Analysis Overview
SHA256
e23b5f906dbc62965d4e8bdba540f2b5e9b9350c9da6dea3822df5f259323652
Threat Level: Known bad
The file setup.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer, LummaC
Credentials from Password Stores: Credentials from Web Browsers
Drops file in Drivers directory
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Enumerates connected drives
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Checks installed software on the system
Suspicious use of SetThreadContext
Program crash
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-24 21:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-24 21:09
Reported
2024-08-24 21:18
Platform
win10v2004-20240802-en
Max time kernel
286s
Max time network
286s
Command Line
Signatures
Lumma Stealer, LummaC
Credentials from Password Stores: Credentials from Web Browsers
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.backup | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.rollback | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File created | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| File opened for modification | \??\c:\windows\system32\drivers\etc\hosts.check | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp | N/A |
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 9120 set thread context of 4672 | N/A | C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 1640 set thread context of 7972 | N/A | C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe | C:\Windows\SysWOW64\more.com |
Browser Information Discovery
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\more.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\more.com | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | F:\Games\FNaF - Into the Pit\unins000.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\Forward | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ = "cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\FLAGS\ = "0" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\ = "BtDaemon.cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\ProgID\ = "BtDaemon.cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\0\win32 | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC} | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\TypeLib | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ = "cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Implemented Categories | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\LocalServer32 | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon\ = "BtDaemon.cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\Forward | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\0\win32\ = "C:\\Users\\Admin\\AppData\\Roaming\\kebug\\MCYIUNRZWXHY\\StrCmp.exe" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Roaming\\kebug\\MCYIUNRZWXHY" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC} | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ = "__cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6} | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\0 | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\HELPDIR | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\Version = "2.1" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\Forward\ = "{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791} | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F} | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ = "cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Programmable | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\FLAGS | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ = "__cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon\Clsid\ = "{4F7FA487-8CC1-493E-AF0A-E7A294474F25}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\ProxyStubClsid | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\ProxyStubClsid32 | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\Forward\ = "{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\Version = "2.1" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ = "_cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon\Clsid | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib\Version = "2.1" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\VERSION\ = "2.1" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ = "_cBluetoothDaemon" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\kebug\\MCYIUNRZWXHY\\StrCmp.exe" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D} | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp" /SL5="$B0058,4738900,140800,C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4276,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x33c
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe
"C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe"
F:\Games\FNaF - Into the Pit\unins000.exe
"F:\Games\FNaF - Into the Pit\unins000.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
"C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="F:\Games\FNaF - Into the Pit\unins000.exe" /FIRSTPHASEWND=$40296 /VERYSILENT
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bit.ly/fitgirl-repacks-site
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\host.cmd"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4944,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4364,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5408,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5736,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlrepacks.in 109.94.209.70 # Fake FitGirl site
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6104,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlrepacks.in 109.94.209.70 # Fake FitGirl site
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5112,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlrepacks.co 109.94.209.70 # Fake FitGirl site
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6444,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repacks.cc 109.94.209.70 # Fake FitGirl site
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6588,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repacks.to 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repack.com 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repacks.website 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlrepack.games 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlrepacks.co 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirl-repacks.cc 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirl-repacks.to 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirl-repack.com 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirl-repacks.website 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add ww9.fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlrepack.games 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add *.fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repack.net 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirl-repack.net 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlpack.site 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlpack.site 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repack.org 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirl-repack.org 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlrepacks.pro 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlrepacks.pro 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlrepack.games 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlrepack.games 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repacks-site.org 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirl-repacks-site.org 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirls-repacks.com 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlrepack.cc 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlrepacks.org 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirls-repacks.com 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlrepack.cc 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlrepacks.org 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirltorrent.org 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirltorrent.org 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirl-repacks.net 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirl-repacks.net 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add fitgirlrepack.net 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe add www.fitgirlrepack.net 109.94.209.70 # Fake FitGirl site
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
hosts.exe rem fitgirl-repacks.site
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6392,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5624,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5688,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0404876-2d50-420e-8a60-5472e3d1dd45} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70a3f9e4-36bc-446b-8fcd-0250029a59af} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3008 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b468118-94ff-4299-9d55-29769267e126} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4276 -childID 2 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66635400-7b12-4e1f-94b4-33b823f98b7b} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4920 -prefMapHandle 4892 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a3e727-57b8-4983-b3f2-362e1f6395f0} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5172 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80614f54-9202-4d86-a662-6f950e0cf700} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75a15413-8098-41b6-8127-6cd35bcc9cef} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 5 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12421c0a-1531-48fe-9eb5-00148bb50bb6} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6004 -childID 6 -isForBrowser -prefsHandle 6332 -prefMapHandle 6328 -prefsLen 27450 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27db3d15-2c51-42eb-8918-1001ffd7349b} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6444 -childID 7 -isForBrowser -prefsHandle 6488 -prefMapHandle 6492 -prefsLen 27450 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35ec0881-8779-4743-9743-d914bc067860} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6764 -parentBuildID 20240401114208 -prefsHandle 6744 -prefMapHandle 6756 -prefsLen 30147 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eede4180-7f67-4ce8-afdf-627a64584c04} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6784 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6760 -prefMapHandle 6768 -prefsLen 30147 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c879766-362b-417c-8952-d11a2411801a} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6324 -childID 8 -isForBrowser -prefsHandle 7272 -prefMapHandle 6696 -prefsLen 27777 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ac84626-f06a-4f14-93e4-6979f4a41ef3} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7400 -childID 9 -isForBrowser -prefsHandle 7188 -prefMapHandle 7272 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c30c33-0111-4fa2-a18e-67300f8d6ecf} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7660 -childID 10 -isForBrowser -prefsHandle 7576 -prefMapHandle 7584 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50a7786d-4e75-44a4-9cfe-5fb95efcc0e0} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7156 -childID 11 -isForBrowser -prefsHandle 7388 -prefMapHandle 5808 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e61440-0e5e-4955-906d-b42030e50767} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7532 -childID 12 -isForBrowser -prefsHandle 6240 -prefMapHandle 7484 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b61c1016-8a75-4b22-95ba-c64586aac3b5} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7464 -childID 13 -isForBrowser -prefsHandle 7736 -prefMapHandle 7612 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8335bf9c-3813-453e-8989-902a00e52f1c} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 14 -isForBrowser -prefsHandle 7804 -prefMapHandle 7808 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24ef2bac-aa19-41ff-8683-65de196d7dc6} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 15 -isForBrowser -prefsHandle 5252 -prefMapHandle 8152 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c3c05f7-f25a-4514-9d3d-e9fd269cc86a} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8344 -childID 16 -isForBrowser -prefsHandle 8348 -prefMapHandle 8352 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d88b87ce-de71-4d55-8b73-eb8bd4ada37a} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8572 -childID 17 -isForBrowser -prefsHandle 8488 -prefMapHandle 8492 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9946aa65-20a6-4c3b-8989-d1568a301c5f} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8708 -childID 18 -isForBrowser -prefsHandle 8788 -prefMapHandle 8784 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23a18a16-483b-4682-a48b-c57050c070da} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8492 -childID 19 -isForBrowser -prefsHandle 8740 -prefMapHandle 8744 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08bc9694-9d0e-4d20-964c-c52454c2d9f2} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8968 -childID 20 -isForBrowser -prefsHandle 8972 -prefMapHandle 9060 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {045d6628-3ea4-4b94-9454-98ad2ee6ff52} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9348 -childID 21 -isForBrowser -prefsHandle 9372 -prefMapHandle 9368 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ec5c639-bd9a-4852-b35f-59819fef67f1} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9600 -childID 22 -isForBrowser -prefsHandle 9612 -prefMapHandle 9608 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c179b829-5f4d-4c5f-94f1-ee7f82d4df5d} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9732 -childID 23 -isForBrowser -prefsHandle 9740 -prefMapHandle 9744 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {814ea2b9-b66c-4adf-a272-5bcb7d1dd476} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9952 -childID 24 -isForBrowser -prefsHandle 9960 -prefMapHandle 9964 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bc85cac-dabf-4774-986f-f26235d808db} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10084 -childID 25 -isForBrowser -prefsHandle 10168 -prefMapHandle 10164 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ce15d2-3026-4c15-9962-5068cc6205b8} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10268 -childID 26 -isForBrowser -prefsHandle 10280 -prefMapHandle 10272 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed938bd6-b200-49b8-b9d2-d90e0c877def} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10004 -childID 27 -isForBrowser -prefsHandle 10252 -prefMapHandle 10508 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {484ea398-139e-4829-b532-6321d16ca7f9} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10320 -childID 28 -isForBrowser -prefsHandle 10652 -prefMapHandle 10648 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {004b4457-e4ce-4fb2-ad24-d4737ca07d52} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10840 -childID 29 -isForBrowser -prefsHandle 10872 -prefMapHandle 10784 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {941b1fd5-5dba-4f8a-b597-627b8b746cc3} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11028 -childID 30 -isForBrowser -prefsHandle 10984 -prefMapHandle 10992 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8a1bcd2-91b8-467f-8e6a-155d43357fb5} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11040 -childID 31 -isForBrowser -prefsHandle 10972 -prefMapHandle 10976 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07d78736-f09a-4f56-bb9b-8b792a3adb9e} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11308 -childID 32 -isForBrowser -prefsHandle 11296 -prefMapHandle 11304 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {705ba5a4-230a-44b9-8fec-08e4a0a7697c} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11364 -childID 33 -isForBrowser -prefsHandle 11284 -prefMapHandle 11288 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46956348-681c-4ec1-bc37-026da2b3fcb0} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11356 -childID 34 -isForBrowser -prefsHandle 11168 -prefMapHandle 11276 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {004f8895-076b-41db-ac30-5ff9b6d73994} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7448 -childID 35 -isForBrowser -prefsHandle 11916 -prefMapHandle 11820 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d976fa0-4db9-4596-8211-d124570153d4} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6908 -childID 36 -isForBrowser -prefsHandle 4764 -prefMapHandle 7248 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6d7539d-5dd9-477e-99b9-257054811d82} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\" -spe -an -ai#7zMap21052:138:7zEvent2500
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\" -spe -an -ai#7zMap24052:166:7zEvent27139
C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe
"C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe"
C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe
C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe
"C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5732 -ip 5732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 5732 -ip 5732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 1284
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 1308
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5732 -ip 5732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 1332
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 8776 -ip 8776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 8776 -ip 8776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 1260
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 8776 -ip 8776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 1288
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| GB | 23.73.139.27:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| BZ | 190.115.31.179:443 | fitgirl-repacks.site | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.169.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.31.115.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | i3.imageban.ru | udp |
| US | 8.8.8.8:53 | i3.imageban.ru | udp |
| US | 8.8.8.8:53 | i5.imageban.ru | udp |
| US | 8.8.8.8:53 | i5.imageban.ru | udp |
| RU | 62.109.5.15:443 | i5.imageban.ru | tcp |
| RU | 82.146.61.17:443 | i3.imageban.ru | tcp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | i6.imageban.ru | udp |
| US | 8.8.8.8:53 | i6.imageban.ru | udp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| US | 8.8.8.8:53 | i123.fastpic.org | udp |
| US | 8.8.8.8:53 | i123.fastpic.org | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| FR | 216.58.214.174:443 | www.youtube.com | tcp |
| FR | 216.58.214.174:443 | www.youtube.com | tcp |
| FR | 216.58.214.174:443 | www.youtube.com | tcp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| FR | 51.77.211.179:443 | i123.fastpic.org | tcp |
| FR | 51.77.211.179:443 | i123.fastpic.org | tcp |
| RU | 62.109.19.95:443 | i7.imageban.ru | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | i1.imageban.ru | udp |
| US | 8.8.8.8:53 | i1.imageban.ru | udp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| RU | 92.63.103.84:443 | i1.imageban.ru | tcp |
| FR | 216.58.214.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i4.imageban.ru | udp |
| US | 8.8.8.8:53 | i4.imageban.ru | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.5.109.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.61.146.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.31.109.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.211.77.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.87.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.19.109.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.103.63.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| FR | 216.58.214.86:443 | i.ytimg.com | tcp |
| GB | 95.101.129.233:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | i4.imageban.ru | udp |
| US | 8.8.8.8:53 | i4.imageban.ru | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i1.imageban.ru | udp |
| US | 8.8.8.8:53 | i1.imageban.ru | udp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| US | 8.8.8.8:53 | torrent-stats.info | udp |
| US | 8.8.8.8:53 | torrent-stats.info | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| GB | 2.18.190.133:443 | shared.akamai.steamstatic.com | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fitgirl-repacks-site.disqus.com | udp |
| US | 8.8.8.8:53 | fitgirl-repacks-site.disqus.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.2:443 | i0.wp.com | udp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | udp |
| US | 199.232.196.134:443 | fitgirl-repacks-site.disqus.com | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 8.8.8.8:53 | 233.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.117.230.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.254.98.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.74.234:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.74.234:443 | jnn-pa.googleapis.com | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | fitgirl-repacks-site.disqus.com | udp |
| US | 8.8.8.8:53 | fitgirl-repacks-site.disqus.com | udp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| GB | 13.224.132.33:443 | c.disquscdn.com | tcp |
| FR | 142.250.74.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 134.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| FR | 216.58.214.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:50685 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 139.54.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:50692 | tcp | |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| BZ | 190.115.31.179:80 | fitgirl-repacks.site | tcp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| BZ | 190.115.31.179:80 | fitgirl-repacks.site | tcp |
| US | 8.8.8.8:53 | fitgirl-repacks.site | udp |
| BZ | 190.115.31.179:443 | fitgirl-repacks.site | tcp |
| US | 8.8.8.8:53 | i3.imageban.ru | udp |
| US | 8.8.8.8:53 | i5.imageban.ru | udp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| US | 8.8.8.8:53 | i6.imageban.ru | udp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| US | 8.8.8.8:53 | i123.fastpic.org | udp |
| US | 8.8.8.8:53 | i1.imageban.ru | udp |
| US | 8.8.8.8:53 | i4.imageban.ru | udp |
| US | 8.8.8.8:53 | torrent-stats.info | udp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| RU | 92.63.103.84:443 | i1.imageban.ru | tcp |
| RU | 92.63.103.84:443 | i1.imageban.ru | tcp |
| RU | 62.109.5.15:443 | i5.imageban.ru | tcp |
| RU | 82.146.61.17:443 | i3.imageban.ru | tcp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| FR | 51.77.211.179:443 | i123.fastpic.org | tcp |
| FR | 51.77.211.179:443 | i123.fastpic.org | tcp |
| RU | 62.109.19.95:443 | i7.imageban.ru | tcp |
| RU | 62.109.19.95:443 | i7.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| RU | 37.230.117.113:443 | i4.imageban.ru | tcp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| US | 8.8.8.8:53 | i1.imageban.ru | udp |
| US | 8.8.8.8:53 | i5.imageban.ru | udp |
| US | 8.8.8.8:53 | i3.imageban.ru | udp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | i6.imageban.ru | udp |
| US | 8.8.8.8:53 | i123.fastpic.org | udp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| US | 8.8.8.8:53 | i4.imageban.ru | udp |
| US | 8.8.8.8:53 | torrent-stats.info | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | i5.imageban.ru | udp |
| US | 8.8.8.8:53 | i4.imageban.ru | udp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | i1.imageban.ru | udp |
| GB | 2.18.190.133:443 | shared.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | a1949.dscb.akamai.net | udp |
| US | 8.8.8.8:53 | i123.fastpic.org | udp |
| US | 8.8.8.8:53 | i6.imageban.ru | udp |
| US | 8.8.8.8:53 | torrent-stats.info | udp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| US | 8.8.8.8:53 | i3.imageban.ru | udp |
| GB | 2.18.190.133:443 | a1949.dscb.akamai.net | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | a1949.dscb.akamai.net | udp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 192.0.76.3:443 | stats.wp.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fitgirl-repacks-site.disqus.com | udp |
| US | 8.8.8.8:53 | prod.disqus.map.fastlylb.net | udp |
| US | 8.8.8.8:53 | prod.disqus.map.fastlylb.net | udp |
| FR | 142.250.179.110:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 199.232.192.134:443 | prod.disqus.map.fastlylb.net | tcp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.74.234:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.74.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.75.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.75.246:443 | i.ytimg.com | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.74.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | tcp |
| FR | 142.250.75.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 246.75.250.142.in-addr.arpa | udp |
| FR | 142.250.179.97:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | i3.imageban.ru | udp |
| RU | 82.146.61.17:443 | i3.imageban.ru | tcp |
| RU | 62.109.5.15:443 | i5.imageban.ru | tcp |
| US | 8.8.8.8:53 | i5.imageban.ru | udp |
| RU | 62.109.31.142:443 | i2.imageban.ru | tcp |
| US | 8.8.8.8:53 | i2.imageban.ru | udp |
| RU | 80.87.200.35:443 | i6.imageban.ru | tcp |
| US | 8.8.8.8:53 | i6.imageban.ru | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| RU | 62.109.19.95:443 | i7.imageban.ru | tcp |
| US | 8.8.8.8:53 | i7.imageban.ru | udp |
| FR | 51.77.211.179:443 | i123.fastpic.org | tcp |
| US | 8.8.8.8:53 | i123.fastpic.org | udp |
| FR | 142.250.74.234:443 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 199.232.192.134:443 | prod.disqus.map.fastlylb.net | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | prod.disqus.map.fastlylb.net | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| FR | 87.98.254.167:443 | torrent-stats.info | tcp |
| US | 8.8.8.8:53 | s01.riotpixels.net | udp |
| US | 8.8.8.8:53 | s01.riotpixels.net | udp |
| US | 8.8.8.8:53 | s01.riotpixels.net | udp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 104.21.30.45:443 | s01.riotpixels.net | tcp |
| US | 8.8.8.8:53 | 45.30.21.104.in-addr.arpa | udp |
| US | 104.21.30.45:443 | s01.riotpixels.net | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | 134.64.101.151.in-addr.arpa | udp |
| DE | 108.157.4.44:443 | c.disquscdn.com | tcp |
| DE | 108.157.4.44:443 | c.disquscdn.com | tcp |
| DE | 108.157.4.44:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | d231vab146qzfb.cloudfront.net | udp |
| US | 8.8.8.8:53 | d231vab146qzfb.cloudfront.net | udp |
| US | 8.8.8.8:53 | 44.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | realtime.services.disqus.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 8.8.8.8:53 | realtime.services.disqus.com | udp |
| US | 8.8.8.8:53 | a.disquscdn.com | udp |
| US | 52.5.112.135:443 | realtime.services.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | realtime.services.disqus.com | udp |
| US | 199.232.194.49:443 | a.disquscdn.com | tcp |
| US | 8.8.8.8:53 | l2.shared.us-eu.fastly.net | udp |
| US | 8.8.8.8:53 | l2.shared.us-eu.fastly.net | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.194.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.112.5.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fuckingfast.co | udp |
| US | 104.26.11.108:443 | fuckingfast.co | tcp |
| US | 8.8.8.8:53 | fuckingfast.co | udp |
| US | 8.8.8.8:53 | fuckingfast.co | udp |
| US | 104.26.11.108:443 | fuckingfast.co | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 2itt75dx.xyz | udp |
| US | 172.67.172.204:443 | 2itt75dx.xyz | tcp |
| US | 8.8.8.8:53 | 2itt75dx.xyz | udp |
| US | 8.8.8.8:53 | 2itt75dx.xyz | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.172.67.172.in-addr.arpa | udp |
| US | 172.67.172.204:443 | 2itt75dx.xyz | udp |
| US | 8.8.8.8:53 | hqib2ufk.net | udp |
| US | 104.21.63.134:443 | hqib2ufk.net | tcp |
| US | 8.8.8.8:53 | hqib2ufk.net | udp |
| US | 8.8.8.8:53 | hqib2ufk.net | udp |
| US | 8.8.8.8:53 | 134.63.21.104.in-addr.arpa | udp |
| US | 104.21.63.134:443 | hqib2ufk.net | udp |
| US | 8.8.8.8:53 | rentry.co | udp |
| US | 104.26.3.16:443 | rentry.co | tcp |
| US | 8.8.8.8:53 | rentry.co | udp |
| US | 8.8.8.8:53 | rentry.co | udp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 8.8.8.8:53 | 16.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| GB | 159.65.211.77:443 | cdn4.buysellads.net | tcp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | exchange.cootlogix.com | udp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| GB | 54.192.139.162:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 198.211.114.214:443 | exchange.cootlogix.com | tcp |
| US | 198.211.114.214:443 | exchange.cootlogix.com | tcp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | hlno24mlb.puzztake.com | udp |
| US | 8.8.8.8:53 | euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| NL | 89.149.193.80:443 | euw1.smartadserver.com | tcp |
| NL | 89.149.193.80:443 | euw1.smartadserver.com | tcp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| DE | 108.157.4.123:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| IE | 54.154.189.36:443 | ads.servenobid.com | tcp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| NL | 178.250.1.8:443 | bidder.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | hlno24mlb.puzztake.com | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | 77.211.65.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.139.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.189.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.114.211.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.34.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| DE | 18.173.232.53:443 | d1jvc9b8z3vcjs.cloudfront.net | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| DE | 108.157.4.57:443 | config.aps.amazon-adsystem.com | tcp |
| NL | 23.218.48.210:443 | e4536.g.akamaiedge.net | tcp |
| GB | 18.245.143.100:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 18.245.162.116:443 | static4.buysellads.net | tcp |
| US | 8.8.8.8:53 | d2o0hm3gx7c7ua.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2o0hm3gx7c7ua.cloudfront.net | udp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | 53.232.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.48.218.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 104.22.5.69:443 | a.ad.gt.cdn.cloudflare.net | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs-simple.com | udp |
| NL | 185.89.210.180:443 | ams3-ib.adnxs.com | tcp |
| GB | 95.101.129.233:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 95.101.129.233:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 95.101.129.233:443 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 151.101.1.108:443 | cdn.adnxs-simple.com | tcp |
| US | 151.101.65.108:443 | cdn.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| FR | 185.235.86.74:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc2.fr3.eu.criteo.com | udp |
| NL | 185.235.87.226:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc8.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | gbc2.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc8.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | buysellads-d.openx.net | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | public.servenobid.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 34.98.64.218:443 | buysellads-d.openx.net | tcp |
| US | 8.8.8.8:53 | buysellads-d.openx.net | udp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 159.223.124.226:443 | sync.cootlogix.com | tcp |
| US | 8.8.8.8:53 | hj5ozcalb.puzztake.com | udp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| FR | 185.255.84.152:443 | visitor-fra02.omnitagjs.com | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| GB | 2.22.68.191:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| DE | 18.66.248.39:443 | public.servenobid.com | tcp |
| US | 8.8.8.8:53 | public.servenobid.com | udp |
| US | 8.8.8.8:53 | buysellads-d.openx.net | udp |
| US | 8.8.8.8:53 | hj5ozcalb.puzztake.com | udp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | public.servenobid.com | udp |
| US | 34.98.64.218:443 | buysellads-d.openx.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | 226.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.68.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.124.223.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | 74.86.235.185.in-addr.arpa | udp |
| US | 3.230.236.160:443 | api-2-0.spot.im | tcp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | k8s-kongow-generalp-4b9a3bfec6-974801183.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | imagsync-lhrpairbc.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 172.111.38.54:443 | tracker.open-adsyield.com | tcp |
| US | 8.8.8.8:53 | chidc2.outbrain.org | udp |
| US | 8.8.8.8:53 | tracker-use.ortb.net | udp |
| US | 8.8.8.8:53 | k8s-kongow-generalp-4b9a3bfec6-974801183.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com.akadns.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | imagsync-lhrpairbc.pubmatic.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | dorpat.geo.iponweb.net | udp |
| US | 8.8.8.8:53 | chidc2.outbrain.org | udp |
| US | 8.8.8.8:53 | tracker-use.ortb.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | eu-west-1-cs-rtb.openwebmp.com | udp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 35.214.149.91:443 | user-data-eu.bidswitch.net | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 34.250.109.179:443 | match.prod.bidr.io | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| GB | 185.64.191.214:443 | imagsync-lhrpairbc.pubmatic.com | tcp |
| US | 64.74.236.159:443 | b1sync.zemanta.com | tcp |
| US | 64.74.236.159:443 | b1sync.zemanta.com | tcp |
| US | 52.6.202.249:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.199.88:443 | dorpat.geo.iponweb.net | tcp |
| IE | 54.229.86.110:443 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | tcp |
| IE | 52.49.168.145:443 | jadserve.postrelease.com.akadns.net | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | dorpat.geo.iponweb.net | udp |
| GB | 13.224.222.56:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| US | 8.8.8.8:53 | dckrl2e5yf7xg.cloudfront.net | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | dckrl2e5yf7xg.cloudfront.net | udp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| US | 104.17.44.93:443 | gum.aidemsrv.com | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| GB | 23.73.139.80:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 18.214.118.225:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 104.17.44.93:443 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | e8960.e2.akamaiedge.net | udp |
| GB | 23.215.239.190:443 | e8960.e2.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| NL | 81.17.55.171:443 | ssbsync.smartadserver.com | tcp |
| NL | 81.17.55.171:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | e8960.e2.akamaiedge.net | udp |
| US | 67.202.105.21:443 | pixel.33across.com | tcp |
| US | 8.8.8.8:53 | iad-2-sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | iad-2-sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | am6-tmp.a-mx.net | udp |
| IE | 52.50.78.192:443 | g2.gumgum.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | a-emea.rfihub.com.akadns.net | udp |
| US | 8.8.8.8:53 | 160.236.230.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.109.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.86.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.168.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.202.6.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.44.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 18.214.118.225:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | cdn.dxkulture.com | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| IE | 18.202.134.149:443 | raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com | tcp |
| NL | 193.0.160.130:443 | a-emea.rfihub.com.akadns.net | tcp |
| US | 69.166.1.35:443 | iad-2-sync.go.sonobi.com | tcp |
| NL | 147.75.34.177:443 | am6-tmp.a-mx.net | tcp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| NL | 35.214.199.88:443 | dorpat.geo.iponweb.net | udp |
| US | 8.8.8.8:53 | a-emea.rfihub.com.akadns.net | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com | udp |
| GB | 23.73.139.80:443 | a1970.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | am6-tmp.a-mx.net | udp |
| US | 3.225.43.156:443 | ssp.disqus.com | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | dssp-prod-cdn.nyc3.cdn.digitaloceanspaces.com | udp |
| GB | 2.21.184.63:443 | hbx.media.net | tcp |
| US | 172.64.145.29:443 | dssp-prod-cdn.nyc3.cdn.digitaloceanspaces.com | tcp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | zeta-ssp-385516103.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | dssp-prod-cdn.nyc3.cdn.digitaloceanspaces.com | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 34.238.78.132:443 | qvdt3feo.com | tcp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| GB | 23.73.139.80:443 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| GB | 2.21.184.63:443 | hbx.media.net | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.118.214.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.78.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.34.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.134.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.184.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.43.225.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.78.238.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.72.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.net.akadns.net | tcp |
| US | 8.8.8.8:53 | ads.dxkulture.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | 1.cpm.ak-is2.net | udp |
| DK | 37.157.3.26:443 | c1.adform.net | tcp |
| DK | 37.157.3.26:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | track.adformnet.akadns.net | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 8.8.8.8:53 | ads.dxkulture.com | udp |
| IE | 18.200.154.164:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 54.144.14.120:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | ds-pr-bh.ybp.gysm.yahoodns.net | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 169.197.150.8:443 | match.deepintent.com | tcp |
| US | 8.8.8.8:53 | m.deepintent.com | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| US | 8.8.8.8:53 | 1.cpm.ak-is2.net | udp |
| FR | 142.250.178.130:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | track.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | ads.dxkulture.com | udp |
| US | 8.8.8.8:53 | m.deepintent.com | udp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | ds-pr-bh.ybp.gysm.yahoodns.net | udp |
| JP | 124.146.153.152:443 | tg.socdm.com | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tg.dr.socdm.com | udp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| US | 8.8.8.8:53 | tg.dr.socdm.com | udp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| FR | 142.250.178.130:443 | cm.g.doubleclick.net | udp |
| JP | 124.146.153.152:443 | tg.dr.socdm.com | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 52.48.92.50:443 | rtb.gumgum.com | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.154.200.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.126.55.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.14.144.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.150.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.15.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.153.146.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.92.48.52.in-addr.arpa | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| LU | 66.203.125.11:443 | lu.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | 11.125.203.66.in-addr.arpa | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| FR | 185.206.26.43:443 | gfs208n133.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.43:443 | gfs208n133.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.43:443 | gfs208n133.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.43:443 | gfs208n133.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs208n133.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n133.userstorage.mega.co.nz | udp |
| FR | 185.206.26.43:443 | gfs208n133.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.43:443 | gfs208n133.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 43.26.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| FR | 185.255.84.151:443 | hb-api-fra02.omnitagjs.com | tcp |
| US | 198.211.114.214:443 | exchange.cootlogix.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 178.250.1.8:443 | bidder.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| NL | 193.3.178.4:443 | pbjs.e-planning.net | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| FR | 5.196.111.64:443 | euw2.smartadserver.com | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | 64.111.196.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | calcuatllitwop.shop | udp |
| US | 172.67.214.24:443 | calcuatllitwop.shop | tcp |
| US | 8.8.8.8:53 | potentioallykeos.shop | udp |
| US | 104.21.95.208:443 | potentioallykeos.shop | tcp |
| US | 8.8.8.8:53 | 24.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.179.110:443 | www.youtube.com | udp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| FR | 142.250.179.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | csm.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.vip.prod.criteo.net | udp |
| US | 172.67.214.24:443 | calcuatllitwop.shop | tcp |
| US | 104.21.95.208:443 | potentioallykeos.shop | tcp |
Files
memory/3764-0-0x0000000000400000-0x000000000042D000-memory.dmp
memory/3764-2-0x0000000000401000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp
| MD5 | ae9890548f2fcab56a4e9ae446f55b3f |
| SHA1 | e17c970eebbe6d7d693c8ac5a7733218800a5a96 |
| SHA256 | 09af8004b85478e1eca09fa4cb5e3081dddcb2f68a353f3ef6849d92be47b449 |
| SHA512 | 154b6f66ff47db48ec0788b8e67e71f005b51434920d5d921ac2a5c75745576b9b960e2e53c6a711f90f110ad2372ef63045d2a838bc302367369ef1731c80eb |
memory/1532-7-0x0000000000400000-0x0000000000579000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\idp.dll
| MD5 | af555ac9c073f88fe5bf0d677f085025 |
| SHA1 | 5fff803cf273057c889538886f6992ea05dd146e |
| SHA256 | f4fc0187491a9cb89e233197ff72c2405b5ec02e8b8ea640ee68d034ddbc44bb |
| SHA512 | c61bf21a5b81806e61aae1968d39833791fd534fc7bd2c85887a5c0b2caedab023d94efdbbfed2190b087086d3fd7b98f2737a65f4536ab603dec67c9a8989f5 |
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\innocallback.dll
| MD5 | 1c55ae5ef9980e3b1028447da6105c75 |
| SHA1 | f85218e10e6aa23b2f5a3ed512895b437e41b45c |
| SHA256 | 6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f |
| SHA512 | 1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b |
memory/1532-21-0x00000000033B0000-0x00000000033C5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\ISDone.dll
| MD5 | 63dc27b7bc65243efaa59a9797a140ba |
| SHA1 | 22f893aefcebecc9376e2122a3321befa22cdd73 |
| SHA256 | c652b4b564b3c85c399155cbb45c6fb5a9f56f074e566bfd20f01da6e0412c74 |
| SHA512 | 3df72dc171baa4698dfd0c324a96dde79eb1c8909f2ff7d8da40e5ca1de08f1fc26298139ab618e0bb3fa168efe5d6059398b90d8ff5f88e54c7988c21fb679e |
memory/1532-28-0x0000000003530000-0x0000000003595000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\wintb.dll
| MD5 | 9436df49e08c83bad8ddc906478c2041 |
| SHA1 | a4fa6bdd2fe146fda2e78fdbab355797f53b7dce |
| SHA256 | 1910537aa95684142250ca0c7426a0b5f082e39f6fbdbdba649aecb179541435 |
| SHA512 | f9dc6602ab46d709efdaf937dcb8ae517caeb2bb1f06488c937be794fd9ea87f907101ae5c7f394c7656a6059dc18472f4a6747dcc8cc6a1e4f0518f920cc9bf |
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\BASS.dll
| MD5 | 8005750ec63eb5292884ad6183ae2e77 |
| SHA1 | c83e31655e271cd9ef5bff62b10f8d51eb3ebf29 |
| SHA256 | df9f56c4da160101567b0526845228ee481ee7d2f98391696fa27fe41f8acf15 |
| SHA512 | febbc6374e9a5c7c9029ccbff2c0ecf448d76927c8d720a4eae513b345d2a3f6de8cf774ae40dcd335af59537666e83ce994ec0adc8b9e8ab4575415e3c3e206 |
memory/1532-69-0x0000000011000000-0x000000001104C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\CallbackCtrl.dll
| MD5 | f07e819ba2e46a897cfabf816d7557b2 |
| SHA1 | 8d5fd0a741dd3fd84650e40dd3928ae1f15323cc |
| SHA256 | 68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d |
| SHA512 | 7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af |
memory/1532-78-0x0000000006AF0000-0x0000000006AFF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\botva2.dll
| MD5 | 67965a5957a61867d661f05ae1f4773e |
| SHA1 | f14c0a4f154dc685bb7c65b2d804a02a0fb2360d |
| SHA256 | 450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105 |
| SHA512 | c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b |
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\MusicButton.png
| MD5 | 473a683962d3375a00f93dd8ce302158 |
| SHA1 | 1c0709631834fd3715995514eef875b2b968a6be |
| SHA256 | 7f4ad4d912cdabdfbb227387759db81434e20583687737f263d4f247326f0c1a |
| SHA512 | 24ffe03b5de8aec324c363b4be1d0ae4c8981176a9f78a359f140de792251e4f2e3e82e2a6f3c19ff686de5588e8665409ddc56fc9532418f6d476869f3f1f9e |
memory/1532-85-0x0000000000400000-0x0000000000579000-memory.dmp
memory/3764-86-0x0000000000400000-0x000000000042D000-memory.dmp
memory/1532-92-0x0000000006AF0000-0x0000000006AFF000-memory.dmp
memory/1532-91-0x0000000011000000-0x000000001104C000-memory.dmp
memory/1532-89-0x0000000003530000-0x0000000003595000-memory.dmp
memory/1532-90-0x000000006B080000-0x000000006B08D000-memory.dmp
memory/1532-88-0x00000000033B0000-0x00000000033C5000-memory.dmp
memory/1532-93-0x0000000011000000-0x000000001104C000-memory.dmp
memory/1532-94-0x0000000000400000-0x0000000000579000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe
| MD5 | df77f2b6126f4f258f2e952b53b22879 |
| SHA1 | fedda8401ebfe872dd081538deec58965e82f675 |
| SHA256 | a4cc6683393795f7b84d0b49eea2d7d7fbe1392bb7612cf39896af6832ffe0b8 |
| SHA512 | 623c5a2b3382b610bf2a2812db94ea77e52051f307fd1ba7767927719277a7d99e844f9286a52549f888ad818c4d4d09759c031a8ab6dbc58911257987028a37 |
memory/4308-124-0x0000000000400000-0x0000000000410000-memory.dmp
memory/1532-126-0x00000000033B0000-0x00000000033C5000-memory.dmp
memory/1532-129-0x0000000011000000-0x000000001104C000-memory.dmp
memory/1532-130-0x0000000006AF0000-0x0000000006AFF000-memory.dmp
memory/1532-127-0x0000000003530000-0x0000000003595000-memory.dmp
memory/1532-125-0x0000000000400000-0x0000000000579000-memory.dmp
F:\Games\FNaF - Into the Pit\unins000.exe
| MD5 | eaf7c2bac7c2e9110f9c157f7615a7b8 |
| SHA1 | 2391a9319d4a2adabbb52598204ca286c40d0a48 |
| SHA256 | 4352e6ef476d5147f8c377540a660136154164ea0eb7a72dc487a41128742d9f |
| SHA512 | fe34ae324e4adcbfe67d3752ed146b27ecb881f36a81537da9c9525d8bc9d295d0cdc1533b739214ac315743a27754d0110d4c1dd98ec4da0a2d4edcc783294c |
F:\Games\FNaF - Into the Pit\unins000.dat
| MD5 | c473120133f93a20d0a967d4ce039d31 |
| SHA1 | c20ba4032a71acfdec1e30a54b97404a90a1fb06 |
| SHA256 | e88b4a1862b27f139aac2af412d4ec5fb9335a8a084fa84dfc7c1609b6bd481f |
| SHA512 | 49876bf61b12c09f0924673e22e000b801b5c77f03ba0f71497d50fe7e4a07374224ead5a51e96861c1cec8388308f3369dbda99d236fe9c10fb24ac1f92d1a9 |
C:\Users\Admin\AppData\Local\Temp\is-ST7K6.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Public\Desktop\FNaF - Into the Pit.lnk
| MD5 | 0cc98284b0083ee7865da446ccbccb72 |
| SHA1 | c046c5ccf9fe0cdeb1a2b7714b453e00545f341d |
| SHA256 | 1192586197cddbe021ca6f876916d595d4418df40e3ef1e5eb53949a85df0934 |
| SHA512 | e63a1bc266c0771b24ec028ffc4a4cc4e21bfd69109179d8708e2746a34b4efe50522263b8116534e252e20d755b13de6c88ecef3774b4893cff8f7e899f2351 |
F:\Games\FNaF - Into the Pit\_Redist\fitgirl.md5
| MD5 | 570afae8ea7f0fade6c5ceeef6d8c11c |
| SHA1 | 629b7f66bf4aedf5574345b1c19cc3e2e015630f |
| SHA256 | d7dc9009cfdec136602e61d016872e75eabf60c04e5c07985b4d0e1e629aa3e9 |
| SHA512 | 7701f6d36d19d0d6f7f8d08f3ae9f98a5535dc6b7a6ad74117ddfca7bd95d68753d28392a03579272ec70a323792188e76a945fb046ce6751359cc98f52b3bac |
F:\Games\FNaF - Into the Pit\_Redist\dxwebsetup.exe
| MD5 | 56d52c503adf02184f19eee4767ef60a |
| SHA1 | ca133f67a286f4f20282e19837b53b38a27a1caa |
| SHA256 | ed79c8f65b02ed83d5db8c355328294a73dc447f08f657312bf8f3a5b40c7494 |
| SHA512 | 246f35664a9af548d402878a3e6ce6d8901a0978477b145db5fd4e5857021efc4016369e9e02e709a27cf5c84f44a32e106008668ba96e2b45d4d06599090d8f |
F:\Games\FNaF - Into the Pit\_Redist\QuickSFV.EXE
| MD5 | 4b1d5ec11b2b5db046233a28dba73b83 |
| SHA1 | 3a4e464d3602957f3527727ea62876902b451511 |
| SHA256 | a6371461da7439f4ef7008ed53331209747cba960b85c70a902d46451247a29c |
| SHA512 | fcd653dbab79dbedca461beb8d01c2a4d0fd061fcfba50ffa12238f338a5ea03e7f0e956a3932d785e453592ce7bb1b8a2f1d88392e336bd94fb94a971450b69 |
F:\Games\FNaF - Into the Pit\_Redist\QuickSFV.ini
| MD5 | c5c28798bca6e9ed5d84fa67b656065a |
| SHA1 | 4b6fa3465f1b393e22e9f083b177462028a48e93 |
| SHA256 | 74ca5a42469197eded04f5a0bf34ca251c72f7cc06a3416ac035230cb8e81629 |
| SHA512 | c06baa4b31e2866fc3f298826930f43fb1d9c2de24e0984594e41f72f022a9090712b478e84d3cb46e0cb0f45d4e81d6c6443b69c7513775340324d9eda92963 |
memory/1080-150-0x0000000000400000-0x0000000000579000-memory.dmp
memory/1580-153-0x0000000000400000-0x0000000000579000-memory.dmp
memory/1532-159-0x0000000011000000-0x000000001104C000-memory.dmp
memory/1532-157-0x0000000003530000-0x0000000003595000-memory.dmp
memory/1532-155-0x0000000000400000-0x0000000000579000-memory.dmp
memory/1532-156-0x00000000033B0000-0x00000000033C5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\host.cmd
| MD5 | fb489cd440c176d00ccc026513be727a |
| SHA1 | 486de4c536f9fdf93564867090067a27f529bb85 |
| SHA256 | 08e8437535454586b63855382bc4ce90bc2348ddecced2f7d1ebd87b9923fa2a |
| SHA512 | 441b9b8419d0fd0008156171683df806af28a6ad5cfeaaa7e0ce42cb2db82036c348cda0ddfb84e736bef69da54080befcad3b8091703727d7df75c0f86d1c16 |
C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
| MD5 | a7f30bb876775a914422675a13dd56b3 |
| SHA1 | 3ea28fe66a04ebbad2507a7dfdebf1622c701d43 |
| SHA256 | 49bdf4c437cf51ed0b369db9935d2f09883859d96a64593247c89c70e6840119 |
| SHA512 | 6decbf54a3b62cfe549f1e45d1e5e99b2c33c792a67e9f29b9be3cb51d7e89ff0238cc4479f4a004d2b70989517531ccbbd6e420675fd3d37949cc20c90a6656 |
memory/2984-165-0x0000000000A60000-0x0000000000A6E000-memory.dmp
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 008fba141529811128b8cd5f52300f6e |
| SHA1 | 1a350b35d82cb4bd7a924b6840c36a678105f793 |
| SHA256 | ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84 |
| SHA512 | 80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc |
\??\c:\windows\system32\drivers\etc\hosts
| MD5 | 58c038bdfa1029309ac8934d58dabc67 |
| SHA1 | a5c07b734be2e1f22a88d88c303146eb419f96a7 |
| SHA256 | 09a37ae03d23e382c5c07d8bf8bad4eb426ca9abc37a2e74d1547c425a7a5171 |
| SHA512 | efc8a28931256ccdd8adc1f6b7105059d015aab030ad2de43a319d46c6fe3a7118f0747767769c73259bc03d695389ac7f1340cbdb1852d00d063d25953ed370 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hosts.exe.log
| MD5 | f8ec7f563d06ccddddf6c96b8957e5c8 |
| SHA1 | 73bdc49dcead32f8c29168645a0f080084132252 |
| SHA256 | 38ef57aec780edd2c8dab614a85ce87351188fce5896ffebc9f69328df2056ed |
| SHA512 | 8830821ac9edb4cdf4d8a3d7bc30433987ae4c158cf81b705654f54aaeba366c5fa3509981aceae21e193dd4483f03b9d449bc0a32545927d3ca94b0f9367684 |
\??\c:\windows\system32\drivers\etc\hosts
| MD5 | b05b62045ed529ecb9b6ebda9c7a03ca |
| SHA1 | 863d797d748b9e21ca61f29104353f5030070adf |
| SHA256 | 3be6bd7ba208511027f993fa34267df2381e66ac0cc0588081a52336ba975406 |
| SHA512 | e087677905998ee05faa64bcc4b1f1f35db6e18303353c3b4d9f85b8d5dfb3824f70bac91f1448a87790d6c0036bc091f32c2a392de20216612bfcb9ed2f60e0 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 90098a89e470bd12f2ab7e3e46190346 |
| SHA1 | 5ea45e12a80ab1cbb560be1823dc68260cacd84d |
| SHA256 | f5a2d2df78c0920e4a3917939f169f39aa31be1df429404336341d3fa0efe6dc |
| SHA512 | 7e75c1775c840b0f7c4cc29ec69c5b72be84d008979cedcab243f32fde18286479ef7ca2efe607edbc73a7d328166d99b1948738261cb5c0139a20e135ff1970 |
\??\c:\windows\system32\drivers\etc\hosts
| MD5 | 29476e3e293379d1bf00cb5cca2867cb |
| SHA1 | 0df705b8f203736cba3d2fbb7938e87867f9eeb0 |
| SHA256 | 7a06a579c327934bec75b39bca99d09969f210e323946817ac257ad80c24959d |
| SHA512 | 5986b1b5086158917308d88aae7695f84d363fa93711b959d69be5d91447b7cd3faa1f09bfa6ed217d9b52c235f7a4d3eb9d95d231d68dc682a6d4962c3edf77 |
\??\c:\windows\system32\drivers\etc\hosts
| MD5 | 4dfdcceb3a21e723d5eff18a6d1504f2 |
| SHA1 | 6860f1e5d159ce202dd104db7d288b23f3580222 |
| SHA256 | 5ed94bc1c5b7cd111711306682ee9ddfaaa71967e2626d936d87755be7cbb96b |
| SHA512 | 934b303382ae250deb838de9c13852555e6862ca9ef4d9c18ac7d2d53e520111d928fa5c7e7026864490028f2d8b38bad00a809557fd19bf6147261ed6f59731 |
\??\c:\windows\system32\drivers\etc\hosts
| MD5 | d4311f9afc2b6a3abdac082a777b863e |
| SHA1 | ad58b01cabc00391fadd177fbd2619b44ea510c5 |
| SHA256 | 52abe4e9a74d2129d860536fac246f8b3746b0d3636348bcb1bf4b8ced0858b5 |
| SHA512 | 3c482ec2e2760f16409dca398b1a1a6d9959716805bb0df5969858697ac581231d57701997ac70f28b9344ea93eb0c45fa94be52a68d09cf78402c471bb0f9a1 |
\??\c:\windows\system32\drivers\etc\hosts.rollback
| MD5 | 9fb2798481ae865b8b50c179bdbca26e |
| SHA1 | f8f17fc83ab37645eeeb698c3cf81b46a245b656 |
| SHA256 | 2468e5f2ffde0f1c564257a2cdcfe9f3a02dc61566879c16c1cde32826f3ea16 |
| SHA512 | 175e60002fa666c9e0404fe8413ca9b8699c32ff15c573c5954ef466ebfc128b74c2ac401ecc62303d61dc84b826bb725dfbc5676513f4f7e6ed9dcc577c75bd |
\??\c:\windows\system32\drivers\etc\hosts
| MD5 | e503bbdc60f908008d2b48c11f8fa4b7 |
| SHA1 | 52d54408cf1bd659f18f03583ec006b034e030c6 |
| SHA256 | 420f4ab3460810eb2297082d96e197b57fbcb916de7b207e7617e4c53d3303a5 |
| SHA512 | 593843f1dc1fbeb2ba82afebf4c7b7603155b24c2aafd98347dcbbb1b646bfaf941d0c392bedd765db76cbe50392f793b23be481e1cea984ada02206e9c9eb0e |
\??\c:\windows\system32\drivers\etc\hosts
| MD5 | ccd5727329626b06ec141a1bc31aaff0 |
| SHA1 | 5b2b26a9f8ac7f157c2b8023b14f5bc10f7c7422 |
| SHA256 | 4e492b443673a224cd26615c61bd5898a807a3df2922ac6068c18a88e31c724d |
| SHA512 | 040ee693a767c80b133571f080d357d2c996b7b83503a9feabfd4e66118e2fb8defcbd10829932fbe4473f8adffd9276e06fad8797c1f169ad406957faeb5914 |
\??\c:\windows\system32\drivers\etc\hosts
| MD5 | a191caf190dade435e0855c3abd9eef4 |
| SHA1 | 5923f980f3a0f21d02f9a94b85bdfd6001d67d32 |
| SHA256 | 45b2d1d6aa2aa63746d5fd7caf5faa05602c4e2339fb366ddd29cc1404a45189 |
| SHA512 | cabfbfed58b2866ced3d9f002cf1be253a259bdf0535ef4eb56abb25f6c270897cd003fb872a0f4721320d4decdfda8217e2e332f2d36c9c2cd08177f431ad6b |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 76df54f2193b02a222ad9c85f8d7fb55 |
| SHA1 | fd053ecf306d42937fd89b141c1f01bbb858ff17 |
| SHA256 | 20eedea1fb760160310acfa78346d539fa75339788ae09a5d9718fb5a5031af2 |
| SHA512 | 12e1ddfa8d3fe3d406eaa95e2038a6c79e01c6ebb1369f0dc39886c5644769c96ea66d6fdd771278dc7870297fdb2288ee83d13f3fc90a60977da69228261cd0 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 2822640948756371fc7d41952cd2914b |
| SHA1 | 0abcc59e9d1bd629d2449f31ea881984b2803a98 |
| SHA256 | 938cbcb2c9eb962234c88692dc36305675f0e3ddd65fce639c52478cc7aba1d9 |
| SHA512 | 95bc2e034a1151b71dbd505eef4122a1ff39b1fa6697a9a1346e5aa2c344c914aa7d3ee2a7c71d014257d58de3ba97f49c43d8df9e1ef6f26470005e595e995b |
C:\Windows\System32\drivers\etc\hosts
| MD5 | ee5fa31908c65132abeecf0ecaa722e6 |
| SHA1 | 2abeaa7758e4d3b5b8e4f858045d2f2ea7b829ea |
| SHA256 | f26284764b781d9acee11569257cc2316928e3a86a316e30d4c30fd30be2b7da |
| SHA512 | 7b91c0094a970c14de43a24ac70d49236088572eeed7d316e337f0363e91ca1a7870a68795e71ebea0ee4067820014a4347fe67566f3a27f2b8d88bad5b86441 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | b1472a2418ef16f2b5a082c36d0e4539 |
| SHA1 | ea1cd76485753e4ad9a4ba42beed90a9c50701b5 |
| SHA256 | 8ca1133d16ea6da99d4dc459989548000f71a577a331e0003acfc693f834b676 |
| SHA512 | 3d673f2627e5c14047d78e987f5ff86666eaeef8c53eff0d5138a66968186f2a250fbf96df9988f9672386b89e31c3aa04e139e22a0a964b19f3b46ab48fd235 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | e0d5ba1421bdbf0e8ed19776dab4906f |
| SHA1 | d7677d5210503b57b03f6eea3cff77346664d7bc |
| SHA256 | 00a54adedbd15a9eb9853471cf73ada6c78cd9e0cb4d98ef9d43ae6b2dea0929 |
| SHA512 | bb2bad26f9e426f62f1c7427367e8b07b2255b81fd230830a073447536d191ba317f2fa2ec79e38e63e1e3c3f040bb3f8e5e066ff4d84b18362e1d0a8be64b0b |
C:\Windows\System32\drivers\etc\hosts
| MD5 | c36742ef5dd70ea36cda6ecd81a4d678 |
| SHA1 | 041cd3d88289e0861fb9b8f04690493d8c291687 |
| SHA256 | bc3b6ae133168da1f690d81f19e97f077276951338a7af60c2912d54a311f03a |
| SHA512 | 1429e7bb515e02574c4ac135be6285540a5506d33a06dea1c94f17f8e43d0c828351b57ab62331d0020ba83ddb28f10a2cc62550047a1fc364936047152e07d3 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 9fe103c8d91f6c65c4ce548c693fe8d7 |
| SHA1 | b659ee8b4bd2b905e7e243bab666e3556ce967d0 |
| SHA256 | c0d3da88706fa36012a9a96229a7441abffc22ffd5d0c286cd1eb48061f4a30a |
| SHA512 | ae8e8fb6a3693681c81b1d46c42c063d51672b60f06b94413b4ec35c7779acd0f2a65aab1a46142c7343354018fe8152889de6a4d1af2882f320605f6bfbd4d4 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 40ebd45eb7d4a0c9603aa570ff23699c |
| SHA1 | 1c20ff81dfc6d415a40347464693f66d7a311be5 |
| SHA256 | 53cf5077e2cb700bd51f38f72686bf757bf161f0999436dd32f66c4be11213cd |
| SHA512 | 44254fa44271e09f6561d76ae2fd4a74d9f80a7fdbc0656717d8c885fe3ceeacf7d54e903c41b20bd0556802fd005b24289d59f8525a3fafdab67ce2a56e0d42 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 76dcc66dc5aa7c9474994d8575cff494 |
| SHA1 | c5a0b49af7bf4d5e87ff6c7b3866de434c49e68c |
| SHA256 | 6903a643d986cfbd82febc96295c85b4c89979ef167173765846c4580061137a |
| SHA512 | ba1587a2e1425f354bd48d3234e141b54d98d4e835e8e3652660ebf03b0ec5a94de5f2d00148f304c12286db52401fb6b920a4b258c3d623d072820ffff0c428 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 3c781d3b80218762351bb9a42d0782ce |
| SHA1 | 6e63bff29632824dff4d89e0aab745782ddbbdec |
| SHA256 | 0fe32c6fe4eae1a50afdd77a6e3e5d96dbf017759220c37127b1090c32ba3fe8 |
| SHA512 | 91546cf62b3b99f8d44ea40dc3f7eff9b6aaed6071ecef8d75fece17a7ea3555a42cc3e0011c990995b5e1c0142b6dde12f9223571f9979ef4f0ee0fcf36b223 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | b705643cb2d0b85a62ae1e969f03d4af |
| SHA1 | 9ecce839b40d8652e4e2a247928e944e75d022ba |
| SHA256 | 5ecfb130b3f71d25e2786be35154ce930dadcd9dddf4f59c326a4bf12b4b54e8 |
| SHA512 | e8709629811f1c9a643e5a98c86cf782ac7d525cfe96865336d86705fe4f852badebf71a97de3a5091569b0844e2b25be430b3d11f6c19982f0ea6437a57fd54 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | b453c765987ab09641e08c11ca1c96a3 |
| SHA1 | 73376779128b7d7709d1e71b2d2b346e2bbfb83d |
| SHA256 | c5c14ef79433042544f4a8be7286529805f5d2df6a078c6f634e35934f0d2388 |
| SHA512 | 846f70338325e9177d18338e312b218fd60fca1a3b807f44bc7743b0e2f0648ebde32d1fa2d6f4e47e4fe4c8397ad3bd3544c6ca69955c47e50a0957e4ea6e23 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 24429e530db973ac391584f32d251117 |
| SHA1 | 978e31ede27cef77146dc238852ceac088126097 |
| SHA256 | 6b2d23196fa840bb86693326707540bd5cb1f7718cc6b6a509afcfd82343ea8f |
| SHA512 | d0afb69ca561c666015cfc9f9252e6419a84f84173538131883f84570e164cf37cf36a314068c86ec1572fd63a2d1a67f9285d5dd066707664414aa9ea6ac3a4 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 955e4fd52c5b602983814fb8c2d127a7 |
| SHA1 | bccbbac46be1201fea8ea8c1a17268c943308178 |
| SHA256 | 3217c186a99f21287a7c0e510be7efb23649d0d55e1502a40284c9e2ce0ecad2 |
| SHA512 | 87e1f12c9c1f3a2363a2c1566bc77ff0c5653d640802024bac62b2be27ea3d8d939a023bf01df58347badb3cb61ac700458cd6208b3f09524a6dadaac25f5aa4 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | dedc56f4ac087819621973bd70a8eec5 |
| SHA1 | 664a54ac32ec07ceb6407090d642ddb3f3604f32 |
| SHA256 | 5e931c67e3eb0e883b5cfd939ffdf85c9cc5a1b2fcd7e86bbb51348928e884ac |
| SHA512 | c27716482bea59d12ee659068873d26c86cdf796357384b747948cc0392b5b9b525a8e705ffee4efb3001bee9b666d8035f07f667e5ee57a20be535bf9773867 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 097dd503c6d9267ff3306caed5743e94 |
| SHA1 | 3ed9bab5ee45b07c0d7fe0db4a9908811345aafd |
| SHA256 | 9a61237fb8426a395166cbe7cf5702bb2299b88f05661a5c329f677bd2f021e8 |
| SHA512 | 50605e6e2ed8167ed17edef7a407d9c770900476f74f3366b13c5adbffa54f55a87e354e1f11b11c3e49885625d90f23f1ea3e515a1677cc52a3cf2bec80688a |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 84b9d630222ead75430a862dcefee055 |
| SHA1 | 6cdc8aee22eff83d48d1879c44452df3931ba6b7 |
| SHA256 | c4dd120b15404d66afbcac20d8493dae34bf9222ea404fa9f2c2d81e757e6a5d |
| SHA512 | c4fcdf8a6a7784ee07cbeca0ba641efafd0252b846a778f03154788be02130e852965d65a3a6718813d1fa1949fdeee4f19704da34a7f04e98412dcc1c6e3918 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 250a948fce681cb3131493e8c233fb27 |
| SHA1 | 798a29b7001f9c9d8fa56514194cb2a4c3f959bb |
| SHA256 | 839176460146f24f49b45f3240d4943549baaf19086dfadf93144df4dd66f66c |
| SHA512 | acb91ca69c850397a4a9c681ea849a01075ee626ae824a5693c49230623092eb12372a00f07c5c8cded746dd24038f005432881dbab721443f49f963a29bfe39 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 959fdb365b7d1b64645413d950fff4e7 |
| SHA1 | 9e61bf4612e23da89abbe6ae1bc16c5e73f2d0aa |
| SHA256 | 86dd104082f76b2664ab471b7cc450cbc151a4f17fc4ab6d729ad6a622b125bb |
| SHA512 | 666a251a21e2d5a233ff9999245f3bfc040b3a92db3ed5fb1799c22faacfd7e1b8a938115a23e5d9a010056870e62f56996bedecc6d2427debec74c1d6cb6beb |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 5187a3f340b117e9b3ad4780a2bd06b7 |
| SHA1 | abfe1dcc97d413d1bc7cbaed246a1ce5ea1cdc21 |
| SHA256 | b10ae0b1c945d26e1c96030ee0a0fe74153ff4e3ff6e363319733997037aeca4 |
| SHA512 | e80843c9abcf61142345d2dc9e31d8cc0ebf8e02781e54682dd3031f4bcda06bbcc96934624be33ddd12255665dc54a05ac285cf6b42269a25971308b49491c6 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | 9bae2070267583bd0d3f6a5ca8ea1375 |
| SHA1 | 78c0232e8924bd7f71820f2598a591b6c192ac05 |
| SHA256 | f593417272bbb8901fdd4aec3c558d0175710cd59c5a91d80977e4beeaf6e578 |
| SHA512 | 1e7bc6c1b06c2bf1b2298041c6416b3589d14064cd3fec6b2eae354f4dbfea857cee4df1cedfb5957e2aa01636df8746f58996fd5d1d954ccd12194207ed4676 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 4c743f2eb9ea8f9f3176b27ab223e294 |
| SHA1 | 05ea0b494246d9b8fc34b299e5638be78bf10411 |
| SHA256 | f55726b45b9f9e128fff22569c615200b35c618f925ab5583f523e16a15c4b40 |
| SHA512 | a519f658a9aea54533873823f6cace16ad6679cdd103e55fb28db33a9b12ef07b39477d3e4cd720ae8ff4f93ec3f7946224a389531c994775705727505537c85 |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | f91180849ef997303475bc82f2ef53a6 |
| SHA1 | 379df016ab7577ab5840e1440a6d0bd59f8c0f7d |
| SHA256 | 40de925dd2e5a427c1386d4e999af24044d94eaa8b8664047c71632416866543 |
| SHA512 | aa5be5a7452a655989881966572378c95259f219c14a7ac252de36614d36d8ce3e15d91fea6035367ae9a3595bede128fbe03c613820d1280764b5f8cc02ca8d |
memory/1532-616-0x0000000011000000-0x000000001104C000-memory.dmp
memory/1532-612-0x0000000000400000-0x0000000000579000-memory.dmp
C:\Windows\System32\drivers\etc\hosts
| MD5 | 9bc7eb1af1b129edb93b45e3755230b2 |
| SHA1 | a0c4a7ecd3d20f3be4ddfbbafe8b34b01399e1e9 |
| SHA256 | ae75844e29ca72189018260f9599a8af22b6b3189532d17121adfb20897da5b2 |
| SHA512 | b85d13f0d15b605167e33726ebe057d23904366d335c75630c2f28bf371189a80bc78c4a62e915bd7e21221e1c1f46c99f4a645ff0332078e114afd793af4a22 |
memory/1532-613-0x00000000033B0000-0x00000000033C5000-memory.dmp
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | 82bdb136d48d64932a046f3d76e8ae8f |
| SHA1 | 8861439ed236f5e634b76e4f51cb6b80c03b5380 |
| SHA256 | a4b181cf19e9fd43f31a2e00e14107c2b93d9dff2e6e00e1b700602709630572 |
| SHA512 | fa24c4aaef40dc3e4e1b6d09a438917a100d96b3285293bad37d7eeceb755b2e8d0eadbd05104d81201b32e8e6d0f444910743aa65d4d09fd36b2b265ef444db |
C:\Windows\System32\drivers\etc\hosts.check
| MD5 | e1df35c45e15a1ada379ae188e0be704 |
| SHA1 | 4288f48d73bd50ac474cfe132c48557db39ba929 |
| SHA256 | 36acfa3aa442b34d8ad58c19bab276df6bcafb55a60210147f9b3041a651d1fb |
| SHA512 | 53e871a5921df53dee1283fe6dd0d6a9d71bbd405eb56ab58bb18622228af23be4fa9c7154c54af3194711524e15ec1438bb0cea596d49719a8a7d838602c83a |
memory/1532-659-0x0000000000400000-0x0000000000579000-memory.dmp
memory/1532-663-0x0000000011000000-0x000000001104C000-memory.dmp
memory/1532-705-0x0000000000400000-0x0000000000579000-memory.dmp
memory/3764-706-0x0000000000400000-0x000000000042D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\72eacf4a-0dac-4603-810e-2d654627a549
| MD5 | b4dcdf9c8ce28a4e737560a977fdd6e2 |
| SHA1 | 3cab8bd303bfe13cfb806347a8825d89e98ed729 |
| SHA256 | 3fd5dba21eafdbbd4c08d55b7f4ce1d7444a318ca64f44f1d513d81601d96df7 |
| SHA512 | 9c878e8db0d1145756aa24c46208bb430f6fe75d58832ebaff6a57f9281021a398e9f97f3a41f70bd3e4ebe862a8e2f0ed0b38ce8366be04717632bf3efbd754 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\65a2af07-b003-4717-be89-8acc89a0225f
| MD5 | 66d726d256980622d655983ef37324d9 |
| SHA1 | 5bbb139b3c85fef4427260d0b4e179fb4584e83e |
| SHA256 | 2bea12d039362c5dd6528d60eaedc5089649ca6cdcf5b7eae9bfc060793d3f69 |
| SHA512 | 6c80fc1367d47c38a6d50b0838fd605732a7f0d2f315722e588ab272bec2b4eecae227392046d30a4f3876409948ff78de58dcebdd13f532ab78c8df06c3693e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\3fc59039-5e8e-4719-9263-c026b82c1681
| MD5 | 79f358338e0e065a98a040e4ffe9814c |
| SHA1 | 16d2b4a4b37a5839f84a0239e963dd11f04b4e86 |
| SHA256 | cc603dd5853c63b93136b9c608bce1402ac09722850ca8b8f958cbde27e3b8af |
| SHA512 | e59348884d5600bd5f265e556d8374dc2b5d525c648ef047f92d4895de9a9cddb003659b801c83a1c827112ac1e6aa56028335772962927fcd19ae35fdc47173 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 4ab0504accd8087b2b926e75afb84643 |
| SHA1 | 943a245b6ac1b1ab33a3cf08f6c233b786704584 |
| SHA256 | ff07dff6324236fa81d9ace2e7f97b354a6c26fd53e8f3e3ccd255a3d6a92e73 |
| SHA512 | e23d8e16728685110fc805fabe340da2a9569e0bb2cf84d7368e2e1a86724a146a09e5f0bb2c2425d43c0c2080561b27536a6c76271f28c311d80c9333dff120 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a4d6b6bf1b13212c050dc4e0798e0315 |
| SHA1 | 5dd47e412d40c189b5c4802bde4ef7b742e7c367 |
| SHA256 | b0faac855241b7f1013fec53654bf1e4b538955197c172b7b7f5f31fc3b90bd6 |
| SHA512 | 55fce7c80313705dfebab24e3fd5d0b689801d98dd0a114777a022be1e4313df86a3bfb9aadc91b1d5ab68068bae7412d5aeee460e9c04701358fba379a9f53d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\activity-stream.discovery_stream.json
| MD5 | cd237194d172f72edea2dbb15fdc38a0 |
| SHA1 | 54c84b281fa079ed5f46914971f3e9af88a28066 |
| SHA256 | efb36fda5cc0371318275cecc222cd68bb33c0dcbf0eb7558d6bf05c48765c9e |
| SHA512 | cf2f830a44d293c5a216a3bbbf1f66ad24f08df66161facc544c1cb68033b331e7e999ac76c7ad2e8c800bf1dc61c759b1301ed407f017118319a7b667574d7f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js
| MD5 | f322c1f8bf2370cd36fdf4b32e1da22f |
| SHA1 | 69f27606bafbd8c2ac06d619808be826fbe300ef |
| SHA256 | d33bf578e237596a572c3930339cba23e504cd754e9a5880c955300b4a6349e1 |
| SHA512 | f2e79165b60ef0b2d2870bc9b1dc6b87820b352ff39f1debc5b516e4fffb9c2c338b57da0df2e30ff9ffcea10bcad718463d61230d888c66bb736f27b0776834 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js
| MD5 | e6c33225f1c81c5f9548295505e7e1c4 |
| SHA1 | 0bc1e8d64df0c8ae1836a3b480e45640bb8c3585 |
| SHA256 | 2e93d5a3a56dd770a5e5599e681cc9f3f95fc104eb1b248e77869f7e937b19a5 |
| SHA512 | 753dc991579b7b91e9f56250bebcd6ef4744915cdf42ec7fca82a793157471fcb1f5f7d0bde848a01387f4ea95f8d8af564e3e12acef62c295e550cd7bcdfb7f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 961b17cd595162459147a085c0ac0f35 |
| SHA1 | f8abdbf95e6aaf8690f76573a85c7c0aad714c97 |
| SHA256 | 6c392d55377f8d7946a3fb3aecf3062ee7ac22eae1ff6f6e4df703d4a74af62c |
| SHA512 | 1f854e0787452514a409ce87e4b088587e28cb0ef70294010cf22e0b011214c874dfcd7df9634a6745f51a8019359c3893cff7d41624a884cbdac6abdcc4b3bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin
| MD5 | 1f84923775480ec1d448351db5e04265 |
| SHA1 | 1db5c2a76d108ac81f94c1d271b611702cfe554a |
| SHA256 | 01db4fcae0c5d308e2e22464c4f6b6d31d51b560c27d89ae2e66b026c3f751ba |
| SHA512 | 4429bd0ef6b54277d50b96525c378eb128967a3a3dc40dee83fb97ed6dd5afbd278ddcbb8cbd8f7b69b327e292bdfc0742b042c63e853b55b3ceb6aa89120e74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js
| MD5 | fd11d691562250a0cf466ca3c0ce10ce |
| SHA1 | eded6ae20e1adcdaad2aa0e211d563f7eced0b5b |
| SHA256 | fb35cbb11f2c2ac3113f47aa663403e4e4030136445c318d6985ed5a369d8f3f |
| SHA512 | e04aa88f8180057f46bca81ce2ee283faafb4b5a00984546d96a8683a18d4547ce65ed3710d38894b49ed666a035f1eb5facb516dfbaebe289fcf3802c23a773 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d3dd1a4974c1aedbe57cf4f31dfa1d4a |
| SHA1 | 259b616a97b0ef96df49251d7c4ad7acf0fc3768 |
| SHA256 | 736d87197c4262d2fd5a652b7f9acf08cd4fca88c9c9cdcec0dd2c4d576b54d0 |
| SHA512 | 713f53368c56f5985da83d872ffe34c50a97ce918f910a31f6cb043943b9a4d5b81ba8417485d777471e72947da0d728c09a423cc18981aff2b70c59c40a0706 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cfitgirl-repacks.site%29\idb\1236241214LCo7g%sCD7a%t8a9b6a2s.sqlite
| MD5 | 440377c9ba3e08805b21209078c7ddc4 |
| SHA1 | 9c215fb82ab0efabcf349e3482fffbfe0584425c |
| SHA256 | e794d35ae8592bb1c1cc1147888c155093d18dc7a13a1f3da5e891d43fc8e1f6 |
| SHA512 | 7e504223988f2e90cac9c2344aa82c2fa1150b1e79d4e7c4b099ba29c4e554d0ccb9201924a77e88d012cf24510dd08ddab1709b3edfba0bb39537e8cf2f0713 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\E60B9BD4DBC486130F50AECFEBA70A537A92204D
| MD5 | 71cf5a07310dd2c9ba279264a92775d4 |
| SHA1 | 2699dbbbb3b83f54b24427b72f2d558f73746ee8 |
| SHA256 | ca81ff8965e967913291b86b59bcd49b9452076d48cbac7bef9737c91e5ef231 |
| SHA512 | b3829ddf392e906dbbd1e4d9222937dee9e410b2cc46c3b05d4ddfe00ef98ceb8bfc0977454e184bd2668930c640cb593034c0dd63e29d6126e9485e2abb299e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\5A41639711E573091BF78E4298A4F67CFA882D33
| MD5 | 7ba22bef5b2d5a8d6330a2a1109e63f6 |
| SHA1 | 73d86276dbd8bef3a8bc536e69a61dd87cd73a3b |
| SHA256 | 806a7de96740ba33132253d8d12069c54516615350aa5a6df183ef378dd49bdb |
| SHA512 | 302385c03f3ab518a9f56fbdad0a4ea825fc7490c033517cb204fc6d21875cafc8d5388e8dcb55d21c524b02e76ad21dc0c226d708625fea0694e204de45a2e6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\D05E0DA9C38C303B2006DB7C5D1D134A10912417
| MD5 | f7e607386c33df6ec045f647378ec2dc |
| SHA1 | 5bba10496d6b26f51029c728cba78e28f82a3ee4 |
| SHA256 | c1f376aad738a5222ea0a216a62045a546ce8315e53e2f176d896bbfdd39f373 |
| SHA512 | 1d0ac099fd7bed2f1c353ece47bbee485698bd2d3f9e3b85a72ca7c5cbd57c393a214f40468473e1e9d496b3950417a82c00a2e8f881f665b3cd1aa5660a01ae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\4E8AAC7122F78D6826D546E0A58FEA3E79D6FAC5
| MD5 | 39f2d4886cc5fba4a53a2ffc8f507a69 |
| SHA1 | e55e21b3a7bedc9fcd1735a1b11a6538c5c393d6 |
| SHA256 | 610d2ec133cb510de067df7d6c70ddf83133022cd7a1db7f7253812ffd9bc865 |
| SHA512 | 43cb5f86ff20e95c151f9c188b513d293a66a88c2495562dcefb934359c31b4bc54a221410a432809d551ca420abcfac9d963dde850c5c93aad1582ea80ed358 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\2679881610408803C3BF3065544651AFEABA36E3
| MD5 | 9a79e69e92a6230767b5b99d246d4808 |
| SHA1 | 3f74ead63c9b3b640d5df3bb9c3c4185db97f504 |
| SHA256 | 6ec229e1e91617c00a454b707a3264cb203468b3778a54e0ef1fff7520ad82fe |
| SHA512 | 1521b34e226fa9d7f12def9d3c5c6a824d0b480fa26bd61f9b6066d1e65ddcc9e44fa0d5591e370c27cb6a23e347658c1b6354aa1709b90318e678cc533fdc9a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\BFA5A844BCB09249ADA832920B2A74CCE4612F5F
| MD5 | dbd1327b857dd2a5cc206cf428b9d195 |
| SHA1 | a73aa1f05311db8246b3fcd8953f58e3a643754b |
| SHA256 | 24ccab97e8d1445e5722da7d1a348e84649fd420a631e64095b15779e4bca46e |
| SHA512 | e1579e16d80e7b797099f98fe688ebf1b98163a26e83fa7fc8b50b1d07091c1a980062a219b3d464a21042ff49a90ef5eb527b7f2ec6b59dda68e7c613d8980b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\BD2EA932DB66538B1875D1039566B67DA73DCEF6
| MD5 | 96aef61b35f9b98379a1b18aa545ce9c |
| SHA1 | 7db12c7f02a3ddea176c676520b92ea16cc4f8b2 |
| SHA256 | c9afc38f6ee7d2f3ae3fa27f7bdd9b1c2e952cc52f5677a118188148a8714905 |
| SHA512 | fa2dad35b5d4e0d4188c3d3b93d7c9e6304f6dcaafcac58a10c808b535cb808308d8a0e0d26a3c5d14cc6cfb7abd7adfffc6797e2c16331b38a6916972b7955c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\FACD6FA34F814668BCD168261B476F214CB0689D
| MD5 | f1f30fc4bdfba3398cb228e7a232c7f4 |
| SHA1 | 06715d39e1ea59a864d1e38b95eb0c7039ede6e1 |
| SHA256 | af9916d01f16ca8b5796ffc49b3a427479a2a4321cf54fceb72e985119fc2a28 |
| SHA512 | 09eba24027004a8926aad002de6b2bb36c95691238ac0f7a49e43db5bf7f786cb870092e1b86a1a9eb0d6f7c7314f08e941174d19fed3b972f0e5dd448be1354 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4
| MD5 | aba1aed36c3499ea94e1b4b7db4b0fad |
| SHA1 | 1e022c9c2016a561a21e62b6a09adb8178d824d4 |
| SHA256 | f3a58cedd52c99316148178545b4626b296c03ae57d644c6d64c61854cc082cd |
| SHA512 | 54802f5814690c4bfa9978d5650687c0349acec9069de64e2190df9afb0d707d0b7a0eef109e70f74487adf22f23b5de1d5bc201d08dce9d21408b0525226993 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 1aa40e5018e0972c61ad56658b019186 |
| SHA1 | 902c9bbe5c59c1c7aa241eee2c9cf115883b44a7 |
| SHA256 | a0dd15cab164082d9992f496a5764954a40e4351a8b0752b255b7c433e5f6b01 |
| SHA512 | bb1ad3a99d3d93dc0c59b87525789693d77ecbefa46327c302c9d7202290d42aef0ac642e69cbc659a3a99f72815d996c1f38e29a398e764e15f69a9f2e7997b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\5ED438B0A36BF37D7ED3284C3EE40A912B44EC57
| MD5 | 35c64949ee1542ce4d1d1f782695f5fe |
| SHA1 | 30323f2437789c6a85a70990a961644f9b66e6c6 |
| SHA256 | 8873c20580380ed846d7cc89e5d788ad5b9da8ae6c61269e09c0f08d00c488a8 |
| SHA512 | f9ec1e09f0a89fd2fb26e78bc2c04bbba990179141aba7a6aaefd030b8ccfaa0e5650d11df9bfdd4bc8918ec6bdff115600e28bdcbb55a4d4b882e7cecd2b921 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\default\https+++mega.nz\cache\morgue\49\{dfb019db-6a89-40e5-8b24-f2601f788131}.final
| MD5 | 3efa9abd92666265dd81c4f4311a96f9 |
| SHA1 | 41b6b716d67b93555e444cd453f3c6e3f8c9522c |
| SHA256 | 5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7 |
| SHA512 | 5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 11e80281c0b2ae2729680fb784e06303 |
| SHA1 | b2eebe89f51b2070dcc2e6acc86eb306efacc33d |
| SHA256 | 96d774db9f83b80ca16fe9b21d53659e6baf98349fd7a70c591468ada834ef23 |
| SHA512 | 5b9e4bbfafd0bb64fcbb1c963e2bfd649da2eb76d870f94728d785ae9066fc08ac0a0e3b19038fcdef9ec1416abda58f6c3ff5e001c4dc092c03e065f87e433b |
C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪.jdjvGzEy.rar.part
| MD5 | c830e95afed75a34ccdbfdcfb39f7548 |
| SHA1 | fb8f44a79c22086c1f24b75ec963ed04ad8d673a |
| SHA256 | 5b4f74b5949cbc4dc965e218646f03e2a8f3621770a96cad66f793609bf1869a |
| SHA512 | 2a696d8d122d0f038aedc7269e32eae30f144bc27d4536219be6b080e502589b3371882fcc94748a587bfb01597e9a077e24c23a3374e8a7f3a9d96b0e6cae09 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5f60de6dc3e9089cfccb8f181b298bb9 |
| SHA1 | bb1e7c05cb88e27501a9f5fae22cc7f6dd8f956f |
| SHA256 | fbdae67d378322a7f23b6359e7f38a9727edd4cdb1bbb1fcfe0cfa527caa2506 |
| SHA512 | 780dcc465be5d9ea6a7825914d88f954d04fa06f520ee9ca5ac2acb86dfc9f926f0d858668387f47e427714e526f747b5eda376417c90dfc37b9d8b26558f65f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0e7070992b988c227ebd7f145deac2c8 |
| SHA1 | e31934b6ab21cf48bc209b54b078b7052c8089e3 |
| SHA256 | ae7ecd8ded71cb48123516e125fde7c9a5fd48036f4327d8f944eb7ce6f2e0f2 |
| SHA512 | 45752b6fea0d94d74271a04f2b9e2da6154d780f84174a531cc692a10e573570b7575f3546c4284d36c1663cea0d0b473303300d2b84cbf6cda8dea34ba16c32 |
memory/9120-2175-0x00007FFF7B8D0000-0x00007FFF7BA42000-memory.dmp
memory/9120-2188-0x00007FFF7B8D0000-0x00007FFF7BA42000-memory.dmp
memory/9120-2210-0x00007FFF7B8D0000-0x00007FFF7BA42000-memory.dmp
memory/4672-2220-0x00007FFF9B5D0000-0x00007FFF9B7C5000-memory.dmp
memory/4672-2222-0x0000000074AC0000-0x0000000074C3B000-memory.dmp
memory/1640-2224-0x00007FFF7BFC0000-0x00007FFF7C132000-memory.dmp
memory/5732-2237-0x00007FFF9B5D0000-0x00007FFF9B7C5000-memory.dmp
memory/1640-2238-0x00007FFF7BFC0000-0x00007FFF7C132000-memory.dmp
memory/7972-2242-0x00007FFF9B5D0000-0x00007FFF9B7C5000-memory.dmp
memory/5732-2243-0x0000000000250000-0x00000000002B7000-memory.dmp
memory/8776-2246-0x00007FFF9B5D0000-0x00007FFF9B7C5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2acc10f8bd06f529a001aa9f99c6902b |
| SHA1 | b4ef02a09becdcc5a130041a4ace2320cce7d185 |
| SHA256 | bfab74a21aaaf82e56286dff124a976191a952fba3868b91374876ed0764accd |
| SHA512 | 5c43a2841f1211c05c416cdf4acb8d652aba616c43581f10113c72dbadcc6fa6fea422714e06d7c116cc0ffe99e51befde9921d1d0a5d273d59e1ae47feb0e62 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\01c5dded-c77e-4912-9c09-9972b96884cd
| MD5 | 8c4b044b3c2f035491eca8a0226a2c1d |
| SHA1 | a73ecfceb46e9512c5720976a87b9f4c09243689 |
| SHA256 | 75718bcce021779783fe8e1ed0be5c4eaa07b0f0b3e95aae6a291bd37f889053 |
| SHA512 | 829818f421d44d4ffe5e447e647632aa79633ff129cab5bdf9c871ffe38a15353ec2b1333a5182e8836d6467096050064f60f400a4c77a0d01d267b6ca4d44a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js
| MD5 | d5e6ca649439f363bcb4c81d65fcfe34 |
| SHA1 | d504d86f5711aa48f1d79283d38c2d946c24574a |
| SHA256 | 23e454ec5967134e97f0186675f06b1ea4c37468dde09dda86383b08668d2cc1 |
| SHA512 | 450864b637653b7f0cfad333abd3fe836c611033d50899f4a53e81376dab26d6c1580b418e8ad7088d8d4df8118cc1b4f568d0e85bbb381a586321f0d8fab14c |
memory/8776-2381-0x0000000000130000-0x0000000000197000-memory.dmp
memory/8776-2384-0x0000000000130000-0x0000000000197000-memory.dmp