 | tcp | |
| US | 173.194.37.104:80 | tcp | |
| US | 173.194.37.104:80 | tcp | |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\datareporting\glean\pending_pings\d194c511-f46a-49b8-aa66-7b49739ed32f
| MD5 | 0072c7d23c4bfb18e57a08a5bbd07c16 |
| SHA1 | 9467c21942e84850eb49d80cb97ea1083278a7c7 |
| SHA256 | 5fdca4a54719f40a2e4957e734733215b06ba4f6d0586d2778564c9937c598d0 |
| SHA512 | 7e5d107a969a349cb4fab58099efa320899503c43dcb3156366efe6b68e9baf0d02c95b77e56261af1f3c5885c6daade29cfa578ad462a205e88797e33b19970 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\datareporting\glean\pending_pings\142c1b00-debb-4682-9965-f0ebfbe83b9d
| MD5 | d49f8db62413887ff40c50badda94877 |
| SHA1 | a14f0f5352af222ff0d6f1e03c922e8af9496b1c |
| SHA256 | 76a6940a7fe401ba841b4d9d9ee77283eb6e7116a2fd8c1c0193a918026728d2 |
| SHA512 | b5557b3b285911cf4acaea369bc8fe6261fa66bffefadc9dea1ec29ff94781d1dd725d00bc19d8a29c9ae919241c2d06b76bbda173e8a2b699cb72bab9338ac6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 761498dd963f8d267c16da0f1c69cc63 |
| SHA1 | 158a9148bd815cb1b755a19173fc91626f10652f |
| SHA256 | e35e9d846bfd9b3189a0c06ad5fb23529275d9705caf3260950ca6c8d283b017 |
| SHA512 | 0171cc53d32959f3abc26ff4fff08ca8409a2e42eee1727dfe24b8e5efcc2cbc710024084bab185ac88d25073c202813f4461737574122b3741719da4a5e10e8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | fabff4e0b723b6b741b967be38625906 |
| SHA1 | eec9b84f8f352d505690df1f266a823ded11aeb2 |
| SHA256 | 5a2723ccc19fad4ceab49793598ae614599198a3c3245cb63c4a855b38bc36f6 |
| SHA512 | c380fa41f4bd3fbe2a26f56c8f9eaa3fe16c522fe4ed905438c46dc70284707f66b09ec610769238473880cdcbcfee99c5baa5a70a8e6fe9f1793f82f0a2e567 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\prefs-1.js
| MD5 | 8259db9d11980c9379b8beb86b09e7cf |
| SHA1 | 241bb126a73a3b3d49528220538cd4e76f5bd2ce |
| SHA256 | 4ee56d2ceaa11967206eee6fd456f178f42003b739856fca86f3286548e72116 |
| SHA512 | a920158c7cc0afedbf7fde37af73ef13f26dc425856646077aa5e2a17eb18251610bba2d4e7692696d8f36c8d29e581424efbab44cca5fbfe6581969f4d085c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\prefs-1.js
| MD5 | 5f6eae07588328040da3a5ce9350fb48 |
| SHA1 | 0fdeb956fd46dd0cefc5f3110b7fcba23191c01c |
| SHA256 | 252a081ba490cb4574bf1a66c2a4c4a19916df827b3ea133198efd4ae28078d5 |
| SHA512 | 89243eae0c3952a6aa8b440d5489553317db4b8407019ad1d1211bdae320a092a90a16c5888873e13be2f83039ea4a8a86089d328eee4f8aa8a362087fe5f12f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\thumbnails\447c1d819532470f427483b5c2ad32a6.png
| MD5 | 59d375bf84e6b8793619a3c1b4661e95 |
| SHA1 | 6a46cb777934001cc28d12f8a12b8ad971d1d5c3 |
| SHA256 | 5d490018f50f08ae80239113643df8bfa00bdc7c71ffb351aae7c8d8c997837a |
| SHA512 | b44db2d926f1133f6f26db025ae7459cbcf631e784951e97fe46f74b1006044a77f519dfcb589927c8556ef17c2830ef66a59ff6fe90aac328269d6baf5edf94 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c396235269b0db17a76a6a39a96424bd |
| SHA1 | 80328e2b837a2022dee6d589e48261d8f852e2fc |
| SHA256 | 5eac4a67a3a6d498985304f02d94b746b5f79e5b850363c739566f4b311657f9 |
| SHA512 | b228a939bc88f7437793902a93fbce9ff12049573e347c4b826308bcc726a7f5b08d467c94ef8725d92c9a1a793fdd5168fb0f8247ae077f27e5013cf77c9f0c |
\??\PIPE\samr
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\cache2\entries\80BB96996C8133B0FE5E0D6E5EA21B26135E8EA2
| MD5 | a41b6f84375e3e4c83fccc68b8f7969a |
| SHA1 | 1f82f36dac4c694cad41d9d70bfaea42ba04dac4 |
| SHA256 | e7490a177a76b1068c47c44b061ae4bc90e097d4f0b09333218ff459b3b23137 |
| SHA512 | 8b9cc53f584cdf130db04c902fba964dd3cf58549d1af168ee4cec1e833f761ceae39ce29dc283f8931673b46e917fdab5bcb28fb429adcd2307924d5d614de8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\cache2\entries\5AE6D89F9E02E65CE57A707F37A56F985F9BE4BA
| MD5 | 32b1081b1df1388c749720713159dae9 |
| SHA1 | cf6272312f3917b41e749261254f775f1b28efae |
| SHA256 | f0c8d00095499073407bc19071d0fc94b5b99a519aa214affb3b8647903a173e |
| SHA512 | 884db778e50786bd8950312623f734e8b1297350e38343f2c8cff8f6504d8c1e456b54041d734047c6fda9852d701434a993bc1fe1f1d3aa342a512091b713cc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\cache2\entries\E8254BFA330D5945BAF042EF8F887002F85E1017
| MD5 | 129e2b5448fbab63554c1c3abfc4c61b |
| SHA1 | 57d23e78d374c8f448c6071d101d424629a00e2e |
| SHA256 | 284e267edf34594babbdee5c25aaae4c5c48c178c3a8bc2bed29c836d64f1b45 |
| SHA512 | d7953f30153aab789ed4cdf1846f63c3ef98455cb9290ef0f30e37eee6eb6693bfec0b1faeeac2ab4567e87b1d62e84c8535c7de99c978c29db9f981d57c1d0b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\cache2\entries\4C7B6F2CAD8B3C17C2BFE488FBEA72FE061AE34B
| MD5 | 88272c0dc1e81e9ff436a4b16e28212a |
| SHA1 | 1d265d4348c4c1931e82efa29aee8b1f0d238eb7 |
| SHA256 | 245e5ca2d11637b9734e8520361f97c109e60076f472160215fb54b92f66907b |
| SHA512 | 97e72ccd31367359b51ac13acc30f3b85268f7a57af8b44d341d62a29901f1c2f51c7d1a64a168907a15c7b2db41194fee3bd8f16ea1f8e520a439def4c0a12a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4
| MD5 | 679d99e92ca9a33461225cfec5819ce2 |
| SHA1 | 7f74996d219a6731d2e7f0db2e0a0eec95b59c1f |
| SHA256 | b408f224a90062ed26813e37a2a22bd118aa03e8034368a75ee3e99549386a59 |
| SHA512 | 111703aa41dbf7d103d3783c31f9147656bcebbe0834044d8e58c6307c59e7cd4a42233ec3e62d9966ca1c48661aba5e1a0a3e12cd7d10ac8d6971e645de78a8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ckqup08y.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6
| MD5 | ea91934435658448e070fa611fb1915b |
| SHA1 | ed0f2208742e89eb3add381b253ac9254b5bcd25 |
| SHA256 | c026167bc72eb3b255f916db95787d0980acb54459c19d46c3fc6e8d28b51c93 |
| SHA512 | cccc3ba9da049d669ffbb2c48845bf2f00fa439097978baef6e613188af80f0bc805faf979a2bf3a8675a4c3f1ece0d3111087a9676bec475f7fddb57da62a25 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c635fe0cac9ff33325b8c69ae8e02e98 |
| SHA1 | fa1cc3703c1bea16eb9743be2a5c216dbae1e577 |
| SHA256 | 233573f16eb69a98d5534e4bdf870a2ba717286829ddf1e40d4e75f59f799f7d |
| SHA512 | 91b93c96c69a0984a10a106887220178ae7f54422c394dc98848851710469feefc0d6c7deaedbfcebb1d3ae03fec435c32b0195f85f92ca7ef10f22591f80df6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\prefs-1.js
| MD5 | 39b8fd8a27877c0b5f0bbc0cd597ca25 |
| SHA1 | c2eaec5a470b81cc55f274a0b7ff052b97f1a342 |
| SHA256 | b84ec847d2afdba75ff8ea170709c2d70b98ec21a244680870c7ec93c1a5bc2a |
| SHA512 | f899e9806e00560408a927b4b8bf427a41398eb015490348e2ed52157c6b064b31e8de41fa5fe6ca8301ec709adfe93d4bdb72881c1fe822da246c5a2b866e75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b58b8df450f4d075cf55687d9dc82a37 |
| SHA1 | cab5993ce422eadb4de4d2b9fd5fcb2d8d8fd029 |
| SHA256 | e6cc6a359f4bbbf0887b9c17860c55c3f0ca61663a9d6a1d7cb5978d013795ba |
| SHA512 | dfc84cefc84dfd9c80db33168e5e434dd41fc90a6fad9fbb4ff51ffc6426df188a7b425d54199cff6d71a6119534a526f6df146b2d661d1f5027f8d7a8222341 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f798425b60849fcff0c1b0a1ef6ffda9 |
| SHA1 | 0cbc000ac66162a8b9b7275a67ba3410ead2480b |
| SHA256 | b7fb79e3788d01b8fae3b7e299c87ba84421d2d9c170e1f6964885a157a85d07 |
| SHA512 | 60ad2070e0ce9efae8de267b5b4cf4c68935b33d2c29d645f66e13868f8e627a9192da913399cd81a7f304ffea24e9723c5b1b3b0c72fde006199b841b4b5d87 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dda6cbb1e7d3ded758f97d5a74c59cb4 |
| SHA1 | 07a26d7e5fb3c058ba7ef5772136020225b674e0 |
| SHA256 | 8ff5ff8ae45b569d36c8151fb9802f9332011e89eaa700ed44d6e8db75721053 |
| SHA512 | 7aa9fd1139026e222999e4e2eaf366d850ca1f41b780a62d21e4ee4554430ecb2a9b25dd545c5500021e20a58c2831f96dd080a48b56094159a93ca9e8fe985b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\prefs-1.js
| MD5 | 45f14ccb8075cbf1d2c9ecd2c6a4f9d2 |
| SHA1 | 18d6b0582ae4c03ef6f3c60365ae8eeb4691e435 |
| SHA256 | e965263bb6baf2f3e17acd12f7cf395ab4d07746d54ea1fe262abf39fd2cdf42 |
| SHA512 | 2cd27cd31067eb8016582e550f8dfb61b3261aadb86ef285c96130073418e2d676b61f27d9b5ce6933ce09cfebe6ad0f6cb720742d10c7ca70be6215a71cd4e2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\Downloads\pack.imDJcvn1.7z.part
| MD5 | 4f13afb5e8cabe7f37c9940a125200cd |
| SHA1 | ba98661735b6bd3c4cd4210edb1d6b11b8b415cf |
| SHA256 | bcad9088e2ec62ae3d2923983ab5a6a31d7d4877a2828cd20b43ece8c978c567 |
| SHA512 | b599e7ca0a43a106b35accf753d215e1078f8d3b51b48e77a582ab155e8b2663f2c468ebdcedb10e5190e3f019f3a3873a4d90d4ccf1adde705b98fbb4c19af9 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\0099edf3e1770c5f999e245bac6ed23c.svg
| MD5 | f5abb3bcff922b5928f533509b992fb6 |
| SHA1 | 3ffcf23b60709f1fd0b02d4cd1226b37f7c82414 |
| SHA256 | 29e0892e90fdf83723f34f1585d34913d4ff2875b2de0e25eddc24663c2dd154 |
| SHA512 | e03fed3543b2ed14b571d38496f06e7d2223aba40d9a3af321d08ebb4eebf7f0a720c73b47df0e428ee866f85f2ab218f6d45cbd7d61f9c3a11e4e090ef78248 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\0b6b138b709ab294136d0c590c91f80c.jpg
| MD5 | 77e6c2806d66f93f07d23416ef3355dc |
| SHA1 | 6531906288824474ce422ddca19dac063145f4b3 |
| SHA256 | 53a17c55a9064777fe8a55e0a517d92fd7c710ace39bf11f24e4a68475949414 |
| SHA512 | 23d562ac9d17f0d88962e20abc43dd4686c16280dc1ffd045901d51afa49687751a7624b136ae97590fbe09ef62187966d0f0c0fd948f65892a1c32bb76d66c1 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\10a013708f5887bf05a3544c4a764fba.svg
| MD5 | e9eca2c738f2d57ed66c3be2da0eba0a |
| SHA1 | 4e3221a16a9afcfbc3daf3c9dca6e558ec7d40bd |
| SHA256 | 0eae20736e95ef17f996d498fdba84d5b2ab844dd220555efa9d03aa0317518d |
| SHA512 | 0847aa3b5e62aac03ef850fe1825ea1242f5b910066acc2e1f6aa3ccb84a55aac6d6350e5c3efbfbf21f50eb217bf9a67f1d69dccc160e440a94d7953822b794 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\43ef47bf833aeb264ec0f19ee2758068.svg
| MD5 | 1c64f7757ec765655cb8ff6c384a3a54 |
| SHA1 | 69835b669779ac6a2fa0fd9a566b35d985ef0718 |
| SHA256 | 95a68f16ac9f0f4007274fc9f4f628cda39cadd04d2413f456e76feaf5785d0c |
| SHA512 | fa718d1ea6821fdaa51590732a0de3599632b40a0e9e040936d8ccf3b5b25018f689ae124b3492664e1d7f967503df203aee39ab65b76a744cd14912d4dd5471 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\54c161f779f40a6f46674e73f230d550.jpg
| MD5 | 9bf8e719535fc8212661c9be18b161a4 |
| SHA1 | e41fd78454b71b98507402def2258cec384de59b |
| SHA256 | ff237ef3d6f3235925a857cd8d4d67c01e97840f289079196ed1197851e06619 |
| SHA512 | 59354b33a8f5caee6a8a327e3a34dc013ecac026d648eb509e7d773751d6b0ed554c9212c4b5ad6b2a18a61a0784397cb4b93da68584dd0c411bd88a113a64e0 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\6125d63d7feabe14a5f4947829226a77.svg
| MD5 | f86e458e743f9635813f81e519153332 |
| SHA1 | 700eba7b9e1452d5b252d97e86b58809b8d205e9 |
| SHA256 | c71a3581de8d39d9cc6eebc8e2968b32aa037eb7ff24adb014154592c0f36da9 |
| SHA512 | 274c74442ebdff1f4f3573b28a8a4d149f2bc35374e54ced867316de8b00c86a070309a2b62711ef934abae25f98495a5636b593ff87f4629af59e50f36b98ea |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\500e245ef0e79604327b53c9bfc2502e.svg
| MD5 | 738ce8a502bdbc48c2aeeb25b5b3b0db |
| SHA1 | 783f81340d41f496eb359e2fa3f08b1531cd503c |
| SHA256 | 6a02f3f08cd719f52b0aa38d2578a1a295c8924a3625f27cfd7c80a0f25b7171 |
| SHA512 | 8e52f3d2cce074e4fcd748b50fb8b58b6ad8b50d1f67d74dff7a654f2e66bf9a40517e943f8e859ea3e853d27617b2b32740d583de9515522f8693e42f4ad66c |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\6353d7877f87453f8da24cc7bc2941c2.png
| MD5 | d4f9304c987acd63cac9af356af048ec |
| SHA1 | df123696ea8504c14f082ebe8f464ff9ec4cae91 |
| SHA256 | f18215f7a041000704dfb10d467f28354d70601550f396f7763df1e67ca4363b |
| SHA512 | 77ac28cd99fff6d537dd763ff6cfa7733763a19e18bc8c0935b65a9f26a29f4fad33ce0ed9e67217657579e054bb4f1a4d2668aef7cc4bdf3d76dd55b49e2fb7 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\3b2d8f6a15a379f90883b1bc9709eada.png
| MD5 | 118b3cb005d9decfaa41b277ba57114a |
| SHA1 | 6ac799f9ad444259aafac4945c476a55ea890508 |
| SHA256 | 88705adca00cc7bf1f342f9d4b0850a4e7b30b0bb250bd57fb4fc51cc5aa8a7e |
| SHA512 | 67a556e867f04612778996e3472e0d14241f29ed13f08033c36d55e17b8b672a92e4ac396032fe3fd0c049e8610fa4d6efc0ea6d3c80edd7290306dc389758c1 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\82e846348e620a2231b5acee75978ab5.png
| MD5 | 11c61b753d0deefc248db10f6ea7c920 |
| SHA1 | 47b3ad3b965954402b698ef8b7a39b884342a448 |
| SHA256 | 4d5330f022ff488704f472054c5a1fac9d1a4f8c5fda4a3cfb99d6696255ec91 |
| SHA512 | 1f6fb8ba6395a1bfc508b0b5cf0d90a224ca2d9a8ac26d0c511e7848d1fe211a39ee7d6491a3be08bc1da3ec066c41ee40613c196d02bcd1d2407868b0fccf37 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\15a6487915cd59165bd6ba4c9fd6085d.svg
| MD5 | 739852d3ce9c5b7d737fc79f42a0ece7 |
| SHA1 | f04e45e173108b1980a53a4758d95d5656e06ead |
| SHA256 | 3790d6e556194fd7d17b273234befd2de44daa4c57d5055bdd0de714c57152a1 |
| SHA512 | 7024bdf010a0d9d185cfffe6f5cae08d6a200e43499b2747f9288584fbb43b32f324dc1a92ab36ce5dda2a13acc761ea512a8756594638353bd1702f8828918d |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\83089896a814861c43223129569df03b.png
| MD5 | ecb4165dc96bb552555936aa38b38114 |
| SHA1 | e7bdb03ed1c5abf69f2afe48c44cf2940fabeec8 |
| SHA256 | 431cd53b9756615cd1f0a8d793b4e94b4add85e513b8de480174144949ddab7b |
| SHA512 | 5242fae1ac4a5baefe060a5ea537993e69ff7105d0bbd7c245280dd2e8b1a59218dc39fda3d129b03b2ce453c59e9a027d63df328306e162e2ebc103eff2eb9b |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\c0da2092386ddd96c966a988ce55fbf2.jpeg
| MD5 | e9c9e80df6e100de4e9f0633d7097b2d |
| SHA1 | bc3848a191eba599193e94eed22f59c5fde85976 |
| SHA256 | 05fd9d538a6a0e44591414e5f4f5701a23bf34381c4839fb2713be206cb14002 |
| SHA512 | 7673e09758291b97f71c71343e5851929fcda680c95a8ae6ed44c3cb7bdd3c1fd5adb267250d204df2efe684cb39a809ea185d7c72f2a60a75917c72a43963f0 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\c99cb0c554b288c83e57c872668feec3.jpg
| MD5 | 20dd09a758897c47996fa998434c3beb |
| SHA1 | 73ef62b80bbbbcec9c379140ff09bee86cbe0551 |
| SHA256 | 368634baac7ea8b5b7efe112474d1fa8a670b008cdd438ea3f575a32a4d03be2 |
| SHA512 | a9173f8fa3024caf156d0636e29cebdd59a3e79ae99a6e9e5af99c945d365b49f3e3353bd0b8ba2aee6311355c253ae021849478359b9fd8e90b257eb310fb4c |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\css2
| MD5 | 193c2704ad3ba7acf145d5e9a9e9e2b5 |
| SHA1 | 8d7c5d510d1c7caf2b1c4036ff4049794567dcbc |
| SHA256 | c0aebb6a34b30dfba210b7265b718f8d9fba3651fa39691fb37ca583a4d9a518 |
| SHA512 | 9cdd6534989e2b2f7a152818d2f55e5a4bec5d101b0de905f4d4ce35e578c17f93ecef5f35cab67a249da8330ebaae308207f943e8a2d3f319b9c5c1a1740534 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\d91421ebc48fea26a2c35626488f5bcc.svg
| MD5 | 5640d8b85229e9dbe6d5e7790891cb1d |
| SHA1 | a09ee3eaf0a7acc0bb7e54b3163c6a555defca64 |
| SHA256 | e5a587f50df0753ca8a4c0b8876c6eb063e2e123443b347bbce0d51a5c097f15 |
| SHA512 | 643f376cecff1179fa17eccc5ef8bc3eca8617df1f95c1c7cb1cd49ed79a8216aee8eec6af0f33583130c58e7ad6c6116338170039ad6dafc47309d1d5138219 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\db473225bc9cc86248b2bc88661b1923.svg
| MD5 | 5556cef6bc1d5ad734abe89239e7b9a2 |
| SHA1 | bee99fd3d2c0af8e6c45c91b4dd69f3f46542a83 |
| SHA256 | 5d2c86a8f93305d0865bfa31676a8446ae3571f0eec8dcc6cfdad1e947da5d0b |
| SHA512 | 5d746fa72d4295e5a2b8ade88a4e6557aa2981041c4748be538847503d7b77c1243f7007b64957c5a8f45e3f7301faef0e01e89c48dd52d07242b8546e1a50e9 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\ebaa03540dacb64d446b43ba2584f208.svg
| MD5 | a5c72450abdab4e79b85877513eb6f74 |
| SHA1 | 756747ab0519b57ce3d4ae8776fa7b717bc23e1f |
| SHA256 | f5658e44d15fc3e775e5d3246b85b8dce61204176168fe6bbd88bea6b51adfcc |
| SHA512 | 1533541a7f932d6870687d916a52055732689bc4ed38bc167b92f08f3c2bd749aceb33b251fbd7a39c63e53ca9622849f5e8d124d3031dc57c8ad75ac91658eb |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\fa8d3f2762a60930c14d5da065efe085.png
| MD5 | 0107f9e073207795cd2eff5f3033fa9d |
| SHA1 | 6aa157f79de3a1ffd3391ad47246c9a5ee542e6c |
| SHA256 | 744857fd0394382f04e971db21dc15c55eff04e46a7c559bf1b769ac9828802a |
| SHA512 | 13b13c9cf925ed8ffefd7287bfde087e53844a2804ba3ddde2cc5b505acb08ca60c71dc9c7eb6cb8f3584bb0d7da987a0858d52357ded43c8e4faf57d6302d52 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\gtm.js.download
| MD5 | 560c793326675a78b9788c037222f254 |
| SHA1 | d04d704dcd031ec4df5914869c6513773e789f53 |
| SHA256 | c7444843ef35620badf180f9cc4aaf86555f914e8b64bbe52597e85bd6d913a4 |
| SHA512 | 1c94db45d15741fdd50fe20378663c5350888e65e1b982ab495b5a293827827eb498f3e4fc91c9d56f440410d4c1cad14cb68308b504ff396ae8c519d0597374 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\promo23v1.cf7dfeb203ee8a2d5500.css
| MD5 | 13c78ba13454b1364d7626af546faeb6 |
| SHA1 | 4b856bb325da453a9ab6d66ce43ea9c85f7765b1 |
| SHA256 | 7447b6cbe511526a1cf1e49a390af070534d326de0bb38cba024d3b2bb759fae |
| SHA512 | 5596cd67e7795dc56db96f8fd7c1aa6a46d0cd8bcd907e42958e0a2d2379dc9c53b7d1e77c254e00395eb42df116c641edc051b550012347c37ba5e967fda639 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\runtime.d2a5d15b1bde566cc283.js.download
| MD5 | 834f51e038fe18963b98e88dda8fca1e |
| SHA1 | c4dbb814e44728ba6d135f8dd4532e8d040e5088 |
| SHA256 | f0c6ee22f63f53f7e951f98aa5bbd325ce60b73f7725b42364cf0a2b4e37df1f |
| SHA512 | 489e84f786693c1d0d7c597c25efe4b638baf669f59e6e4c57d6f32900685fafe47a1d048bf8fa94f7a638cc55938ee9c16171866ac2660538bab3b01689fc23 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 12_files\vendors.ae4a76268d61afa4246c.js.download
| MD5 | f8d297ed047c52dc096bdea1d3bbbea5 |
| SHA1 | 795412a768907ef29d747883f0bcdda1b1bac38d |
| SHA256 | dce28bf1ac603cefba17a28b1973290464ead752ce7d7868bcea623acd9a232b |
| SHA512 | c5bf25ce903fe59dade01edba0e3c5a9926315cf21fb648be910913b6033e0441ea507ada91b2d40d6cb99a0713d2024d1ed3995b8d2f991d38daff28d0a0e5a |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 17_files\f1ce86a627b87a1bfc2e4630a7017fd8.svg
| MD5 | d2dffb1e2b19cd185c2e844420727780 |
| SHA1 | 4f5a888ba734ab11739b4f191d112c637686545d |
| SHA256 | 9266619ef667b8d46198b631446517186c303625d43c4b6f68f6587948d7274f |
| SHA512 | 4bfb148e75deacee6181777f4bcd3d62902607561aa693b0dc451d29a0aed6f3a6262fe7b1194c4474ece356467ac583ceb4cbc1823df8ab3b16c36b8582fd16 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 5_files\promo16.45741cb1c7528221ae3e.js.download
| MD5 | d410f7d9069096fe636066f2c7033807 |
| SHA1 | 4a4bf595467a316f6913451f0d51150c3c8d0ea7 |
| SHA256 | 69b31b77215382d82748974ed21e42308217d01e2a7708726c6c83f427baab6b |
| SHA512 | 400dcd425c630b47cee8c12942e7de1a9b9f884154050252a5b73136ede2b1aa78c084b42661ee025993cf98d9a9eaf87db2e7fcbc4d47c82f42fe57826f14f2 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger 6_files\6c0c96474d134b1472b4834ffde57bbe.svg
| MD5 | fcfdc6218b5e6287336ba8488a92e4a1 |
| SHA1 | aebf3d9f91ed859d73b1ca48323337215b79e669 |
| SHA256 | 1f6a70d9530434eae5063441bbb5cc8114208cfdc120158fa2867070f6964975 |
| SHA512 | 309cbc51d935dddfbf7a3a4e8174eb7635f46a5701136f6b376c62149b6cbab200f4cd14d0f6d658f66f4d75f0428ae84507da6006d352aad16215ce3e51d974 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger_files\promo12.dac4019f1bb543f18dde.js
| MD5 | 8f6ebe17aa477c01a23b4662a49f5e13 |
| SHA1 | a3c35b6c837e97c1ee7415446cb9368cd4de5789 |
| SHA256 | ae4342fe2ddd29c7e675281533f9c20b26d85c82521ff28be04ecf0c8f68319b |
| SHA512 | f126a04e0aa018a7c5e07fd5189ccffc287643ab60e15b23aab13ae4467e0f75aa4180cdde5ebf7106f1f7f287e74670a82d35a8b2a178fc2756b5dac857a712 |
C:\Users\Admin\Downloads\pack\AdAvenger\Ad Avenger_files\promo12v1.dddb08f483a3fc4363c3.css
| MD5 | 58c95640fe51698d72231894d745e3ad |
| SHA1 | 264d960822f4f929a38bbece023bac9268c3073e |
| SHA256 | 305524833ab6d79f7d0c33e4f94037de314866a2a97c3a931cc78a944a1ebca5 |
| SHA512 | 0d0bf0b67c2bc87b6bf00b1e62dc242b4badfd0940cedb5c58ea79d546438190b35ff6c76668ea447b4e855cb143c4524656d9730c5f73bb5929180580116306 |
C:\Users\Admin\Downloads\pack\Clutt4.5\Clutt4.5\Clutt4.5\Properties\Resources.resx
| MD5 | 19ed29467e0c70dc5ee6d9cddb1ff4e9 |
| SHA1 | 942bbb5b3dd51659b527a331f6fc0f1e81d3b0ba |
| SHA256 | 580035c6717b7533e3f2c52163489d4e0502717cbf644a788c3e71befd83a250 |
| SHA512 | 9267f36a4a5733155fbdd2f52ae9b78c4785412ee603b1b91dc16f03dca586b182fa2fcb842e57c43e07dfadb03d5b0b722fa1ac9eef7f0f0b0a513895ff2389 |
C:\Users\Admin\Downloads\pack\You are an idiot!\Files\You are an Idiot!_files\animate.js.download
| MD5 | 8240e06f44861e1a1d526954120acbe0 |
| SHA1 | 94fd4673f12a27a3d077350762e09636a77d8c38 |
| SHA256 | 2476e783452b4044ce5241bb90181ea220e79a430c36823412f45a9be0e27787 |
| SHA512 | 601e84270ced1c166f3b4ec8ef423fac7dcb976d773b4cc3bfcb6a2f213432a352afdfcf6bc0cb235cb63b54964a4755b7ace1c65becb53010155b81061ee95f |
C:\Users\Admin\Downloads\pack\You are an idiot!\Files\You are an Idiot!_files\math.js.download
| MD5 | 97d787301ae23245a64fbe06d7e547c3 |
| SHA1 | d88bb6eb2d8525fd384ea54e5db905cd0b97ae90 |
| SHA256 | f7529f7ed5d6b40a3f2d8e82cda47f6560d64b448a155717d9089f8dba247d6b |
| SHA512 | 7c679cdfec83e0284bed2489691617239fcd7e7a7ede1ad88401918a78cf81338efba7ba94b6011facca325e06f6959f49144b9ec86689381cc81fd76ab8347d |
C:\Users\Admin\Downloads\pack\You are an idiot!\Files\You are an Idiot!_files\styles.css
| MD5 | c8c559e706543287ee259882ce4eeeae |
| SHA1 | 8893ba7bb43e3f5ee82ba84f4d824052d6688cb4 |
| SHA256 | 6080d8eb371d6a417e9ba9dc6a971326d21ed197bd2086079de1a8cc90dad8a2 |
| SHA512 | bbceb8cd8faf2367a0f604d8174ebcac5eae3d68417193af68e179ae9b92b4fbc423b815a59c87e9043a87d21673aec92e58e4cf4aa7d730caea0372b832ca02 |
C:\Users\Admin\Downloads\pack\You are an idiot!\lol_files\lol.js.download
| MD5 | 643194c80c2eb4a6f671ee7a8574bc0d |
| SHA1 | e123a4049a3c1eb45beb9b78e4ea82665406b096 |
| SHA256 | b14095e3d4a1e4467b05e4f9a6607184b7149cdcc9fb08cc1b785f73cdce28ea |
| SHA512 | 821121665af18c6e0403a63857ca21f819dd9c6aaa39c05a1867083bf001a00cc5f8b7f360e3bb50b11b62cd2017fb3f252b0b7ea397f247c4b571994ad73571 |
C:\Users\Admin\Downloads\pack\SecurityEssentials2011.exe
| MD5 | 02f471d1fefbdc07af5555dbfd6ea918 |
| SHA1 | 2a8f93dd21628933de8bea4a9abc00dbb215df0b |
| SHA256 | 36619636d511fd4b77d3c1052067f5f2a514f7f31dfaa6b2e5677fbb61fd8cba |
| SHA512 | 287b57b5d318764b2e92ec387099e7e313ba404b73db64d21102ba8656636abbf52bb345328fe58084dc70414c9e2d8cd46abd5a463c6d771d9c3ba68759a559 |
memory/3212-3019-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3212-3020-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3212-3021-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3212-3044-0x0000000008570000-0x0000000008E6B000-memory.dmp
memory/3212-3046-0x0000000008570000-0x0000000008E6B000-memory.dmp
memory/3212-3045-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-3047-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-3048-0x0000000000400000-0x0000000000CFB000-memory.dmp
C:\Users\Admin\AppData\Roaming\Security Essentials 2011\sezapcls\seclls.cfg
| MD5 | 617a938b792983d603537988e91f4daf |
| SHA1 | c9103ac65e8d45dac9748e61f493b27e5c2950d3 |
| SHA256 | 26a317fdc047e3a859ccff369fd64aeb9db71d8124c0f5f59c91c4ecbb34134c |
| SHA512 | a413e479cf3e03a48d897c9ef57ab81cca2a665d7ffdedfadc303c730b7d7a8f3bc3c40373dd608ef0f44b21e16b25e48fc6ac7d61167d346c9c93fe4472c40f |
memory/3816-3144-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-3145-0x0000000000400000-0x0000000000CFB000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | cb40250276617dee8fc85a4ba27760dc |
| SHA1 | 2e19876845ece47e5d312b68ccdfce9fe2c755b9 |
| SHA256 | 091b55f2493688d962e6be28ac04043d86542152c18972dd6aa6e559e838cc80 |
| SHA512 | d6aae01c6b5ab76bfb1f059683c3e5689bb48975bbb4b69ce9734f767411c2ea6c52da41c1c0acf7ad924156eba865198779b4f1f5db7f706bd54fc1f0b5b51d |
memory/3816-3155-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-3156-0x0000000000400000-0x0000000000CFB000-memory.dmp
C:\Users\Admin\Downloads\pack\Paladin Antivirus.exe
| MD5 | 5b8f483302d1b4060140070d92dc36c7 |
| SHA1 | a0be22cfc3f05ee0f94a5d10fb56ac3deea780b4 |
| SHA256 | 123ae87b85125a9910167e0fa0377ec95b740e33d16d45b95948bb4c52d947cb |
| SHA512 | b1e523946b0be2918e2e9e18e6ec1825aa00f8f59d9950cffa036e2bb11e49d46475b781c35933d88d10e0dc71f2cc303d6847c49ab8b670eb5710b2b59280af |
C:\Users\Admin\AppData\Local\Temp\4otjesjty.mof
| MD5 | 20767936140275be8f9326de541acf7c |
| SHA1 | 2b85b3c09e8fbe5af47e3d811c01bd697f5e7d5d |
| SHA256 | e28cb5fadc3e8e076af98df3795066af54858aefa3985f838795ef7e43db6cc1 |
| SHA512 | e914fe411175b3646e5ca4f588b9335d4de58b20ee9032af5bedd8aad5109c63a41e8074eb6ce5341184c86d597df211e6d371f819c9584dc5279157af1c0bd3 |
memory/3816-3162-0x0000000000400000-0x0000000000CFB000-memory.dmp
C:\Users\Admin\Downloads\pack\Note!.txt
| MD5 | f9a0d8e5b95f071db0c9f2959cffd806 |
| SHA1 | d248953249a49333a03936c10cf834d5d2863b1f |
| SHA256 | dec5a63124bdca7f9d0e4d9733538715c23851fa38e9e9ce930868da063b7949 |
| SHA512 | be8f0dd2a619d19c83fb45150a6537235a375c21ea93d87808d4eece020b7af290b2555d9edda947f230314857cf82e9ab33f778ab67c23dc8982a8ca45e9072 |
memory/2808-3164-0x0000000000400000-0x00000000008C4000-memory.dmp
C:\Users\Admin\Desktop\Security Essentials 2011.lnk
| MD5 | c7e2c234a32eae22502f050fc279e89d |
| SHA1 | 37f362ec15d0bd39dbc97cad58c7632f271192ff |
| SHA256 | 802902368a18f8721d45367d08765006fe18591ba3e157e3205caaf1adcd3683 |
| SHA512 | 468a38aa5e24560609dd7da525c4e79b1a410132c19951247fb427d396fe2ea1321e57937dbabb61c2d053f240cdd2eec484102eb98c3b9ff50c34086b513a39 |
memory/3816-3170-0x0000000000400000-0x0000000000CFB000-memory.dmp
C:\Users\Admin\Downloads\pack\[email protected]
| MD5 | e979fb2eb504972ed87ad3c825ec6c2c |
| SHA1 | 7a927cfa6d413f66da1ae05f668ce85b3547aaf2 |
| SHA256 | 9d45ae1d8d3749efbe72b24bc20142e8c55b88a0733a45e5fe8579cf24981f33 |
| SHA512 | df1b55bff5fdee03cd77d59befe5ccfef555100605f7e9782e0a90e21ad6f67c92bdf925e2844d042c9da48e1c05eb4970460683aebbec2bf5a3f9cf6341bee6 |
C:\Users\Admin\AppData\Local\Temp\nsa672E.tmp\MachineKey.dll
| MD5 | 819265cb9b45d837914f428373b06318 |
| SHA1 | 0725f84eba20acdbd702b688ea61dee84e370b0c |
| SHA256 | dd2f2d8c0a7d767be40b0f83ac6339ec86068e4ba0f4cd0e3e5b99050dd84fcf |
| SHA512 | ae4dd3f773568072e86e694c72a08d06b9206cb704a22ced1a922bc04a61a504aee67fc32ffb4d39f9e75f74c533d409756d4d953eaf9ab89cc9fe11f702b30c |
\Users\Admin\AppData\Local\Temp\nsa672E.tmp\Mutex.dll
| MD5 | 6899249ce2f6ede73e6fcc40fb31338a |
| SHA1 | 385e408274c8d250ccafed3fe7b329b2f3a0df13 |
| SHA256 | d02a2c0c9917a5ff728400357aa231473cd20da01b538a0e19bc0c0b885ea212 |
| SHA512 | 0db15d8050a3d39a14ebe6b58ebd68f0241d3ee688988e1e2217e2c43a834dff0959ba050d7e458ab6dfb466c91a3109ead350fe58fb3daa0753f6ca1ed9d60d |
C:\Users\Admin\AppData\Local\Temp\pin.vbs
| MD5 | 3f764ed6ee61afced5405a2e3f62738b |
| SHA1 | ce56c02f451bdbf20a1003df87fc2692ca06d0ed |
| SHA256 | 22804ed36ad186b3ab18605719c83e70b6244f60aba00e16ca8f97d80b5cc0e4 |
| SHA512 | 6ed1d6327b67b3c863f71ede1d8be2f24c51454aab25b104d474024bfafcd732ba84a63ea60b218ce0e97a740c2717f87f4a38fcf211e780d027d36f4bc1d859 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
| MD5 | 3da5073c5db2cf1f45f86819ca542fa5 |
| SHA1 | 46a78cfb31360beda67da947e00ab930929bbdc0 |
| SHA256 | d64982a78e06155ea9fe465abd409e75715f9fcca6b8c59209163a534f288c47 |
| SHA512 | dcd725fc0fdb373210515062fcc61070869d91f29537502d89b419bd5df4468b491f8de43b5274af59a61ddedf965f9d1c5995a2608c7a54ceadb5f0512f97aa |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
| MD5 | 629f14b626d57f0e3e125b8326d01204 |
| SHA1 | 7b88481e4ff05441e79217fd6d1f57878dbf31a4 |
| SHA256 | 34f7e3e97604b4113eb0bd8bb64997a75008f35c2a3ce7c8dc5288c1fec63429 |
| SHA512 | 9d95b1f03ca409a54036695cf0d028ffb891cd4c82f96265a592db3a64223784491eaac163d1959ec81d16cbd93f76d53380a59d84e666706d90e1c5ca97104d |
\Users\Admin\AppData\Local\Temp\nsa672E.tmp\KillSelf.dll
| MD5 | 8b49e96b0bd0fe3822bd4f516ad543ab |
| SHA1 | 3d04d3a4377e2e1888cc2be333b129daa8d2894d |
| SHA256 | c25cbc60ff1ccca811239655636717c9ff4decb9190a557489389504b248d037 |
| SHA512 | 46826285f213137cedefe379ece413730a36dcde016e5ac114743cb011e587fde503df1d70ea0e6c4213993749ac4d246e4c3c980b02e01239b392d0f5892e26 |
C:\Users\Admin\AppData\Local\Temp\odjg.bat
| MD5 | bc5aca38e505da47e1ea8bcfb9df5bbb |
| SHA1 | 67dd2324979ff2c2dfc97f89db0fb939bd08c87a |
| SHA256 | 30c55012548697052877b13150bedae3156f9a502557d1ea816dbed647b4a8f8 |
| SHA512 | 37ce0ab1b0ea58d3fddb8a25f6da6b970c454a7cd614932ea3a2c7f8d9c763172fee2a455d7d381397a67071d3f10e7b9159ce02dde0e0176c8e4180c47451cf |
\Program Files (x86)\rhcr5nj0erk5\rhcr5nj0erk5.exe
| MD5 | 04b88c7067b53a9bdf844cd1cb4b9c30 |
| SHA1 | 7d081a1053cd9ef3d593f5ef9a27303824b779f5 |
| SHA256 | d42b135a1e70b6f7d0d98c340f4b529f722953cf57e573bb21a078f50f2016b9 |
| SHA512 | 566f36f804d3027daab0e01f6d816b0420ba21fc276f2fabda4d0ed37b0e830704dcba8ccc3d30a7023c69f8ad3da0b9b58a49a26b3bb239d8ae0762bc157a42 |
memory/2684-3274-0x0000000000400000-0x0000000000D72000-memory.dmp
memory/2684-3288-0x0000000001520000-0x0000000001E92000-memory.dmp
memory/2684-3289-0x0000000001520000-0x0000000001E92000-memory.dmp
memory/2684-3292-0x0000000001520000-0x0000000001E92000-memory.dmp
memory/2684-3286-0x0000000000400000-0x0000000000D72000-memory.dmp
memory/3820-3285-0x0000000003AC0000-0x0000000004432000-memory.dmp
memory/2684-3264-0x0000000000400000-0x0000000000D72000-memory.dmp
memory/2808-3256-0x0000000000400000-0x00000000008C4000-memory.dmp
C:\Program Files (x86)\rhcr5nj0erk5\Uninstall.exe
| MD5 | 373ab9f3666e444d538dab8e35d56730 |
| SHA1 | e5498ad390b38983a887e850e48c6235b4be3249 |
| SHA256 | 8536a124573aee7b65d87e6d7d7bbc480a3084bef0ea75c1e82816a64817a451 |
| SHA512 | f18112b60ac9ad4b563fec2b895e82be08d776d99a613855c646e1160923c16ca377cc66f7190ce603b2e32b21832d5eb0335daa4f6057ee47cb79110db9bc07 |
memory/2684-3295-0x0000000000400000-0x0000000000D72000-memory.dmp
C:\Users\Admin\Downloads\pack\Heptoxide.exe
| MD5 | f970a59a728c152ebdbd8e45f26ac9d8 |
| SHA1 | ee6390f8798ffefd4472b427a4078e0c68286add |
| SHA256 | fa544f8e0146d5f12bd904f65c2e999e475a525ff676350f90289a0ca834c21f |
| SHA512 | f0351e4caeec6edf17cb7813c4557767f0382102e72622fe7e52b98dd6989af1190791ff79f14a07271df77baab9157e273fe5aea848b5438b80d1d1cd631df3 |
memory/3816-3297-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3820-3300-0x0000000003AC0000-0x0000000004432000-memory.dmp
C:\Users\Admin\Downloads\pack\FakeAdwCleaner.exe
| MD5 | 248aadd395ffa7ffb1670392a9398454 |
| SHA1 | c53c140bbdeb556fca33bc7f9b2e44e9061ea3e5 |
| SHA256 | 51290129cccca38c6e3b4444d0dfb8d848c8f3fc2e5291fc0d219fd642530adc |
| SHA512 | 582b917864903252731c3d0dff536d7b1e44541ee866dc20e0341cbee5450f2f0ff4d82e1eee75f770e4dad9d8b9270ab5664ffedfe21d1ad2bd7fe6bc42cf0e |
\Users\Admin\AppData\Local\6AdwCleaner.exe
| MD5 | 87e4959fefec297ebbf42de79b5c88f6 |
| SHA1 | eba50d6b266b527025cd624003799bdda9a6bc86 |
| SHA256 | 4f0033e811fe2497b38f0d45df958829d01933ebe7d331079eefc8e38fbeaa61 |
| SHA512 | 232fedec0180e85560a226870a244a22f54ca130ed6d6dc95dc02a1ff85f17da396925c9ff27d522067a30ee3e74a38adff375d8752161ee629df14f39cf6ba9 |
memory/3068-3309-0x00000000001A0000-0x00000000001CE000-memory.dmp
C:\Users\Admin\Downloads\pack\DeriaLock.exe
| MD5 | 0a7b70efba0aa93d4bc0857b87ac2fcb |
| SHA1 | 01a6c963b2f5f36ff21a1043587dcf921ae5f5cd |
| SHA256 | 4f5bff64160044d9a769ab277ff85ba954e2a2e182c6da4d0672790cf1d48309 |
| SHA512 | 2033f9637b8d023242c93f54c140dd561592a3380a15a9fdc8ebfa33385ff4fc569d66c846a01b4ac005f0521b3c219e87f4b1ed2a83557f9d95fa066ad25e14 |
memory/2976-3314-0x0000000001230000-0x00000000012B2000-memory.dmp
C:\Users\Admin\Downloads\pack\AntivirusPlatinum.exe
| MD5 | 382430dd7eae8945921b7feab37ed36b |
| SHA1 | c95ddaebe2ae8fbcb361f3bf080d95a7bb5bf128 |
| SHA256 | 70e5e902d0ac7534838b743c899f484fe10766aefacc6df697219387a8e3d06b |
| SHA512 | 26abc02bde77f0b94613edc32e0843ac71a0a8f3d8ba01cb94a42c047d0be7befef52a81984e9a0fa867400082a8905e7a63aaaf85fa32a03d27f7bc6a548c3b |
C:\Users\Admin\Downloads\pack\Birele.exe
| MD5 | 41789c704a0eecfdd0048b4b4193e752 |
| SHA1 | fb1e8385691fa3293b7cbfb9b2656cf09f20e722 |
| SHA256 | b2dcfdf9e7b09f2aa5004668370e77982963ace820e7285b2e264a294441da23 |
| SHA512 | 76391ac85fdc3be75441fcd6e19bed08b807d3946c7281c647f16a3be5388f7be307e6323fac8502430a4a6d800d52a88709592a49011ecc89de4f19102435ea |
C:\Users\Admin\Downloads\pack\[email protected]
| MD5 | f2b7074e1543720a9a98fda660e02688 |
| SHA1 | 1029492c1a12789d8af78d54adcb921e24b9e5ca |
| SHA256 | 4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966 |
| SHA512 | 73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff |
C:\Users\Admin\Downloads\pack\[email protected]
| MD5 | 9f8bc96c96d43ecb69f883388d228754 |
| SHA1 | 61ed25a706afa2f6684bb4d64f69c5fb29d20953 |
| SHA256 | 7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5 |
| SHA512 | 550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6 |
C:\Users\Admin\Downloads\pack\[email protected]
| MD5 | e8ed8aaf35e6059ba28504c19ff50bab |
| SHA1 | 01412235baf64c5b928252639369eea4e2ba5192 |
| SHA256 | 2d2a22db20a44474afbd7b0e6488690bad584dcae9789a5db776cc1a00b98728 |
| SHA512 | d007c96b2fad26763d27be8447ca65e0ab890deb6388b90cf83c0b3431e09b225f7424098927b54f15fe34eae953b61b45371b0df4b2d89c60be9c006ffe9034 |
C:\Users\Admin\Downloads\pack\[email protected]
| MD5 | f49bcb5336b1e1212ae82cbb98f8dfe4 |
| SHA1 | fc87518aee297f9c18e40f4604ea048aec0342c4 |
| SHA256 | 1501affdcf557a9dcb73ae34d43365d5301532a48328564160fdc1f3acb01e2e |
| SHA512 | 51a4b1a5ede81e4dbeb9a335fe3a370e6ae452a46d4f4ce8753b37d6e399b00e0de3b066921febf1b5b20f5e3356e0d93da5df366acd2002b792ecb7eb32a7e4 |
memory/3816-3419-0x0000000000400000-0x0000000000CFB000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ckqup08y.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b3d98eda7d79904afd455818ab7c50af |
| SHA1 | 6664203982b9900a6084bf522dc98a4167cfe16b |
| SHA256 | 437dc9b7412f12b230001a3277214df614cce4459967a627d836126751513fdd |
| SHA512 | 102d2c0646b05a0253b0a42974927644d438467f942018dc92b5ff843ccd0444aac511c046dfdda48e6766587d5b875d8bcf4d839b7aa7df5229d8347fa0cd54 |
memory/3816-3453-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-3455-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-3457-0x0000000000400000-0x0000000000CFB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab429D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar434D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc591d9966e3a30ab6e53c3aa0558934 |
| SHA1 | 77ca31069ea00fcd9ea2bb33263fa20bf38627a6 |
| SHA256 | fe10c5ac4ee80ff1bbda11ba6931be445d686d54eb21829f0299cfcc4af8ac2d |
| SHA512 | 06be9137ed0c5a8878d1b0103a45b71145d6c8457bb3d23c24be955750e935dd5a235ede85717161958dc23709ec727bf0a479138bf08c16779147089dde6310 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ba7ab417d61512e4c0cb8e027db8231 |
| SHA1 | f8889cf26760d496145bb6d3079c91e3edb574e2 |
| SHA256 | a999b263a1ab6d61348b6f670fbabca62438d2e8558a0d2bcc960c41c1c1ad6f |
| SHA512 | b4ae3c3f9e431e0db8f4804cfec06bc4dabfc88e4e58d6098d3e2e2cc82ed242915fb4a02ee7d1a5b42a865b37df7b1636e30348f6413ff69e2e9a43b1c1f912 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c253218e95f50b8cfdff0adabb597c1e |
| SHA1 | 4888fd31bb40f923d1ace07c62eda1d60e4b378b |
| SHA256 | 107ce14a7f467fbd3201515513f342fa35841baaa9dbe25f8062bfa46a281269 |
| SHA512 | 58f40fa78a72a04430197a681154994f47ed7553146ca8195553a1c01d02d570a0c2492a297d22f43019f58b159adf1fdd72d34f20ae50b06e26f198a3e30dca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c54d46984092c79ab3935a93f1e4bc8 |
| SHA1 | a2291ffa189791ed3950394c35ff9d1e9cc62f50 |
| SHA256 | 57d2a1a2cc5db7281f0d27c53a493d47edbf651505ff15ec3e9bd0a399655fa3 |
| SHA512 | ad734d76ad123bee85def71f18a7a0ec6c94b743abef95ad0eedc6f506e3ae6235ee3f86251b508067e1577131e66fdd5ccc6606dbfb9a5aa7c737dc5ad1e327 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20e9b487da7c04144d018c98a5ca3e1b |
| SHA1 | fbf2a60db8f24d560e2a9b6ad83ed4aac9648440 |
| SHA256 | 659b26269a1ecf7bbe6e5fdb5dbba99cce8b54d04484c89acec516c12b8bfa26 |
| SHA512 | 206e3bf891529321ee926e7b16160da45f68253b873f7768949005ae87ba62d85f7b81c4846fa272650c907905f8f30cd884c42c830526f9733f45dcfef1da59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb4d3fc66dbb6da9663790a0d7fcc691 |
| SHA1 | 038e8061d467f24893840e4fc43669c498895469 |
| SHA256 | 469491cf497bc2ee7d893c5e87ce6c666851cdbdd3af5add6d03e910c35fdbc2 |
| SHA512 | 840f90169db8ac4f8721c4b40aa88bb5b146ae776ba34e1ee2a9f326e63c47591d2f41a134c7624269c4472e7ca7d8cd004cf0b91d82ab6ed2ee0a120bfe4ae9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a62ef53b3a7cee163e0e46960445d381 |
| SHA1 | d058c080680e9885bb5010963ea183d64579616a |
| SHA256 | a1d0cbf706c4701de57179aca00b1d50e9822da5fae2e16aadc4fb5c54f8675d |
| SHA512 | 5d5dd0186237c2f3205d1e88afa08bfe1eacb5018d80eee60368ad91384cab95c662549daeb39957c5c27d60b8e2d696345fd3b35af5eee2fef29fc3aa178ae1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b85138221e3172b29779bd94fb4fa6d5 |
| SHA1 | 6ca04a0aba67f1c821d1cf86adcdb591de03c322 |
| SHA256 | 1c8cb8828f54a91648fe50e363dbc18269d5e160f9e1b8e9a760f323c36e18ae |
| SHA512 | 0e86ccbe17c94567fa86e09b44a7a8ee5016078330103707c58d66c42822d77691ad75e178a39bb8e90db60ec6244ae23b3d0322ab680ba4586f56ed498c6dd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ce646e8cb97a0c21a440fee92080977 |
| SHA1 | d2bf9c919615c0267ce2500aa2600c4fdb0cb7e6 |
| SHA256 | 947a5762adc4eda35ef81a5202597a99758dd94556f98251f0de08386796e020 |
| SHA512 | c0f792ac42d0320bf47678193c5110a73109f88270eeedbab554bc36581db393fc69254eab22633a40ec0bd10c5bb18087565769ac1b2d64f785cb612d31d2e5 |
memory/3816-3893-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/2808-3898-0x0000000000400000-0x00000000008C4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFDDE9FBB67E378309.TMP
| MD5 | 4a367e3f66c21acedadfb61561df05f8 |
| SHA1 | d12a0822c4396f19a324f633e7bbfaf7c8078f7b |
| SHA256 | 96a0d327d7954ba216b908b20a2c70c5c83095a6fb24af42c49e1a620f90c6be |
| SHA512 | a7c0337dd60659f875c24dd3fd9cc808acf08c3973de7e5f15f1fe8b2f0573a0228e2bdb4cceb0e4441a82aa5ff6d78f250e7c71f836430022a3585d16a5a840 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8945b938be6a7bf3537d696544e94dcb |
| SHA1 | df160df69fc39f3abf905ca5d335a4290eaf8ad5 |
| SHA256 | 7c9202685784c246896faca104e109543bf4a42b2d8fcff163056dd8170dfce7 |
| SHA512 | dc990ecee85675e568e19cfc7a0356e107f808f32f4f7b5953c26b824abe3cf21ad5101083c9a58f8f1c2f70a61f234dc69ef4606d6c5aa0909cc3a014f4581d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58bc72bb450bba1b24faeae3704c1ebf |
| SHA1 | a9f02005ca0ff5c2c1fe3713c08fd325255d0d09 |
| SHA256 | 4f8fbfccbcefe8be997fa50656162085a3745d62d4bcb57069b0146f29b6f832 |
| SHA512 | 435c7f6bdcc1e0b02082c3a3c849da563686c436facbd27da5e8f5941e5feacc5243023dd80636bf654387e7d590fb4ee496e1e3c48c3c17411f17f18ce6702d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39d5b020b3ccd4177b1cc9e6bacd88cc |
| SHA1 | be9c82e359c3a01c06186704d4a325f472e2b7fb |
| SHA256 | 52465cfd78629b06c36e8e4166953dd931971c1aefabe67f9728fd25cd04d8a4 |
| SHA512 | 1326bb5cfbbde7976cdbe8c18a7d8817cb4031ce95b23eefbf5e1781d72a8aeb043f395f5b174b686b4fb446b7bf93a036b341739e15667314d1781d3f6d18bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6a0662a1548384cc8433197f54cd528 |
| SHA1 | 90af1aa43125f3275f85fc2ea19be4abb4d44e3c |
| SHA256 | 39a1d73ed185138044d2c43508a41c800d7f94ceb90641c408e84aa91b6c85a1 |
| SHA512 | 99fec44fc0aa05b5a90d140075681f071aa23454779c0776d07739e5c8c14bae7581c02aef0eb74f6ed57ece4b2a82846d802128cb8fb6ed296aff79d74ed2a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9e9f1f8a7641ebd086a68aebdc0c53a |
| SHA1 | 3abe094ec95e682440206c131fc28ce0c0e2276d |
| SHA256 | 25f9ec2b7ec35ee8494f48dd7bd328c03506af58090377c7e56eb848a1dc508a |
| SHA512 | d6754f4ddd0c7d82fed1f784316344a953ab46e7b0f38f91a4ee95ac27c65a8c599c53beb4e846b87c24165ed79a0bc2059fb3408375b5d46b0c6492b98b65da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 604358fd164c7ca2caa2c9bdd2684661 |
| SHA1 | 754dbe03ed80edcd6da8f8772f1759c447669985 |
| SHA256 | 61d7c626cf669ca40b12d784fb9ace6ecd4252ae56c5250035ba8f3de63cb5b0 |
| SHA512 | 0662682366310f4bcfa4fb7d7ca919eee6cf6f856b92961a5c20b4ed29df7a555c041e91f1d8e22256049d90a1a53f344afd3a67d764d00e6cc804286580db22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a42de7f6ffb9674f33243de17c450ce |
| SHA1 | 9047296304369f3e54e4030d815050c08ac0f2fb |
| SHA256 | b5f820bcc1d7fe2bc850feaac31d915e35998c73a9ac713efa48ebc94c9af37a |
| SHA512 | 67f351a0e251c912365228a6b94e8d93adecc58ef5970abe9d94a05d1fe8994ae5daaaabd8a66c408625ed10d51df0149e83bb925560b80e7e4c9c3c484c0a8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c37c0dd13312650caede6c181ed3044d |
| SHA1 | 08c1c49288b9b6668cda1add71b622a0d33a7648 |
| SHA256 | 80b6171a88313ae1acd9f29bf8b0995ae856731ca9cdfcab73dedc35058b320a |
| SHA512 | 834f39c8c4294a24f0ef500c260989c881a79de3f897e8800fb9d25bc7e155e3a84ce22dde95ad1d73d655132a7ac54ebcdee204c5d0bb08de911844cdf03025 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebece820a533673ea26aca3aa7c58fd5 |
| SHA1 | 2646a96df144089746406ea18f160ef806341524 |
| SHA256 | 031b82cacd1aea7c59a1efbfa117d6cb53f5c20ce67f492e5f3bdaf21e309b84 |
| SHA512 | 286c6bc32616dcf029bf96b8f31d693145329d4d52cd554dee6e4aa8b31e4966351ee4140985f9863fbe2c4acdfa5823edd52906d59ef08882f3b6b918561291 |
memory/3816-4444-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-4447-0x0000000000400000-0x0000000000CFB000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 9a453df5d4f23738b7d8e4255ff52669 |
| SHA1 | 985a2bc33c79e91a6a7e341678d076c65b772f01 |
| SHA256 | 74c506be0fb3ce6916f45a22944d2609627fb93af6542c7d43f304f9952a4740 |
| SHA512 | d3ad8b084a689136ea0ce80ad7e6b1ef4d218f2581b680692efe3920132c35d1dde00ccf4538528fc71a4b38ed89fc4f551ca6e73a48bd685ca631767f6d2dc6 |
memory/3816-4459-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-4465-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-4467-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-4475-0x0000000000400000-0x0000000000CFB000-memory.dmp
memory/3816-4477-0x0000000000400000-0x0000000000CFB000-memory.dmp