Analysis Overview
Threat Level: Likely malicious
The file https://itools.en.softonic.com/download was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
VMProtect packed file
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Checks computer location settings
Checks BIOS information in registry
Indicator Removal: File Deletion
Blocklisted process makes network request
Checks installed software on the system
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Enumerates connected drives
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 03:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 03:04
Reported
2024-08-25 03:07
Platform
win10v2004-20240802-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\WebProcess.exe | N/A |
| N/A | N/A | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe | N/A |
Loads dropped DLL
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
Indicator Removal: File Deletion
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\SET97A3.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\SET97B5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\SET95EE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\usbaapl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\wdfcoinstaller01009.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\USBAAPL64.CAT | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\USBAAPL64.CAT | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\netaapl64.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\SET97B4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\SET95EE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\usbaaplrc.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\netaapl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\SET97A2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\netaapl64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcr100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\usbaapl64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\SET9600.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\SET97A3.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\SET97A2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcr100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\SET95FF.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\SET9600.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\SET95ED.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\wdfcoinstaller01009.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\SET97B4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\SET97B5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp100.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\SET95ED.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\SET95FF.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\RenderingFrame.svg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AuthKitWin.resources\ko.lproj\AuthKitWinLocalized.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\ShowConsoleDrawer.svg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Base\EventListenerSet.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\FolderizedTreeElement.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.resources\CFUniCharPropertyDatabase.data | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\AuditNavigationSidebarPanel.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\AuthKitWin.resources\en_AU.lproj\AuthKitWinLocalized.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\CheckboxNavigationItem.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\HeapSnapshotClassDataGridNode.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServicesUI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ThinkSky\iTools 4\tessdata\pgo.traineddata | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AuthKitWin.resources\ja.lproj\AuthKitWinLocalized.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\zh_TW.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\External\CodeMirror\runmode.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\SyntaxHighlightingDefaultTheme.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\StyleDetailsPanel.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\CSSStyleSheetTreeElement.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\LayerDetailsSidebarPanel.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncDiagnostics.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AVFoundationCF.resources\fi.lproj\AVCFError.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\Plus13.svg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\FlexibleSpaceNavigationItem.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\fi.lproj\mediaControlsLocalizedStrings.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\Database.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\DocumentFontLarge.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\DockRight.svg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\DatabaseContentView.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\HeapSnapshotInstancesContentView.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\TextNavigationItem.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Models\HeapAllocationsTimelineRecord.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Protocol\DatabaseObserver.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSIconStamper.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\Sending.svg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Protocol\InspectorObserver.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\TextContentView.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\ColorSync.resources\Profiles\Generic RGB Profile.icc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\ScopeChainDetailsSidebarPanel.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Models\DatabaseObject.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\FilterBar.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.resources\el.lproj\Error.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\CallTrees.svg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\External\CodeMirror\htmlmixed.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreText.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\it.lproj\mediaControlsLocalizedStrings.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\id.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\nb.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\MediaTimelineDataGridNode.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\GeneralTreeElement.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\AVFoundationCF.resources\pl.lproj\AVCFError.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Models\AuditTestCaseResult.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\CallFrameView.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\SourceCodeTreeElement.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ColorSync.resources\Profiles\Sepia Tone.icc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ThinkSky\iTools 4\WebProcess.exe | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| File created | C:\Program Files (x86)\ThinkSky\iTools 4\modelCore.dll | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\Issues.svg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\TimelineRecordTimer.svg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\hu.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\DocumentCSS.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Views\RecordingActionTreeElement.css | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}\Installer.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e59390a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{2DB9CC90-24C4-4260-935D-511973B75707} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0\vcruntime140.dll.71E1EC1A_562B_3AD1_94CD_84420ED4073F | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6706.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8F68.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e593915.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e59390a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{2DB9CC90-24C4-4260-935D-511973B75707}\WinInstall.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{2DB9CC90-24C4-4260-935D-511973B75707}\WinInstall.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\wix{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}.SchedServiceConfig.rmi | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\vcruntime140.dll.A5C49E27_90D3_35F6_A5E8_DB6F691C3C33 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8FBC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e593908.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e593908.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\concrt140.dll.A5C49E27_90D3_35F6_A5E8_DB6F691C3C33 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0\vccorlib140.dll.71E1EC1A_562B_3AD1_94CD_84420ED4073F | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8FAB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI989B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3F22.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4002.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e593910.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9781.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4F37.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0\concrt140.dll.71E1EC1A_562B_3AD1_94CD_84420ED4073F | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0\vcruntime140.dll.71E1EC1A_562B_3AD1_94CD_84420ED4073F | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI69B8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8F99.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\BF0FCEC617EE5EF4A80EAF00478039A4\13.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\BF0FCEC617EE5EF4A80EAF00478039A4\13.0.0\F_CENTRAL_msvcr100_x64.BFF61907_AA2D_3A26_8666_98D956A62ABC | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6998.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A19.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e593914.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI510C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{DC327764-A1B1-4EF3-A07C-38741E3557E7} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{DC327764-A1B1-4EF3-A07C-38741E3557E7}\WinInstall.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e59390b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7893.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e593915.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e593909.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e593910.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\BF0FCEC617EE5EF4A80EAF00478039A4 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\concrt140.dll.A5C49E27_90D3_35F6_A5E8_DB6F691C3C33 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\467723CD1B1A3FE40AC78347E153757E\7.6.0\vccorlib140.dll.A5C49E27_90D3_35F6_A5E8_DB6F691C3C33 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{6CECF0FB-EE71-4FE5-8AE0-FA007408934A} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\09CC9BD24C42062439D51591377B7570\7.6.0\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Windows\system32\msiexec.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ThinkSky\iTools 4\WebProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Apple Inc.\ASL\filenames\asl.log = "asl.030740_25Aug24.log" | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Apple Inc.\ASL\filenames | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Environment | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Apple Inc.\ASL | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952}\ProgID\ = "OutlookChangeNotifier.Connect.1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82D845BA-38FF-4548-B00E-E88B12C11BFA}\LocalServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{AD9E96D1-B5AF-4F42-82C1-95CB38164E60}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4756495C-58A8-4D50-BAE5-4AFE9244019A}\TypeLib\Version = "1.0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\09CC9BD24C42062439D51591377B7570\AppleApplicationSupport | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\467723CD1B1A3FE40AC78347E153757E\CRT_WinSXS | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F5EFF418-0D49-49AB-A5C3-9E39AFD2B4A0}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\APSDaemon.NotificationCenter2\ = "NotificationCenter2 Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{EE33A36F-59B2-4DBA-B457-F1F83DC045A8}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952}\ = "Connect Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\VersionIndependentProgID\ = "APSDaemon.CourierUpTime" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{CD53C5C8-7B0F-4276-96DA-E6566A8807AE}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF0FCEC617EE5EF4A80EAF00478039A4\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AD9E96D1-B5AF-4F42-82C1-95CB38164E60}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{ce9691b7-616f-4c69-a74e-b6e701e3fd1b}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\APSDaemon.NotificationCenter2\CLSID\ = "{CD53C5C8-7B0F-4276-96DA-E6566A8807AE}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD53C5C8-7B0F-4276-96DA-E6566A8807AE}\LocalServer32\ = "\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\467723CD1B1A3FE40AC78347E153757E\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\itools\URL Protocol = "C:\\Program Files (x86)\\ThinkSky\\iTools 4\\iTools4.exe" | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\itools\DefaultIcon | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD53C5C8-7B0F-4276-96DA-E6566A8807AE}\ProgID\ = "APSDaemon.NotificationCenter2.1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{EE33A36F-59B2-4DBA-B457-F1F83DC045A8} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AD9E96D1-B5AF-4F42-82C1-95CB38164E60}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{CD53C5C8-7B0F-4276-96DA-E6566A8807AE} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{CD53C5C8-7B0F-4276-96DA-E6566A8807AE}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\467723CD1B1A3FE40AC78347E153757E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD53C5C8-7B0F-4276-96DA-E6566A8807AE}\ = "NotificationCenter2 Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CE6AF8E5-3A75-4AF5-BD59-C42E7228B4F4}\LocalServer32\ = "C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\secd.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\ProgID\ = "APSDaemon.NotificationCenter.1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F5EFF418-0D49-49AB-A5C3-9E39AFD2B4A0} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\ProgID\ = "APSDaemon.CourierUpTime.1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ce9691b7-616f-4c69-a74e-b6e701e3fd1b}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\APSDaemon.NotificationCenter\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\VersionIndependentProgID\ = "APSDaemon.APSNotificationServer" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B80C6976-50C0-4110-BC85-44EB975CDCA0}\1.0\0\win64 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{F5EFF418-0D49-49AB-A5C3-9E39AFD2B4A0}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82D845BA-38FF-4548-B00E-E88B12C11BFA}\TypeLib\ = "{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E095A809-7CDD-4B6D-A528-5D4AC9420D91}\TypeLib\ = "{71529314-E4B7-400B-8FD7-9A5F695AF311}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\09CC9BD24C42062439D51591377B7570\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\OutlookChangeNotifier.Connect\ = "Connect Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF0FCEC617EE5EF4A80EAF00478039A4\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\Programmable\ | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E095A809-7CDD-4B6D-A528-5D4AC9420D91}\ = "ISecDaemon" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\APSDaemon.APSNotificationServer\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\09CC9BD24C42062439D51591377B7570\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF0FCEC617EE5EF4A80EAF00478039A4\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\itools\DefaultIcon\ = "C:\\Program Files (x86)\\ThinkSky\\iTools 4\\iTools4.exe,1" | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\Programmable\ | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BF0FCEC617EE5EF4A80EAF00478039A4\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{AD9E96D1-B5AF-4F42-82C1-95CB38164E60}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{4756495C-58A8-4D50-BAE5-4AFE9244019A}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\WebProcess.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://itools.en.softonic.com/download"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://itools.en.softonic.com/download
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63287693-4e89-4b24-993f-e079dfd42db7} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {626096bc-a6c8-40e7-b5c6-40cd57bcf8b0} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3152 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b0ea1d7-c7f1-41c9-967f-723390464d6b} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2748 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15e2076d-790e-49d8-ba59-22e83eab68dc} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4272 -prefMapHandle 4268 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fe6ce4e-a23a-4f99-9ec7-2d243b64af20} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 5420 -prefMapHandle 5396 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa92f626-a6ac-4da0-8302-68c66f5a1114} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 5404 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {003cdcc3-2daf-4117-8b68-0befd1379784} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5756 -prefMapHandle 5476 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {410ed402-7ace-48de-99be-6c271ce39ddb} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 6 -isForBrowser -prefsHandle 6936 -prefMapHandle 6932 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18f81d81-06d7-4b49-8569-54b49b6b3f65} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7092 -childID 7 -isForBrowser -prefsHandle 7084 -prefMapHandle 7060 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32a483b8-a05d-4171-8f68-b692e660d0e0} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7236 -childID 8 -isForBrowser -prefsHandle 7244 -prefMapHandle 7248 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {940b0cb8-9aef-454f-8bf9-3c42650ba99c} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7436 -childID 9 -isForBrowser -prefsHandle 7516 -prefMapHandle 7512 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49e7f5b3-387a-4636-b946-3ba2a60c56a2} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7064 -childID 10 -isForBrowser -prefsHandle 7468 -prefMapHandle 7472 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f960b0-0e66-49c7-8ebc-d318d1312d41} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 11 -isForBrowser -prefsHandle 7848 -prefMapHandle 7652 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d4652b5-d13b-480c-820e-67113f0d482f} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7980 -childID 12 -isForBrowser -prefsHandle 7848 -prefMapHandle 7652 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abb0dc0b-0d80-4186-bac7-f86119ac8920} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8124 -childID 13 -isForBrowser -prefsHandle 7976 -prefMapHandle 8128 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a2c5d26-d1f9-4567-96b1-e11aaffad07f} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8300 -childID 14 -isForBrowser -prefsHandle 7516 -prefMapHandle 7976 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c02e47b-0357-4981-a81e-e2e9daf5c637} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7976 -childID 15 -isForBrowser -prefsHandle 8572 -prefMapHandle 8576 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d040480d-e9ad-4e33-8a9c-77bcde9ef7af} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8564 -childID 16 -isForBrowser -prefsHandle 8532 -prefMapHandle 8536 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcec6a7e-661b-4429-a284-ef1a65298453} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8788 -childID 17 -isForBrowser -prefsHandle 9028 -prefMapHandle 9032 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b8b04fa-3de9-48aa-a893-38ff329d6173} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8892 -childID 18 -isForBrowser -prefsHandle 8912 -prefMapHandle 8908 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f75d6559-cc7f-4ca8-ad9f-3adb7346e8f5} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9180 -childID 19 -isForBrowser -prefsHandle 9188 -prefMapHandle 9192 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acf7c2fb-0f26-4bf3-a895-5ab5c7c9c749} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9388 -childID 20 -isForBrowser -prefsHandle 9396 -prefMapHandle 9404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c4d9d41-a1e1-4592-92ac-b3749b5b0eec} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3608 -childID 21 -isForBrowser -prefsHandle 7100 -prefMapHandle 8732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e00c7f4f-6e6e-4582-a5d8-b09251e5deb6} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7000 -childID 22 -isForBrowser -prefsHandle 7100 -prefMapHandle 8732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc2c6a3-4fce-4852-adc5-132f1f530fcd} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9756 -childID 23 -isForBrowser -prefsHandle 6832 -prefMapHandle 5452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2554dff9-790a-4794-b6d8-97ef727a065f} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8156 -childID 24 -isForBrowser -prefsHandle 8544 -prefMapHandle 8788 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e571210c-c261-45a9-a987-df1805b6ad13} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5976 -childID 25 -isForBrowser -prefsHandle 8952 -prefMapHandle 5996 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80594569-b3e1-4760-a422-b0995d54b9b0} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 26 -isForBrowser -prefsHandle 5844 -prefMapHandle 6896 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36f11627-f573-47d1-9c52-be4c6c7e3859} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7032 -childID 27 -isForBrowser -prefsHandle 7868 -prefMapHandle 7312 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {925a98c2-d155-4adf-8983-df0565fa7bbe} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7232 -childID 28 -isForBrowser -prefsHandle 8952 -prefMapHandle 7348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed42a6c5-b9fb-4ef6-8d30-a8c796c6ce85} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9856 -childID 29 -isForBrowser -prefsHandle 9844 -prefMapHandle 9868 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bc9ce01-93e3-4c2f-be77-c6a8baeba739} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8116 -childID 30 -isForBrowser -prefsHandle 9032 -prefMapHandle 9064 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88801a8f-290d-49cf-82fb-0faa430d85de} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8296 -childID 31 -isForBrowser -prefsHandle 9468 -prefMapHandle 9064 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {221d1f43-95ca-4250-b367-3289bf3cbea2} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9640 -childID 32 -isForBrowser -prefsHandle 8408 -prefMapHandle 8424 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb34b44b-ed42-4019-a134-03ab33a4a527} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8408 -childID 33 -isForBrowser -prefsHandle 7544 -prefMapHandle 7540 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8afce8ed-87b8-4246-b9d6-847461ca8a7b} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9128 -childID 34 -isForBrowser -prefsHandle 9992 -prefMapHandle 9988 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {103cdef5-283a-4d30-a7a3-3f00b963e67a} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8080 -childID 35 -isForBrowser -prefsHandle 10040 -prefMapHandle 10044 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c2cd59d-75f8-44ce-b7e4-76b4f417a2a9} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 36 -isForBrowser -prefsHandle 5752 -prefMapHandle 5728 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec6fd713-8c1e-4354-a568-9e14a6fdf037} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 37 -isForBrowser -prefsHandle 5676 -prefMapHandle 7588 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ae8a139-c37e-4c94-8b0f-3b02a78ff6ac} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 38 -isForBrowser -prefsHandle 10096 -prefMapHandle 8456 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e6254fc-e1a3-4109-8939-dbdd1f7e38d4} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" tab
C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe
"C:\Users\Admin\Downloads\itoolssetup_4.5.1.8.exe"
C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe
"C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe"
C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe
"C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe" "6625b9d3-900c-469a-a052-b2c8b54f32db-tmp"
C:\Windows\SysWOW64\msiexec.exe
msiexec /x "C:\Users\Admin\AppData\Local\Temp\ThinkSky\iTools_Temp_453D778241EAA9EE\Bonjour64.msi" /qn /quiet
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\msiexec.exe
msiexec /x "C:\Users\Admin\AppData\Local\Temp\ThinkSky\iTools_Temp_453D778241EAA9EE\AppleApplicationSupport64.msi" /qn /quiet
C:\Windows\SysWOW64\msiexec.exe
msiexec /x "C:\Users\Admin\AppData\Local\Temp\ThinkSky\iTools_Temp_453D778241EAA9EE\AppleApplicationSupport.msi" /qn /quiet
C:\Windows\SysWOW64\msiexec.exe
msiexec /i "C:\Users\Admin\AppData\Local\Temp\ThinkSky\iTools_Temp_453D778241EAA9EE\\AppleApplicationSupport.msi" /qn REBOOT=ReallySuppress PARENTUILVL="5"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 187B142A05FD349223DDD3013F59F3E2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 464CCFB317773C00C0AE8A1C0D09592F E Global\MSI0000
C:\Windows\SysWOW64\msiexec.exe
msiexec /i "C:\Users\Admin\AppData\Local\Temp\ThinkSky\iTools_Temp_453D778241EAA9EE\\AppleApplicationSupport64.msi" /qn REBOOT=ReallySuppress PARENTUILVL="5"
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 3A7226E429DAD27CE475AFEDEE5808DB
C:\Program Files (x86)\ThinkSky\iTools 4\WebProcess.exe
WebProcess.exe --type=utility --channel="3484.0.1048320078\1531718734" --lang=en-US --no-sandbox --no-sandbox --lang=en-US --log-file="C:\Program Files (x86)\ThinkSky\iTools 4\debug.log" --log-severity=disable /prefetch:-645351001
C:\Windows\SysWOW64\msiexec.exe
msiexec /i "C:\Users\Admin\AppData\Local\Temp\ThinkSky\iTools_Temp_453D778241EAA9EE\\AppleMobileDeviceSupport64.msi" /qn REBOOT=ReallySuppress /le C:\Users\Admin\AppData\Local\Temp\ThinkSky\\17838354837123432562.txt
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8B6D91BFCB69AA17D175E7FA64BF897B
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding A4A91BB2190AD1493EF1557ADFA1BACF
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 0BD6930837F86C0B91D8EA6AF8E853F9 E Global\MSI0000
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers\usbaapl64.inf" "9" "4d4a61e6f" "0000000000000150" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Common Files\Apple\Mobile Device Support\NetDrivers\netaapl64.inf" "9" "4e8e1f40b" "000000000000015C" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Common Files\Apple\Mobile Device Support\NetDrivers"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7EA2F4A83D715DEC3163555AB35B23A9 E Global\MSI0000
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /C rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\ThinkSky\iTools_Temp_453D778241EAA9EE\"
C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe
"C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe"
C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe
"C:\Program Files (x86)\ThinkSky\iTools 4\CrashSender1403.exe" "1ed77557-d2e5-49ef-ad91-31deec74470f-tmp"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:52096 | tcp | |
| US | 8.8.8.8:53 | itools.en.softonic.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 151.101.193.91:443 | itools.en.softonic.com | tcp |
| US | 151.101.193.91:443 | itools.en.softonic.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.193.101.151.in-addr.arpa | udp |
| US | 151.101.193.91:443 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 151.101.65.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| GB | 13.224.222.64:443 | sdk.privacy-center.org | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 151.101.129.91:443 | images.sftcdn.net | udp |
| US | 151.101.65.91:443 | images.sftcdn.net | udp |
| US | 199.232.213.91:443 | softonic.com | udp |
| GB | 13.224.222.64:443 | sdk.privacy-center.org | udp |
| US | 199.232.213.91:443 | softonic.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | 47.249.226.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.213.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 150.171.28.10:443 | ax-0001.ax-msedge.net | tcp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| GB | 18.172.148.233:443 | www.datadoghq-browser-agent.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 104.26.6.141:443 | cdn.btmessage.com | tcp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 233.148.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.btmessage.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 108.156.39.27:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.26.6.141:443 | api.btmessage.com | tcp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | api.btmessage.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | di-images.sftcdn.net | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | tcp |
| FR | 142.250.75.251:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 151.101.129.91:443 | di-images.sftcdn.net | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| N/A | 127.0.0.1:52105 | tcp | |
| FR | 142.250.75.251:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 204.79.197.237:443 | dual-a-0034.a-msedge.net | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | 141.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.64.8.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| GB | 108.138.233.47:443 | api.privacy-center.org | tcp |
| GB | 108.138.233.47:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ef8c559bdc8fdfc6d1e3553e27e674bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | amsrt.marphezis.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| FR | 142.250.178.130:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | amsrt.marphezis.com | udp |
| FR | 142.250.179.65:443 | ef8c559bdc8fdfc6d1e3553e27e674bf.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 108.138.233.47:443 | api.privacy-center.org | udp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| FR | 142.250.178.130:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.179.65:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| IE | 54.72.42.145:443 | id.crwdcntrl.net | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid-ams.pubmnet.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 185.89.210.82:443 | ib.adnxs.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 52.31.116.213:443 | ad.360yield.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| FR | 185.255.84.151:443 | hb-api-fra02.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| IE | 52.214.103.154:443 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| GB | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| FR | 142.250.179.78:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 74.125.71.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 232.154.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.203.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.42.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.116.31.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.103.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| FR | 142.250.179.78:443 | ampcid.google.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| IE | 52.95.115.255:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | gbc3.nl3.eu.criteo.com | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc7.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 185.235.87.93:443 | gbc3.nl3.eu.criteo.com | tcp |
| FR | 185.235.86.223:443 | gbc7.fr3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc3.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc7.fr3.eu.criteo.com | udp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| FR | 216.58.214.161:443 | cdn-content.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| FR | 216.58.214.161:443 | cdn-content.ampproject.org | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 151.101.1.91:443 | en.softonic.com | tcp |
| US | 151.101.1.91:443 | en.softonic.com | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| DE | 157.90.211.246:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| GB | 95.100.244.20:443 | contextual.media.net | udp |
| DE | 157.90.211.246:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 18.213.195.227:443 | api-2-0.spot.im | tcp |
| US | 8.8.8.8:53 | k8s-kongow-generalp-4b9a3bfec6-974801183.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 172.111.38.86:443 | tracker.open-adsyield.com | tcp |
| US | 8.8.8.8:53 | tracker-use.ortb.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | imagsync-lhrpairbc.pubmatic.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com.akadns.net | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| GB | 92.123.140.19:443 | player.aniview.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 23.20.238.102:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| NL | 81.17.55.108:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | k8s-kongow-generalp-4b9a3bfec6-974801183.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | tracker-use.ortb.net | udp |
| US | 8.8.8.8:53 | imagsync-lhrpairbc.pubmatic.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com.akadns.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 35.214.149.91:443 | user-data-eu.bidswitch.net | tcp |
| US | 15.197.193.217:443 | match.adsrvr.org | tcp |
| IE | 52.212.66.79:443 | match.prod.bidr.io | tcp |
| GB | 185.64.191.214:443 | imagsync-lhrpairbc.pubmatic.com | tcp |
| US | 54.146.156.15:443 | sync.srv.stackadapt.com | tcp |
| IE | 52.49.168.145:443 | jadserve.postrelease.com.akadns.net | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| GB | 92.123.140.19:443 | a1970.dscd.akamai.net | udp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.211.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.195.213.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.38.111.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.238.20.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.193.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.66.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.168.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 172.64.149.180:443 | cdn.indexww.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| IE | 52.212.66.79:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 81.17.55.97:443 | rtb-csync.smartadserver.com | tcp |
| US | 151.101.194.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | h2.shared.global.fastly.net | udp |
| US | 3.230.91.216:443 | qvdt3feo.com | tcp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | eu-west-dual.ads.stickyadstv.com.akadns.net | udp |
| NL | 35.214.185.95:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| US | 8.8.8.8:53 | eu-west-dual.ads.stickyadstv.com.akadns.net | udp |
| US | 8.8.8.8:53 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| NL | 154.57.158.115:443 | eu-west-dual.ads.stickyadstv.com.akadns.net | tcp |
| NL | 208.93.169.131:443 | am1-direct-bgp.contextweb.com | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | 15.156.146.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.91.230.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.185.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dorpat.geo.iponweb.net | udp |
| NL | 35.214.199.88:443 | dorpat.geo.iponweb.net | tcp |
| NL | 154.57.158.115:443 | eu-west-dual.ads.stickyadstv.com.akadns.net | tcp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | pixel-origin.mathtag.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.net.akadns.net | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | outspot2-ams.adx.opera.com | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| FR | 216.58.214.162:443 | cm.g.doubleclick.net | tcp |
| FR | 216.58.214.162:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dorpat.geo.iponweb.net | udp |
| FR | 216.58.214.162:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | pixel-origin.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | outspot2-ams.adx.opera.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 89.149.192.197:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | cs.yellowblue.io | udp |
| NL | 35.214.199.88:443 | dorpat.geo.iponweb.net | udp |
| IE | 34.243.49.39:443 | cs.yellowblue.io | tcp |
| IE | 34.243.49.39:443 | cs.yellowblue.io | tcp |
| US | 8.8.8.8:53 | cs.yellowblue.io | udp |
| FR | 216.58.214.162:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cs.yellowblue.io | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.30.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.49.243.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 151.101.1.91:443 | en.softonic.com | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 151.101.129.91:443 | en.softonic.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | tcp |
| DE | 157.240.27.27:443 | scontent.xx.fbcdn.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| FR | 142.250.201.162:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| FR | 142.250.178.130:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 9998b96192bc15617022c73141b64d44.safeframe.googlesyndication.com | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | tcp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | tcp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| FR | 142.250.201.162:443 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| FR | 142.250.179.65:443 | 9998b96192bc15617022c73141b64d44.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| FR | 142.250.179.65:443 | 9998b96192bc15617022c73141b64d44.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| GB | 18.245.143.101:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | d2w45tum40fmzp.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2w45tum40fmzp.cloudfront.net | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| DE | 52.57.54.158:443 | ih.adscale.de | tcp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| DE | 178.63.248.56:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | push-sdk.com | udp |
| US | 8.8.8.8:53 | qsearch-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| GB | 92.123.142.59:443 | qsearch-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | a267.g.akamai.net | udp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| US | 8.8.8.8:53 | a267.g.akamai.net | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| DE | 46.4.139.58:443 | s.richaudience.com | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | 158.54.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.142.123.92.in-addr.arpa | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| NL | 185.235.87.93:443 | gbc3.nl3.eu.criteo.com | tcp |
| FR | 185.235.86.223:443 | gbc7.fr3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 151.101.1.91:443 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| DE | 157.90.33.68:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| GB | 13.224.222.64:443 | sdk.privacy-center.org | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| US | 151.101.129.91:443 | n.sni.global.fastly.net | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | 68.33.90.157.in-addr.arpa | udp |
| US | 151.101.193.91:443 | images.sftcdn.net | tcp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 18.245.143.101:443 | d2w45tum40fmzp.cloudfront.net | tcp |
| DE | 178.63.248.56:443 | uidsync.net | tcp |
| DE | 46.4.139.58:443 | s.richaudience.com | tcp |
| FR | 216.58.214.161:443 | cdn-content.ampproject.org | tcp |
| US | 8.8.8.8:53 | gsf-fl.softonic.com | udp |
| US | 8.8.8.8:53 | us-eu.softonic.map.fastly.net | udp |
| US | 199.232.198.133:443 | us-eu.softonic.map.fastly.net | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | us-eu.softonic.map.fastly.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.212.66.79:443 | match.prod.bidr.io | tcp |
| US | 54.146.156.15:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | 133.198.232.199.in-addr.arpa | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| NL | 154.57.158.115:443 | eu-west-dual.ads.stickyadstv.com.akadns.net | tcp |
| NL | 89.149.192.197:443 | ssbsync-global.smartadserver.com | tcp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| NL | 35.214.185.95:443 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | tcp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 18.197.30.174:443 | match-eu-central-1-ecs.sharethrough.com | tcp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| NL | 154.57.158.115:443 | eu-west-dual.ads.stickyadstv.com.akadns.net | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 188.166.203.175:443 | amsrt.marphezis.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| FR | 185.255.84.151:443 | hb-api-fra02.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| NL | 185.89.210.82:443 | secure.adnxs.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid-ams.pubmnet.com | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| GB | 18.172.154.232:443 | d1jvc9b8z3vcjs.cloudfront.net | tcp |
| IE | 52.211.175.25:443 | ap.lijit.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 46.4.139.58:443 | s.richaudience.com | tcp |
| IE | 108.128.151.11:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | 25.175.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.151.128.108.in-addr.arpa | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 216.58.214.161:443 | cdn-content.ampproject.org | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 51.8.64.151:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | stat2.itools.hk | udp |
| US | 8.8.8.8:53 | api.thinkskysoft.com | udp |
| US | 172.67.71.221:443 | api.thinkskysoft.com | tcp |
| US | 172.67.71.221:443 | api.thinkskysoft.com | tcp |
| US | 172.67.71.221:443 | api.thinkskysoft.com | tcp |
| US | 172.67.71.221:443 | api.thinkskysoft.com | tcp |
| US | 8.8.8.8:53 | 221.71.67.172.in-addr.arpa | udp |
| US | 172.67.71.221:443 | api.thinkskysoft.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | dl2.thinkskysoft.com | udp |
| US | 104.26.4.165:80 | dl2.thinkskysoft.com | tcp |
| US | 104.26.4.165:80 | dl2.thinkskysoft.com | tcp |
| US | 104.26.4.165:80 | dl2.thinkskysoft.com | tcp |
| US | 104.26.4.165:80 | dl2.thinkskysoft.com | tcp |
| US | 104.26.4.165:80 | dl2.thinkskysoft.com | tcp |
| US | 8.8.8.8:53 | 165.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 104.26.4.165:80 | dl2.thinkskysoft.com | tcp |
| US | 104.26.4.165:80 | dl2.thinkskysoft.com | tcp |
| US | 8.8.8.8:53 | sf.symcd.com | udp |
| DE | 152.199.19.74:80 | sf.symcd.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| FR | 185.255.84.151:443 | hb-api-fra02.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| NL | 188.166.203.175:443 | amsrt.marphezis.com | tcp |
| NL | 185.89.210.82:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| IE | 63.35.100.114:443 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| IE | 52.18.139.160:443 | euw-ice.360yield.com | tcp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | 114.100.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.139.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| DE | 46.4.139.58:443 | s.richaudience.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| FR | 216.58.214.161:443 | cdn-content.ampproject.org | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | stat2.itools.hk | udp |
| US | 172.67.71.221:443 | dl2.thinkskysoft.com | tcp |
| US | 172.67.71.221:443 | dl2.thinkskysoft.com | tcp |
| US | 172.67.71.221:443 | dl2.thinkskysoft.com | tcp |
| N/A | 127.0.0.1:61230 | udp | |
| N/A | 127.0.0.1:27015 | tcp | |
| US | 172.67.71.221:443 | dl2.thinkskysoft.com | tcp |
| N/A | 127.0.0.1:52512 | udp | |
| N/A | 127.0.0.1:27015 | tcp | |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
| US | 51.8.64.151:443 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus-c.eastus.cloudapp.azure.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\cc0159b0-ec09-4c52-8bd2-a51d97a40db5
| MD5 | e62340431999e8c7e0ab78aee2ccf0bc |
| SHA1 | 73f31a165fb3aca8786f2228e13cae19c5cd2085 |
| SHA256 | 564757880cc5ccb711a220b8f7030164785ddddb8bebb479f3c6824241cfb179 |
| SHA512 | 7aba87b5f4cde36d0415004a67833f7395595719fcdc183607cb18b4426be7d5b2c53601d70ae2383d954fb862b7cde41f327f2c125db5495e7f718ea3b9534d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\d77a0342-4ab7-44c2-8461-09a8154451a2
| MD5 | b89256e27da1626cd8e9aa58325daa65 |
| SHA1 | cb11d5dc67413b8358f5c5e64769248660bd4b31 |
| SHA256 | 3f8b6c442e9ce42453d30465b30fd932770bcd9c09da1166652ef4ec7f30fc90 |
| SHA512 | a1907c1fafc5f51e06a1f85b7ec9b5f9ab60c7dcc4ca3fd937fb7cb3888926685412bf9b6c06b37c9852edb11926352b6b938c26ae76b0ea43979460f2d96c36 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0da20a9b6e22ecc8d7c4b3e75f5bb3d0 |
| SHA1 | 0a8831e6bc3ba83442c0c7ed56b272557714d2c6 |
| SHA256 | 9c38cb9d5926af95f32ddd89577e0d9c71f3def51ada0746018619ec596078bf |
| SHA512 | 0e82a2c11bf71023519bafd3087d6a39d9791abfbd4a9055acf02b7d9243e3c244ea91126985f2178af8769e760b7a983276c9c3b371a3ea785cf68f302f8de5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 02a6cbd6347a0fc4e749f3db1395f843 |
| SHA1 | 1cfdb3f87e86212adad9631d1ea1c06d68a758fb |
| SHA256 | 13b6ae86976f26a423e133a9a850821356b50a1ddc669821d8b75f9bcc81bfcb |
| SHA512 | cf31cf0fa6ac1bffb79fa213a62094c045251e5ecc5f0be71431b887db292554438987e6789f6d8bcfa315ba8d0c7a72366235795dcbd2410a493ede312820ae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c660ca1223e7e6f6f9668d80283843b5 |
| SHA1 | def28953b552cf21030f6ea843e0a55332561f4f |
| SHA256 | e98312810dd5823f2b6bbc7439e123f40f6801e201274eeaaf7999ca345bcc48 |
| SHA512 | 4914e027f5dc390a8d1f4a5a2d9b7cb46510c210f6b7255757c215ede81616eb1d06fa389ac04385f2defae985294772f53ac112ff052ec10c22720d384065a9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
| MD5 | 7752db664f06b1a5a053dfa562d17bce |
| SHA1 | 90524377396c2d23e82f4d059c46815cf6d966ce |
| SHA256 | 377c543ed0db4d24a9ef1e632d00817ac8005e840b6e8b45b929058dbe4344e6 |
| SHA512 | d45df0b77baa9dee10237f081a0c2f20b851d209ed4733d70cf478462a8021d58e672e92ad71e8e8c96cbf539a4c276f025d10f04e10a0215395d1a2c485c79c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json
| MD5 | 157fe084c394adb9a201ce814c36de2c |
| SHA1 | d1dc0186d19231b145bf0bf35c99268295e666d3 |
| SHA256 | 1c2f9d742fc572e966ed6dca864be688b0ca93ed69fa0fd80207c80379aa1eae |
| SHA512 | f2ca20896194575f3e46c9429e2a430ccb25720a795ce181c43d93c374e84ad09970ba900edfc591749b15bac8c1a6e7c87f247c1631d54ab717bde44d3b813f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js
| MD5 | 8f6e4f7556e18a64773d413c5559e594 |
| SHA1 | 29c6c704291e999dcfe49617f8dc17599e1cee53 |
| SHA256 | 71af91ccb00a42bd6142775a8eb6880f20e36b7653c2cac8c1db8e2823ce5568 |
| SHA512 | 8464e61c23222dead58024fc9045ecd3b73a29c54fc06c12fafff504c2c88d76e7e958b931c846bf22034b9b0a103a06b6a6b323577fcc11f5562171f2270ab6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
| MD5 | 074f306f7d8aa150dae62261eb28f6d1 |
| SHA1 | 6bbf376253e155348afdbeeb7a03b0df91b123e6 |
| SHA256 | 8931f365d5a8af90da194d18be1289efe36e0b8fb55708e891915ea05fe0d6bf |
| SHA512 | 72effc47d748cd53c851df16de33a2b024455c5d2f8032140afad67b057e4913ebfbb79816a949f8bddbfe9b492892ce636e965b67a82afb45f599002e9f7b3a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\DBD78B5F0DD5928F802E6B4677A914D2D6B73B75
| MD5 | 11c9212b2f48174b22626ff4bbf243f8 |
| SHA1 | 975f7b0b6a766bb493c331a0d6705b0091c4350e |
| SHA256 | 5aa4685be009ac5f2be9d07309e5ab5d3d9c26e54a58398a168972ff3cd6c05a |
| SHA512 | 2c756b13a87b3aaa4b3a9050a0718bca6335ef6d1c2809e93238b7addf13252a03f4825d419417f48e953c7d3061978063e10979482db8849df5a930489f7b07 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\28B8051D5D9D5385A96182666286BD121475EF92
| MD5 | 8bdbc1ceec6c9c7ff88c4630c919faee |
| SHA1 | 7fae36893459996aafff6ac8e5e3c7b523c5615a |
| SHA256 | b7b3683f262e9816dcb4e25a7e6e6f101a9771de586b139dd135d2574115986e |
| SHA512 | c194996cc54cd20ec063341c3a0f8c5aff0f895db74eebafad76b3bd1faccce5d07c7fa5cd38d37186ddbca3485f034e8afd7e05405259b2a2bae02f922b04c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\storage\default\https+++en.softonic.com\idb\556220133rrae_su.sqlite
| MD5 | aba4c57d127773643882d05d17bb7cc6 |
| SHA1 | 0f0e5dc6b4a0a7761e3254b083140fe1c11bc9d0 |
| SHA256 | 34c4d5b35be371dec013cf7b51173a337b93dd7a307d0324c6967dcc61ab5118 |
| SHA512 | b5f6f5d2b3efd05f31e2a93f6b6086119865dd21d88cc38193c4c51fcc7b6c4d005dd5427f0d6e889f7c4dd8dec60a91b26870a580ac59c2d445103f7fb82942 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\doomed\2856
| MD5 | 59899be8b55b46459a1aa42c26585b15 |
| SHA1 | 6ac1952121c5064141e8dabdc08710796ec6170a |
| SHA256 | 90765075b8799247f87676bff6f622af1b1e0dcd3b85db1b655f2150bd2f0527 |
| SHA512 | 567caa981a90bf94cc6f82e0b5b25a36e497c5b6cb756829e2bd8ebaa0e0616b2682a200ee46b4e87868ce73279265e8ca81a233431742bb02dc2c550c7a87c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
| MD5 | 1e744c6c0b6e5c31e4d103ec7cdb5795 |
| SHA1 | 256a8609a86db31d23425628697ce6d778ba5bbf |
| SHA256 | 359c87c2300c4254473d3b27b090159cba50042c047d5c81347fb168116d1221 |
| SHA512 | caa646587469f23a0fb0e8b5d064dde53177b1c4aefa58bfdfc73b3c16d19027c265400acc2e16b6ad68b7c5dc7d90a25f5b868ca5454685c84c8ffeb4630771 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e187aab46e8f1a71e452eb442a40cd2d |
| SHA1 | 3424dfe437dadc2c087c36981960d2b56376d7e2 |
| SHA256 | 6cd5ff36ced5b41f0d652e655c92aaee42515232570fa19a825f3e7b23e9c667 |
| SHA512 | 794cb2b5caea7f4f6ee8a64864e30a861a6a151bf513b0bb5913233e6c4e2aa769124cdbabaeefee01b053935e6b3403361706cb09730dd526770ce7ab3c0112 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js
| MD5 | e2a4e5c591316e52313b8813fdae0790 |
| SHA1 | c0fc1fe58f1bdaa5bc9c71a7532af50ef981c170 |
| SHA256 | 49acb24bdcf3b40c857aba1142e26470f5170d42e34b62a68da8ea31f8ecc0f9 |
| SHA512 | 609c7b643485a4e1fd9306db44b717d1bdbded9361abb4eaeaa810ddaa88f5e99c300109cc2ec220b99c88e20914af647f51265ee1d7750db8fbbc2e9256a200 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
| MD5 | 2fc18e74e421833ce64d06a9603cde13 |
| SHA1 | 4c873556d3dcbc43cc65355e186738fb8dcca9b9 |
| SHA256 | 174864937c55c0b9146777974a9fb39128b75165a760ea6b24c5f3146d76cd04 |
| SHA512 | b80fe2ade09d0f07ace1fae1f98ca464c869461402e1334f6bf6bdd595362c939f817975101c1dbd92e61cc75cad0078f766a78d0eeff76c596ade87f7ccfed6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c788c108ac85d1af8f18f53f102b8084 |
| SHA1 | a1275fee351b2cc68de165daade9d00b7e56da00 |
| SHA256 | 17e7889925ea8e8967e749c4207dd350659cd631010edf5fa9fa70650d9f71ef |
| SHA512 | 3e697fd9884db62da43e2e3ac96b386e0edaea3b2b2c5fcd572f1ede741fcd653b81be8ee993165e748ea3574c23a6e78a768179b0e8727458fe847512ee0a1c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f24078854f3270ea35239b463c481fb8 |
| SHA1 | b18e547511cbec9794157a9756ec437b902be9d8 |
| SHA256 | 4cf0bfa2d0fc2670d3cbb30bd48de10d9e62c8eb8e02e120b61a1f8b8e58f94b |
| SHA512 | f7b8030fa37728b14576003feb3e2492f0dec4fd58ee10ea88e30cfd77718302a5c47df1fd66b546b338331893a74c913a8d39734b6bfae70ec14e1ba0b14ce8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4e53366b367d3a7a4411da057610c121 |
| SHA1 | dc0449fb23eea83cb281460dd19627ea561a262c |
| SHA256 | df20a4a8d0802a2295688e2a01b111ae26612f3a721570ec3f83e2a8e362a10d |
| SHA512 | cc2f62d569c9fce30f844b690a2414ef93cfba46a2be68748c1172cae149fd1963e4fb58eb8aa7d896a5bb45cde19cb96c248d455072b99c098667776dad0f60 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\543CAFFD701B74E01E17B8DAEB3D267CCC53642C
| MD5 | c2eb109ef0a29ef995ae2f874f3c5f90 |
| SHA1 | 6f82caa67c8f4846da91fa05979953bdadc48b44 |
| SHA256 | 249a31b94f3e1b754a8002fd714e15328ab0dc271bb06ac790307141e21d768f |
| SHA512 | d33d9a957e3ea923d4986854d0b9a61743c3f2cd79227bd286cbd27e3ab1448ac62fad0c51777a6aa5c96593b6a2e92a4f9d9a3d98405c62b6fa55054ea1ec85 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\F7EC9B5BDF12BD09F837A5F30279C9084DA1101F
| MD5 | 6fc480b78a0c4f1126aabe484fc2ca35 |
| SHA1 | a9846ef18417100c1c2ec8aceedc1fef4664c9fc |
| SHA256 | e990f2549da3efbc2373eea5116bd356c8515cbf0ad8ade23bbd7f121f45d463 |
| SHA512 | 54201526dbfcfbb8a621053e993152b1acbd0419f1ae6293f518e393a71b1062add4b79d33f7a457709a9e51ab68baacdad005ef7338f0163fd1319b8743a3e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\E383E238ECF0AE88344475594F44FEF5496AC116
| MD5 | 3e0619375ca231ef8a0b156a7a72360e |
| SHA1 | d61a1515e5bb2b87921a892a41aa0096afac7d48 |
| SHA256 | 584bade38804fd65e27cdc17c224c0bb3894d6d67ac9169236c5a6904230e311 |
| SHA512 | 2240860c3c5decf716cecf8acf2251f50dca42aa93f43efda0da10aa34c94124f178db284cd5aa826ca77693d578b63b24c8603a8bc4b03cd5c4109dc2062891 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\73F1BBFE89758ABE8D7C007161AC123D63B0435E
| MD5 | e6cfbebef790304737cb30adafe15be4 |
| SHA1 | 1bcda90b8ae0830b8e2d6091c26fd31b769fbb99 |
| SHA256 | 61c7aab17b457783ce78710128737d3c5b9ad80051f50dcbce6ba51ca296bde1 |
| SHA512 | cc6ca97e4e3f817de7a602b07659da2c382f1225256c7d88442aff31b78a1747bc099b6e77337ff7e6685856a5ddc1beda6add31719e23eb8cbcbabd7d2360ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\E91BF29B3B40AAD9667E6E09E6225D1C4123989E
| MD5 | c9ce183a9efe537c94fd2d347c7a88e7 |
| SHA1 | 5c6fe58bdbf6a998961c644cd00e5adcff19af62 |
| SHA256 | 792cd99cc9ec2509b4807bc1d3a3e15ca671b12ced4de650b4392a99dfb3fb18 |
| SHA512 | 58a04c5b68a24a5801191c7748da47d59cb36852245ee2c8217f3441661a25df3a6e93e6e8c77cef3bc9f8931c5e998773c2d5305afe80482496e0512b5f4bba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | fa95d2a6e10a8f7d58f7349e7dff2954 |
| SHA1 | 75569ad60f58ec3fa42e9e3685c8113827f4ce3d |
| SHA256 | 34236bb5bbc634843e8b27c35e190108c4f84b5a9ea0d8c0111f8e6a27dde14f |
| SHA512 | a988af0c54b022dc7709e1e14c84f3143f066d9f38a4e1c7bfaa5afb419865b5025ef21e63ffb36fa9d00b179af43eeb93b8f642a69e84e4629963e0dc502234 |
C:\Users\Admin\AppData\Local\Temp\nsxAFD5.tmp\System.dll
| MD5 | 9625d5b1754bc4ff29281d415d27a0fd |
| SHA1 | 80e85afc5cccd4c0a3775edbb90595a1a59f5ce0 |
| SHA256 | c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448 |
| SHA512 | dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b |
C:\Users\Admin\AppData\Local\Temp\nsxAFD5.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Temp\nsxAFD5.tmp\InstallOptions.dll
| MD5 | b06dfd343c2a80f584ec8968b942a839 |
| SHA1 | 223b308f92cc53890993f6ac8caab49e0816ec90 |
| SHA256 | e546bcfa8d4adf45cc0828f32c0607385688994e19b41e11e5ce9badf923c0c6 |
| SHA512 | 98686a228f816056ee56e4598b8b48c7beba835cff59c21b3fe9645a916fca4eac0e68728c460706c36a0a90423eef0809085e292390d14459d2e08d82724715 |
C:\Users\Admin\AppData\Local\Temp\nsxAFD5.tmp\ioSpecial.ini
| MD5 | ea5a3c61df5c93f88ec01f0ca508f7a6 |
| SHA1 | 77c696ec802f5ff81b6fd0f8114f02d268468130 |
| SHA256 | 924588ccb8d8cd91f7e680183030e0dd575911b9afffe5775877939cf81e2fec |
| SHA512 | 90eceeec4f6577036263a4566377f116791a18e67cd2b819774a229566dde89cf322fbf77956efbb1b2bdbc27bfae763242692f60bac7b16a376aa9298926b25 |
C:\Program Files (x86)\ThinkSky\iTools 4\iTools4.exe
| MD5 | eb9b8881e0347c6ab117a24311930130 |
| SHA1 | e5013f56d86e2148af3e240a1bcd15aefdba6ce3 |
| SHA256 | 4947f81e7676af146e2c969e92c968c9b84ad2eaef57a0fbdd530f245f76dced |
| SHA512 | 504f2d29cc3373ecbd05b76fe975b6dc988694d92261d6464a852127b7c8ea6be78b185301e856faea0ee8d998218596a0d3731f781d93d120b46fd3861f875e |
C:\Users\Admin\AppData\Local\Temp\nsxAFD5.tmp\ioSpecial.ini
| MD5 | c4ad446106cd0953352f4047837f7ae3 |
| SHA1 | 2053aa67799b119a06c09ef425fc342cce84df5b |
| SHA256 | 03433567068f623a672f5e18e232941112ef774309f30ebce5fcfcb207d78b1f |
| SHA512 | a753583cd5cb257549cb0da699ab918ff06778a686e1f496c481b56d467d31acab23f46e71709758063e0b261b6259d91e98553d4b789572d694a142a1afb3ea |
C:\Users\Admin\AppData\Local\Temp\nsxAFD5.tmp\ioSpecial.ini
| MD5 | 64d73821f3f2a9e0548636fc81de779c |
| SHA1 | 2f31b80b66ee0a886d22db78cb2f7ac33e8dfad1 |
| SHA256 | bb5e3f56a4503c01e4a82af1df414a0654fe55be541cd227e05bcc3de582af8a |
| SHA512 | 3de301b0e513fd683b350938be981e793cc10ba1d2f774bab40094b7a7d6c78a22e436909ac62843f49e5391991c30d84b38bfa833c00bffa1f6e65b2c36eb06 |
C:\Program Files (x86)\ThinkSky\iTools 4\iOSDevice.dll
| MD5 | 5e5257dc8c9f6254d5315189da0a7330 |
| SHA1 | 8a3f98247d079fc4af80d5b6435644bfa05ab771 |
| SHA256 | c252fd18b7a8fb8ef7c22e607ee8dbabcad31c1d1421a9ae7487038f7dd10bc2 |
| SHA512 | e3ef585f1575def78835cb018bf292ebc9919a97473dad913d74110ad87ba507045cdf9360e969b674d9119c783ed3064a7e3aef6a20ddc888f637ff68b78f83 |
C:\Program Files (x86)\ThinkSky\iTools 4\avfilter.dll
| MD5 | f3e0be1b019d56ed3ca76df8865a2aa6 |
| SHA1 | e770e7d35fa13a87dfa888e4424d7a2d3d3e3669 |
| SHA256 | 576727f53a35b93d98de0051799ecaa1910721544d65cd90f88723fa1ad4dafb |
| SHA512 | fd34648fbb09da4215fa8e0855d8536c4951631f57fd887a9c11c9f451f1a143a4b6edd9edfd5e0aa4e014c31be3533df0d36a01bda1382746b9e079b7204c90 |
C:\Program Files (x86)\ThinkSky\iTools 4\postproc.dll
| MD5 | 7c253f94ba4795a06458e5405b8b2b17 |
| SHA1 | 192dece9315225d8df9c8af55b4acaccfe071151 |
| SHA256 | 23de27427c3347ade47f07893e86a75451f237de3bd377323aa5666be5052c0b |
| SHA512 | ee560f2a2fa7ce2eb9f56819d3456f4c06e6c55844983366bb448677133fa0f5f0670c9eb28ab15d45644ab13a90f3b8601b00c4877aa64255912a01f73ec287 |
C:\Program Files (x86)\ThinkSky\iTools 4\modelCore.dll
| MD5 | 63fcd884b6782b1abd54320df38e1d15 |
| SHA1 | c97e17a81b16c5cf066cb69301440d36749711de |
| SHA256 | d2bb983e05dd0bcfd0a489321bfd4af596d1ae8839380c388e45325e9795eeb6 |
| SHA512 | f309595aef298122f4a1a3951026d0f80bc15c3ca10bc4fb62d8ad94db4720ea797b8a8aa5a3f15f7e82363c1270ce4e289e2cc386a19d42edb295b29a6d2ee1 |
C:\Program Files (x86)\ThinkSky\iTools 4\swresample.dll
| MD5 | ead1ceac6c7bffc03f20844b88eb457a |
| SHA1 | d97812fa35d0cfdcb74f8bf59ff278eef67819dd |
| SHA256 | a482dc3fc65ffd2c140a4cb7a78484e1697b9505d732c0f1a401638e3f765124 |
| SHA512 | bab444c592bb6640f51704684c2585fff7ecdd2c6e6f9519a4ca8b475c8bae74c41fc21a42d682ce23b640a1a56744918aaa22a86b2c02c58e9b6d00993f3da3 |
C:\Program Files (x86)\ThinkSky\iTools 4\avdevice.dll
| MD5 | c6837abfdcc389cc85838b8e3e44b74f |
| SHA1 | fdcc55c98a783baae12c32eb1cdc2cc0295b76de |
| SHA256 | 299fa9aa2f2146bba4674e97f1d31089a6fb261e85acfcdb52e3a98fcedb0c35 |
| SHA512 | 7cef319a281664b37f98edb56a88c5bf52751448e30d08f545f65f71480e1a980123126c00a7c88f1638de3fd82b9e51b2fc3c293518587824f97f79a056d2b9 |
C:\Program Files (x86)\ThinkSky\iTools 4\avcodec.dll
| MD5 | 1fc699fed6c0b45dd172ba65abd8728b |
| SHA1 | b483903841ccd2f87ae2982f052496e29ce599c9 |
| SHA256 | b0172837918d39df37bd547a71f4c6085bdbab93b8b328fd297d98198ad4533d |
| SHA512 | b782bb384f3fac9365eaa6243818254f2fd8b04009eba6e85912edc9198566e04e68f183e1ca5d32a5fb448906ff5d6b2581b5e9383cd1ab6844e7f328777d10 |
C:\Program Files (x86)\ThinkSky\iTools 4\swscale.dll
| MD5 | 4290e668c8b743f9571cf9672ca7c11e |
| SHA1 | 20f3d1320ef61445e31deb724cc53d00f0ae17cc |
| SHA256 | 62cd6af28998a6ecada96bf3545ff1e7ddf30741d8fa378836344f7f450f3c2f |
| SHA512 | 04e8268b058b7fb69bcbf4a5c4edfef5d5bf040bf2142d6339ab08de80259f989f2d90f602b11f8f7661773baad479ea32ce73355d67322b31b519d4642c211d |
C:\Program Files (x86)\ThinkSky\iTools 4\avutil.dll
| MD5 | 1c6e2efe3b1ebec02dbf9ee93611c566 |
| SHA1 | 2b6fe2798730adefebf07d209f1cb859bc365964 |
| SHA256 | 39544b9db949d4f5d26ffb900193a536a168fc514317dbbfe10ec1c0314ffa5b |
| SHA512 | 6d29c2a53582976c5efdf959be486167b871bc0db9d61dd8feccfff8b9a49360fd9d637792c2adbef9275d4e7922d8eb299e6dc28e4691b109e5415b1a80d567 |
C:\Program Files (x86)\ThinkSky\iTools 4\avformat.dll
| MD5 | 918910748ff4a12e9ec7c7b2a68d261f |
| SHA1 | e2b7dad9e956cd32f3dc2127fb5feae30c3d3da2 |
| SHA256 | fe5e3af8dae8028199f31ad5331ee83a27b69c4eb73f0f2b447a37697b5b9d99 |
| SHA512 | 33bf8779ad98d6f4c9ccf9ea976c0e975c3467e10a880c0596b08925717b3ed220f54ee17ab24e96f62d11d4d381fd75412d34ec45f5a2f040f72658b9643aa2 |
C:\Program Files (x86)\ThinkSky\iTools 4\zlib1.dll
| MD5 | 1fcb03d92b00463d71fba68b0852bd58 |
| SHA1 | 4bb62ab30e29d6e4b0402f157729996ee2147d7a |
| SHA256 | 6a86dfce4c631af75669e4026984f97a054c87f835f8ef1694198c8f8d63f115 |
| SHA512 | 87b5322b7d16b8958ba253bf5b1b9cdef8c03a46f4808a2ed66f022c44b335205f3a7481ce2909f55892d4dc5bb792e16f8b49829bd932c4fb7fb10501d12041 |
C:\Program Files (x86)\ThinkSky\iTools 4\Sqlite.dll
| MD5 | 073a9788152c379ffe7c58e362e39f59 |
| SHA1 | 66ce21408be3930457a6043e56f9b1817cec2659 |
| SHA256 | 578bfe1be240e72e10af7fb162c76e22fa089862f5b0ffa9057424743a2c4178 |
| SHA512 | 5e27cd3ed0e492e331a5e44d2fb45a88407b86a13c0f7acdd3986cb86ac128ecf81f92979849d680a404d94de7e9b67ef348cf0c9dd59da95fdc7da0580e2c4f |
C:\Program Files (x86)\ThinkSky\iTools 4\transCoder.dll
| MD5 | d4485bfe38e74c31dbb49f5b69d5dcd1 |
| SHA1 | 2e1ea48c50912cf840d9e55032a7af29bbbaaa0b |
| SHA256 | 24514e614bfe0e7bcc8b57d5cf1c578a157a2f839996534c9980a248feeeaf3d |
| SHA512 | d3f6751be8b2cac2b0bbfb9d5505ef6c8c94350cd6166aeaab7dde23a210a74524e97f46c38b0a4f9c8097964c51ba799b5036edab68aac3bd8b60ec0be50937 |
C:\Program Files (x86)\ThinkSky\iTools 4\libssl-1_1.dll
| MD5 | 3ac23948f995770d2ed1db60cc56f186 |
| SHA1 | 7a18c50584c216677ea5147975a198ce7cb32807 |
| SHA256 | 277b7516aadd8992c6f12bedc8d4604234b5788d5d9a7859e45ac33b15259b48 |
| SHA512 | beb139d16dd9e4a65a58f1384c05206b66ae1b1739cd9dd34c9c7669bd4a22036b381aadf03806102475dcce5a82fb66f127640dbaa04add2ee612df3b830993 |
C:\Program Files (x86)\ThinkSky\iTools 4\downloader.dll
| MD5 | 329a5c64268ed22001d56b0c0181ac8b |
| SHA1 | 46ecfc0d95e146342b7ea5f82e6837fa8642d3b0 |
| SHA256 | 867e77620ffc8efc3db5a6138f1d797d27c4d8c5205d177abfdc9088b0592322 |
| SHA512 | 94da2000890f425e91d9ab6cf44e77211d9db275190a49770a4a4ee64e9b080ed6564b0275cdafddeefee3d1efd15643efc67a8b91001cc5c445fca1c1d9cf39 |
C:\Program Files (x86)\ThinkSky\iTools 4\deviceContent.dll
| MD5 | 1e9161b4a21fcc59f618b86bedf4ffbb |
| SHA1 | ff6ed03395264bdbd0d013883f8a6adf00226c2e |
| SHA256 | 44ca8559eae521c0fb664c90b391052882e4700bd8ab6d4456bcb24f4349e390 |
| SHA512 | 44c323c23edc62b75715bd2dddd71f142f01907b914bed27f71876d0ddc6fbf1da10e4436e7c00350833e062000881ed8d8c1a75ff03dc7d0fc53da4bd6161f5 |
C:\Program Files (x86)\ThinkSky\iTools 4\libcrypto-1_1.dll
| MD5 | 63f88035028ad41824ec83634b693fa3 |
| SHA1 | 177aa954395e796af18065524ca8e36df123875c |
| SHA256 | 0d0ef6ade7b7e40a2df123a56e0d14a41f33423cf052c7ca7163d47ec62f23c2 |
| SHA512 | 5dbeeee16ab01c11e9e02244c2afdec8c3499cc16264662dd85bbab5b43e05b52acf37311caf7a6a1fead7a6bc46aeaacc9adee5320d76c9957c62be56acc028 |
C:\Program Files (x86)\ThinkSky\iTools 4\CrashRpt1403.dll
| MD5 | f907801d64123ed31f57ba6e808e8522 |
| SHA1 | 4614e388262340b71e018cd08108e5878955c9ab |
| SHA256 | cf99e1520be67d6d1dcc404c14ebf8ae0489e6885fbd16805c6948da36e20570 |
| SHA512 | 61b41d04b73ca149876bceaa942b46cbac7db4b0ee94da0a11c673aed650bb8db447aea3a4a630430c7daea9b72eebfd4a88353d9ac547942bc2eebdabea43f9 |
C:\Program Files (x86)\ThinkSky\iTools 4\soui.dll
| MD5 | 2fa4583e6f9bff94ec48d0d276986b24 |
| SHA1 | 33a945cc886b9a7a06810b52acad1a25635c4e2a |
| SHA256 | 021d616db04007a42e342683a4741ca18035b3ee0f091e3b6d87b41b939e4925 |
| SHA512 | 9859f94af1ec235e1ced0fc5a6000abc617e3e699caec7df5d892ad9fe944cbf192de0910e60efa0cac060f40d706e9b638d26f27c33e23d5895c3fcf7588d2c |
C:\Program Files (x86)\ThinkSky\iTools 4\utilities.dll
| MD5 | 53618a16e8ca8ea327d34b05c4055fd3 |
| SHA1 | 0f786164101151859e3164bf1ebe41465b4d5bb2 |
| SHA256 | 78b79a24c8d8b39b17d7dbe90bb8d9bf012300e0533fc55827a313aa814627f3 |
| SHA512 | c4639b1c0d5b85a7056617fb85db59994c0080f482b462a4b2462d80048ec10495ac57377b69fc092d081f147d43b013b5ba8488d9013750ca5d6b3c56edcfb1 |
C:\Program Files (x86)\ThinkSky\iTools 4\globalinterface.dll
| MD5 | f197074d62d79be52840026278fbbaf5 |
| SHA1 | 34dfc107bc79de7b9861f67a80f79df38cab30ae |
| SHA256 | f41e68231263569083dd5a5ea44a680f85e5c8b07068999f9bf7afe45980812d |
| SHA512 | 850c4b614e059cd17bdb80466aae498ce00a06dec859e099fcac34734bbf42fa4a143d2e0b006cae2467230e0e1fe86ad4c9467665535d9d63feaf43211aabe9 |
C:\Program Files (x86)\ThinkSky\iTools 4\config.dll
| MD5 | c1739e4959d878a76dbece9b564c67d6 |
| SHA1 | 9935568d6d991c1317769a7cb6f3914b80c591ec |
| SHA256 | 89807cd06b62fc119b96b261123eeb7ceb955e83b2068bbae833bcb3189c21b1 |
| SHA512 | b1ef23a22e1280bf2651cb94b2472acd87a71ef916d2805b0050873294626a513f6e4a377111a58f0d7ad76542678b176c57c9a38f1261628d1dc2dc760fce7e |
C:\Program Files (x86)\ThinkSky\iTools 4\libcurl.dll
| MD5 | a7529873bef6e4b1ebf0a4516ef0db51 |
| SHA1 | 62443ee7185396918db7421fb00c69dbd64dffc5 |
| SHA256 | 34ab8f6f275de4191e7f35ff4f035e71d54ea19cc4ad1c9695565a1f4fee782b |
| SHA512 | 601b1d1f1f0586393a8d8293c5c34d8a396031118bb7170261d3aa3be0c46a9352b8f1592a18bb447ecc08a945e94eeee1161abb03ff90664698f2861fd99133 |
memory/3484-2076-0x0000000000B90000-0x0000000001C87000-memory.dmp
memory/3484-2075-0x00000000040F0000-0x00000000040F1000-memory.dmp
C:\Program Files (x86)\ThinkSky\iTools 4\render-gdi.dll
| MD5 | 4d989b6c4ab4fed4ce5a7a8ee236d82b |
| SHA1 | 5f2ac6d0f4772529cc5f160bcce521b413230d52 |
| SHA256 | ac1acb266da55f55d6213df76dac2700adc03db583597f2d808e68b75fa8a47e |
| SHA512 | 2360c5864d5cb0ab19df6423a77001f7d8430c08e7f11b1f4a432848882d10fac0c3654346e76f0d5e1f91677f9346efbd90accd1c97d9883be311cd61fc0312 |
C:\Program Files (x86)\ThinkSky\iTools 4\SciLexer.dll
| MD5 | 8b740bf7dc95b3eeb2215c2f3487f9a9 |
| SHA1 | fd935caa465f673e32ecec0799e681f644084b0e |
| SHA256 | 85ac6b629f607444df1a407ca9c3157d0918eb05fa4bc1917e04edd54096f823 |
| SHA512 | a747117fb2cdbbf8d2288a99a113d955c9d7168395e9c54ba84b0409289b4bb45fd5ef351c611c8beac36c21130b8a38fdbd83b28392b7750a45fc669fe1ef79 |
memory/3484-2074-0x0000000003FE0000-0x0000000003FE1000-memory.dmp
memory/3484-2097-0x0000000013750000-0x00000000138A1000-memory.dmp
memory/3484-2099-0x00000000103F0000-0x000000001040F000-memory.dmp
memory/3484-2102-0x00000000103F0000-0x000000001040F000-memory.dmp
memory/3484-2101-0x0000000013750000-0x00000000138A1000-memory.dmp
memory/3484-2100-0x000000006BDE0000-0x000000006BFED000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b51f231284443ad4366ffa0ba6a61622 |
| SHA1 | acfbd40ea56e0e56c1829207836f876d11619050 |
| SHA256 | 1fcb12c86c7adc15f5fec0086eaecb914580877834a9e69f56e170012ec06322 |
| SHA512 | 70c233c5ec59e04399c5e18e431409042bb45ac557a9cfaa1f60642a1929512ba8b6ae352db0ae7fde7ddb118d7581099e0290ab8dfa0313366b1aca09a4bef8 |
C:\ProgramData\ThinkSky\iTools\Driver\iTunesMobileDevice.dll
| MD5 | c54e3189ac76589f0c1597f67a535a56 |
| SHA1 | 7e57aaa5e354b0a2a3e0128671f64ea3f3bf6233 |
| SHA256 | 3aae90a108a4de0a51d7cdda4c3417b6e1ed3871f6583325ce7fe08f49455e47 |
| SHA512 | 44c939bf4958ba4ff23650a081d61e22b4454993f5a8fc4cc6520786b2decf110b7bc4446e240ae849e3ed95a74801d8e7ad9edeff1ce8d23371109ce3597fdf |
C:\Windows\Installer\MSI3FA1.tmp
| MD5 | a0543c4ebacdb99ba9031546f9e35802 |
| SHA1 | 0c87b5ca50de7ba08139d19b7a02eeca2c59ef6a |
| SHA256 | 3ddb877f301b51ee24ae9e1a5390ea94d868c153cdd5d881060c5194712989c6 |
| SHA512 | 05beadca077b82b2bdf928d9fc67c08ae4b04cadb08f3b5f50a4d83ef62114050ba557d08e016b8a7e430811de64c30c8ee1913e06e84482f26a6b1a3b98f0c9 |
C:\ProgramData\Apple\Installer Cache\AppleApplicationSupport 7.6\AppleApplicationSupport.msi
| MD5 | 94805a446f61c48bdd5d50a8b390bc39 |
| SHA1 | 6673117d5e71a51fee13ef2a433336084a21d395 |
| SHA256 | f25877cbaa98a77d1c1171b54ab95a4e3afa3f5a7e66e9ab24c8d00ae4b4131f |
| SHA512 | b507fd1f877118488745373eaaefd333d769eaff372b682417610080b2f5749f381a37e815872be7d36571cf4e24f3825fe3a18cf5fbe9453a143eb1fa28c30d |
memory/4968-3241-0x000002AFB1870000-0x000002AFB2331000-memory.dmp
C:\Windows\Installer\MSI6706.tmp
| MD5 | 24cf20d975eeceb14d973069f8474ca7 |
| SHA1 | 97257d5ab00c0523fad04915863b3eaaf9b28845 |
| SHA256 | 5ea382270be8ddcab3f855a931663321d64d2573366ad2ca4bf81523b3006f6e |
| SHA512 | 0b7c9a80b030a93a4cf23eeaa29d4fef36c905345bba46d86abe2cac20033808f44358b5fcbc36a08d90a146d5186d42a003721483bdbf759f6f3b503bfee5fb |
C:\Config.Msi\e59390e.rbs
| MD5 | c363de2a7e9e023cba5e2d4e7bd88f5b |
| SHA1 | 2e98d552f480d537fb038f6aafe51e4ccd552c3f |
| SHA256 | 2452b59db6ccb244958dab595e517a2ff77a25d8bbd49cdc36bdeeebb3cd6a29 |
| SHA512 | bb2407d941b54f084d5fc77d894248e66d733241941c58554b91971dc7946bcc782517d887e1d3e4c1baef098ef2a807b6260b7038cecf8ee0590957874b9ed8 |
C:\Windows\Installer\MSI69D8.tmp
| MD5 | 5ffb03b95cbd1a8de669a4bac1d62bcf |
| SHA1 | 10617cba14fee2ebdd04536b246849f91fa9bd35 |
| SHA256 | e9ff3f05fb14527a4c56d3b478452e62b3fdcda87aa61307f59d43c34b9a3ac2 |
| SHA512 | d00dd1e1a390bc4b6af8e001ac69a6aa59ec0b1af94b5fa059cc63764c294bcec040b5bb9f88d79cc4436efced383127493d74d8ee82934eaeb3e647e9bef9e3 |
memory/4968-4173-0x000002AFB1870000-0x000002AFB2331000-memory.dmp
C:\Config.Msi\e593913.rbs
| MD5 | f80d5a3d57a3027145cb6b877cdb9776 |
| SHA1 | 465036d5b4f29c3c2ce20955bdbc4cacfcd33fda |
| SHA256 | be523e1690b18460eb5372b64e931bc82a9a0f52fe41f86a54def57a6c797fd9 |
| SHA512 | 264c8e18b9a3d3c1d74af561e02d53876411901c49ba6fb230643d64f3b46dfebe6fb7c5a716d11dfc557ea5722b07a271059c07a28a9854b8610cb490308c6e |
C:\Windows\Installer\MSI8F69.tmp
| MD5 | 88fa5805e3f903f9a884b0ddb404763f |
| SHA1 | 1223b4cbc41b063813d8736e1457c585c8f35f78 |
| SHA256 | 7fd743c21e67a64d57456ec864f508137deb802b16fe9a178859ef122546283c |
| SHA512 | 8d741ede9a236b521e6bb70dcfe9995fc6868aa15207c8ba2cf1133cae707fadf5de8aa9297a9d60add45f90085ec9e14b49f3e0191d7dc9fc80f4a7be2a120e |
C:\Windows\Installer\e593915.msi
| MD5 | 918944369cc1485c4f26ac418acf9010 |
| SHA1 | 9ee0daf2a1e62dee58825bca97c980163c3f89ea |
| SHA256 | 539bef2df375f2ebca1d151ff3adbe4909399f7bad51f1c68c1cbda278fedf8f |
| SHA512 | 629073b217a4cb31e623422d654a2ccfc99404eeca18139e6a67e5c8efe517d34bd5be0c938cf512fc6f0bf092761ddf998154d77ada34783340376e36f9f272 |
C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\usbaapl64.inf
| MD5 | 2da3a91b71919d035d8fd17b6b90bbc2 |
| SHA1 | c2c6a29f3abc80fd992777a92df30699124d37c5 |
| SHA256 | edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b |
| SHA512 | 71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b |
C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\USBAAPL64.CAT
| MD5 | 26eee7af8aa1ef8c1bd7c9327c602844 |
| SHA1 | 990a56215aac7000eac9371f489a0fc57d560078 |
| SHA256 | 946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30 |
| SHA512 | 1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d |
C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\usbaapl64.sys
| MD5 | f957092c63cd71d85903ca0d8370f473 |
| SHA1 | 9d76d3df84ca8b3b384577cb87b7aba0ee33f08d |
| SHA256 | 4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf |
| SHA512 | a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc |
C:\Windows\System32\DriverStore\Temp\{4568e0c7-ca2f-e54e-a295-6cf8b3042186}\usbaaplrc.dll
| MD5 | 1428a8b3dbf4f73b257c4a461df9b996 |
| SHA1 | 0fe85ab508bd44dfb2fa9830f98de4714dfce4fa |
| SHA256 | 5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20 |
| SHA512 | 916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7 |
C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\netaapl64.inf
| MD5 | 2428e7f81420a9d7e81dfce9fa0613b3 |
| SHA1 | 96605444de2721d553530179ea96024f29b32827 |
| SHA256 | 6db20d1374088a64b5a435189e3cbf1c0f30496d4a2c80346bc904605f3d0261 |
| SHA512 | fc98a3010d5a71ce4c9ec2ef16914cc6fabf531fdbf1cfc487d42dc352111e47f970565a011cc6ebd18b2632af5bc107e5c0e784127b789b68e6cb3f214aaf5b |
C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\netaapl64.cat
| MD5 | 168c4256eea6a76983d79d45f191469f |
| SHA1 | 2f4e6d8db4bcfeec816d31a70045895a3e6158e3 |
| SHA256 | 2b8a6ebc3e10d06a6ebbcb4ef89992978836eb52d2ad1c09e19b137b0963c2f9 |
| SHA512 | 743f28589f4357594c4490c6bdc46b6ca6e3164ab58495d686316ba8effc004e68507b26cb07032f3232ecf21045078a97aae0fad9ac78acff48ec2ae0c26585 |
C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\netaapl64.sys
| MD5 | ee00c544c025958af50c7b199f3c8595 |
| SHA1 | 1a9320ad1ebcaaa21abb5527d9a55ca265deec5d |
| SHA256 | d774db020d9c46d1aa0b2db9fa2c36c4a9c38d904cc6929695321d32aca0d4d1 |
| SHA512 | c08cfb84b6bc98a965b5195b06234646e8f500a0c7e167d8c2961dad3c10da47407d339f1fbd2c3af4104932b94ee042872680d968c3c9b086705d374fc9c94e |
C:\Windows\System32\DriverStore\Temp\{aeab04df-cfc4-3f40-83cf-152b4baedc22}\wdfcoinstaller01009.dll
| MD5 | 4da5da193e0e4f86f6f8fd43ef25329a |
| SHA1 | 68a44d37ff535a2c454f2440e1429833a1c6d810 |
| SHA256 | 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e |
| SHA512 | b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853 |
C:\Config.Msi\e593918.rbs
| MD5 | 36e10431f99a586b05fd0d93e983af3d |
| SHA1 | f3d4be6a36969854e6061c30943b0b1ed8ee3bbb |
| SHA256 | f240175c3dc3a5419ae75a9f15b4d7d8123b36e90f9ec608a7fb8130ff4af511 |
| SHA512 | 4bb992436dcaf3a3bc860c367761bde5cc9f70a6940dcd9023f2740dc0b74065d37ddcf283c7ca2532d359713eca244c0888fd39eef83cb7de27f49f2fd13edc |
memory/3780-5593-0x00000000025F0000-0x00000000025F1000-memory.dmp
memory/3780-5594-0x0000000002600000-0x0000000002601000-memory.dmp
memory/3780-5595-0x0000000000B90000-0x0000000001C87000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9ab355e7cc59c3778ee0fa4cc00dbf13 |
| SHA1 | 35008a512a71d40debd0e055983d8189dd8c2a42 |
| SHA256 | ef1bba8211e4f8ecaf4c4d81b6e84039a40102d31d8e6524e0b277a8b7ae4b44 |
| SHA512 | 02b5134eff326107e452846c35c8aa6771ac085cab398134588b296fe95faf265498f2ff632faed431ea5cf3eeeefdfd0aa60d9cafb6ef58981b4fa489f7becc |
memory/4968-5639-0x000002AFB1870000-0x000002AFB2331000-memory.dmp